Windows Analysis Report
17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe

AI detected suspicious sample

Source: Yara match	File source: 0.2.17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe.f10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1998268034.0000000000F11000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe

Joe Sandbox ML: detected

Source: 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: wntdll.pdbUGP source: 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe, 00000000.00000002.1998480350.0000000001A80000.00000040.00001000.00020000.00000000.sdmp, 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe, 00000000.00000002.1998480350.0000000001C1E000.00000040.00001000.00020000.00000000.sdmp, 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe, 00000000.00000003.1834406738.00000000018CE000.00000004.00000020.00020000.00000000.sdmp, 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe, 00000000.00000003.1830422340.0000000001711000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe, 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe, 00000000.00000002.1998480350.0000000001A80000.00000040.00001000.00020000.00000000.sdmp, 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe, 00000000.00000002.1998480350.0000000001C1E000.00000040.00001000.00020000.00000000.sdmp, 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe, 00000000.00000003.1834406738.00000000018CE000.00000004.00000020.00020000.00000000.sdmp, 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe, 00000000.00000003.1830422340.0000000001711000.00000004.00000020.00020000.00000000.sdmp

Source: Amcache.hve.3.dr

String found in binary or memory: http://upx.sf.net

E-Banking Fraud

Malicious sample detected (through community Yara rule)

Source: Yara match	File source: 0.2.17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe.f10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1998268034.0000000000F11000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

System Summary

Source: 0.2.17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe.f10000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.1998268034.0000000000F11000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F3B3D3 NtClose,	0_2_00F3B3D3
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F11961 NtProtectVirtualMemory,	0_2_00F11961
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2DF0 NtQuerySystemInformation,LdrInitializeThunk,	0_2_01AF2DF0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF4340 NtSetContextThread,	0_2_01AF4340
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF4650 NtSuspendThread,	0_2_01AF4650
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2BA0 NtEnumerateValueKey,	0_2_01AF2BA0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2B80 NtQueryInformationFile,	0_2_01AF2B80
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2BE0 NtQueryValueKey,	0_2_01AF2BE0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2BF0 NtAllocateVirtualMemory,	0_2_01AF2BF0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2B60 NtClose,	0_2_01AF2B60
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2AB0 NtWaitForSingleObject,	0_2_01AF2AB0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2AF0 NtWriteFile,	0_2_01AF2AF0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2AD0 NtReadFile,	0_2_01AF2AD0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2DB0 NtEnumerateKey,	0_2_01AF2DB0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2DD0 NtDelayExecution,	0_2_01AF2DD0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2D30 NtUnmapViewOfSection,	0_2_01AF2D30
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2D00 NtSetInformationFile,	0_2_01AF2D00
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2D10 NtMapViewOfSection,	0_2_01AF2D10
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2CA0 NtQueryInformationToken,	0_2_01AF2CA0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2CF0 NtOpenProcess,	0_2_01AF2CF0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2CC0 NtQueryVirtualMemory,	0_2_01AF2CC0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2C00 NtQueryInformationProcess,	0_2_01AF2C00
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2C60 NtCreateKey,	0_2_01AF2C60
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2C70 NtFreeVirtualMemory,	0_2_01AF2C70
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2FA0 NtQuerySection,	0_2_01AF2FA0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2FB0 NtResumeThread,	0_2_01AF2FB0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2F90 NtProtectVirtualMemory,	0_2_01AF2F90
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2FE0 NtCreateFile,	0_2_01AF2FE0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2F30 NtCreateSection,	0_2_01AF2F30
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2F60 NtCreateProcessEx,	0_2_01AF2F60
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2EA0 NtAdjustPrivilegesToken,	0_2_01AF2EA0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2E80 NtReadVirtualMemory,	0_2_01AF2E80
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2EE0 NtQueueApcThread,	0_2_01AF2EE0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2E30 NtWriteVirtualMemory,	0_2_01AF2E30
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF3090 NtSetValueKey,	0_2_01AF3090
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF3010 NtOpenDirectoryObject,	0_2_01AF3010
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF35C0 NtCreateMutant,	0_2_01AF35C0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF39B0 NtGetContextThread,	0_2_01AF39B0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF3D10 NtOpenProcessToken,	0_2_01AF3D10
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF3D70 NtOpenThread,	0_2_01AF3D70

Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F200F3	0_2_00F200F3
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F13030	0_2_00F13030
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F26823	0_2_00F26823
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F2681E	0_2_00F2681E
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F3D803	0_2_00F3D803
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F111C0	0_2_00F111C0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F1E173	0_2_00F1E173
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F12380	0_2_00F12380
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F1FED3	0_2_00F1FED3
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F1FECB	0_2_00F1FECB
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B801AA	0_2_01B801AA
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B741A2	0_2_01B741A2
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B781CC	0_2_01B781CC
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB0100	0_2_01AB0100
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5A118	0_2_01B5A118
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B48158	0_2_01B48158
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B52000	0_2_01B52000
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ACE3F0	0_2_01ACE3F0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B803E6	0_2_01B803E6
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B7A352	0_2_01B7A352
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B402C0	0_2_01B402C0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B60274	0_2_01B60274
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B80591	0_2_01B80591
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC0535	0_2_01AC0535
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B6E4F6	0_2_01B6E4F6
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B64420	0_2_01B64420
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B72446	0_2_01B72446
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABC7C0	0_2_01ABC7C0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC0770	0_2_01AC0770
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE4750	0_2_01AE4750
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADC6E0	0_2_01ADC6E0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC29A0	0_2_01AC29A0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B8A9A6	0_2_01B8A9A6
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AD6962	0_2_01AD6962
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AA68B8	0_2_01AA68B8
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEE8F0	0_2_01AEE8F0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ACA840	0_2_01ACA840
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC2840	0_2_01AC2840
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B76BD7	0_2_01B76BD7
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B7AB40	0_2_01B7AB40
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABEA80	0_2_01ABEA80
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AD8DBF	0_2_01AD8DBF
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABADE0	0_2_01ABADE0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5CD1F	0_2_01B5CD1F
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ACAD00	0_2_01ACAD00
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B60CB5	0_2_01B60CB5
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB0CF2	0_2_01AB0CF2
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC0C00	0_2_01AC0C00
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B3EFA0	0_2_01B3EFA0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB2FC8	0_2_01AB2FC8
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B62F30	0_2_01B62F30
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B02F28	0_2_01B02F28
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE0F30	0_2_01AE0F30
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B34F40	0_2_01B34F40
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B7CE93	0_2_01B7CE93
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AD2E90	0_2_01AD2E90
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B7EEDB	0_2_01B7EEDB
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B7EE26	0_2_01B7EE26
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC0E59	0_2_01AC0E59
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ACB1B0	0_2_01ACB1B0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF516C	0_2_01AF516C
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B8B16B	0_2_01B8B16B
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AAF172	0_2_01AAF172
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B7F0E0	0_2_01B7F0E0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B770E9	0_2_01B770E9
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC70C0	0_2_01AC70C0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B6F0CC	0_2_01B6F0CC
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B0739A	0_2_01B0739A
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B7132D	0_2_01B7132D
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AAD34C	0_2_01AAD34C
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC52A0	0_2_01AC52A0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B612ED	0_2_01B612ED
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADB2C0	0_2_01ADB2C0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5D5B0	0_2_01B5D5B0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B895C3	0_2_01B895C3
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B77571	0_2_01B77571
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B7F43F	0_2_01B7F43F
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB1460	0_2_01AB1460
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B7F7B0	0_2_01B7F7B0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B716CC	0_2_01B716CC
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B05630	0_2_01B05630
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B55910	0_2_01B55910
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC9950	0_2_01AC9950
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADB950	0_2_01ADB950
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC38E0	0_2_01AC38E0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B2D800	0_2_01B2D800
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADFB80	0_2_01ADFB80
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B35BF0	0_2_01B35BF0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AFDBF9	0_2_01AFDBF9
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B7FB76	0_2_01B7FB76
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B05AA0	0_2_01B05AA0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B61AA3	0_2_01B61AA3
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5DAAC	0_2_01B5DAAC
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B6DAC6	0_2_01B6DAC6
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B33A6C	0_2_01B33A6C
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B77A46	0_2_01B77A46
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B7FA49	0_2_01B7FA49
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADFDC0	0_2_01ADFDC0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B77D73	0_2_01B77D73
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC3D40	0_2_01AC3D40
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B71D5A	0_2_01B71D5A
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B7FCF2	0_2_01B7FCF2
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B39C32	0_2_01B39C32
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B7FFB1	0_2_01B7FFB1
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC1F92	0_2_01AC1F92
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01A83FD2	0_2_01A83FD2
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01A83FD5	0_2_01A83FD5
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B7FF09	0_2_01B7FF09
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC9EB0	0_2_01AC9EB0

Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: String function: 01B07E54 appears 108 times
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: String function: 01AAB970 appears 265 times
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: String function: 01B2EA12 appears 86 times
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: String function: 01B3F290 appears 105 times
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: String function: 01AF5130 appears 58 times

Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 228

Source: 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe

Static PE information: No import functions for PE file found

Source: 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe, 00000000.00000003.1834406738.00000000019FB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe
Source: 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe, 00000000.00000002.1998480350.0000000001D51000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe
Source: 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe, 00000000.00000003.1830422340.0000000001834000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe

Source: 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe.f10000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.1998268034.0000000000F11000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe

Static PE information: Section .text

Source: classification engine

Classification label: mal80.troj.winEXE@2/5@0/0

Source: C:\Windows\SysWOW64\WerFault.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2664

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\e637462d-74ae-412d-b6bf-cccfc9806afa

Source: 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe

ReversingLabs: Detection: 63%

Source: unknown	Process created: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe "C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe"
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 228

Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe

Section loaded: apphelp.dll

Source: 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: wntdll.pdbUGP source: 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe, 00000000.00000002.1998480350.0000000001A80000.00000040.00001000.00020000.00000000.sdmp, 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe, 00000000.00000002.1998480350.0000000001C1E000.00000040.00001000.00020000.00000000.sdmp, 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe, 00000000.00000003.1834406738.00000000018CE000.00000004.00000020.00020000.00000000.sdmp, 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe, 00000000.00000003.1830422340.0000000001711000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe, 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe, 00000000.00000002.1998480350.0000000001A80000.00000040.00001000.00020000.00000000.sdmp, 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe, 00000000.00000002.1998480350.0000000001C1E000.00000040.00001000.00020000.00000000.sdmp, 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe, 00000000.00000003.1834406738.00000000018CE000.00000004.00000020.00020000.00000000.sdmp, 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe, 00000000.00000003.1830422340.0000000001711000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F12076 push ss; iretd	0_2_00F1207D
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F33053 push 8BD62211h; retf	0_2_00F33068
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F132B0 push eax; ret	0_2_00F132B2
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F1D236 push 0000001Dh; iretd	0_2_00F1D238
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F183F9 push ebx; ret	0_2_00F183FA
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F2E3C5 push ss; iretd	0_2_00F2E3C6
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F2CB76 push ecx; ret	0_2_00F2CB7C
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F184B0 push esi; iretd	0_2_00F18505
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F2EC91 push ebx; iretd	0_2_00F2EC9F
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F2A441 push eax; ret	0_2_00F2A442
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F2A43F push eax; iretd	0_2_00F2A440
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F11577 push ss; iretd	0_2_00F1158C
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F2E57E push edi; retf	0_2_00F2E5A4
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F26D68 push ebp; retf	0_2_00F26D6D
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F32EE3 push edi; ret	0_2_00F32EEE
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F32ED8 push edi; ret	0_2_00F32EEE
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F21683 push edi; ret	0_2_00F2168A
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F21677 push edi; ret	0_2_00F2168A
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F11E4B push ss; iretd	0_2_00F11E4D
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F11793 push ss; iretd	0_2_00F11766
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F1175F push ss; iretd	0_2_00F11766
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F11731 push ss; iretd	0_2_00F11766
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F32F30 push edi; ret	0_2_00F32EEE
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_00F32F07 push edi; ret	0_2_00F32F2D
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01A8225F pushad ; ret	0_2_01A827F9
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01A827FA pushad ; ret	0_2_01A827F9
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB09AD push ecx; mov dword ptr [esp], ecx	0_2_01AB09B6
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01A8283D push eax; iretd	0_2_01A82858
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01A81368 push eax; iretd	0_2_01A81369

Source: 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe

Static PE information: section name: .text entropy: 7.994347427666436

Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe

Code function: 0_2_01AF096E rdtsc

0_2_01AF096E

Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe

API coverage: 0.3 %

Source: Amcache.hve.3.dr	Binary or memory string: VMware
Source: Amcache.hve.3.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.3.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.3.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.3.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.3.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.3.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.3.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.3.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.3.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.3.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.3.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.3.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.3.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.3.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.3.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.3.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.3.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.3.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.3.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.3.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.3.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.3.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.3.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.3.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.3.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.3.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.3.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.3.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe

Process information queried: ProcessInformation

Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe

Code function: 0_2_01AF096E rdtsc

0_2_01AF096E

Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe

Code function: 0_2_01AF2DF0 NtQuerySystemInformation,LdrInitializeThunk,

0_2_01AF2DF0

Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF0185 mov eax, dword ptr fs:[00000030h]	0_2_01AF0185
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B3019F mov eax, dword ptr fs:[00000030h]	0_2_01B3019F
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B3019F mov eax, dword ptr fs:[00000030h]	0_2_01B3019F
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B3019F mov eax, dword ptr fs:[00000030h]	0_2_01B3019F
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B3019F mov eax, dword ptr fs:[00000030h]	0_2_01B3019F
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B54180 mov eax, dword ptr fs:[00000030h]	0_2_01B54180
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B54180 mov eax, dword ptr fs:[00000030h]	0_2_01B54180
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AAA197 mov eax, dword ptr fs:[00000030h]	0_2_01AAA197
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AAA197 mov eax, dword ptr fs:[00000030h]	0_2_01AAA197
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AAA197 mov eax, dword ptr fs:[00000030h]	0_2_01AAA197
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B6C188 mov eax, dword ptr fs:[00000030h]	0_2_01B6C188
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B6C188 mov eax, dword ptr fs:[00000030h]	0_2_01B6C188
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE01F8 mov eax, dword ptr fs:[00000030h]	0_2_01AE01F8
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B861E5 mov eax, dword ptr fs:[00000030h]	0_2_01B861E5
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B2E1D0 mov eax, dword ptr fs:[00000030h]	0_2_01B2E1D0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B2E1D0 mov eax, dword ptr fs:[00000030h]	0_2_01B2E1D0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B2E1D0 mov ecx, dword ptr fs:[00000030h]	0_2_01B2E1D0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B2E1D0 mov eax, dword ptr fs:[00000030h]	0_2_01B2E1D0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B2E1D0 mov eax, dword ptr fs:[00000030h]	0_2_01B2E1D0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B761C3 mov eax, dword ptr fs:[00000030h]	0_2_01B761C3
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B761C3 mov eax, dword ptr fs:[00000030h]	0_2_01B761C3
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE0124 mov eax, dword ptr fs:[00000030h]	0_2_01AE0124
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B70115 mov eax, dword ptr fs:[00000030h]	0_2_01B70115
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5A118 mov ecx, dword ptr fs:[00000030h]	0_2_01B5A118
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5A118 mov eax, dword ptr fs:[00000030h]	0_2_01B5A118
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5A118 mov eax, dword ptr fs:[00000030h]	0_2_01B5A118
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5A118 mov eax, dword ptr fs:[00000030h]	0_2_01B5A118
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5E10E mov eax, dword ptr fs:[00000030h]	0_2_01B5E10E
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5E10E mov ecx, dword ptr fs:[00000030h]	0_2_01B5E10E
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5E10E mov eax, dword ptr fs:[00000030h]	0_2_01B5E10E
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5E10E mov eax, dword ptr fs:[00000030h]	0_2_01B5E10E
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5E10E mov ecx, dword ptr fs:[00000030h]	0_2_01B5E10E
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5E10E mov eax, dword ptr fs:[00000030h]	0_2_01B5E10E
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5E10E mov eax, dword ptr fs:[00000030h]	0_2_01B5E10E
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5E10E mov ecx, dword ptr fs:[00000030h]	0_2_01B5E10E
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5E10E mov eax, dword ptr fs:[00000030h]	0_2_01B5E10E
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5E10E mov ecx, dword ptr fs:[00000030h]	0_2_01B5E10E
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B84164 mov eax, dword ptr fs:[00000030h]	0_2_01B84164
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B84164 mov eax, dword ptr fs:[00000030h]	0_2_01B84164
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B48158 mov eax, dword ptr fs:[00000030h]	0_2_01B48158
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B44144 mov eax, dword ptr fs:[00000030h]	0_2_01B44144
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B44144 mov eax, dword ptr fs:[00000030h]	0_2_01B44144
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B44144 mov ecx, dword ptr fs:[00000030h]	0_2_01B44144
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B44144 mov eax, dword ptr fs:[00000030h]	0_2_01B44144
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B44144 mov eax, dword ptr fs:[00000030h]	0_2_01B44144
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AAC156 mov eax, dword ptr fs:[00000030h]	0_2_01AAC156
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB6154 mov eax, dword ptr fs:[00000030h]	0_2_01AB6154
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB6154 mov eax, dword ptr fs:[00000030h]	0_2_01AB6154
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AA80A0 mov eax, dword ptr fs:[00000030h]	0_2_01AA80A0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B760B8 mov eax, dword ptr fs:[00000030h]	0_2_01B760B8
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B760B8 mov ecx, dword ptr fs:[00000030h]	0_2_01B760B8
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B480A8 mov eax, dword ptr fs:[00000030h]	0_2_01B480A8
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB208A mov eax, dword ptr fs:[00000030h]	0_2_01AB208A
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB80E9 mov eax, dword ptr fs:[00000030h]	0_2_01AB80E9
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AAA0E3 mov ecx, dword ptr fs:[00000030h]	0_2_01AAA0E3
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B360E0 mov eax, dword ptr fs:[00000030h]	0_2_01B360E0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AAC0F0 mov eax, dword ptr fs:[00000030h]	0_2_01AAC0F0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF20F0 mov ecx, dword ptr fs:[00000030h]	0_2_01AF20F0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B320DE mov eax, dword ptr fs:[00000030h]	0_2_01B320DE
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B46030 mov eax, dword ptr fs:[00000030h]	0_2_01B46030
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AAA020 mov eax, dword ptr fs:[00000030h]	0_2_01AAA020
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AAC020 mov eax, dword ptr fs:[00000030h]	0_2_01AAC020
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B34000 mov ecx, dword ptr fs:[00000030h]	0_2_01B34000
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B52000 mov eax, dword ptr fs:[00000030h]	0_2_01B52000
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B52000 mov eax, dword ptr fs:[00000030h]	0_2_01B52000
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B52000 mov eax, dword ptr fs:[00000030h]	0_2_01B52000
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B52000 mov eax, dword ptr fs:[00000030h]	0_2_01B52000
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B52000 mov eax, dword ptr fs:[00000030h]	0_2_01B52000
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B52000 mov eax, dword ptr fs:[00000030h]	0_2_01B52000
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B52000 mov eax, dword ptr fs:[00000030h]	0_2_01B52000
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B52000 mov eax, dword ptr fs:[00000030h]	0_2_01B52000
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ACE016 mov eax, dword ptr fs:[00000030h]	0_2_01ACE016
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ACE016 mov eax, dword ptr fs:[00000030h]	0_2_01ACE016
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ACE016 mov eax, dword ptr fs:[00000030h]	0_2_01ACE016
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ACE016 mov eax, dword ptr fs:[00000030h]	0_2_01ACE016
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADC073 mov eax, dword ptr fs:[00000030h]	0_2_01ADC073
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B36050 mov eax, dword ptr fs:[00000030h]	0_2_01B36050
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB2050 mov eax, dword ptr fs:[00000030h]	0_2_01AB2050
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AAE388 mov eax, dword ptr fs:[00000030h]	0_2_01AAE388
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AAE388 mov eax, dword ptr fs:[00000030h]	0_2_01AAE388
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AAE388 mov eax, dword ptr fs:[00000030h]	0_2_01AAE388
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AD438F mov eax, dword ptr fs:[00000030h]	0_2_01AD438F
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AD438F mov eax, dword ptr fs:[00000030h]	0_2_01AD438F
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AA8397 mov eax, dword ptr fs:[00000030h]	0_2_01AA8397
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AA8397 mov eax, dword ptr fs:[00000030h]	0_2_01AA8397
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AA8397 mov eax, dword ptr fs:[00000030h]	0_2_01AA8397
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC03E9 mov eax, dword ptr fs:[00000030h]	0_2_01AC03E9
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC03E9 mov eax, dword ptr fs:[00000030h]	0_2_01AC03E9
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC03E9 mov eax, dword ptr fs:[00000030h]	0_2_01AC03E9
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC03E9 mov eax, dword ptr fs:[00000030h]	0_2_01AC03E9
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC03E9 mov eax, dword ptr fs:[00000030h]	0_2_01AC03E9
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC03E9 mov eax, dword ptr fs:[00000030h]	0_2_01AC03E9
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC03E9 mov eax, dword ptr fs:[00000030h]	0_2_01AC03E9
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC03E9 mov eax, dword ptr fs:[00000030h]	0_2_01AC03E9
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE63FF mov eax, dword ptr fs:[00000030h]	0_2_01AE63FF
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ACE3F0 mov eax, dword ptr fs:[00000030h]	0_2_01ACE3F0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ACE3F0 mov eax, dword ptr fs:[00000030h]	0_2_01ACE3F0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ACE3F0 mov eax, dword ptr fs:[00000030h]	0_2_01ACE3F0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B543D4 mov eax, dword ptr fs:[00000030h]	0_2_01B543D4
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B543D4 mov eax, dword ptr fs:[00000030h]	0_2_01B543D4
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABA3C0 mov eax, dword ptr fs:[00000030h]	0_2_01ABA3C0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABA3C0 mov eax, dword ptr fs:[00000030h]	0_2_01ABA3C0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABA3C0 mov eax, dword ptr fs:[00000030h]	0_2_01ABA3C0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABA3C0 mov eax, dword ptr fs:[00000030h]	0_2_01ABA3C0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABA3C0 mov eax, dword ptr fs:[00000030h]	0_2_01ABA3C0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABA3C0 mov eax, dword ptr fs:[00000030h]	0_2_01ABA3C0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB83C0 mov eax, dword ptr fs:[00000030h]	0_2_01AB83C0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB83C0 mov eax, dword ptr fs:[00000030h]	0_2_01AB83C0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB83C0 mov eax, dword ptr fs:[00000030h]	0_2_01AB83C0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB83C0 mov eax, dword ptr fs:[00000030h]	0_2_01AB83C0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5E3DB mov eax, dword ptr fs:[00000030h]	0_2_01B5E3DB
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5E3DB mov eax, dword ptr fs:[00000030h]	0_2_01B5E3DB
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5E3DB mov ecx, dword ptr fs:[00000030h]	0_2_01B5E3DB
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5E3DB mov eax, dword ptr fs:[00000030h]	0_2_01B5E3DB
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B363C0 mov eax, dword ptr fs:[00000030h]	0_2_01B363C0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B6C3CD mov eax, dword ptr fs:[00000030h]	0_2_01B6C3CD
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B88324 mov eax, dword ptr fs:[00000030h]	0_2_01B88324
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B88324 mov ecx, dword ptr fs:[00000030h]	0_2_01B88324
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B88324 mov eax, dword ptr fs:[00000030h]	0_2_01B88324
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B88324 mov eax, dword ptr fs:[00000030h]	0_2_01B88324
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEA30B mov eax, dword ptr fs:[00000030h]	0_2_01AEA30B
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEA30B mov eax, dword ptr fs:[00000030h]	0_2_01AEA30B
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEA30B mov eax, dword ptr fs:[00000030h]	0_2_01AEA30B
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AAC310 mov ecx, dword ptr fs:[00000030h]	0_2_01AAC310
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AD0310 mov ecx, dword ptr fs:[00000030h]	0_2_01AD0310
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5437C mov eax, dword ptr fs:[00000030h]	0_2_01B5437C
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B7A352 mov eax, dword ptr fs:[00000030h]	0_2_01B7A352
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B58350 mov ecx, dword ptr fs:[00000030h]	0_2_01B58350
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B3035C mov eax, dword ptr fs:[00000030h]	0_2_01B3035C
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B3035C mov eax, dword ptr fs:[00000030h]	0_2_01B3035C
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B3035C mov eax, dword ptr fs:[00000030h]	0_2_01B3035C
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B3035C mov ecx, dword ptr fs:[00000030h]	0_2_01B3035C
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B3035C mov eax, dword ptr fs:[00000030h]	0_2_01B3035C
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B3035C mov eax, dword ptr fs:[00000030h]	0_2_01B3035C
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B8634F mov eax, dword ptr fs:[00000030h]	0_2_01B8634F
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B32349 mov eax, dword ptr fs:[00000030h]	0_2_01B32349
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B32349 mov eax, dword ptr fs:[00000030h]	0_2_01B32349
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B32349 mov eax, dword ptr fs:[00000030h]	0_2_01B32349
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B32349 mov eax, dword ptr fs:[00000030h]	0_2_01B32349
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B32349 mov eax, dword ptr fs:[00000030h]	0_2_01B32349
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B32349 mov eax, dword ptr fs:[00000030h]	0_2_01B32349
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B32349 mov eax, dword ptr fs:[00000030h]	0_2_01B32349
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B32349 mov eax, dword ptr fs:[00000030h]	0_2_01B32349
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B32349 mov eax, dword ptr fs:[00000030h]	0_2_01B32349
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B32349 mov eax, dword ptr fs:[00000030h]	0_2_01B32349
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B32349 mov eax, dword ptr fs:[00000030h]	0_2_01B32349
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B32349 mov eax, dword ptr fs:[00000030h]	0_2_01B32349
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B32349 mov eax, dword ptr fs:[00000030h]	0_2_01B32349
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B32349 mov eax, dword ptr fs:[00000030h]	0_2_01B32349
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B32349 mov eax, dword ptr fs:[00000030h]	0_2_01B32349
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC02A0 mov eax, dword ptr fs:[00000030h]	0_2_01AC02A0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC02A0 mov eax, dword ptr fs:[00000030h]	0_2_01AC02A0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B462A0 mov eax, dword ptr fs:[00000030h]	0_2_01B462A0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B462A0 mov ecx, dword ptr fs:[00000030h]	0_2_01B462A0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B462A0 mov eax, dword ptr fs:[00000030h]	0_2_01B462A0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B462A0 mov eax, dword ptr fs:[00000030h]	0_2_01B462A0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B462A0 mov eax, dword ptr fs:[00000030h]	0_2_01B462A0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B462A0 mov eax, dword ptr fs:[00000030h]	0_2_01B462A0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEE284 mov eax, dword ptr fs:[00000030h]	0_2_01AEE284
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEE284 mov eax, dword ptr fs:[00000030h]	0_2_01AEE284
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B30283 mov eax, dword ptr fs:[00000030h]	0_2_01B30283
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B30283 mov eax, dword ptr fs:[00000030h]	0_2_01B30283
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B30283 mov eax, dword ptr fs:[00000030h]	0_2_01B30283
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC02E1 mov eax, dword ptr fs:[00000030h]	0_2_01AC02E1
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC02E1 mov eax, dword ptr fs:[00000030h]	0_2_01AC02E1
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC02E1 mov eax, dword ptr fs:[00000030h]	0_2_01AC02E1
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABA2C3 mov eax, dword ptr fs:[00000030h]	0_2_01ABA2C3
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABA2C3 mov eax, dword ptr fs:[00000030h]	0_2_01ABA2C3
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABA2C3 mov eax, dword ptr fs:[00000030h]	0_2_01ABA2C3
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABA2C3 mov eax, dword ptr fs:[00000030h]	0_2_01ABA2C3
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABA2C3 mov eax, dword ptr fs:[00000030h]	0_2_01ABA2C3
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B862D6 mov eax, dword ptr fs:[00000030h]	0_2_01B862D6
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AA823B mov eax, dword ptr fs:[00000030h]	0_2_01AA823B
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AA826B mov eax, dword ptr fs:[00000030h]	0_2_01AA826B
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B60274 mov eax, dword ptr fs:[00000030h]	0_2_01B60274
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B60274 mov eax, dword ptr fs:[00000030h]	0_2_01B60274
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B60274 mov eax, dword ptr fs:[00000030h]	0_2_01B60274
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B60274 mov eax, dword ptr fs:[00000030h]	0_2_01B60274
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B60274 mov eax, dword ptr fs:[00000030h]	0_2_01B60274
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B60274 mov eax, dword ptr fs:[00000030h]	0_2_01B60274
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B60274 mov eax, dword ptr fs:[00000030h]	0_2_01B60274
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B60274 mov eax, dword ptr fs:[00000030h]	0_2_01B60274
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B60274 mov eax, dword ptr fs:[00000030h]	0_2_01B60274
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B60274 mov eax, dword ptr fs:[00000030h]	0_2_01B60274
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B60274 mov eax, dword ptr fs:[00000030h]	0_2_01B60274
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B60274 mov eax, dword ptr fs:[00000030h]	0_2_01B60274
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB4260 mov eax, dword ptr fs:[00000030h]	0_2_01AB4260
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB4260 mov eax, dword ptr fs:[00000030h]	0_2_01AB4260
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB4260 mov eax, dword ptr fs:[00000030h]	0_2_01AB4260
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B8625D mov eax, dword ptr fs:[00000030h]	0_2_01B8625D
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B6A250 mov eax, dword ptr fs:[00000030h]	0_2_01B6A250
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B6A250 mov eax, dword ptr fs:[00000030h]	0_2_01B6A250
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B38243 mov eax, dword ptr fs:[00000030h]	0_2_01B38243
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B38243 mov ecx, dword ptr fs:[00000030h]	0_2_01B38243
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB6259 mov eax, dword ptr fs:[00000030h]	0_2_01AB6259
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AAA250 mov eax, dword ptr fs:[00000030h]	0_2_01AAA250
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B305A7 mov eax, dword ptr fs:[00000030h]	0_2_01B305A7
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B305A7 mov eax, dword ptr fs:[00000030h]	0_2_01B305A7
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B305A7 mov eax, dword ptr fs:[00000030h]	0_2_01B305A7
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AD45B1 mov eax, dword ptr fs:[00000030h]	0_2_01AD45B1
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AD45B1 mov eax, dword ptr fs:[00000030h]	0_2_01AD45B1
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE4588 mov eax, dword ptr fs:[00000030h]	0_2_01AE4588
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB2582 mov eax, dword ptr fs:[00000030h]	0_2_01AB2582
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB2582 mov ecx, dword ptr fs:[00000030h]	0_2_01AB2582
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEE59C mov eax, dword ptr fs:[00000030h]	0_2_01AEE59C
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEC5ED mov eax, dword ptr fs:[00000030h]	0_2_01AEC5ED
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEC5ED mov eax, dword ptr fs:[00000030h]	0_2_01AEC5ED
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADE5E7 mov eax, dword ptr fs:[00000030h]	0_2_01ADE5E7
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADE5E7 mov eax, dword ptr fs:[00000030h]	0_2_01ADE5E7
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADE5E7 mov eax, dword ptr fs:[00000030h]	0_2_01ADE5E7
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADE5E7 mov eax, dword ptr fs:[00000030h]	0_2_01ADE5E7
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADE5E7 mov eax, dword ptr fs:[00000030h]	0_2_01ADE5E7
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADE5E7 mov eax, dword ptr fs:[00000030h]	0_2_01ADE5E7
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADE5E7 mov eax, dword ptr fs:[00000030h]	0_2_01ADE5E7
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADE5E7 mov eax, dword ptr fs:[00000030h]	0_2_01ADE5E7
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB25E0 mov eax, dword ptr fs:[00000030h]	0_2_01AB25E0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEE5CF mov eax, dword ptr fs:[00000030h]	0_2_01AEE5CF
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEE5CF mov eax, dword ptr fs:[00000030h]	0_2_01AEE5CF
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB65D0 mov eax, dword ptr fs:[00000030h]	0_2_01AB65D0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEA5D0 mov eax, dword ptr fs:[00000030h]	0_2_01AEA5D0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEA5D0 mov eax, dword ptr fs:[00000030h]	0_2_01AEA5D0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADE53E mov eax, dword ptr fs:[00000030h]	0_2_01ADE53E
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADE53E mov eax, dword ptr fs:[00000030h]	0_2_01ADE53E
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADE53E mov eax, dword ptr fs:[00000030h]	0_2_01ADE53E
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADE53E mov eax, dword ptr fs:[00000030h]	0_2_01ADE53E
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADE53E mov eax, dword ptr fs:[00000030h]	0_2_01ADE53E
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC0535 mov eax, dword ptr fs:[00000030h]	0_2_01AC0535
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC0535 mov eax, dword ptr fs:[00000030h]	0_2_01AC0535
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC0535 mov eax, dword ptr fs:[00000030h]	0_2_01AC0535
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC0535 mov eax, dword ptr fs:[00000030h]	0_2_01AC0535
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC0535 mov eax, dword ptr fs:[00000030h]	0_2_01AC0535
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC0535 mov eax, dword ptr fs:[00000030h]	0_2_01AC0535
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B46500 mov eax, dword ptr fs:[00000030h]	0_2_01B46500
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B84500 mov eax, dword ptr fs:[00000030h]	0_2_01B84500
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B84500 mov eax, dword ptr fs:[00000030h]	0_2_01B84500
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B84500 mov eax, dword ptr fs:[00000030h]	0_2_01B84500
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B84500 mov eax, dword ptr fs:[00000030h]	0_2_01B84500
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B84500 mov eax, dword ptr fs:[00000030h]	0_2_01B84500
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B84500 mov eax, dword ptr fs:[00000030h]	0_2_01B84500
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B84500 mov eax, dword ptr fs:[00000030h]	0_2_01B84500
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE656A mov eax, dword ptr fs:[00000030h]	0_2_01AE656A
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE656A mov eax, dword ptr fs:[00000030h]	0_2_01AE656A
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE656A mov eax, dword ptr fs:[00000030h]	0_2_01AE656A
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB8550 mov eax, dword ptr fs:[00000030h]	0_2_01AB8550
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB8550 mov eax, dword ptr fs:[00000030h]	0_2_01AB8550
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB64AB mov eax, dword ptr fs:[00000030h]	0_2_01AB64AB
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B3A4B0 mov eax, dword ptr fs:[00000030h]	0_2_01B3A4B0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE44B0 mov ecx, dword ptr fs:[00000030h]	0_2_01AE44B0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B6A49A mov eax, dword ptr fs:[00000030h]	0_2_01B6A49A
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB04E5 mov ecx, dword ptr fs:[00000030h]	0_2_01AB04E5
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AAE420 mov eax, dword ptr fs:[00000030h]	0_2_01AAE420
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AAE420 mov eax, dword ptr fs:[00000030h]	0_2_01AAE420
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AAE420 mov eax, dword ptr fs:[00000030h]	0_2_01AAE420
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AAC427 mov eax, dword ptr fs:[00000030h]	0_2_01AAC427
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B36420 mov eax, dword ptr fs:[00000030h]	0_2_01B36420
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B36420 mov eax, dword ptr fs:[00000030h]	0_2_01B36420
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B36420 mov eax, dword ptr fs:[00000030h]	0_2_01B36420
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B36420 mov eax, dword ptr fs:[00000030h]	0_2_01B36420
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B36420 mov eax, dword ptr fs:[00000030h]	0_2_01B36420
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B36420 mov eax, dword ptr fs:[00000030h]	0_2_01B36420
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B36420 mov eax, dword ptr fs:[00000030h]	0_2_01B36420
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEA430 mov eax, dword ptr fs:[00000030h]	0_2_01AEA430
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE8402 mov eax, dword ptr fs:[00000030h]	0_2_01AE8402
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE8402 mov eax, dword ptr fs:[00000030h]	0_2_01AE8402
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE8402 mov eax, dword ptr fs:[00000030h]	0_2_01AE8402
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B3C460 mov ecx, dword ptr fs:[00000030h]	0_2_01B3C460
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADA470 mov eax, dword ptr fs:[00000030h]	0_2_01ADA470
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADA470 mov eax, dword ptr fs:[00000030h]	0_2_01ADA470
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADA470 mov eax, dword ptr fs:[00000030h]	0_2_01ADA470
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B6A456 mov eax, dword ptr fs:[00000030h]	0_2_01B6A456
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEE443 mov eax, dword ptr fs:[00000030h]	0_2_01AEE443
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEE443 mov eax, dword ptr fs:[00000030h]	0_2_01AEE443
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEE443 mov eax, dword ptr fs:[00000030h]	0_2_01AEE443
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEE443 mov eax, dword ptr fs:[00000030h]	0_2_01AEE443
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEE443 mov eax, dword ptr fs:[00000030h]	0_2_01AEE443
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEE443 mov eax, dword ptr fs:[00000030h]	0_2_01AEE443
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEE443 mov eax, dword ptr fs:[00000030h]	0_2_01AEE443
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEE443 mov eax, dword ptr fs:[00000030h]	0_2_01AEE443
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AA645D mov eax, dword ptr fs:[00000030h]	0_2_01AA645D
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AD245A mov eax, dword ptr fs:[00000030h]	0_2_01AD245A
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB07AF mov eax, dword ptr fs:[00000030h]	0_2_01AB07AF
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B647A0 mov eax, dword ptr fs:[00000030h]	0_2_01B647A0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5678E mov eax, dword ptr fs:[00000030h]	0_2_01B5678E
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AD27ED mov eax, dword ptr fs:[00000030h]	0_2_01AD27ED
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AD27ED mov eax, dword ptr fs:[00000030h]	0_2_01AD27ED
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AD27ED mov eax, dword ptr fs:[00000030h]	0_2_01AD27ED
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB47FB mov eax, dword ptr fs:[00000030h]	0_2_01AB47FB
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB47FB mov eax, dword ptr fs:[00000030h]	0_2_01AB47FB
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B3E7E1 mov eax, dword ptr fs:[00000030h]	0_2_01B3E7E1
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABC7C0 mov eax, dword ptr fs:[00000030h]	0_2_01ABC7C0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B307C3 mov eax, dword ptr fs:[00000030h]	0_2_01B307C3
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B2C730 mov eax, dword ptr fs:[00000030h]	0_2_01B2C730
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEC720 mov eax, dword ptr fs:[00000030h]	0_2_01AEC720
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEC720 mov eax, dword ptr fs:[00000030h]	0_2_01AEC720
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE273C mov eax, dword ptr fs:[00000030h]	0_2_01AE273C
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE273C mov ecx, dword ptr fs:[00000030h]	0_2_01AE273C
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE273C mov eax, dword ptr fs:[00000030h]	0_2_01AE273C
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEC700 mov eax, dword ptr fs:[00000030h]	0_2_01AEC700
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB0710 mov eax, dword ptr fs:[00000030h]	0_2_01AB0710
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE0710 mov eax, dword ptr fs:[00000030h]	0_2_01AE0710
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB8770 mov eax, dword ptr fs:[00000030h]	0_2_01AB8770
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC0770 mov eax, dword ptr fs:[00000030h]	0_2_01AC0770
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC0770 mov eax, dword ptr fs:[00000030h]	0_2_01AC0770
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC0770 mov eax, dword ptr fs:[00000030h]	0_2_01AC0770
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC0770 mov eax, dword ptr fs:[00000030h]	0_2_01AC0770
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC0770 mov eax, dword ptr fs:[00000030h]	0_2_01AC0770
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC0770 mov eax, dword ptr fs:[00000030h]	0_2_01AC0770
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC0770 mov eax, dword ptr fs:[00000030h]	0_2_01AC0770
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC0770 mov eax, dword ptr fs:[00000030h]	0_2_01AC0770
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC0770 mov eax, dword ptr fs:[00000030h]	0_2_01AC0770
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC0770 mov eax, dword ptr fs:[00000030h]	0_2_01AC0770
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC0770 mov eax, dword ptr fs:[00000030h]	0_2_01AC0770
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC0770 mov eax, dword ptr fs:[00000030h]	0_2_01AC0770
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE674D mov esi, dword ptr fs:[00000030h]	0_2_01AE674D
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE674D mov eax, dword ptr fs:[00000030h]	0_2_01AE674D
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE674D mov eax, dword ptr fs:[00000030h]	0_2_01AE674D
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B34755 mov eax, dword ptr fs:[00000030h]	0_2_01B34755
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B3E75D mov eax, dword ptr fs:[00000030h]	0_2_01B3E75D
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB0750 mov eax, dword ptr fs:[00000030h]	0_2_01AB0750
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2750 mov eax, dword ptr fs:[00000030h]	0_2_01AF2750
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2750 mov eax, dword ptr fs:[00000030h]	0_2_01AF2750
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEC6A6 mov eax, dword ptr fs:[00000030h]	0_2_01AEC6A6
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE66B0 mov eax, dword ptr fs:[00000030h]	0_2_01AE66B0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB4690 mov eax, dword ptr fs:[00000030h]	0_2_01AB4690
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB4690 mov eax, dword ptr fs:[00000030h]	0_2_01AB4690
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B2E6F2 mov eax, dword ptr fs:[00000030h]	0_2_01B2E6F2
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B2E6F2 mov eax, dword ptr fs:[00000030h]	0_2_01B2E6F2
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B2E6F2 mov eax, dword ptr fs:[00000030h]	0_2_01B2E6F2
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B2E6F2 mov eax, dword ptr fs:[00000030h]	0_2_01B2E6F2
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B306F1 mov eax, dword ptr fs:[00000030h]	0_2_01B306F1
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B306F1 mov eax, dword ptr fs:[00000030h]	0_2_01B306F1
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEA6C7 mov ebx, dword ptr fs:[00000030h]	0_2_01AEA6C7
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEA6C7 mov eax, dword ptr fs:[00000030h]	0_2_01AEA6C7
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB262C mov eax, dword ptr fs:[00000030h]	0_2_01AB262C
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ACE627 mov eax, dword ptr fs:[00000030h]	0_2_01ACE627
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE6620 mov eax, dword ptr fs:[00000030h]	0_2_01AE6620
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE8620 mov eax, dword ptr fs:[00000030h]	0_2_01AE8620
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC260B mov eax, dword ptr fs:[00000030h]	0_2_01AC260B
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC260B mov eax, dword ptr fs:[00000030h]	0_2_01AC260B
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC260B mov eax, dword ptr fs:[00000030h]	0_2_01AC260B
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC260B mov eax, dword ptr fs:[00000030h]	0_2_01AC260B
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC260B mov eax, dword ptr fs:[00000030h]	0_2_01AC260B
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC260B mov eax, dword ptr fs:[00000030h]	0_2_01AC260B
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC260B mov eax, dword ptr fs:[00000030h]	0_2_01AC260B
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF2619 mov eax, dword ptr fs:[00000030h]	0_2_01AF2619
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B2E609 mov eax, dword ptr fs:[00000030h]	0_2_01B2E609
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEA660 mov eax, dword ptr fs:[00000030h]	0_2_01AEA660
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEA660 mov eax, dword ptr fs:[00000030h]	0_2_01AEA660
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B7866E mov eax, dword ptr fs:[00000030h]	0_2_01B7866E
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B7866E mov eax, dword ptr fs:[00000030h]	0_2_01B7866E
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE2674 mov eax, dword ptr fs:[00000030h]	0_2_01AE2674
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ACC640 mov eax, dword ptr fs:[00000030h]	0_2_01ACC640
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B389B3 mov esi, dword ptr fs:[00000030h]	0_2_01B389B3
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B389B3 mov eax, dword ptr fs:[00000030h]	0_2_01B389B3
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B389B3 mov eax, dword ptr fs:[00000030h]	0_2_01B389B3
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB09AD mov eax, dword ptr fs:[00000030h]	0_2_01AB09AD
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB09AD mov eax, dword ptr fs:[00000030h]	0_2_01AB09AD
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC29A0 mov eax, dword ptr fs:[00000030h]	0_2_01AC29A0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC29A0 mov eax, dword ptr fs:[00000030h]	0_2_01AC29A0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC29A0 mov eax, dword ptr fs:[00000030h]	0_2_01AC29A0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC29A0 mov eax, dword ptr fs:[00000030h]	0_2_01AC29A0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC29A0 mov eax, dword ptr fs:[00000030h]	0_2_01AC29A0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC29A0 mov eax, dword ptr fs:[00000030h]	0_2_01AC29A0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC29A0 mov eax, dword ptr fs:[00000030h]	0_2_01AC29A0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC29A0 mov eax, dword ptr fs:[00000030h]	0_2_01AC29A0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC29A0 mov eax, dword ptr fs:[00000030h]	0_2_01AC29A0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC29A0 mov eax, dword ptr fs:[00000030h]	0_2_01AC29A0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC29A0 mov eax, dword ptr fs:[00000030h]	0_2_01AC29A0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC29A0 mov eax, dword ptr fs:[00000030h]	0_2_01AC29A0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC29A0 mov eax, dword ptr fs:[00000030h]	0_2_01AC29A0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B3E9E0 mov eax, dword ptr fs:[00000030h]	0_2_01B3E9E0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE29F9 mov eax, dword ptr fs:[00000030h]	0_2_01AE29F9
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE29F9 mov eax, dword ptr fs:[00000030h]	0_2_01AE29F9
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B7A9D3 mov eax, dword ptr fs:[00000030h]	0_2_01B7A9D3
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B469C0 mov eax, dword ptr fs:[00000030h]	0_2_01B469C0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABA9D0 mov eax, dword ptr fs:[00000030h]	0_2_01ABA9D0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABA9D0 mov eax, dword ptr fs:[00000030h]	0_2_01ABA9D0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABA9D0 mov eax, dword ptr fs:[00000030h]	0_2_01ABA9D0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABA9D0 mov eax, dword ptr fs:[00000030h]	0_2_01ABA9D0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABA9D0 mov eax, dword ptr fs:[00000030h]	0_2_01ABA9D0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABA9D0 mov eax, dword ptr fs:[00000030h]	0_2_01ABA9D0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE49D0 mov eax, dword ptr fs:[00000030h]	0_2_01AE49D0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B3892A mov eax, dword ptr fs:[00000030h]	0_2_01B3892A
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B4892B mov eax, dword ptr fs:[00000030h]	0_2_01B4892B
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B3C912 mov eax, dword ptr fs:[00000030h]	0_2_01B3C912
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AA8918 mov eax, dword ptr fs:[00000030h]	0_2_01AA8918
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AA8918 mov eax, dword ptr fs:[00000030h]	0_2_01AA8918
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B2E908 mov eax, dword ptr fs:[00000030h]	0_2_01B2E908
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B2E908 mov eax, dword ptr fs:[00000030h]	0_2_01B2E908
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF096E mov eax, dword ptr fs:[00000030h]	0_2_01AF096E
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF096E mov edx, dword ptr fs:[00000030h]	0_2_01AF096E
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AF096E mov eax, dword ptr fs:[00000030h]	0_2_01AF096E
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B54978 mov eax, dword ptr fs:[00000030h]	0_2_01B54978
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B54978 mov eax, dword ptr fs:[00000030h]	0_2_01B54978
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AD6962 mov eax, dword ptr fs:[00000030h]	0_2_01AD6962
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AD6962 mov eax, dword ptr fs:[00000030h]	0_2_01AD6962
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AD6962 mov eax, dword ptr fs:[00000030h]	0_2_01AD6962
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B3C97C mov eax, dword ptr fs:[00000030h]	0_2_01B3C97C
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B30946 mov eax, dword ptr fs:[00000030h]	0_2_01B30946
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B84940 mov eax, dword ptr fs:[00000030h]	0_2_01B84940
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB0887 mov eax, dword ptr fs:[00000030h]	0_2_01AB0887
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B3C89D mov eax, dword ptr fs:[00000030h]	0_2_01B3C89D
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B7A8E4 mov eax, dword ptr fs:[00000030h]	0_2_01B7A8E4
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEC8F9 mov eax, dword ptr fs:[00000030h]	0_2_01AEC8F9
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEC8F9 mov eax, dword ptr fs:[00000030h]	0_2_01AEC8F9
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADE8C0 mov eax, dword ptr fs:[00000030h]	0_2_01ADE8C0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B808C0 mov eax, dword ptr fs:[00000030h]	0_2_01B808C0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5483A mov eax, dword ptr fs:[00000030h]	0_2_01B5483A
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5483A mov eax, dword ptr fs:[00000030h]	0_2_01B5483A
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AD2835 mov eax, dword ptr fs:[00000030h]	0_2_01AD2835
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AD2835 mov eax, dword ptr fs:[00000030h]	0_2_01AD2835
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AD2835 mov eax, dword ptr fs:[00000030h]	0_2_01AD2835
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AD2835 mov ecx, dword ptr fs:[00000030h]	0_2_01AD2835
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AD2835 mov eax, dword ptr fs:[00000030h]	0_2_01AD2835
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AD2835 mov eax, dword ptr fs:[00000030h]	0_2_01AD2835
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEA830 mov eax, dword ptr fs:[00000030h]	0_2_01AEA830
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B3C810 mov eax, dword ptr fs:[00000030h]	0_2_01B3C810
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B3E872 mov eax, dword ptr fs:[00000030h]	0_2_01B3E872
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B3E872 mov eax, dword ptr fs:[00000030h]	0_2_01B3E872
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B46870 mov eax, dword ptr fs:[00000030h]	0_2_01B46870
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B46870 mov eax, dword ptr fs:[00000030h]	0_2_01B46870
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC2840 mov ecx, dword ptr fs:[00000030h]	0_2_01AC2840
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB4859 mov eax, dword ptr fs:[00000030h]	0_2_01AB4859
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB4859 mov eax, dword ptr fs:[00000030h]	0_2_01AB4859
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE0854 mov eax, dword ptr fs:[00000030h]	0_2_01AE0854
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B64BB0 mov eax, dword ptr fs:[00000030h]	0_2_01B64BB0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B64BB0 mov eax, dword ptr fs:[00000030h]	0_2_01B64BB0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC0BBE mov eax, dword ptr fs:[00000030h]	0_2_01AC0BBE
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AC0BBE mov eax, dword ptr fs:[00000030h]	0_2_01AC0BBE
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B3CBF0 mov eax, dword ptr fs:[00000030h]	0_2_01B3CBF0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADEBFC mov eax, dword ptr fs:[00000030h]	0_2_01ADEBFC
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB8BF0 mov eax, dword ptr fs:[00000030h]	0_2_01AB8BF0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB8BF0 mov eax, dword ptr fs:[00000030h]	0_2_01AB8BF0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB8BF0 mov eax, dword ptr fs:[00000030h]	0_2_01AB8BF0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5EBD0 mov eax, dword ptr fs:[00000030h]	0_2_01B5EBD0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB0BCD mov eax, dword ptr fs:[00000030h]	0_2_01AB0BCD
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB0BCD mov eax, dword ptr fs:[00000030h]	0_2_01AB0BCD
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB0BCD mov eax, dword ptr fs:[00000030h]	0_2_01AB0BCD
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AD0BCB mov eax, dword ptr fs:[00000030h]	0_2_01AD0BCB
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AD0BCB mov eax, dword ptr fs:[00000030h]	0_2_01AD0BCB
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AD0BCB mov eax, dword ptr fs:[00000030h]	0_2_01AD0BCB
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADEB20 mov eax, dword ptr fs:[00000030h]	0_2_01ADEB20
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADEB20 mov eax, dword ptr fs:[00000030h]	0_2_01ADEB20
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B78B28 mov eax, dword ptr fs:[00000030h]	0_2_01B78B28
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B78B28 mov eax, dword ptr fs:[00000030h]	0_2_01B78B28
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B2EB1D mov eax, dword ptr fs:[00000030h]	0_2_01B2EB1D
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B2EB1D mov eax, dword ptr fs:[00000030h]	0_2_01B2EB1D
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B2EB1D mov eax, dword ptr fs:[00000030h]	0_2_01B2EB1D
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B2EB1D mov eax, dword ptr fs:[00000030h]	0_2_01B2EB1D
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B2EB1D mov eax, dword ptr fs:[00000030h]	0_2_01B2EB1D
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B2EB1D mov eax, dword ptr fs:[00000030h]	0_2_01B2EB1D
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B2EB1D mov eax, dword ptr fs:[00000030h]	0_2_01B2EB1D
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B2EB1D mov eax, dword ptr fs:[00000030h]	0_2_01B2EB1D
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B2EB1D mov eax, dword ptr fs:[00000030h]	0_2_01B2EB1D
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B84B00 mov eax, dword ptr fs:[00000030h]	0_2_01B84B00
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AACB7E mov eax, dword ptr fs:[00000030h]	0_2_01AACB7E
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B5EB50 mov eax, dword ptr fs:[00000030h]	0_2_01B5EB50
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B82B57 mov eax, dword ptr fs:[00000030h]	0_2_01B82B57
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B82B57 mov eax, dword ptr fs:[00000030h]	0_2_01B82B57
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B82B57 mov eax, dword ptr fs:[00000030h]	0_2_01B82B57
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B82B57 mov eax, dword ptr fs:[00000030h]	0_2_01B82B57
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B46B40 mov eax, dword ptr fs:[00000030h]	0_2_01B46B40
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B46B40 mov eax, dword ptr fs:[00000030h]	0_2_01B46B40
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B7AB40 mov eax, dword ptr fs:[00000030h]	0_2_01B7AB40
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B58B42 mov eax, dword ptr fs:[00000030h]	0_2_01B58B42
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AA8B50 mov eax, dword ptr fs:[00000030h]	0_2_01AA8B50
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B64B4B mov eax, dword ptr fs:[00000030h]	0_2_01B64B4B
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B64B4B mov eax, dword ptr fs:[00000030h]	0_2_01B64B4B
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB8AA0 mov eax, dword ptr fs:[00000030h]	0_2_01AB8AA0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB8AA0 mov eax, dword ptr fs:[00000030h]	0_2_01AB8AA0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B06AA4 mov eax, dword ptr fs:[00000030h]	0_2_01B06AA4
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABEA80 mov eax, dword ptr fs:[00000030h]	0_2_01ABEA80
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABEA80 mov eax, dword ptr fs:[00000030h]	0_2_01ABEA80
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABEA80 mov eax, dword ptr fs:[00000030h]	0_2_01ABEA80
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABEA80 mov eax, dword ptr fs:[00000030h]	0_2_01ABEA80
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABEA80 mov eax, dword ptr fs:[00000030h]	0_2_01ABEA80
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABEA80 mov eax, dword ptr fs:[00000030h]	0_2_01ABEA80
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABEA80 mov eax, dword ptr fs:[00000030h]	0_2_01ABEA80
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABEA80 mov eax, dword ptr fs:[00000030h]	0_2_01ABEA80
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ABEA80 mov eax, dword ptr fs:[00000030h]	0_2_01ABEA80
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B84A80 mov eax, dword ptr fs:[00000030h]	0_2_01B84A80
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE8A90 mov edx, dword ptr fs:[00000030h]	0_2_01AE8A90
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEAAEE mov eax, dword ptr fs:[00000030h]	0_2_01AEAAEE
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AEAAEE mov eax, dword ptr fs:[00000030h]	0_2_01AEAAEE
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AB0AD0 mov eax, dword ptr fs:[00000030h]	0_2_01AB0AD0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B06ACC mov eax, dword ptr fs:[00000030h]	0_2_01B06ACC
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B06ACC mov eax, dword ptr fs:[00000030h]	0_2_01B06ACC
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B06ACC mov eax, dword ptr fs:[00000030h]	0_2_01B06ACC
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE4AD0 mov eax, dword ptr fs:[00000030h]	0_2_01AE4AD0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AE4AD0 mov eax, dword ptr fs:[00000030h]	0_2_01AE4AD0
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01ADEA2E mov eax, dword ptr fs:[00000030h]	0_2_01ADEA2E
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AECA24 mov eax, dword ptr fs:[00000030h]	0_2_01AECA24
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AECA38 mov eax, dword ptr fs:[00000030h]	0_2_01AECA38
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AD4A35 mov eax, dword ptr fs:[00000030h]	0_2_01AD4A35
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AD4A35 mov eax, dword ptr fs:[00000030h]	0_2_01AD4A35
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B3CA11 mov eax, dword ptr fs:[00000030h]	0_2_01B3CA11
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B2CA72 mov eax, dword ptr fs:[00000030h]	0_2_01B2CA72
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01B2CA72 mov eax, dword ptr fs:[00000030h]	0_2_01B2CA72
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AECA6F mov eax, dword ptr fs:[00000030h]	0_2_01AECA6F
Source: C:\Users\user\Desktop\17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	Code function: 0_2_01AECA6F mov eax, dword ptr fs:[00000030h]	0_2_01AECA6F

Source: Amcache.hve.3.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.3.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.3.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.3.dr	Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

Source: Yara match	File source: 0.2.17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe.f10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1998268034.0000000000F11000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

Remote Access Functionality

Source: Yara match	File source: 0.2.17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe.f10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1998268034.0000000000F11000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	1 Virtualization/Sandbox Evasion	OS Credential Dumping	31 Security Software Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	2 Software Packing	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Process Injection	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	1 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	3 Obfuscated Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	63%	ReversingLabs	Win32.Backdoor.FormBook
17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	100%	Avira	TR/Crypt.ZPACK.Gen
17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
http://upx.sf.net	0%	URL Reputation	safe

Name	Source	Malicious	Antivirus Detection	Reputation
http://upx.sf.net	Amcache.hve.3.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1528396
Start date and time:	2024-10-07 21:54:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe
Detection:	MAL
Classification:	mal80.troj.winEXE@2/5@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 88% Number of executed functions: 5 Number of non-executed functions: 338
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.42.73.29
Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
VT rate limit hit for: 17283307843512ddb9da5feb065e9e51f430014971376a63e309c849f05d5ebedafef72522599.dat-decoded.exe

Simulations

Behavior and APIs

Time	Type	Description
15:55:30	API Interceptor	1x Sleep call for process: WerFault.exe modified

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_17283307843512dd_f9fe3f1f1e94486b2f576f19d4787792f5ebeb4_c6a5d8df_b60491c4-c368-43a6-ad9e-7c62a9c6c501\Report.wer

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.7192464669204144
Encrypted:	false
SSDEEP:	96:icFuOqhqXwhlTGqY4qU5shqahBhqg7sf2QXIDcQvc6QcEVcw3cE/GqUql+HbHg6E:rEVsEl4u5n0BU/gjEzuiFgZ24IO83
MD5:	30FEE89C4E3F63029708DDB3444AB7B3
SHA1:	FADC56E108B4C0FB1817E600F3C3830D16BA7E79
SHA-256:	62ADB0D44D5B6DC6BBD59A824FF3577348498C3B540AAE01602DFF80A7C0D2DB
SHA-512:	1F6D2599FC060A98DC8B46319D6208B3B17CDC5CD7923CAED699A4170774D61BCD81C5635EE3BD321359DAA7F4ADA5F6FAAC7F2ED016485FEA0F54E6C46C5B76
Malicious:	false
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.8.0.4.5.1.4.8.8.5.7.2.3.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.2.8.0.4.5.1.5.1.5.1.3.4.5.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.6.0.4.9.1.c.4.-.c.3.6.8.-.4.3.a.6.-.a.d.9.e.-.7.c.6.2.a.9.c.6.c.5.0.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.3.d.9.c.3.8.9.-.0.b.6.a.-.4.f.8.9.-.b.5.e.5.-.7.9.9.3.e.a.d.6.7.1.c.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.1.7.2.8.3.3.0.7.8.4.3.5.1.2.d.d.b.9.d.a.5.f.e.b.0.6.5.e.9.e.5.1.f.4.3.0.0.1.4.9.7.1.3.7.6.a.6.3.e.3.0.9.c.8.4.9.f.0.5.d.5.e.b.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.a.6.8.-.0.0.0.1.-.0.0.1.4.-.9.1.c.9.-.5.0.c.e.f.2.1.8.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.6.4.f.5.3.3.7.6.0.5.e.e.8.a.2.3.c.0.d.0.e.f.9.0.9.c.0.9.8.0.a.0.0.0.0.f.f.f.f.!.0.0.0.0.3.8.9.6.f.b.2.d.9.e.b.3.5.a.3.6.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC59E.tmp.dmp

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Mon Oct 7 19:55:14 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	25490
Entropy (8bit):	1.776014698446611
Encrypted:	false
SSDEEP:	96:5c8noo6FzRbP6UT8Kq+i7naA3yESMwF6nMcbWsjf+oWItWIfsIZKnBSx:dwOFmODiEOFmMcbpBKnBG
MD5:	4F63B5D7D648F218CF2EA2F9D80878E0
SHA1:	EC67F18B7B74F47F6B49BCFB61E9FC38A1DF78EF
SHA-256:	8ADEE6892E1E83B77A12953722B1A89104AF0496174D2501820500DEC57D683C
SHA-512:	33C9EBACFAB2682198FC7AB00F11EAB08C28C7429F5A0368AE2F2D678E247DB16A698265277FBBF55A794E7F92866F7D76A76127D7CF9BE82CB89D41B60756A0
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... ........<.g............4...............<...........<...........T.......8...........T...........p..."Z......................................................................................................eJ......L.......GenuineIntel............T.......h....<.g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC5ED.tmp.WERInternalMetadata.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8660
Entropy (8bit):	3.70397779273273
Encrypted:	false
SSDEEP:	192:R6l7wVeJSG6ZRe6Y9/SU9pKgmfdzprt89bdssf9VR/m:R6lXJD6m6Y1SU9pKgmfdEd/f3U
MD5:	DF402293730532460BBCE2B445C5A2B3
SHA1:	1A4AEB8EB3BC2F51EBBF90176A58A9F41880B65C
SHA-256:	755D59A453EDCDDE2A95C9E0ECA86B3B9E4DB45BCB2CE74A990E6C45FEDFEEA7
SHA-512:	A1E94AA99BEBFE5A0D5BD18ABAD918B69D8B227AC920127DFD7E215DF35C4809F8DECAC30D15A9811D16959CE641564D67C835A8BE4EDFAF61E0A7CA29573218
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.6.6.4.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC60D.tmp.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4987
Entropy (8bit):	4.586801287295991
Encrypted:	false
SSDEEP:	48:cvIwWl8zsZJg77aI9wbWpW8VYHPYm8M4JVfsk7FQ+q84lJ/ibPZCNCad:uIjfrI7+q7VKSJKZKPYcad
MD5:	E85D20C2E183677262A87790CA151C1F
SHA1:	EA19F816834B4A6E7DC52478F8B015AE9CB8A8EA
SHA-256:	16D7726DA4BF5AFA2E56ABEB99E086D2499C09E7A8709BA44C3EC1D9C5CFE1B3
SHA-512:	B7D33DBA0C9FEA89E9FE6EDDB6018123EB6094DBFDA92E96FA66059DA06E968ACD4BD22DB6E99AC026FEF7B9DC5E4B8923755CEAE91FC5B863CE78EB065580AF
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="533457" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Windows\appcompat\Programs\Amcache.hve