Play interactive tour

Edit tour

Analysis Report Mario Deluxe InstaII.exe

Overview

General Information

Sample Name:	Mario Deluxe InstaII.exe
Analysis ID:	344779
MD5:	f316fa6263a9ccc6c99984a4b55f6384
SHA1:	fc2da9c0625d517a1d6b16ecf3948de1de4ba1ec
SHA256:	385878ab41b52271d0360cbb92e2a7d2f662b010c189d4dad913abf2bc0d49ad
Most interesting Screenshot:
Errors Corrupt sample or wrongly selected analyzer. Details: Access is denied. Corrupt sample or wrongly selected analyzer. Details: Access is denied.

Detection

Score:	16
Range:	0 - 100
Whitelisted:	false
Confidence:	0%

Signatures

Found Tor onion address

Abnormal high CPU Usage

Contains capabilities to detect virtual machines

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to launch a program with higher privileges

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to shutdown / reboot the system

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Found dropped PE file which has not been started or loaded

Found evasive API chain checking for process token information

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file contains strange resources

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Tries to load missing DLLs

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox

Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Sample searches for specific file, try point organization specific fake files to the analysis machine

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Startup

System is w10x64

Mario Deluxe InstaII.exe (PID: 5728 cmdline: 'C:\Users\user\Desktop\Mario Deluxe InstaII.exe' -install MD5: F316FA6263A9CCC6C99984A4B55F6384)

Mario Deluxe InstaII.tmp (PID: 2540 cmdline: 'C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp' /SL5='$E021E,30541068,861184,C:\Users\user\Desktop\Mario Deluxe InstaII.exe' -install MD5: 83FC883CAAF182C20D7472508A0826D2)

Mario Deluxe InstaII.exe (PID: 2292 cmdline: 'C:\Users\user\Desktop\Mario Deluxe InstaII.exe' /SILENT MD5: F316FA6263A9CCC6C99984A4B55F6384)

Mario Deluxe InstaII.tmp (PID: 3216 cmdline: 'C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp' /SL5='$40372,30541068,861184,C:\Users\user\Desktop\Mario Deluxe InstaII.exe' /SILENT MD5: 83FC883CAAF182C20D7472508A0826D2)

namang.exe (PID: 6608 cmdline: C:\Users\user\AppData\Local\Namang\namang.exe MD5: 55CDDB0D895741E9E0CF8ACE2619015D)

download.exe (PID: 7008 cmdline: C:\Users\user\AppData\Local\Namang\download.exe MD5: 56E17751A0F1F506EE7CA9F35BD77738)

Mario Deluxe InstaII.exe (PID: 5312 cmdline: 'C:\Users\user\Desktop\Mario Deluxe InstaII.exe' /install MD5: F316FA6263A9CCC6C99984A4B55F6384)

Mario Deluxe InstaII.exe (PID: 5312 cmdline: 'C:\Users\user\Desktop\Mario Deluxe InstaII.exe' /load MD5: F316FA6263A9CCC6C99984A4B55F6384)

namang.exe (PID: 6464 cmdline: C:\Users\user\AppData\Local\Update\namang.exe MD5: 55CDDB0D895741E9E0CF8ACE2619015D)

namang.exe (PID: 5508 cmdline: C:\Users\user\AppData\Local\Packages\Update\namang.exe MD5: 55CDDB0D895741E9E0CF8ACE2619015D)

namang.exe (PID: 7072 cmdline: C:\Users\user\AppData\Local\Google\Update\namang.exe MD5: 55CDDB0D895741E9E0CF8ACE2619015D)

namang.exe (PID: 7060 cmdline: C:\Users\user\AppData\Local\Mozilla\Update\namang.exe MD5: 55CDDB0D895741E9E0CF8ACE2619015D)

namang.exe (PID: 204 cmdline: C:\Users\user\AppData\Local\Microsoft\Update\namang.exe MD5: 55CDDB0D895741E9E0CF8ACE2619015D)

namang.exe (PID: 6440 cmdline: C:\Users\user\AppData\Local\Mozilla\Update\namang.exe MD5: 55CDDB0D895741E9E0CF8ACE2619015D)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

Cryptography:

Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

Compliance:

Uses 32bit PE files

Show sources

Source: Mario Deluxe InstaII.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI, RELOCS_STRIPPED

Contains modern PE file flags such as dynamic base (ASLR) or NX

Show sources

Source: Mario Deluxe InstaII.exe

Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Binary contains paths to debug symbols

Show sources

Source:	Binary string: class pdb.Pdb(completekey='tab', stdin=None, stdout=None, skip=None, nosigint=False, readrc=True) source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: Changed in version 3.2: ".pdbrc" can now contain commands that source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: Initial commands are read from .pdbrc files in your home directory source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: .pdbr0 source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp, namang.exe, 00000012.00000003.520105262.00000000050E0000.00000004.00000001.sdmp
Source:	Binary string: comctl32v582.pdb source: namang.exe, 00000012.00000003.567864406.0000000009A67000.00000004.00000001.sdmp
Source:	Binary string: ~/.pdbrcz source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: ucrtbase.pdb source: namang.exe, 00000012.00000003.462720942.00000000099C2000.00000004.00000001.sdmp
Source:	Binary string: Raises an auditing event "pdb.Pdb" with no arguments. source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: in the ".pdbrc" file): source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: commands as if given in a ".pdbrc" file, see Debugger Commands. source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: If a file ".pdbrc" exists in the user source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: .pdbrc) source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: import pdb; pdb.Pdb(skip=['django.*']).set_trace() source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: placed in the .pdbrc file): source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: C:\A\31\b\bin\amd64\pyexpat.pdb source: namang.exe, 00000012.00000003.567864406.0000000009A67000.00000004.00000001.sdmp
Source:	Binary string: ucrtbase.pdbUGP source: namang.exe, 00000012.00000003.462720942.00000000099C2000.00000004.00000001.sdmp
Source:	Binary string: -c are executed after commands from .pdbrc files. source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: will load .pdbrc files from the filesystem. source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: If a file ".pdbrc" exists in your home directory or in the current source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: comctl32v582.pdbGCTL source: namang.exe, 00000012.00000003.567864406.0000000009A67000.00000004.00000001.sdmp
Source:	Binary string: pdb.Pdbr source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp

Spreading:

Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_0040AEF4 FindFirstFileW,FindClose,	0_2_0040AEF4
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,	0_2_0040A928
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Code function: 1_2_0040C86C FindFirstFileW,FindClose,	1_2_0040C86C
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Code function: 1_2_005F790C FindFirstFileW,GetLastError,	1_2_005F790C
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Code function: 1_2_0040C2A0 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,	1_2_0040C2A0
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Code function: 1_2_00650754 FindFirstFileW,SetFileAttributesW,FindNextFileW,FindClose,	1_2_00650754
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 2_2_0040AEF4 FindFirstFileW,FindClose,	2_2_0040AEF4
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 2_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,	2_2_0040A928
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 3_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,	3_2_0040A928
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 3_2_0040AEF4 FindFirstFileW,FindClose,	3_2_0040AEF4

Source: C:\Users\user\AppData\Local\Namang\namang.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File opened: C:\Users\user\AppData\Local\Namang\	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File opened: C:\Users\user\AppData\Local\Namang\tcl\encoding\	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File opened: C:\Users\user\AppData\Local\Namang\tcl\	Jump to behavior

Networking:

Found Tor onion address

Show sources

Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.facebookcorewwwi.onion/video.php?v=274175099429670
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: aurluhttps://www.facebookcorewwwi.onion/video.php?v=274175099429670aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttp://www.onionstudios.com/videos/hannibal-charges-forward-stops-for-a-cocktail-2937
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: aurluhttp://www.onionstudios.com/videos/hannibal-charges-forward-stops-for-a-cocktail-2937amd5u5a118d466d62b5cd03647cf2c593977fainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttp://www.onionstudios.com/embed?id=2855&autoplay=true
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: aurluhttp://www.onionstudios.com/embed?id=2855&autoplay=trueaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttp://www.onionstudios.com/video/6139.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: aurluhttp://www.onionstudios.com/video/6139.jsonaonly_matchingta_TESTSastaticmethoda_extract_urluOnionStudiosIE._extract_urla_real_extractuOnionStudiosIE._real_extracta__orig_bases__uyoutube_dl\extractor\onionstudios.pyu<module youtube_dl.extractor.onionstudios>TT

Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: a_VALID_URLuhttps://www.facebook.com/login.php?next=http%3A%2F%2Ffacebook.com%2Fhome.php&login_attempt=1uhttps://www.facebook.com/checkpoint/?next=http%3A%2F%2Ffacebook.com%2Fhome.php&_fb_noscript=1afacebooka_NETRC_MACHINEaIE_NAMEuMozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36uhttps://www.facebook.com/video/video.php?v=%suhttps://www.facebook.com/video/tahoe/async/%s/?chain=true&isvideo=true&payloadtype=primaryD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: Vaupload_dateu20160223auploaderuBarack Obamauhttps://www.facebook.com/cnn/videos/10155529876156509/amd5u9571fae53d4165bbbadb17a94651dcdcainfo_dictu10155529876156509aextamp4uShe survived the holocaust equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: ]Zaupload_dateu20180116uhttps://www.youtube.com/shared?ci=1nEzmT-M4fUD equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: a_match_ida_download_webpagea_html_search_regexu<iframe id="player_iframe"[^>]+src="([^"]+)"uiframe pathacompat_urlparseaurljoinuDownloading iframea_search_regexuwww.youtube.com/embed/(.{11})uyoutube ida_typeaurl_transparentadisplay_idaurluhttps://youtube.com/watch?v=%sa__doc__a__file__a__spec__aoriginahas_locationa__cached__aunicode_literalslacommonT equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: acourseSlugafieldswqaslugsuaupdateavideoSlugaresolutionu_%su %dpuhttps://www.linkedin.com/learning-api/detailedCoursesa_download_jsonuDownloading%s JSON metadataaheadersuCsrf-Tokena_get_cookiesaJSESSIONIDavalueaqueryaelementslagetT equals www.linkedin.com (Linkedin)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: adefaultuhttps://www.linkedin.com/uas/login-submitagroupaurla_hidden_inputsasession_keyasession_passworduLogging inadataaurlencode_postdatau<span[^>]+class="error"[^>]>\s(.+?)\s*</span>aerrorD equals www.linkedin.com (Linkedin)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: aiduhome-alone-games-jontronaextamp4atitleuHome Alone Games - JonTron - NormalBootsadescriptionuJon is late for Christmas. Typical. Thanks to: Paul Ritchey for Co-Writing/Filming: http://www.youtube.com/user/ContinueShow Michael Azzi for Christmas Intro Animation: http://michafrar.tumblr.com/ Jerrod Waters for Christmas Intro Music: http://www.youtube.com/user/xXJerryTerryXx Casey Ormond for equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: aiduhttp://www.hellointernet.fm/podcast?format=rssadescriptionuCGP Grey and Brady Haran talk about YouTube, life, work, whatever.atitleuHello Internetaplaylist_mincountldD equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: amediauhttp://search.yahoo.com/mrss/aclearleapuhttp://www.clearleap.com/namespace/clearleap/1.0/L equals www.yahoo.com (Yahoo)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: ametaclassa__prepare__aLinkedInLearningBaseIEa__getitem__u%s.__prepare__() must return a mapping, not %sa__name__u<metaclass>uyoutube_dl.extractor.linkedina__module__a__qualname__alinkedina_NETRC_MACHINEuhttps://www.linkedin.com/uas/login?trk=learningT equals www.linkedin.com (Linkedin)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: anoteuVideo with DASH manifestaurluhttps://www.facebook.com/video.php?v=957955867617029amd5ab2c28d528273b323abe5c6ab59f0f030ainfo_dictD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: anoteuswf params escapedaurluhttps://www.facebook.com/barackobama/posts/10153664894881749amd5u97ba073838964d12c70566e0085c2b91ainfo_dictD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: asluga_typeaurl_transparentuhttps://www.linkedin.com/learning/%s/%sachapterachapter_numberachapter_idaie_keyaplaylist_resultT equals www.linkedin.com (Linkedin)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: aurluhttp://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CCUQtwIwAA&url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DcmQHVoWB5FY&ei=F-sNU-LLCaXk4QT52ICQBQ&usg=AFQjCNEw4hL29zgOohLXvpJ-Bdh2bils1Q&bvm=bv.61965928,d.bGEainfo_dictD equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: aurluhttps://cdn.embedly.com/widgets/media.html?src=http%3A%2F%2Fwww.youtube.com%2Fembed%2Fvideoseries%3Flist%3DUUGLim4T2loE5rwCMdpCIPVg&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DSU4fj_aEMVw%26list%3DUUGLim4T2loE5rwCMdpCIPVg&image=http%3A%2F%2Fi.ytimg.com%2Fvi%2FSU4fj_aEMVw%2Fhqdefault.jpg&key=8ee8a2e6a8cc47aab1a5ee67f9a178e0&type=text%2Fhtml&schema=youtube&autoplay=1aonly_matchingta_TESTSa_real_extractuEmbedlyIE._real_extracta__orig_bases__uyoutube_dl\extractor\embedly.pyu<module youtube_dl.extractor.embedly>TT equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: aurluhttps://www.facebook.com/ChristyClarkForBC/videos/vb.22819070941/10153870694020942/?type=2&theateraonly_matchingtD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: aurluhttps://www.facebook.com/LaGuiaDelVaron/posts/1072691702860471ainfo_dictD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: aurluhttps://www.facebook.com/WatchESLOne/videos/359649331226507/ainfo_dictD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: aurluhttps://www.facebook.com/amogood/videos/1618742068337349/?fref=nfaonly_matchingtD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: aurluhttps://www.facebook.com/groups/1024490957622648/permalink/1396382447100162/ainfo_dictD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: aurluhttps://www.facebook.com/groups/164828000315060/permalink/764967300301124/aonly_matchingtD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: aurluhttps://www.facebook.com/l.php?u=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DpO8h3EaFRdo&h=TAQHsoToz&enc=AZN16h-b6o4Zq9pZkCCdOLNKMN96BbGMNtcFwHSaazus4JHT_MFYkAA-WARTX2kvsCIdlAIyHZjl6d33ILIJU7Jzwk_K3mcenAXoAzBNoZDI_Q7EXGDJnIhrGkLXo_LJ_pAa2Jzbx17UHMd3jAs--6j2zaeto5w9RTn8T_1kKg3fdC5WPX9Dbb18vzH7YFX0eSJmoa6SP114rvlkw6pkS1-T&s=1ainfo_dictD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: aurluhttps://www.facebook.com/l.php?u=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DpO8h3EaFRdo&h=TAQHsoToz&enc=AZN16h-b6o4Zq9pZkCCdOLNKMN96BbGMNtcFwHSaazus4JHT_MFYkAA-WARTX2kvsCIdlAIyHZjl6d33ILIJU7Jzwk_K3mcenAXoAzBNoZDI_Q7EXGDJnIhrGkLXo_LJ_pAa2Jzbx17UHMd3jAs--6j2zaeto5w9RTn8T_1kKg3fdC5WPX9Dbb18vzH7YFX0eSJmoa6SP114rvlkw6pkS1-T&s=1ainfo_dictD equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: aurluhttps://www.facebook.com/maxlayn/posts/10153807558977570amd5u037b1fa7f3c2d02b7a0d7bc16031ecc6ainfo_dictD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: aurluhttps://www.facebook.com/onlycleverentertainment/videos/1947995502095005/aonly_matchingtD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: aurluhttps://www.facebook.com/plugins/video.php?href=https%3A%2F%2Fwww.facebook.com%2Fvideo.php%3Fv%3D10204634152394104aonly_matchingtD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: aurluhttps://www.facebook.com/plugins/video.php?href=https://www.facebook.com/gov.sg/videos/10154383743583686/&show_text=0&width=560aonly_matchingtuFacebookPluginsVideoIE._real_extractuyoutube_dl\extractor\facebook.pyT equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: aurluhttps://www.facebook.com/video.php?v=10204634152394104aonly_matchingtD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: aurluhttps://www.facebook.com/video.php?v=274175099429670ainfo_dictD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: aurluhttps://www.facebook.com/video.php?v=637842556329505&fref=nfamd5u6a40d33c0eccbb1af76cf0485a052659ainfo_dictD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: aurluhttps://www.facebook.com/yaroslav.korpan/videos/1417995061575415/ainfo_dictD equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: aurluhttps://www.linkedin.com/learning/programming-foundations-fundamentals/welcome?autoplay=trueamd5aa1d74422ff0d5e66a792deb996693167ainfo_dictD equals www.linkedin.com (Linkedin)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: aurluhttps://www.linkedin.com/learning/programming-foundations-fundamentalsainfo_dictD equals www.linkedin.com (Linkedin)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.youtube.com/Kiamet/ equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.youtube.com/Kiamet/auploaderaJonTronaupload_dateu20140125aparamsD equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.youtube.com/watch?v=BaW_jenozKc equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.youtube.com/watch?v=BaW_jenozKcaonly_matchingtuUnicodeBOMIE._real_extractuyoutube_dl\extractor\commonmistakes.pyu<module youtube_dl.extractor.commonmistakes>TT equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: tuFacebookIE._extract_from_urla_real_extractuFacebookIE._real_extracta__orig_bases__aFacebookPluginsVideoIEuhttps?://(?:[\w-]+\.)?facebook\.com/plugins/video\.php\?.*?\bhref=(?P<id>https.+)uhttps://www.facebook.com/plugins/video.php?href=https%3A%2F%2Fwww.facebook.com%2Fgov.sg%2Fvideos%2F10154383743583686%2F&show_text=0&width=560u5954e92cdfe51fe5782ae9bda7058a07D equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: u%Y%m%duhttp://www.youtube.com/watch?v=ayoutube_idaplaylistunerdcubed.co.uk feedaidunerdcubed-feedaentriesa__doc__a__file__a__spec__aoriginahas_locationa__cached__aunicode_literalslacommonT equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uInvalid URL: %r . Call youtube-dl like this: youtube-dl -v "https://www.youtube.com/watch?v=BaW_jenozKc" equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uJon is late for Christmas. Typical. Thanks to: Paul Ritchey for Co-Writing/Filming: http://www.youtube.com/user/ContinueShow Michael Azzi for Christmas Intro Animation: http://michafrar.tumblr.com/ Jerrod Waters for Christmas Intro Music: http://www.youtube.com/user/xXJerryTerryXx Casey Ormond for equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uRetrieving disclaimerareamatcha_VALID_URLagroupsutoo many values to unpack (expected 2)u^(\w{2})-(.*)$aytaurl_resultuhttp://www.youtube.com/watch?v=%saYoutubeacbutheplatform:%saThePlatformaCookieuuser=%s; acompat_urllib_parseaquoteajsonadumpsD equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uThe url doesn't specify the protocol, trying with httpuhttp://aauto_warningu^(?:url\|URL)$aExtractorErroruInvalid URL: %r . Call youtube-dl like this: youtube-dl -v "https://www.youtube.com/watch?v=BaW_jenozKc" D equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttp://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CCUQtwIwAA&url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DcmQHVoWB5FY&ei=F-sNU-LLCaXk4QT52ICQBQ&usg=AFQjCNEw4hL29zgOohLXvpJ-Bdh2bils1Q&bvm=bv.61965928,d.bGE equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttp://www.youtube.com/watch?v= equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttp://www.youtube.com/watch?v=%s equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://cdn.embedly.com/widgets/media.html?src=http%3A%2F%2Fwww.youtube.com%2Fembed%2Fvideoseries%3Flist%3DUUGLim4T2loE5rwCMdpCIPVg&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DSU4fj_aEMVw%26list%3DUUGLim4T2loE5rwCMdpCIPVg&image=http%3A%2F%2Fi.ytimg.com%2Fvi%2FSU4fj_aEMVw%2Fhqdefault.jpg&key=8ee8a2e6a8cc47aab1a5ee67f9a178e0&type=text%2Fhtml&schema=youtube&autoplay=1 equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.facebook.com/ChristyClarkForBC/videos/vb.22819070941/10153870694020942/?type=2&theater equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.facebook.com/LaGuiaDelVaron/posts/1072691702860471 equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.facebook.com/WatchESLOne/videos/359649331226507/ equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.facebook.com/amogood/videos/1618742068337349/?fref=nf equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.facebook.com/barackobama/posts/10153664894881749 equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.facebook.com/checkpoint/?next=http%3A%2F%2Ffacebook.com%2Fhome.php&_fb_noscript=1 equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.facebook.com/cnn/videos/10155529876156509/ equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.facebook.com/groups/1024490957622648/permalink/1396382447100162/ equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.facebook.com/groups/164828000315060/permalink/764967300301124/ equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.facebook.com/l.php?u=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DpO8h3EaFRdo&h=TAQHsoToz&enc=AZN16h-b6o4Zq9pZkCCdOLNKMN96BbGMNtcFwHSaazus4JHT_MFYkAA-WARTX2kvsCIdlAIyHZjl6d33ILIJU7Jzwk_K3mcenAXoAzBNoZDI_Q7EXGDJnIhrGkLXo_LJ_pAa2Jzbx17UHMd3jAs--6j2zaeto5w9RTn8T_1kKg3fdC5WPX9Dbb18vzH7YFX0eSJmoa6SP114rvlkw6pkS1-T&s=1 equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.facebook.com/l.php?u=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DpO8h3EaFRdo&h=TAQHsoToz&enc=AZN16h-b6o4Zq9pZkCCdOLNKMN96BbGMNtcFwHSaazus4JHT_MFYkAA-WARTX2kvsCIdlAIyHZjl6d33ILIJU7Jzwk_K3mcenAXoAzBNoZDI_Q7EXGDJnIhrGkLXo_LJ_pAa2Jzbx17UHMd3jAs--6j2zaeto5w9RTn8T_1kKg3fdC5WPX9Dbb18vzH7YFX0eSJmoa6SP114rvlkw6pkS1-T&s=1 equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.facebook.com/login.php?next=http%3A%2F%2Ffacebook.com%2Fhome.php&login_attempt=1 equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.facebook.com/maxlayn/posts/10153807558977570 equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.facebook.com/onlycleverentertainment/videos/1947995502095005/ equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.facebook.com/plugins/video.php?href=https%3A%2F%2Fwww.facebook.com%2Fgov.sg%2Fvideos%2F10154383743583686%2F&show_text=0&width=560 equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.facebook.com/plugins/video.php?href=https%3A%2F%2Fwww.facebook.com%2Fvideo.php%3Fv%3D10204634152394104 equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.facebook.com/plugins/video.php?href=https://www.facebook.com/gov.sg/videos/10154383743583686/&show_text=0&width=560 equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.facebook.com/video.php?v=10204634152394104 equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.facebook.com/video.php?v=274175099429670 equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.facebook.com/video.php?v=637842556329505&fref=nf equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.facebook.com/video.php?v=957955867617029 equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.facebook.com/video/tahoe/async/%s/?chain=true&isvideo=true&payloadtype=primary equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.facebook.com/video/video.php?v=%s equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.facebook.com/yaroslav.korpan/videos/1417995061575415/ equals www.facebook.com (Facebook)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.linkedin.com/learning-api/detailedCourses equals www.linkedin.com (Linkedin)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.linkedin.com/learning/%s/%s equals www.linkedin.com (Linkedin)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.linkedin.com/learning/programming-foundations-fundamentals equals www.linkedin.com (Linkedin)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.linkedin.com/learning/programming-foundations-fundamentals/welcome?autoplay=true equals www.linkedin.com (Linkedin)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.linkedin.com/uas/login-submit equals www.linkedin.com (Linkedin)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.linkedin.com/uas/login?trk=learning equals www.linkedin.com (Linkedin)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uhttps://www.youtube.com/shared?ci=1nEzmT-M4fU equals www.youtube.com (Youtube)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: uwww.youtube.com/embed/(.{11}) equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: scookie.notrespone.com

Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://%s/avideo_rootuhttp://s3-2u.digitallyspeaking.com/afindallT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://%s/data/video.endLevel.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://%s/data/video.endLevel.jsonaqueryaurlKeya_get_videos_infoaplayeraida_download_webpagea_search
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://%s/v/feed/video/%s.js?template=fox
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://%s/v/feed/video/%s.js?template=foxaida_match_ida_download_webpagea_html_search_regexudata-vid
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp	String found in binary or memory: http://.css
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp	String found in binary or memory: http://.jpg
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://115.231.74.139/m1.music.126.net
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://124.40.233.182/m1.music.126.net
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://192.99.219.222:82/presstv
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://192.99.219.222:82/presstvL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://203.130.59.9/m1.music.126.net
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://5-tv.ru/angel/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://5-tv.ru/angel/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://5-tv.ru/films/1507502/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://5-tv.ru/films/1507502/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://5-tv.ru/news/96814/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://5-tv.ru/news/96814/amd5abbff554ad415ecf5416a2f48c22d9283ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://5-tv.ru/programs/broadcast/508713/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://5-tv.ru/programs/broadcast/508713/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://5-tv.ru/video/1021729/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://5-tv.ru/video/1021729/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://5pillarsuk.com/2017/06/07/tariq-ramadan-disagrees-with-pr-exercise-by-imams-refusing-funeral-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://8tracks.com/sets/%s/next?player=sm&mix_id=%s&format=jsonh&track_id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://8tracks.com/sets/%s/next?player=sm&mix_id=%s&format=jsonh&track_id=%sa_typeaplaylistaentriesa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://8tracks.com/sets/%s/play?player=sm&mix_id=%s&format=jsonh
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://8tracks.com/sets/%s/play?player=sm&mix_id=%s&format=jsonhaapi_jsonanext_urlanoteuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://8tracks.com/ytdl/youtube-dl-test-tracks-a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://8tracks.com/ytdl/youtube-dl-test-tracks-aainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://90tv.ir/video/95719/%D8%B4%D8%A7%DB%8C%D8%B9%D8%A7%D8%AA-%D9%86%D9%82%D9%84-%D9%88-%D8%A7%D9%
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://91porn.com/view_video.php?viewkey=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://91porn.com/view_video.php?viewkey=%su
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://91porn.com/view_video.php?viewkey=7e42283b4f5ab36da134
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://91porn.com/view_video.php?viewkey=7e42283b4f5ab36da134amd5u7fcdb5349354f40d41689bd0fa8db05aai
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://9gag.com/tv/embed/a5Dmvl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://9gag.com/tv/embed/a5Dmvlaonly_matchingta_TESTSD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://9gag.com/tv/p/Kk2X5/people-are-awesome-2013-is-absolutely-awesome
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://9gag.com/tv/p/Kk2X5/people-are-awesome-2013-is-absolutely-awesomeainfo_dictakXzwOKyGlSAaextam
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://9gag.com/tv/p/KklwM
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://9gag.com/tv/p/KklwMaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://9gag.com/tv/p/aKolP3
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://9gag.com/tv/p/aKolP3aaKolP3uThis
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://9gag.tv/p/Kk2X5
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://9gag.tv/p/Kk2X5aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://a_extract_m3u8_formatsu/playlist.m3u8amp4am3u8_nativeD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://abc.go.com/shows/designated-survivor/video/most-recent/VDKA3807643
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://abc.go.com/shows/designated-survivor/video/most-recent/VDKA3807643ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://abc.go.com/shows/the-catch/episode-guide/season-01/10-the-wedding
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://abc.go.com/shows/the-catch/episode-guide/season-01/10-the-weddingaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://abc.go.com/shows/world-news-tonight/episode-guide/2017-02/17-021717-intense-stand-off-between
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://achievementhunter.roosterteeth.com/episode/off-topic-the-achievement-hunter-podcast-2016-i-di
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://admin.mangomolo.com/analytics/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://admin.mangomolo.com/analytics/%sadurationaint_or_noneT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://admin.mangomolo.com/analytics/index.php/customers/embed/index?
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://admin.mangomolo.com/analytics/index.php/customers/embed/video?
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://admin.mangomolo.com/analytics/index.php/plus/getchanneldetails?channel_id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://admin.mangomolo.com/analytics/index.php/plus/season_info?id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://admin.mangomolo.com/analytics/index.php/plus/season_info?id=%suhttp://admin.mangomolo.com/ana
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://admin.mangomolo.com/analytics/index.php/plus/show
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://admin.mangomolo.com/analytics/index.php/plus/video?id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://admin.mangomolo.com/analytics/index.php/plus/video?id=%sD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://adultswim.com/videos/%s/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://adultswim.com/videos/%s/%sT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://adultswim.com/videos/rick-and-morty/pilot
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://adultswim.com/videos/rick-and-morty/pilotainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://afbbs.afreecatv.com:8080/api/video/get_video_info.php
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://afbbs.afreecatv.com:8080/api/video/get_video_info.phpuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://afbbs.afreecatv.com:8080/app/read_ucc_bbs.cgi?nStationNo=16711924&nTitleNo=36153164&szBjId=da
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ai-radio.org:8000/radio.opus
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ai-radio.org:8000/radio.opusainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://anderetijden.nl/programma/1/Andere-Tijden/aflevering/676/Duitse-soldaten-over-de-Slag-bij-Arn
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://antiserver.kuwo.cn/anti.s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://antiserver.kuwo.cn/anti.sanoteuDownload
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api-app.espn.com/v1/video/clips/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api-app.espn.com/v1/video/clips/%savideoslaheadlineT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api-embed.webservices.francetelevisions.fr/key/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api-embed.webservices.francetelevisions.fr/key/%saDailymotionIEa_extract_urlsaplaylist_result
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api-live.dumpert.nl/mobile_api/json/info/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api-live.dumpert.nl/mobile_api/json/info/T
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api.bleacherreport.com/api/v1/articles/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api.bleacherreport.com/api/v1/articles/%saarticleagetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api.channel.livestream.com/2.0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api.channel.livestream.com/2.0uls:viewsCountT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api.contents.watchabc.go.com/vp2/ws/contents/3000/videos/%s/001/-1/%s/-1/%s/-1/-1.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api.contents.watchabc.go.com/vp2/ws/contents/3000/videos/%s/001/-1/%s/-1/%s/-1/-1.jsonavideoa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api.globovideos.com/videos/%s/playlist
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api.globovideos.com/videos/%s/playlistavideoslT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api.khanacademy.org/api/v1/topic/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api.khanacademy.org/api/v1/topic/uDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api.khanacademy.org/api/v1/videos/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api.khanacademy.org/api/v1/videos/uDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api.letitbit.net/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api.letitbit.net/a_API_URLatVL0gjqo5a_API_KEYL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api.letvcloud.com/gpc.php?
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api.letvcloud.com/gpc.php?acompat_urllib_parse_urlencodeuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api.netzkino.de.simplecache.net/capi-2.0a/categories/%s.json?d=www
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api.netzkino.de.simplecache.net/capi-2.0a/categories/%s.json?d=wwwa_download_jsonapostsacusto
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api.new.livestream.com/accounts/1570303/events/1585861/videos/4719370.smil
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api.new.livestream.com/accounts/1570303/events/1585861/videos/4719370.smilainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api.nowness.com/api/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api.npr.org/query
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api.npr.org/queryaqueryaidafieldsuaudio
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api.video.mail.ru/videos/%s.json?new=1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://api.video.mail.ru/videos/%s.json?new=1uDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://apis.ign.com/video/v3/videos/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://apis.ign.com/video/v3/videos/%su
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://app.pluralsight.com/training/player?author=scott-allen&name=angularjs-get-started-m1-introduc
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://app.video.baidu.com/%s/?worktype=adnative%s&id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://app.video.baidu.com/%s/?worktype=adnative%s&id=%sareamatcha_VALID_URLagroupsutoo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://archive.org/details/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://archive.org/details/D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://archive.org/details/XD300-23_68HighlightsAResearchCntAugHumanIntellect
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://archive.org/details/XD300-23_68HighlightsAResearchCntAugHumanIntellectamd5u8af1d4cf447933ed3c
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://archive.org/embed/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://archive.org/embed/XD300-23_68HighlightsAResearchCntAugHumanIntellect
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://archive.org/embed/XD300-23_68HighlightsAResearchCntAugHumanIntellectaonly_matchingta_TESTSa_r
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://archive.org/embed/a_parse_jsona_search_regexu(?s)Play
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://archives-canalc2.u-strasbg.fr/video.asp?idVideo=11427&voir=oui
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://archives-canalc2.u-strasbg.fr/video.asp?idVideo=11427&voir=ouiaonly_matchingta_TESTSa_real_ex
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://assets.delvenetworks.com/player/loader.swf?channelId=ab6a524c379342f9b23642917020c082
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://assets.delvenetworks.com/player/loader.swf?channelId=ab6a524c379342f9b23642917020c082aonly_ma
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://assets.indavideo.hu/swf/player.swf?v=fe25e500&vID=1bdc3c6d80&autostart=1&hide=1&i=1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://assets.indavideo.hu/swf/player.swf?v=fe25e500&vID=1bdc3c6d80&autostart=1&hide=1&i=1aonly_matc
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://astripanetlocuv.lvlt.crcdn.netapathu%s/%saremove_endw/asplitT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://atv.at/aktuell/di-210317-2005-uhr/v1698449/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://atv.at/aktuell/di-210317-2005-uhr/v1698449/amd5ac3b6b975fb3150fc628572939df205f2ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://atv.at/aktuell/meinrad-knapp/d8416/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://atv.at/aktuell/meinrad-knapp/d8416/aonly_matchingta_TESTSa_real_extractuATVAtIE._real_extract
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://audioapi.orf.at/%s/api/json/current/broadcast/%s/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://audioapi.orf.at/%s/api/json/current/broadcast/%s/%sa_API_STATIONastreamsastr_or_noneT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://awaan.ae
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://awaan.ae/live/6/dubai-tv
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://awaan.ae/live/6/dubai-tvainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://awaan.ae/media/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://awaan.ae/media/%saAWAANVideoasmuggle_urluhttp://awaan.ae/program/season/%sashow_idaAWAANSeaso
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://awaan.ae/program/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://awaan.ae/program/season/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://awaan.ae/video/26723981/%D8%AF%D8%A7%D8%B1-%D8%A7%D9%84%D8%B3%D9%84%D8%A7%D9%85:-%D8%AE%D9%8A
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://awaan.aea_parse_video_datauhttp://admin.mangomolo.com/analytics/index.php/customers/embed/vid
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://awaan.aeuContent-Typeuapplication/x-www-form-urlencodedadefault_seasonaseasonsavideosacompat_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://balancer-vod.1tv.ru/%s%s.urlset/master.m3u8
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://balancer-vod.1tv.ru/%s%s.urlset/master.m3u8amp4D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://bangumi.bilibili.com/anime/1869
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://bangumi.bilibili.com/anime/1869/play#40062
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://bangumi.bilibili.com/anime/1869/play#40062aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://bangumi.bilibili.com/anime/1869ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://bangumi.bilibili.com/anime/5802/play#100643
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://bangumi.bilibili.com/anime/5802/play#100643amd5u3f721ad1e75030cc06faf73587cfec57ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://bangumi.bilibili.com/jsonp/seasoninfo/%s.ver
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://bangumi.bilibili.com/jsonp/seasoninfo/%s.veratransform_sourceastrip_jsonpaepisodesaurl_transp
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://bangumi.bilibili.com/web_api/get_source
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://bangumi.bilibili.com/web_api/get_sourceadataaurlencode_postdataaepisode_idaheadersaresulta_re
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://base.music.qq.com/fcgi-bin/fcg_musicexpress.fcg?json=3&guid=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://base.music.qq.com/fcgi-bin/fcg_musicexpress.fcg?json=3&guid=%sanoteuRetrieve
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://bbc.co.uk/2008/emp/playlist
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://bbc.co.uk/2008/mp/mediaselection
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://bcove.me/i6nfkrc3
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://bcove.me/i6nfkrc3amd5u0ba9446db037002366bab3b3eb30c88cainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://beeg.com/5416503
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://beeg.com/5416503amd5aa1a1b1a8bc70a89e49ccfd113aed0820ainfo_dictu5416503aextamp4uSultry
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://benprunty.bandcamp.com/track/lanius-battle
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://benprunty.bandcamp.com/track/lanius-battleamd5u853e35bf34aa1d6fe2615ae612564b36ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://beta.nick.com/nicky-ricky-dicky-and-dawn/videos/nicky-ricky-dicky-dawn-301-full-episode/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://beta.nick.com/nicky-ricky-dicky-and-dawn/videos/nicky-ricky-dicky-dawn-301-full-episode/aonly
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://bfmbusiness.bfmtv.com/mediaplayer/chroniques/olivier-delamarche/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://bfmbusiness.bfmtv.com/mediaplayer/chroniques/olivier-delamarche/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://biqle.org/watch/-44781847_168547604
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://biqle.org/watch/-44781847_168547604amd5u7f24e72af1db0edf7c1aaba513174f97ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://bits.orf.at/filehandler/static-api/json/current/data.json?file=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://bits.orf.at/filehandler/static-api/json/current/data.json?file=%slafloat_or_nonel
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://blazo.bandcamp.com/album/jazz-format-mixtape-vol-1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://blazo.bandcamp.com/album/jazz-format-mixtape-vol-1aplaylistL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://bleacherreport.com/articles/2496438-fsu-stat-projections-is-jalen-ramsey-best-defensive-playe
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://bleacherreport.com/articles/2586817-aussie-golfers-get-fright-of-their-lives-after-being-chas
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://bleacherreport.com/video_embed?id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://bleacherreport.com/video_embed?id=%suooyala.comuooyala:%suyoutube.comuvine.couhttps://vine.co
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://bleacherreport.com/video_embed?id=8fd44c2f-3dc5-4821-9118-2c825a98c0e1&library=video-cms
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://bleacherreport.com/video_embed?id=8fd44c2f-3dc5-4821-9118-2c825a98c0e1&library=video-cmsamd5u
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://blocklist.rkn.gov.ru/
Source: namang.exe, 00000012.00000003.572343002.00000000097F2000.00000004.00000001.sdmp	String found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://blogs.elpais.com/la-voz-de-inaki/2014/02/tiempo-nuevo-recetas-viejas.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://blogs.elpais.com/la-voz-de-inaki/2014/02/tiempo-nuevo-recetas-viejas.htmlamd5u98406f301f19562
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://bronyrock.com/track/the-pony-mash
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://bronyrock.com/track/the-pony-mashainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://businessinsider.com.pl/wideo/scenariusz-na-koniec-swiata-wedlug-nasa/dwnqptk
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://businessinsider.com.pl/wideo/scenariusz-na-koniec-swiata-wedlug-nasa/dwnqptkaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://c-cdn.coub.com/fb-player.swf?bot_type=vk&coubID=7w5a4
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://c-cdn.coub.com/fb-player.swf?bot_type=vk&coubID=7w5a4aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://c.brightcove.com/services/json/experience/runtime/?command=get_programming_for_experience&pla
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://c.brightcove.com/services/viewer/federated_f9?&playerID=1265504713001&publisherID=AQ%7E%7E%2C
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://c.brightcove.com/services/viewer/htmlFederated
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://c.brightcove.com/services/viewer/htmlFederated?%40videoPlayer=ref%3Aevent-stream-356&linkBase
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://c.brightcove.com/services/viewer/htmlFederated?playerID=1217746023001&flashID=myPlayer&%40vid
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://c.brightcove.com/services/viewer/htmlFederated?playerID=1654948606001&flashID=myExperience&%4
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://c.brightcove.com/services/viewer/htmlFederated?playerID=3550052898001&playerKey=AQ%7E%7E%2CAA
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://c.brightcove.com/services/viewer/htmlFederateda_extract_brightcove_urlsuTry
Source: namang.exe, 00000012.00000003.568204975.0000000009932000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: namang.exe, 00000012.00000003.567864406.0000000009A67000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cache.m.iqiyi.com/jp/tmts/%s/%s/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cache.m.iqiyi.com/jp/tmts/%s/%s/atransform_sourceuIqiyiIE.get_raw_data.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cache.video.qiyi.com/jp/avlist/%s/%d/%d/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cache.video.qiyi.com/jp/avlist/%s/%d/%d/l2anoteuDownload
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://calimero.tk/muzik/FictionJunction-Parallel_Hearts.flac
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://calimero.tk/muzik/FictionJunction-Parallel_Hearts.flacamd5u128c42e68b13950268b648275386fc74ai
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://camwithher.tv/view_video.php?page=&viewkey=6e9a24e2c0e842e1f177&viewtype=&category=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://camwithher.tv/view_video.php?page=&viewkey=6e9a24e2c0e842e1f177&viewtype=&category=aonly_matc
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://camwithher.tv/view_video.php?viewkey=6dfd8b7c97531a459937
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://camwithher.tv/view_video.php?viewkey=6dfd8b7c97531a459937aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://camwithher.tv/view_video.php?viewkey=6e9a24e2c0e842e1f177&page=&viewtype=&category=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://camwithher.tv/view_video.php?viewkey=6e9a24e2c0e842e1f177&page=&viewtype=&category=ainfo_dict
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://camwithher.tv/view_video.php?viewkey=b6c3b5bea9515d1a1fc4&page=&viewtype=&category=mv
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://camwithher.tv/view_video.php?viewkey=b6c3b5bea9515d1a1fc4&page=&viewtype=&category=mvaonly_ma
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://can.cbs.com/thunder/player/videoPlayerService.php
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://can.cbs.com/thunder/player/videoPlayerService.phpaqueryapartneracontentIdaxpath_elementu.//it
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://canalbrasil.globo.com/programas/sangue-latino/videos/3928201.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://canalbrasil.globo.com/programas/sangue-latino/videos/3928201.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://canaloff.globo.com/programas/desejar-profundo/videos/4518560.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://canaloff.globo.com/programas/desejar-profundo/videos/4518560.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://capi.9c9media.com/destinations/%s/platforms/desktop/contents/%s/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://capi.9c9media.com/destinations/%s/platforms/desktop/contents/%s/a_real_extractuNineCNineMedia
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://carambatv.ru/movie/bad-comedian/razborka-v-manile/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://carambatv.ru/movie/bad-comedian/razborka-v-manile/amd5aa49fb0ec2ad66503eeb46aac237d3c86ainfo_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cc.stream.qqmusic.qq.com/%s%s.%s?vkey=%s&guid=%s&fromtag=0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cc.stream.qqmusic.qq.com/%s%s.%s?vkey=%s&guid=%s&fromtag=0aprefixaextaformataformat_idaprefer
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cctv.cntv.cn/lm/tvseries_russian/yilugesanghua/index.shtml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cctv.cntv.cn/lm/tvseries_russian/yilugesanghua/index.shtmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cdn.playwire.com/11625/embed/85228.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cdn.playwire.com/11625/embed/85228.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cdn.playwire.com/v2/12342/config/1532636.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cdn.playwire.com/v2/12342/config/1532636.jsonaonly_matchingta_TESTSa_real_extractuPlaywireIE.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cdn4.videos.motherlessmedia.com/videos/%s.mp4?fs=opencloud
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cdn4.videos.motherlessmedia.com/videos/%s.mp4?fs=openclouda_rta_searchastr_to_intT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cdnapi.kaltura.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cdnapi.kaltura.comu/api_v3/index.phpD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://channel.pandora.tv/channel/video.ptv?ch_userid=gogoucc&prgid=54721744
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://channel.pandora.tv/channel/video.ptv?ch_userid=gogoucc&prgid=54721744u54721744u
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://channel9.msdn.com/%s/RSS
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://channel9.msdn.com/Events/TechEd/Australia/2013/KOS002
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://channel9.msdn.com/Events/TechEd/Australia/2013/KOS002amd5u32083d4eaf1946db6d454313f44510caain
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://channel9.msdn.com/posts/Self-service-BI-with-Power-BI-nuclear-testing
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://channel9.msdn.com/posts/Self-service-BI-with-Power-BI-nuclear-testingamd5adcf983ee6acd2088e71
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://chic.clipsyndicate.com/video/play/5844117/shark_attack
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://chic.clipsyndicate.com/video/play/5844117/shark_attackaonly_matchingta_TESTSa_real_extractuCl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://chirb.it/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://chirb.it/%sa_search_regexudata-fd=(
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://chirb.it/be2abG
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://chirb.it/be2abGainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://chirbit.com/ScarletBeauty
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://chirbit.com/ScarletBeautyainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cjsw.com/program/freshly-squeezed/episode/20170620
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cjsw.com/program/freshly-squeezed/episode/20170620amd5acee14d40f1e9433632c56e3d14977120ainfo_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cjsw.com/program/road-pops/episode/20170707/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cjsw.com/program/road-pops/episode/20170707/aonly_matchingta_TESTSa_real_extractuCJSWIE._real
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cleveland.cbslocal.com/2016/05/16/indians-score-season-high-15-runs-in-blowout-win-over-reds-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://client.expotv.com/video/config/%s/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://client.expotv.com/video/config/%s/%suDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://clientapi.hrt.hr/client_api.php/config/identify/format/json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://clientapi.hrt.hr/client_api.php/config/identify/format/jsonuHRTiBaseIE._initialize_apiuHRTiBa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://closertotruth.com/episodes/how-do-brains-work
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://closertotruth.com/episodes/how-do-brains-workainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://closertotruth.com/interviews/1725
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://closertotruth.com/interviews/1725ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://closertotruth.com/series/solutions-the-mind-body-problem#video-3688
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://closertotruth.com/series/solutions-the-mind-body-problem#video-3688ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cnn.com/video/?/video/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cnn.com/video/?/video/a__doc__a__file__a__spec__aoriginahas_locationa__cached__aunicode_liter
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cnn.com/video/?/video/politics/2015/03/27/pkg-arizona-senator-church-attendance-mandatory.ktv
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cnn.com/video/?/video/us/2015/04/06/dnt-baker-refuses-anti-gay-order.wkmg
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cnn.com/video/?/video/us/2015/04/06/dnt-baker-refuses-anti-gay-order.wkmgaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://coapi.douyucdn.cn/lapi/live/thirdPart/getPlay/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://coapi.douyucdn.cn/lapi/live/thirdPart/getPlay/anoteuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://colbertlateshow.com/video/8GmB0oY0McANFvp2aEffk9jZZZ2YyXxy/the-colbeard/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://colbertlateshow.com/video/8GmB0oY0McANFvp2aEffk9jZZZ2YyXxy/the-colbeard/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://comedycentral.com/feeds/mrss/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://comedycentral.com/feeds/mrss/a_FEED_URLL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://config.playwire.com/%s/videos/v2/%s/zeus.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://config.playwire.com/%s/videos/v2/%s/zeus.jsonasettingsatitleafloat_or_noneagetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://config.playwire.com/12421/videos/v2/3389892/zeus.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://config.playwire.com/12421/videos/v2/3389892/zeus.jsonaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://config.playwire.com/14907/videos/v2/3353705/player.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://config.playwire.com/14907/videos/v2/3353705/player.jsonamd5ae6398701e3595888125729eaa2329ed9a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://config.playwire.com/21772/videos/v2/4840492/zeus.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://config.playwire.com/21772/videos/v2/4840492/zeus.jsonainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://content.api.mnet.com/player/vodConfig
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://content.api.mnet.com/player/vodConfiguDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://content.jwplatform.com/players/nPripu9l-ALJ3XQCI.js
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://content.jwplatform.com/players/nPripu9l-ALJ3XQCI.jsamd5afa8899fa601eb7c83a64e9d568bdf325ainfo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://coub.com/api/v2/coubs/%s.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://coub.com/api/v2/coubs/%s.jsonagetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://coub.com/view/237d5l5h
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://coub.com/view/237d5l5haonly_matchingta_TESTSa_real_extractuCoubIE._real_extracta__orig_bases_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://coub.com/view/5u5n1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://coub.com/view/5u5n1ainfo_dictu5u5n1aextamp4uThe
Source: namang.exe, 00000012.00000003.573537392.0000000009AD6000.00000004.00000001.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: namang.exe, 00000012.00000003.573537392.0000000009AD6000.00000004.00000001.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: namang.exe, 00000012.00000003.573537392.0000000009AD6000.00000004.00000001.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl3E
Source: namang.exe, 00000012.00000003.568204975.0000000009932000.00000004.00000001.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: namang.exe, 00000012.00000003.573537392.0000000009AD6000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/CloudflareIncECCCA-3.crl
Source: namang.exe, 00000012.00000003.568204975.0000000009932000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: namang.exe, 00000012.00000003.573537392.0000000009AD6000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl
Source: namang.exe, 00000012.00000003.567864406.0000000009A67000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: namang.exe, 00000012.00000003.568204975.0000000009932000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: namang.exe, 00000012.00000003.567864406.0000000009A67000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://crooksandliars.com/2015/04/fox-friends-says-protecting-atheists
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://crooksandliars.com/2015/04/fox-friends-says-protecting-atheistsainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://csp.picsearch.com/rest?e=%s&containerId=mediaplayer&i=object
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://csp.picsearch.com/rest?e=%s&containerId=mediaplayer&i=objectatransform_sourceu
Source: namang.exe, 00000012.00000003.572343002.00000000097F2000.00000004.00000001.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
Source: namang.exe, 00000012.00000003.572343002.00000000097F2000.00000004.00000001.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.360437773.0000000005A75000.00000004.00000001.sdmp	String found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cwtv.com/shows/arrow/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cwtv.com/shows/arrow/D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cwtv.com/shows/arrow/legends-of-yesterday/?play=6b15e985-9345-4f60-baf8-56e96be57c63
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cwtv.com/shows/arrow/legends-of-yesterday/?play=6b15e985-9345-4f60-baf8-56e96be57c63ainfo_dic
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cwtv.com/shows/arrow/legends-of-yesterday/?watch=6b15e985-9345-4f60-baf8-56e96be57c63
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cwtv.com/shows/arrow/legends-of-yesterday/?watch=6b15e985-9345-4f60-baf8-56e96be57c63aonly_ma
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cwtv.com/thecw/chroniclesofcisco/?play=8adebe35-f447-465f-ab52-e863506ff6d6
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cwtv.com/thecw/chroniclesofcisco/?play=8adebe35-f447-465f-ab52-e863506ff6d6aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cwtvpr.com/the-cw/video?watch=9eee3f60-ef4e-440b-b3b2-49428ac9c54e
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://cwtvpr.com/the-cw/video?watch=9eee3f60-ef4e-440b-b3b2-49428ac9c54eaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://dajto.markiza.sk/filmy-a-serialy/1774695_frajeri-vo-vegas
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://dajto.markiza.sk/filmy-a-serialy/1774695_frajeri-vo-vegasaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://dcndigital.ae/#/program/205024/%D9%85%D8%AD%D8%A7%D8%B6%D8%B1%D8%A7%D8%AA-%D8%A7%D9%84%D8%B4%
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://dctp-ivms2-restapi.s3.amazonaws.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://deadspin.com/i-cant-stop-watching-john-wall-chop-the-nuggets-with-th-1681801597
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://deadspin.com/i-cant-stop-watching-john-wall-chop-the-nuggets-with-th-1681801597ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://delivery.vidible.tv/aol?playList=518013791
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://delivery.vidible.tv/aol?playList=518013791aonly_matchingta_TESTSa_real_extractuFiveMinIE._rea
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://developer.longtailvideo.com/trac/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://developer.longtailvideo.com/trac/wiki/FlashFormats
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://developer.longtailvideo.com/trac/wiki/FlashFormatsansuKarriereVideosIE._real_extract.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://digg.com/video/dog-boat-seal-play
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://digg.com/video/dog-boat-seal-playaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://digg.com/video/dream-girl-short-film
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://digg.com/video/dream-girl-short-filmaonly_matchingta_TESTSa_real_extractuDiggIE._real_extract
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://digg.com/video/sci-fi-short-jonah-daniel-kaluuya-get-out
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://digg.com/video/sci-fi-short-jonah-daniel-kaluuya-get-outainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://digitalops.sandia.gov/Mediasite/Play/24aace4429fc450fb5b38cdbf424a66e1d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://digitalops.sandia.gov/Mediasite/Play/24aace4429fc450fb5b38cdbf424a66e1damd5u9422edc9b9a601517
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://dinamics.ccma.cat/pvideo/media.jsp
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://dinamics.ccma.cat/pvideo/media.jspaqueryamediaaidintaurlaurl_or_noneagetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://disneychannel.de/sehen/soy-luna-folge-118-5518518987ba27f3cc729268
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://disneychannel.de/sehen/soy-luna-folge-118-5518518987ba27f3cc729268aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://disneyjunior.disney.com/embed/546a4798ddba3d1612e4005d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://disneyjunior.disney.com/embed/546a4798ddba3d1612e4005daonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://disneyjunior.disney.com/galactech-the-galactech-grab-galactech-an-admiral-rescue
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://disneyjunior.disney.com/galactech-the-galactech-grab-galactech-an-admiral-rescueaonly_matchin
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://disneyjunior.en.disneyme.com/dj/watch-my-friends-tigger-and-pooh-promo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://disneyjunior.en.disneyme.com/dj/watch-my-friends-tigger-and-pooh-promoaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://disneynow.go.com/shows/big-hero-6-the-series/season-01/episode-10-mr-sparkles-loses-his-spark
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://disneynow.go.com/shows/minnies-bow-toons/video/happy-campers/vdka4872013
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://disneynow.go.com/shows/minnies-bow-toons/video/happy-campers/vdka4872013aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://dl-ondemand.radiobremen.de/mediabase/%s/%s_%s_%s.mp4
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://dl-ondemand.radiobremen.de/mediabase/%s/%s_%s_%s.mp4agroupT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://docs.google.com/file/d/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://docs.google.com/file/d/%sa_search_regexu
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp, namang.exe, 00000012.00000003.520105262.00000000050E0000.00000004.00000001.sdmp	String found in binary or memory: http://docs.python.org/library/unittest.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://doma.markiza.sk/filmy/1885250_moja-vysnivana-svadba
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://doma.markiza.sk/filmy/1885250_moja-vysnivana-svadbaaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://doma.nova.cz/clanek/zdravi/prijdte-se-zapsat-do-registru-kostni-drene-jiz-ve-stredu-3-cervna.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://dotscale.bandcamp.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://dotscale.bandcamp.comainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://download-video.rts.ch/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://download-video.rts.ch/a_check_formatsa_sort_formatsT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://download.rai.it/video_no_available.mp4
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://download.rai.it/video_no_available.mp4adetermine_extam3u8amonaf4maflashuformat=m3u8aextenda_e
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ds1.ds.static.rtbf.be
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://e.omroep.nl/metadata/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://e.omroep.nl/metadata/%satransform_sourceastrip_jsonpT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ebd.cda.pl/0x0/5749950c
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ebd.cda.pl/0x0/5749950caonly_matchingta_TESTSuCDAIE._download_age_confirm_pagea_real_extractu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ec.europa.eu/avservices/audio/audioDetails.cfm?ref=I-109295&sitelang=en
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ec.europa.eu/avservices/audio/audioDetails.cfm?ref=I-109295&sitelang=enaonly_matchingta_TESTS
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ec.europa.eu/avservices/video/player.cfm?ref=I107758
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ec.europa.eu/avservices/video/player.cfm?ref=I107758amd5u574f080699ddd1e19a675b0ddf010371ainf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ec.europa.eu/avservices/video/player.cfm?sitelang=en&ref=I107786
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ec.europa.eu/avservices/video/player.cfm?sitelang=en&ref=I107786aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ec.europa.eu/avservices/video/player/playlist.cfm?ID=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ec.europa.eu/avservices/video/player/playlist.cfm?ID=%saget_itemuEuropaIE._real_extract.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ecchi.iwara.tv/videos/Vb4yf2yZspkzkBO
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ecchi.iwara.tv/videos/Vb4yf2yZspkzkBOamd5u7e5f1f359cd51a027ba4a7b7710a50f0ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://edition.cnn.com/video/?/video/sports/2013/06/09/nadal-1-on-1.cnn
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://edition.cnn.com/video/?/video/sports/2013/06/09/nadal-1-on-1.cnnamd5u3e6121ea48df7e2259fe73a0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://edition.cnn.com/video/?/video/us/2013/08/21/sot-student-gives-epic-speech.georgia-institute-o
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://edition.cnn.com/video/data/3.0/video/%s/index.xml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://edition.cnn.com/video/data/3.0/video/%s/index.xmlamedia_srcuhttp://pmd.cdn.turner.com/cnn/big
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://edition.cnn.com/videos/arts/2016/04/21/olympic-games-cultural-a-z-brazil.cnn
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://edition.cnn.com/videos/arts/2016/04/21/olympic-games-cultural-a-z-brazil.cnnaonly_matchingta_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://elcomidista.elpais.com/elcomidista/2016/02/24/articulo/1456340311_668921.html#?id_externo_nwl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://elpais.com/elpais/2017/01/26/ciencia/1485456786_417876.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://elpais.com/elpais/2017/01/26/ciencia/1485456786_417876.htmlamd5u9c79923a118a067e1a45789e1e0b0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://elpais.com/vdpep/1/?pepid=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://elpais.com/vdpep/1/?pepid=atransform_sourceastrip_jsonpamp4u(?:URLMediaFile
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://embed.5min.com/518726732/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://embed.5min.com/518726732/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://embed.crooksandliars.com/embed/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://embed.crooksandliars.com/embed/%sa_parse_jsona_search_regexuvar
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://embed.crooksandliars.com/v/MTE3MjUtMzQ2MzA
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://embed.crooksandliars.com/v/MTE3MjUtMzQ2MzAaonly_matchingta_TESTSa_real_extractuCrooksAndLiars
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://embed.francetv.fr/?ue=7fd581a2ccf59d2fc5719c5c13cf6961
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://embed.francetv.fr/?ue=7fd581a2ccf59d2fc5719c5c13cf6961D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://embed.indavideo.hu/player/video/1bdc3c6d80?autostart=1&hide=1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://embed.indavideo.hu/player/video/1bdc3c6d80?autostart=1&hide=1aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://embed.life.ru/embed/e50c2dec2867350528e2574c899b8291
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://embed.life.ru/embed/e50c2dec2867350528e2574c899b8291amd5ab889715c9e49cb1981281d0e5458fbbeainf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://embed.live.huffingtonpost.com/api/segments/%s.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://embed.live.huffingtonpost.com/api/segments/%s.jsona_download_jsonadataatitleaparse_durationag
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://embed.nexx.cloud/748/KC1614647Z27Y7T?autoplay=1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://embed.nexx.cloud/748/KC1614647Z27Y7T?autoplay=1amd5u16746bfc28c42049492385c989b26c4aainfo_dic
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://embed.redtube.com/?bgcolor=000000&id=1443286
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://embed.redtube.com/?bgcolor=000000&id=1443286aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://en.savefrom.net/#url=http://youtube.com/watch?v=UlVRAPW2WJY&utm_source=youtube.com&utm_medium
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://en.support.wordpress.com/videos/ted-talks/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://en.support.wordpress.com/videos/ted-talks/amd5u65fdff94098e4a607385a60c5177c638ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://english.cntv.cn/2016/09/03/VIDEhnkB5y9AgHyIEVphCEz1160903.shtml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://english.cntv.cn/2016/09/03/VIDEhnkB5y9AgHyIEVphCEz1160903.shtmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://english.cntv.cn/special/four_comprehensives/index.shtml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://english.cntv.cn/special/four_comprehensives/index.shtmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ent.appledaily.com.tw/enews/article/entertainment/20150128/36354694
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ent.appledaily.com.tw/enews/article/entertainment/20150128/36354694amd5aa843ab23d150977cc55ef
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ent.appledaily.com.tw/section/article/headline/20150128/36354694
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ent.appledaily.com.tw/section/article/headline/20150128/36354694aonly_matchingtu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ent.cntv.cn/2016/01/18/ARTIjprSSJH8DryTVr5Bx8Wb160118.shtml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ent.cntv.cn/2016/01/18/ARTIjprSSJH8DryTVr5Bx8Wb160118.shtmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ep3.performfeeds.com/ep%s/%s/%s/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ep3.performfeeds.com/ep%s/%s/%s/aheadersaRefereraOriginuhttp://player.performgroup.comaqueryD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://eplayer.clipsyndicate.com/embed/player.js?va_id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://eplayer.clipsyndicate.com/embed/player.js?va_id=%suDownlaoding
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://eplayer.clipsyndicate.com/osmf/playlist?%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://eplayer.clipsyndicate.com/osmf/playlist?%suDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://epv.elpais.com/epv/2017/02/14/programa_la_voz_de_inaki/1487062137_075943.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://epv.elpais.com/epv/2017/02/14/programa_la_voz_de_inaki/1487062137_075943.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://es.pinkbike.org/i/kvid/kvid-y5.swf?id=406629
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://es.pinkbike.org/i/kvid/kvid-y5.swf?id=406629aonly_matchingta_TESTSa_real_extractuPinkbikeIE._
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://escapistmagazine.com/videos/view/the-escapist-presents/6618
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://escapistmagazine.com/videos/view/the-escapist-presents/6618aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://espn.go.com/blog/golden-state-warriors/post/_/id/593/how-warriors-rapidly-regained-a-winning-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://espn.go.com/nba/playoffs/2015/story/_/id/12887571/john-wall-washington-wizards-no-swelling-le
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://espn.go.com/nba/recap?gameId=400793786
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://espn.go.com/nba/recap?gameId=400793786aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://espn.go.com/sports/endurance/story/_/id/12893522/dzhokhar-tsarnaev-sentenced-role-boston-mara
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://espn.go.com/video/clip?id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://espn.go.com/video/clip?id=%saie_keyu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://espn.go.com/video/clip?id=10365079
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://espn.go.com/video/clip?id=10365079ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://esportes.r7.com/videos/cigano-manda-recado-aos-fas/idmedia/4e176727b51a048ee6646a1b.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://esportes.r7.com/videos/cigano-manda-recado-aos-fas/idmedia/4e176727b51a048ee6646a1b.htmlaonly
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://etcanada.com/video/873675331955/meet-the-survivor-game-changers-castaways-part-2/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://etcanada.com/video/873675331955/meet-the-survivor-game-changers-castaways-part-2/aonly_matchi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://eurosport.onet.pl/zimowe/skoki-narciarskie/ziobro-wygral-kwalifikacje-w-pjongczangu/9ckrly
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://eurosport.onet.pl/zimowe/skoki-narciarskie/ziobro-wygral-kwalifikacje-w-pjongczangu/9ckrlyamd
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://events.digitallyspeaking.com/gdc/sf11/xml/12396_1299111843500GMPX.xml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://events.digitallyspeaking.com/gdc/sf11/xml/12396_1299111843500GMPX.xmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://events7.mediasite.com/Mediasite/Catalog/Full/631f9e48-530d-4543-8154-9f955d08c75e
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://events7.mediasite.com/Mediasite/Catalog/Full/631f9e48-530d-4543-8154-9f955d08c75eaonly_matchi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://events7.mediasite.com/Mediasite/Catalog/Full/631f9e48530d454381549f955d08c75e21
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://events7.mediasite.com/Mediasite/Catalog/Full/631f9e48530d454381549f955d08c75e21ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://everyonesmixtape.com/#/mix/m7m0jJAbMQi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://everyonesmixtape.com/#/mix/m7m0jJAbMQi/5
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://everyonesmixtape.com/#/mix/m7m0jJAbMQi/5ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://everyonesmixtape.com/#/mix/m7m0jJAbMQiainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://everyonesmixtape.com/mixtape.php?a=getMix&id=%s&userId=null&code=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://everyonesmixtape.com/mixtape.php?a=getMix&id=%s&userId=null&code=D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://everyonesmixtape.com/mixtape.php?a=getMixes&u=-1&linked=%s&explore=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://everyonesmixtape.com/mixtape.php?a=getMixes&u=-1&linked=%s&explore=asanitized_Requestaadd_hea
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://evt.dispeak.com/nvidia/events/gtc15/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://evt.dispeak.com/nvidia/events/gtc15/uvar
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://evt.dispeak.com/ubm/gdc/sf16/xml/840376_BQRC.xml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://evt.dispeak.com/ubm/gdc/sf16/xml/840376_BQRC.xmlamd5aa8efb6c31ed06ca8739294960b2dbabdainfo_di
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ext.nicovideo.jp/api/getthumbinfo/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ext.nicovideo.jp/api/getthumbinfo/D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://eyedo.tv/api/live/GetLive/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://eyedo.tv/api/live/GetLive/%sa_add_nsuEyedoTVIE._real_extract.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://fanda.nova.cz/clanek/fun-and-games/krvavy-epos-zaklinac-3-divoky-hon-vychazi-vyhrajte-ho-pro-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://fc-zenit.ru/video/41044/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://fc-zenit.ru/video/41044/amd5u0e3fab421b455e970fa1aa3891e57df0ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://feed.theplatform.com/f/h9dtGB/punlNGjMlc1F?fields=id&byContent=byReleases%3DbyId%253D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://feed.theplatform.com/f/h9dtGB/punlNGjMlc1F?fields=id&byContent=byReleases%3DbyId%253Daentries
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://feeds.cbsn.cbsnews.com/rundown/story
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://feeds.cbsn.cbsnews.com/rundown/storyaqueryadeviceadesktopadvr_sluga_extract_akamai_formatsaur
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://feeds.mtvnservices.com/od/feed/bet-mrss-player
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://feeds.mtvnservices.com/od/feed/bet-mrss-playera_FEED_URLa_get_feed_queryuBetIE._get_feed_quer
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://feeds.mtvnservices.com/od/feed/intl-mrss-player-feed
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://feeds.mtvnservices.com/od/feed/intl-mrss-player-feeda_get_videos_info_from_urludata-mrss=(
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://feeds.mtvnservices.com/od/feed/intl-mrss-player-feeduMTVJapanIE._get_feed_queryaMTVVideoIEumt
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://film.onet.pl/pensjonat-nad-rozlewiskiem-relacja-z-planu-serialu/y428n0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://film.onet.pl/pensjonat-nad-rozlewiskiem-relacja-z-planu-serialu/y428n0ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://film.onet.pl/zwiastuny/ghost-in-the-shell-drugi-zwiastun-pl/5q6yl3
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://film.onet.pl/zwiastuny/ghost-in-the-shell-drugi-zwiastun-pl/5q6yl3aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://fivethirtyeight.com/features/how-the-6-8-raiders-can-still-make-the-playoffs/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://fivethirtyeight.com/features/how-the-6-8-raiders-can-still-make-the-playoffs/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://flapi.nicovideo.jp/api/getflv/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://flapi.nicovideo.jp/api/getflv/u?as3=1uDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://fm4.orf.at/player/20170107/4CC
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://fm4.orf.at/player/20170107/4CCamd5u2b0be47375432a7ef104453432a19212ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://fm4.orf.at/stories/2865738/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://fm4.orf.at/stories/2865738/aplaylistL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://fod.infobase.com/p_ViewPlaylist.aspx?AssignmentID=NUN8ZY
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://fod.infobase.com/p_ViewPlaylist.aspx?AssignmentID=NUN8ZYainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://food.ndtv.com/video-basil-seeds-coconut-porridge-419083
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://food.ndtv.com/video-basil-seeds-coconut-porridge-419083aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://footyroom.com/matches/75817984/georgia-vs-germany/review
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://footyroom.com/matches/75817984/georgia-vs-germany/reviewainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://footyroom.com/matches/79922154/hull-city-vs-chelsea/review
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://footyroom.com/matches/79922154/hull-city-vs-chelsea/reviewainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://forum.dvdtalk.com/movie-talk/623756-deleted-magic-star-wars-ot-deleted-alt-scenes-docu-style.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://foxgay.com/videos/fuck-turkish-style-2582.shtml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://foxgay.com/videos/fuck-turkish-style-2582.shtmlamd5u344558ccfea74d33b7adbce22e577f54ainfo_dic
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://fr.pornhub.com/view_video.php?viewkey=ph55ca2f9760862
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://fr.pornhub.com/view_video.php?viewkey=ph55ca2f9760862aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://france3-regions.francetvinfo.fr/bretagne/cotes-d-armor/thalassa-echappee-breizh-ce-venredi-da
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://france3-regions.francetvinfo.fr/limousin/emissions/jt-1213-limousin
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://france3-regions.francetvinfo.fr/limousin/emissions/jt-1213-limousinaonly_matchingtuFranceTVIn
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://freeform.go.com/shows/shadowhunters/episodes/season-2/1-this-guilty-blood
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://freeform.go.com/shows/shadowhunters/episodes/season-2/1-this-guilty-bloodainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ftp.nluug.nl/video/nluug/2014-11-20_nj14/zaal-2/5_Lennart_Poettering_-_Systemd.webm
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ftp.nluug.nl/video/nluug/2014-11-20_nj14/zaal-2/5_Lennart_Poettering_-_Systemd.webmaidu5_Lenn
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ftp.nluug.nl/video/nluug/2014-11-20_nj14/zaal-2/5_Lennart_Poettering_-_Systemd.webmamd5u4ccbe
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://funhaus.roosterteeth.com/episode/funhaus-shorts-2016-austin-sucks-funhaus-shorts
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://funhaus.roosterteeth.com/episode/funhaus-shorts-2016-austin-sucks-funhaus-shortsaonly_matchin
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://fusion.tv/video/201781
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://fusion.tv/video/201781/u-s-and-panamanian-forces-work-together-to-stop-a-vessel-smuggling-dru
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://fusion.tv/video/201781aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://g1.globo.com/carros/autoesporte/videos/t/exclusivos-do-g1/v/mercedes-benz-gla-passa-por-teste
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://g1.globo.com/jornal-nacional/noticia/2014/09/novidade-na-fiscalizacao-de-bagagem-pela-receita
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://g1.globo.com/pr/parana/noticia/2016/09/mpf-denuncia-lula-marisa-e-mais-seis-na-operacao-lava-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://gadgets.ndtv.com/videos/uncharted-the-lost-legacy-review-465568
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://gadgets.ndtv.com/videos/uncharted-the-lost-legacy-review-465568aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://gamestar.de/_misc/videos/portal/getVideoUrl.cfm?premium=0&videoId=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://gamestar.de/_misc/videos/portal/getVideoUrl.cfm?premium=0&videoId=aextamp4aview_countacomment
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://gamevideos.1up.com/video/id/34976.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://gamevideos.1up.com/video/id/34976.htmlamd5ac9cc69e07acb675c31a16719f909e347ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://gdcvault.com/play/1020791/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://gdcvault.com/play/1020791/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://gdcvault.com/play/1023460/Tenacious-Design-and-The-Interface
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://gdcvault.com/play/1023460/Tenacious-Design-and-The-Interfaceamd5aa8efb6c31ed06ca8739294960b2d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://generation-what.francetv.fr/europe/video/present-arms
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://generation-what.francetv.fr/europe/video/present-armsaonly_matchingtuGenerationWhatIE._real_e
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://generation-what.francetv.fr/portrait/video/present-arms
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://generation-what.francetv.fr/portrait/video/present-armsainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://geo.francetv.fr/ws/edgescape.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://geo.francetv.fr/ws/edgescape.jsonuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://gfycat.com/DeadlyDecisiveGermanpinscher
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://gfycat.com/DeadlyDecisiveGermanpinscherainfo_dictaDeadlyDecisiveGermanpinscheraextamp4uGhost
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://gfycat.com/ifr/JauntyTimelyAmazontreeboa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://gfycat.com/ifr/JauntyTimelyAmazontreeboaaJauntyTimelyAmazontreeboaq
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://globoplay.globo.com/v/4581987/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://globoplay.globo.com/v/4581987/amd5af36a1ecd6a50da1577eee6dd17f67effainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://globosatplay.globo.com/globonews/v/4472924/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://globosatplay.globo.com/globonews/v/4472924/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://globotv.globo.com/canal-brasil/sangue-latino/t/todos-os-videos/v/ator-e-diretor-argentino-ric
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://globotv.globo.com/t/programa/v/clipe-sexo-e-as-negas-adeus/3836166/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://globotv.globo.com/t/programa/v/clipe-sexo-e-as-negas-adeus/3836166/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://gq.globo.com/Prazeres/Poder/noticia/2015/10/all-o-desafio-assista-ao-segundo-capitulo-da-seri
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://gshow.globo.com/programas/tv-xuxa/O-Programa/noticia/2014/01/xuxa-e-junno-namoram-muuuito-em-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://hellporno.com/videos/dixie-is-posing-with-naked-ass-very-erotic/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://hellporno.com/videos/dixie-is-posing-with-naked-ass-very-erotic/amd5af0a46ebc0bed0c72ae8fe462
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://hellporno.net/v/186271/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://hellporno.net/v/186271/aonly_matchingta_TESTSa_real_extractuHellPornoIE._real_extracta__orig_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://help.vzaar.com/article/165-embedding-video
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://help.vzaar.com/article/165-embedding-videoamd5u7e3919d9d2620b89e3e00bec7fe8c9d4ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://hentai.animestigma.com/inyouchuu-etsu-bonus/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://hentai.animestigma.com/inyouchuu-etsu-bonus/amd5u4e3d07422a68a4cc363d8f57c8bf0d23ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://hetklokhuis.nl/tv-uitzending/3471/Zwaartekrachtsgolven
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://hetklokhuis.nl/tv-uitzending/3471/Zwaartekrachtsgolvenainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://hk.apple.nextmedia.com/realtime/news/20141108/53109199
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://hk.apple.nextmedia.com/realtime/news/20141108/53109199amd5adff9fad7009311c421176d1ac90bfe4fai
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://hk.dv.nextmedia.com/actionnews/hit/20150121/19009428/20061460
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://hk.dv.nextmedia.com/actionnews/hit/20150121/19009428/20061460amd5u05fce8ffeed7a5e00665d4b7cf0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://hornbunny.com/videos/panty-slut-jerk-off-instruction-5227.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://hornbunny.com/videos/panty-slut-jerk-off-instruction-5227.htmlamd5ae20fd862d1894b67564c96f180
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ht3.cdn.turner.com/money/big
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp	String found in binary or memory: http://html4/loose.dtd
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://html5-player.libsyn.com/embed/episode/id/6385796/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://html5-player.libsyn.com/embed/episode/id/6385796/amd5u2a55e75496c790cdeb058e7e6c087746ainfo_d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://hybsa.markiza.sk/aktualne/1923790_uzasna-atmosfera-na-hybsa-v-poprade-superstaristi-si-prve-k
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://hypem.com/serve/source/%s/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://hypem.com/serve/source/%s/%sakeyuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://hypem.com/track/1v6ga/BODYWORK
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://i.gtimg.cn/music/photo/mid_album_500/%s/%s/%s.jpg
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://i.gtimg.cn/music/photo/mid_album_500/%s/%s/%s.jpg:l
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://i.y.qq.com/qzone-music/fcg-bin/fcg_ucc_getcdinfo_byids_cp.fcg
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://i.y.qq.com/qzone-music/fcg-bin/fcg_ucc_getcdinfo_byids_cp.fcguDownload
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://i.y.qq.com/v8/fcg-bin/fcg_v8_album_info_cp.fcg?albummid=%s&format=json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://i.y.qq.com/v8/fcg-bin/fcg_v8_album_info_cp.fcg?albummid=%s&format=jsonuDownload
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://i.y.qq.com/v8/fcg-bin/fcg_v8_toplist_cp.fcg
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://i.y.qq.com/v8/fcg-bin/fcg_v8_toplist_cp.fcguDownload
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ici.radio-canada.ca/audio-video/media-7527184/barack-obama-au-vietnam
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ici.radio-canada.ca/audio-video/media-7527184/barack-obama-au-vietnamainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ici.radio-canada.ca/widgets/mediaconsole/medianet/7184272
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ici.radio-canada.ca/widgets/mediaconsole/medianet/7184272ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ici.radio-canada.ca/widgets/mediaconsole/medianet/7754998/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ici.radio-canada.ca/widgets/mediaconsole/medianet/7754998/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://id.fc2.com/?mode=redirect&login=done
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://id.fc2.com/?mode=redirect&login=doneD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ida.omroep.nl/app.php/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ida.omroep.nl/app.php/%suDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ida.omroep.nl/app.php/auth
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ida.omroep.nl/app.php/authD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://images.cwtv.com/feed/mobileapp/video-meta/apiversion_8/guid_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://images.cwtv.com/feed/mobileapp/video-meta/apiversion_8/guid_agetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://imgur.com/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://imgur.com/%sahashaImgurIEaie_keyaplaylist_resultT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://imgur.com/a/j6Orj
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://imgur.com/a/j6Orjainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://imgur.com/gallery/Q95ko
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://imgur.com/gallery/Q95koainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://imgur.com/r/aww/VQcQPhM
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://imgur.com/r/aww/VQcQPhMaonly_matchingtuImgurGalleryIE._real_extractaImgurAlbumIEuimgur:albumu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://imgur.com/topic/Aww/ll5Vk
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://imgur.com/topic/Aww/ll5Vkaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://imgur.com/topic/Funny/N8rOudd
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://imgur.com/topic/Funny/N8rOuddaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://indavideo.hu/player/video/1bdc3c6d80/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://indavideo.hu/player/video/1bdc3c6d80/amd5ac8a507a1c7410685f83a06eaeeaafeabainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://insider.foxnews.com/2016/08/25/univ-wisconsin-student-group-pushing-silence-certain-words
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://insider.foxnews.com/2016/08/25/univ-wisconsin-student-group-pushing-silence-certain-wordsaonl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://instagram.com/p/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://instagram.com/p/%saie_keyaInstagramw4D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://instagram.com/p/9o6LshA7zy/embed/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://instagram.com/p/9o6LshA7zy/embed/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://interface.bilibili.com/v2/playurl?%s&sign=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://interface.bilibili.com/v2/playurl?%s&sign=%sanoteuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://iptv.orf.at/stories/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://iptv.orf.at/stories/%sudata-video(?:id)?=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://iptv.orf.at/stories/2275236/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://iptv.orf.at/stories/2275236/amd5ac8b22af4718a4b4af58342529453e3e5ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://it.dplay.com/nove/biografie-imbarazzanti/luigi-di-maio-la-psicosi-di-stanislawskij/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://it.dplay.com/nove/biografie-imbarazzanti/luigi-di-maio-la-psicosi-di-stanislawskij/amd5u2b808
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://it.redtube.com/66418
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://it.redtube.com/66418aonly_matchingta_TESTSastaticmethoda_extract_urlsuRedTubeIE._extract_urls
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://iwara.tv/videos/amVwUl1EHpAD9RD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://iwara.tv/videos/amVwUl1EHpAD9RDainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://jp.channel.pandora.tv/channel/video.ptv?c1=&prgid=53294230&ch_userid=mikakim&ref=main&lot=cat
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.360437773.0000000005A75000.00000004.00000001.sdmp	String found in binary or memory: http://json.org
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://kinja.com/ajax/inset/iframe?id=mcp-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://kinja.com/ajax/inset/iframe?id=mcp-aKinjaEmbeda__doc__a__file__a__spec__aoriginahas_locationa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://krasview.ru/video/512228
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://krasview.ru/video/512228amd5u3b91003cf85fc5db277870c8ebd98eaeainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://kron4.com/2017/04/28/standoff-with-walnut-creek-murder-suspect-ends-with-arrest/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://kron4.com/2017/04/28/standoff-with-walnut-creek-murder-suspect-ends-with-arrest/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://kusi.com/video?clipId=12203019
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://kusi.com/video?clipId=12203019aonly_matchingta_TESTSa_real_extractuKUSIIE._real_extracta__ori
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://kylin.iqiyi.com/get_token
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://kylin.iqiyi.com/get_tokennD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://kylin.iqiyi.com/validate?
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://kylin.iqiyi.com/validate?acompat_urllib_parse_urlencodeD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://legacy.dumpert.nl/embed/6675421/dc440fe7
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://legacy.dumpert.nl/embed/6675421/dc440fe7aonly_matchingta_TESTSa_real_extractuDumpertIE._real_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://legacy.dumpert.nl/mediabase/6646981/951bc60f
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://legacy.dumpert.nl/mediabase/6646981/951bc60faonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://lenta.ru/news/2015/03/06/navalny/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://lenta.ru/news/2015/03/06/navalny/u227304u
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://lentaru.media.eagleplatform.com/index/player?player=new&record_id=227304&player_template_id=5
Source: Mario Deluxe InstaII.exe, 00000000.00000003.259740807.0000000002374000.00000004.00000001.sdmp, Mario Deluxe InstaII.tmp, 00000001.00000003.254902351.0000000000D94000.00000004.00000001.sdmp, Mario Deluxe InstaII.exe, 00000002.00000003.368690899.00000000021F4000.00000004.00000001.sdmp, Mario Deluxe InstaII.tmp, 00000005.00000003.361304943.0000000002644000.00000004.00000001.sdmp	String found in binary or memory: http://lgnsoft.com/
Source: Mario Deluxe InstaII.exe, 00000000.00000003.234397065.0000000002490000.00000004.00000001.sdmp, Mario Deluxe InstaII.exe, 00000002.00000003.253021634.0000000002500000.00000004.00000001.sdmp, Mario Deluxe InstaII.tmp, 00000005.00000003.260581924.0000000003500000.00000004.00000001.sdmp	String found in binary or memory: http://lgnsoft.com/&http://lgnsoft.com/&http://lgnsoft.com/
Source: Mario Deluxe InstaII.tmp, 00000001.00000003.254902351.0000000000D94000.00000004.00000001.sdmp	String found in binary or memory: http://lgnsoft.com/QQ
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.361304943.0000000002644000.00000004.00000001.sdmp	String found in binary or memory: http://lgnsoft.com/QQd
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://link.brightcove.com/services/player/bcpid
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://link.brightcove.com/services/player/bcpid756015033001?bckey=AQ~~
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://link.brightcove.com/services/player/bcpidaheadersafatala_search_regexu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://link.theplatform.%s/s/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://link.theplatform.%s/s/%sa_TP_TLDambratrueaformatsaassetTypesuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://link.theplatform.com/s/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://link.theplatform.com/s/%s/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://link.theplatform.com/s/%s/%satp_pathD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://link.theplatform.com/s/ExhSPC/media/guid/2655402169/%s?mbr=true&formats=MPEG4
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://link.theplatform.com/s/NnzsPC/media/guid/%s/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://link.theplatform.com/s/NnzsPC/media/guid/%s/%sT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://link.theplatform.com/s/cwtv/media/guid/2703454149/%s?formats=M3U
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://link.theplatform.com/s/cwtv/media/guid/2703454149/%s?formats=M3Uastr_or_noneT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://link.theplatform.com/s/gZWlPC/media/guid/2408950221/%s?mbr=true&manifest=m3u
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://link.theplatform.com/s/gZWlPC/media/guid/2408950221/%s?mbr=true&manifest=m3uD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://link.theplatform.com/s/ngs/media/guid/2423130747/%s?mbr=true
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://link.theplatform.com/s/ngs/media/guid/2423130747/%s?mbr=trueD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://link.videoplatform.limelight.com/media/?channelId=ab6a524c379342f9b23642917020c082
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://link.videoplatform.limelight.com/media/?channelId=ab6a524c379342f9b23642917020c082ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://link.videoplatform.limelight.com/media/?channelListId=301b117890c4465c8179ede21fd92e2b
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://link.videoplatform.limelight.com/media/?channelListId=301b117890c4465c8179ede21fd92e2bainfo_d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://link.videoplatform.limelight.com/media/?mediaId=3ffd040b522b4485b6d84effc750cd86
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://link.videoplatform.limelight.com/media/?mediaId=3ffd040b522b4485b6d84effc750cd86ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://list.le.com/listn/c1009_sc532002_d2_p1_o1.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://list.le.com/listn/c1009_sc532002_d2_p1_o1.htmlaonly_matchingtaclassmethoduLePlaylistIE.suitab
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp, namang.exe, 00000012.00000003.573957670.00000000078F3000.00000004.00000001.sdmp	String found in binary or memory: http://lists.sourceforge.net/lists/listinfo/optik-users).
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://live.afreecatv.com:8079/app/index.cgi?szType=read_ucc_bbs&szBjId=dailyapril&nStationNo=167119
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://live.eyedo.net:1935/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://live.eyedo.net:1935/a_real_extractuEyedoTVIE._real_extracta__orig_bases__uyoutube_dl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://live.huffingtonpost.com/r/segment/legalese-it/52dd3e4b02a7602131000677
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://live.huffingtonpost.com/r/segment/legalese-it/52dd3e4b02a7602131000677amd5u55f5e8981c1c80a647
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://live.philharmoniedeparis.fr/Concert/1030324.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://live.philharmoniedeparis.fr/Concert/1030324.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://live.philharmoniedeparis.fr/concert/1032066.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://live.philharmoniedeparis.fr/concert/1032066.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://live.philharmoniedeparis.fr/misc/Playlist.ashx?id=1030324&track=&lang=fr
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://live.philharmoniedeparis.fr/misc/Playlist.ashx?id=1030324&track=&lang=fraonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://livepassdl.conviva.com/hf/ver/2.79.0.17083/LivePassModuleMain.swf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://livepassdl.conviva.com/hf/ver/2.79.0.17083/LivePassModuleMain.swfapage_urluhttp://www.prosieb
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://livestream.com/accounts/%s/events/%s/videos/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://livestream.com/accounts/%s/events/%s/videos/%saLivestreamT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://livestream.com/api/accounts/%s/events/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://livestream.com/bsww/concacafbeachsoccercampeonato2015
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://livestream.com/bsww/concacafbeachsoccercampeonato2015aonly_matchingta_TESTSuhttp://livestream
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://livestreamvod-f.akamaihd.net/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://livestreamvod-f.akamaihd.net/afindallu.//videoaint_or_noneaattribT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://lnkgo.alfa.lt/visi-video/aktualai-pratesimas/ziurek-nerdas-taiso-kompiuteri-2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://lnkgo.alfa.lt/visi-video/aktualai-pratesimas/ziurek-nerdas-taiso-kompiuteri-2ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://loc.gov/item/90716351/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://loc.gov/item/90716351/amd5u6ec0ae8f07f86731b1b2ff70f046210aainfo_dictu90716351uPa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://localization.services.pbs.org/localize/auto/cookie/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://localization.services.pbs.org/localize/auto/cookie/naheadersageo_verification_headersafatalag
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://loopstream01.apa.at/?channel=%s&id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://loopstream01.apa.at/?channel=%s&id=%sa_LOOP_STATIONaclean_htmlT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://losangeles.cbslocal.com/2016/05/16/safety-advocates-say-fatal-car-seat-failures-are-public-he
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://lovehomeporn.com/media/nuevo/config.php?key=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://lovehomeporn.com/media/nuevo/config.php?key=%saupdateadisplay_idaage_limitl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://lovehomeporn.com/video/48483/stunning-busty-brunette-girlfriend-sucking-and-riding-a-big-dick
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.4tube.com/videos/209733/hot-babe-holly-michaels-gets-her-ass-stuffed-by-black
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.4tube.com/videos/209733/hot-babe-holly-michaels-gets-her-ass-stuffed-by-blackaonly_matching
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.douyu.com/html5/live?roomId=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.douyu.com/html5/live?roomId=%sD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.drtuber.com/video/3893529/lingerie-blowjob-from-beautiful-teen
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.drtuber.com/video/3893529/lingerie-blowjob-from-beautiful-teenaonly_matchingta_TESTSastatic
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.liveleak.com/view?i=763_1473349649
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.liveleak.com/view?i=763_1473349649aadd_ieL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.mgoon.com/ch/hi6618/v/5582148
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.mgoon.com/ch/hi6618/v/5582148amd5add46bb66ab35cf6d51cc812fd82da79dainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.mlb.com/shared/video/embed/embed.html?content_id=35692085&topic_id=6479266&width=400&height
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.mlb.com/video/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.my.mail.ru/mail/3sktvtr/video/_myvideo/138.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.my.mail.ru/mail/3sktvtr/video/_myvideo/138.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.nuvid.com/video/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.nuvid.com/video/%sa_download_webpageuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.nuvid.com/video/1310741/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.nuvid.com/video/1310741/amd5aeab207b7ac4fccfb4e23c86201f11277ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.ok.ru/video/20079905452
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.ok.ru/video/20079905452aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.pandora.tv/?c=api&m=play_url
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.pandora.tv/?c=api&m=play_urlaurlencode_postdataaruntimeT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.pandora.tv/?c=view&ch_userid=mikakim&prgid=54600346
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.pandora.tv/?c=view&ch_userid=mikakim&prgid=54600346aonly_matchingta_TESTSa_real_extractuPan
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.pandora.tv/?c=view&m=viewJsonApi&ch_userid=%s&prgid=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.pandora.tv/?c=view&m=viewJsonApi&ch_userid=%s&prgid=%sadataarowsavod_play_infoaresultaitems
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.tvpot.daum.net/clip/ClipView.tv?clipid=54999425
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.tvpot.daum.net/clip/ClipView.tv?clipid=54999425aonly_matchingtaclassmethoduDaumClipIE.suita
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.tvpot.daum.net/mypot/Top.tv?ownerid=45x1okb1If50&playlistid=3569733
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.tvpot.daum.net/mypot/Top.tv?ownerid=45x1okb1If50&playlistid=3569733aonly_matchingtuDaumUser
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.tvpot.daum.net/v/65139429
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m.tvpot.daum.net/v/65139429u65139429u1297
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m5.music.126.net
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://m5.music.126.netuhttp://115.231.74.139/m1.music.126.netuhttp://124.40.233.182/m1.music.126.ne
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://magazzino.friday.ru/videos/vipuski/kazan-2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://magazzino.friday.ru/videos/vipuski/kazan-2D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://maison.radiofrance.fr/radiovisions/one-one
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://maison.radiofrance.fr/radiovisions/one-oneamd5abdbb28ace95ed0e04faab32ba3160dafainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mam.eitb.eus/mam/REST/ServiceMultiweb/DomainRestrictedSecurity/TokenAuth/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mam.eitb.eus/mam/REST/ServiceMultiweb/DomainRestrictedSecurity/TokenAuth/aheadersaRefereruDow
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mam.eitb.eus/mam/REST/ServiceMultiweb/Video/MULTIWEBTV/%s/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mam.eitb.eus/mam/REST/ServiceMultiweb/Video/MULTIWEBTV/%s/uDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://manifest.us.rtl.nl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://manifest.us.rtl.nla_extract_m3u8_formatsamp4D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mas-e.cds1.yospace.com/mas/%s/%s?trans=json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mas-e.cds1.yospace.com/mas/%s/%s?trans=jsonatransform_sourceagetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://matchtv.ru/#live-player
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://matchtv.ru/#live-playerainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://matchtv.ru/on-air/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://matchtv.ru/on-air/aonly_matchingta_TESTSa_real_extractuMatchTVIE._real_extracta__orig_bases__
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://me.ign.com/ar/angry-birds-2/106533/video/lrd-ldyy-lwl-lfylm-angry-birds
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://me.ign.com/ar/angry-birds-2/106533/video/lrd-ldyy-lwl-lfylm-angry-birdsaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://me.ign.com/en/feature/15775/100-little-things-in-gta-5-that-will-blow-your-mind
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://me.ign.com/en/feature/15775/100-little-things-in-gta-5-that-will-blow-your-mindainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://me.ign.com/en/videos/112203/video/how-hitman-aims-to-be-different-than-every-other-s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://me.ign.com/en/videos/112203/video/how-hitman-aims-to-be-different-than-every-other-saonly_mat
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://media.mtvnservices.com/embed/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://media.mtvnservices.com/embed/%sa__doc__a__file__a__spec__aoriginahas_locationa__cached__aunic
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://media.mtvnservices.com/embed/mgid:uma:video:mtv.com:1043906/cp~vid%3D1043906%26uri%3Dmgid%3Au
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://media.mtvnservices.com/pmt/e1/access/index.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://media.mtvnservices.com/pmt/e1/access/index.html?uri=%s&configtype=edge
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://media.mtvnservices.com/pmt/e1/access/index.html?uri=%s&configtype=edgeafeedWithQueryParamsa_V
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://media.mtvnservices.com/pmt/e1/access/index.htmlauriaconfigtypeaedgeaheadersaReferera_remove_t
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://media.nationalarchives.gov.uk/index.php/webinar-using-discovery-national-archives-online-cata
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://media.ntv.ru/vod/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://media.ntv.ru/vod/aappendaurlafile_afilesizeaint_or_noneu./%ssizea_sort_formatsaidu./idadescri
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://media.photobucket.com/user/rachaneronas/media/TiredofLinkBuildingTryBacklinkMyDomaincom_zpsc0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://media.rozhlas.cz/_audio/%s.mp3
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://media.rozhlas.cz/_audio/%s.mp3avcodecanonea__doc__a__file__a__spec__aoriginahas_locationa__ca
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://media.w3.org/2010/05/sintel/trailer.mp4
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://media.w3.org/2010/05/sintel/trailer.mp4amd5u67d406c2bcb6af27fa886f31aa934bbeainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mediasite.uib.no/Mediasite/Play/90bb363295d945d6b548c867d01181361d?catalog=a452b7df-9ae1-46b7
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mediathek.daserste.de/sendungen_a-z/328454_anne-will/22429276_vertrauen-ist-gut-spionieren-is
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mediathek.rbb-online.de/radio/H
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://metacafe.com/watch/yt-_aUehQsCQtM/the_electric_company_short_i_pbs_kids_go/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://metacafe.com/watch/yt-_aUehQsCQtM/the_electric_company_short_i_pbs_kids_go/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://metafilegenerator.de/WDR/WDR_FS/hds/hds.smil
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://metafilegenerator.de/WDR/WDR_FS/hds/hds.smilainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://metax.contv.live.junctiontv.net/metax/2.5/details/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://metax.contv.live.junctiontv.net/metax/2.5/details/D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://metax.contv.live.junctiontv.net/metax/2.5/seriesfeed/json/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://metax.contv.live.junctiontv.net/metax/2.5/seriesfeed/json/aepisodesT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://michafrar.tumblr.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mixer.com/niterhayven
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mixer.com/niterhayvenainfo_dictu261562uIntroducing
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mlb.mlb.com/es/video/play.jsp?content_id=36599553
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mlb.mlb.com/es/video/play.jsp?content_id=36599553aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mlb.mlb.com/shared/video/embed/embed.html?content_id=36599553
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mlb.mlb.com/shared/video/embed/embed.html?content_id=36599553aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mlb.mlb.com/shared/video/embed/m-internal-embed.html?content_id=75609783&property=mlb&autopla
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mnet.interest.me/tv/vod/172790
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mnet.interest.me/tv/vod/172790aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mobile.ok.ru/video/20079905452
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mobile.ok.ru/video/20079905452aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://moevideo.net/video/00297.0036103fe3d513ef27915216fd29
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://moevideo.net/video/00297.0036103fe3d513ef27915216fd29amd5u129f5ae1f6585d0e9bb4f38e774ffb3aain
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://money.cnn.com/video/data/4.0/video/%s.xml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://money.cnn.com/video/data/4.0/video/%s.xmlamedia_srcuhttp://ht3.cdn.turner.com/money/biga_extr
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://money.cnn.com/video/news/2016/08/19/netflix-stunning-stats.cnnmoney/index.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://money.cnn.com/video/news/2016/08/19/netflix-stunning-stats.cnnmoney/index.htmlamd5u52a515dc1b
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://motherless.com/532291B
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://motherless.com/532291Bamd5abc59a6b47d1f958e61fbd38a4d31b131ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://motherless.com/8B4BBC1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://motherless.com/8B4BBC1aonly_matchingta_TESTSa_real_extractuMotherlessIE._real_extracta__orig_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://motherless.com/AC3FFE1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://motherless.com/AC3FFE1amd5u310f62e325a9fafe64f68c0bccb6e75fainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://motherless.com/g/cosplay/633979F
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://motherless.com/g/cosplay/633979Famd5u0b2a43f447a49c3e649c93ad1fafa4a0ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://motherless.com/g/movie_scenes
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://motherless.com/g/movie_scenesainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://motherless.com/gv/sex_must_be_funny
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://motherless.com/gv/sex_must_be_funnyainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://moto.onet.pl/jak-wybierane-sa-miejsca-na-fotoradary/6rs04e
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://moto.onet.pl/jak-wybierane-sa-miejsca-na-fotoradary/6rs04eaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://movies.ndtv.com/videos/cracker-free-diwali-wishes-from-karan-johar-kriti-sanon-other-stars-47
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://movietrailers.apple.com/trailers/focus_features/kuboandthetwostrings/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://movietrailers.apple.com/trailers/focus_features/kuboandthetwostrings/aonly_matchingta_TESTSui
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://movingimage.nls.uk/film/3561
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://movingimage.nls.uk/film/3561amd5u4caa05c2b38453e6f862197571a7be2fainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mpos.mgoon.com/player/video?id=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mtv.mtvnimages.com/uri/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mtv.mtvnimages.com/uri/T
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mtvnmobile.vo.llnwd.net/kip0/_pxn=0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mundonick.uol.com.br/programas/the-loud-house/videos/muitas-irmas/7ljo9j
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mundonick.uol.com.br/programas/the-loud-house/videos/muitas-irmas/7ljo9jaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/album?id=220780
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/album?id=220780ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/artist?id=10559
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/artist?id=10559ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/artist?id=124098
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/artist?id=124098ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/discover/toplist?id=3733003
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/discover/toplist?id=3733003ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/djradio?id=42
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/djradio?id=42ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/mv?id=415350
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/mv?id=415350ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/playlist?id=79177352
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/playlist?id=79177352ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/program?id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/program?id=%saNetEaseMusicProgramaradioadescamorea__doc__a__file__a__spec__ao
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/program?id=10109055
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/program?id=10109055ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/program?id=10141022
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/program?id=10141022ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/song?id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/song?id=%saNetEaseMusicaplaylist_resultuartist/%s?id=%suDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/song?id=22735043
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/song?id=22735043ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/song?id=29822014
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/song?id=29822014ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/song?id=32102397
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/#/song?id=32102397amd5af2e97280e6345c74ba9d5677dd5dcb45ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/api/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/api/aclassmethoduNetEaseMusicBaseIE._encryptuNetEaseMusicBaseIE.extract_formats
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/song?id=17241424
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://music.163.com/song?id=17241424ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://muz-tv.ru/kinozal/view/7400/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://muz-tv.ru/kinozal/view/7400/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://muz-tv.ru/play/7129/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://muz-tv.ru/play/7129/u12820u
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mwave.interest.me/en/meetgreet/view/256
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mwave.interest.me/en/meetgreet/view/256aonly_matchingtuMwaveMeetGreetIE._real_extractuyoutube
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mwave.interest.me/en/mnettv/videodetail.m?searchVideoDetailVO.clip_id=176199
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mwave.interest.me/en/mnettv/videodetail.m?searchVideoDetailVO.clip_id=176199aonly_matchingta_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mwave.interest.me/meetgreet/view/256
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mwave.interest.me/meetgreet/view/256u173294u
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mwave.interest.me/mnettv/videodetail.m?searchVideoDetailVO.clip_id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mwave.interest.me/mnettv/videodetail.m?searchVideoDetailVO.clip_id=%saurluhttp://mwave.intere
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mwave.interest.me/mnettv/videodetail.m?searchVideoDetailVO.clip_id=168859
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mwave.interest.me/onair/vod_info.m?vodtype=CL&sectorid=&endinfo=Y&id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://mwave.interest.me/onair/vod_info.m?vodtype=CL&sectorid=&endinfo=Y&id=%suDownload
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://my.mail.ru/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://my.mail.ru/corp/hitech/video/news_hi-tech_mail_ru/1263.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://my.mail.ru/corp/hitech/video/news_hi-tech_mail_ru/1263.htmlamd5u00a91a58c3402204dcced523777b4
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://my.mail.ru/mail/720pizle/video/_myvideo/502.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://my.mail.ru/mail/720pizle/video/_myvideo/502.htmlamd5u3b26d2491c6949d031a32b96bd97c096ainfo_di
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://my.mail.ru/video/top#video=/mail/sonypicturesrus/75/76
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://my.mail.ru/video/top#video=/mail/sonypicturesrus/75/76amd5adea205f03120046894db4ebb6159879aai
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://myvi.ru/player/api/Video/Get/%s?sig
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://myvi.ru/player/api/Video/Get/%s?sigasprutoDataa_extract_sprutoaMyviIEasuitableaMyviEmbedIEa_d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://myvi.ru/player/api/Video/Get/oOy4euHA6LVwNNAjhD9_Jq5Ha2Qf0rtVMVFMAZav8wObeRTZaCATzucDQIDph8hQ
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://myvi.ru/player/content/preloader.swf?id=oOy4euHA6LVwNNAjhD9_Jq5Ha2Qf0rtVMVFMAZav8wOYf1WFpPfc_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://myvi.ru/player/embed/html/oOy4euHA6LVwNNAjhD9_Jq5Ha2Qf0rtVMVFMAZav8wObeRTZaCATzucDQIDph8hQU0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://myvi.ru/player/embed/html/oOy4euHA6LVwNNAjhD9_Jq5Ha2Qf0rtVMVFMAZav8wObeRTZaCATzucDQIDph8hQU0a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://myvi.ru/player/flash/ocp2qZrHI-eZnHKQBK4cZV60hslH8LALnk0uBfKsB-Q4WnY26SeGoYPi8HWHxu0O30
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://myvi.ru/player/flash/ocp2qZrHI-eZnHKQBK4cZV60hslH8LALnk0uBfKsB-Q4WnY26SeGoYPi8HWHxu0O30aonly_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://myvi.tv/embed/html/oTGTNWdyz4Zwy_u1nraolwZ1odenTd9WkTnRfIL9y8VOgHYqOHApE575x4_xxS9Vn0?ap=0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://myvi.tv/embed/html/oTGTNWdyz4Zwy_u1nraolwZ1odenTd9WkTnRfIL9y8VOgHYqOHApE575x4_xxS9Vn0?ap=0aon
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://n16.joj.sk/storage/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://n16.joj.sk/storage/%sareplaceT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://nakedsecurity.sophos.com/2014/10/29/sscc-171-are-you-sure-that-1234-is-a-bad-password-podcast
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://nba.cdn.turner.com/nba/big
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://nba.cdn.turner.com/nba/bigam3u8D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://nbavod-f.akamaihd.net
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://nbavod-f.akamaihd.neta__doc__a__file__a__spec__aoriginahas_locationa__cached__aunicode_litera
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ndr2.radio.de/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ndr2.radio.de/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://new.livestream.com/CoheedandCambria/WebsterHall/videos/4719370
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://new.livestream.com/CoheedandCambria/WebsterHall/videos/4719370amd5u53274c76ba7754fb0e8d072716
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://new.livestream.com/chess24/tatasteelchess
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://new.livestream.com/chess24/tatasteelchessainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://new.livestream.com/tedx/cityenglish
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://new.livestream.com/tedx/cityenglishainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://news.cts.com.tw/action/test_mp4feed.php
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://news.cts.com.tw/action/test_mp4feed.phpanoteuFetching
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://news.cts.com.tw/cts/international/201309/201309031304098.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://news.cts.com.tw/cts/international/201309/201309031304098.htmlamd5u3aee7e0df7cdff94e43581f54c2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://news.cts.com.tw/cts/international/201501/201501291578109.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://news.cts.com.tw/cts/international/201501/201501291578109.htmlamd5aa9875cb790252b08431186d741b
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://news.cts.com.tw/cts/money/201501/201501291578003.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://news.cts.com.tw/cts/money/201501/201501291578003.htmlamd5ae4726b2ccd70ba2c319865e28f0a91d1ain
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://news.morningstar.com/cover/videocenter.aspx?id=825556
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://news.morningstar.com/cover/videocenter.aspx?id=825556aonly_matchingta_TESTSa_real_extractuMor
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://newyork.cbslocal.com/video/3580809-a-very-blue-anniversary/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://newyork.cbslocal.com/video/3580809-a-very-blue-anniversary/ainfo_dictaidu3580809aextamp4atitl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://nightbringer.bandcamp.com/album/hierophany-of-the-open-grave
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://nightbringer.bandcamp.com/album/hierophany-of-the-open-graveainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://njpwworld.com/p/s_series_00155_1_9/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://njpwworld.com/p/s_series_00155_1_9/ainfo_dictas_series_00155_1_9aextamp4u
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://nkdam.iltrovatore.it
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://nkdam.iltrovatore.itaidatitleadescriptiona_og_search_descriptionD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://noco.tv/cdata/js/player/NocoPlayer-v1.2.40.swf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://noco.tv/cdata/js/player/NocoPlayer-v1.2.40.swfacompat_urlparseaparse_qsaurlparseaqueryaint_or
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://noco.tv/emission/11538/nolife/ami-ami-idol-hello-france/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://noco.tv/emission/11538/nolife/ami-ami-idol-hello-france/amd5u0a993f0058ddbcd902630b2047ef710e
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://noco.tv/emission/12610/lbl42/the-guild/s01e01-wake-up-call
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://noco.tv/emission/12610/lbl42/the-guild/s01e01-wake-up-callamd5ac190f1f48e313c55838f1f41222593
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://nonredline.sports.espn.go.com/video/clip?id=19744672
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://nonredline.sports.espn.go.com/video/clip?id=19744672aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://noovo.ca/videos/l-amour-est-dans-le-pre/episode-13-8
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://noovo.ca/videos/l-amour-est-dans-le-pre/episode-13-8ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://noovo.ca/videos/rpm-plus/chrysler-imperial
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://noovo.ca/videos/rpm-plus/chrysler-imperialainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://normalboots.com/video/home-alone-games-jontron/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://normalboots.com/video/home-alone-games-jontron/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://nosvideo.com/?v=mu8fle7g7rpq
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://nosvideo.com/?v=mu8fle7g7rpqamd5u6124ed47130d8be3eacae635b071e6b6ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://nosvideo.com/xml/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://noticias.r7.com/record-news/video/representante-do-instituto-sou-da-paz-fala-sobre-fim-do-est
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://nova.bg/news/view/2016/08/16/156543/%D0%BD%D0%B0-%D0%BA%D0%BE%D1%81%D1%8A%D0%BC-%D0%BE%D1%82-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://nx-%s%02d.akamaized.net/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://nx-%s%02d.akamaized.net/aprotectiondataatokenamatcha_VALID_URLT
Source: namang.exe, 00000012.00000003.573537392.0000000009AD6000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com
Source: namang.exe, 00000012.00000003.568204975.0000000009932000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: namang.exe, 00000012.00000003.567864406.0000000009A67000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0N
Source: namang.exe, 00000012.00000003.568204975.0000000009932000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ocw.mit.edu/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ocw.mit.edu/a_BASE_URLL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-041-probabilistic-systems-a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ocw.mit.edu/courses/mathematics/18-01sc-single-variable-calculus-fall-2010/1.-differentiation
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://odatv.com/mob_video.php?id=8E388
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://odatv.com/mob_video.php?id=8E388aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://odatv.com/mob_video.php?id=8E900
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://odatv.com/mob_video.php?id=8E900aonly_matchingta_TESTSa_real_extractuOdaTVIE._real_extracta__
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://odatv.com/vid_video.php?id=8E388
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://odatv.com/vid_video.php?id=8E388amd5adc61d052f205c9bf2da3545691485154ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://oe1.orf.at/player/20170108/456544
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://oe1.orf.at/player/20170108/456544amd5u34d8a6e67ea888293741c86a099b745bainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://oglobo.globo.com/rio/a-amizade-entre-um-entregador-de-farmacia-um-piano-19946271
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://oglobo.globo.com/rio/a-amizade-entre-um-entregador-de-farmacia-um-piano-19946271aonly_matchin
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ok.ru/video/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ok.ru/video/%sa_search_regexu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ok.ru/video/20079905452
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ok.ru/video/20079905452amd5u0b62089b479e06681abaaca9d204f152ainfo_dictu20079905452u
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ok.ru/video/62036049272859-0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ok.ru/video/62036049272859-0ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ok.ru/video/63567059965189-0?fromTime=5
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ok.ru/video/63567059965189-0?fromTime=5u6ff470ea2dd51d5d18c295a355b0b6bcu63567059965189-0u
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ok.ru/video/64211978996595-1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ok.ru/video/64211978996595-1amd5u2f206894ffb5dbfcce2c5a14b909eea5ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ok.ru/web-api/video/moviePlayer/20079905452
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ok.ru/web-api/video/moviePlayer/20079905452aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://on-demand.gputechconf.com/gtc/2015/video/S5156.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://on-demand.gputechconf.com/gtc/2015/video/S5156.htmlamd5aa8862a00a0fd65b8b43acc5b8e33f798ainfo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://once.unicornmedia.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://once.unicornmedia.com/now/master/playlist/%s/%s/%s/content.m3u8
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://once.unicornmedia.com/now/master/playlist/%s/%s/%s/content.m3u8uhttp://once.unicornmedia.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://once.unicornmedia.com/now/master/playlist/bb0b18ba-64f5-4b1b-a29f-0ac252f06b68/77a785f3-5188-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://once.unicornmedia.com/now/media/progressive/%s/%s/%s/%s/content.mp4
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://once.unicornmedia.comD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://onet.tv/k/openerfestival
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://onet.tv/k/openerfestival/open-er-festival-2016-najdziwniejsze-wymagania-gwiazd/qbpyqc
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://onet.tv/k/openerfestival/open-er-festival-2016-najdziwniejsze-wymagania-gwiazd/qbpyqcamd5u436
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://onet.tv/k/openerfestivalainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://onionstudios.com/embed/dc94dc2899fe644c0e7241fa04c1b732.js
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://onionstudios.com/embed/dc94dc2899fe644c0e7241fa04c1b732.jsacompat_stra_parse_jsona_search_reg
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ootboxford.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ootboxford.comainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://open.live.bbc.co.uk/mediaselector/4/mtis/stream/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://open.live.bbc.co.uk/mediaselector/5/select/version/2.0/mediaset/iptv-all/vpid/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://open.live.bbc.co.uk/mediaselector/5/select/version/2.0/mediaset/iptv-all/vpid/%suhttp://open.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://open.live.bbc.co.uk/mediaselector/5/select/version/2.0/mediaset/journalism-pc/vpid/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://open.live.bbc.co.uk/mediaselector/5/select/version/2.0/mediaset/pc/vpid/%s
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp	String found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://original.livestream.com/dealbook/video?clipId=pla_8aa4a3f1-ba15-46a4-893b-902210e138fb
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://original.livestream.com/dealbook/video?clipId=pla_8aa4a3f1-ba15-46a4-893b-902210e138fbupla_8a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://original.livestream.com/znsbahamas
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://original.livestream.com/znsbahamasaonly_matchingtuLivestreamOriginalIE._extract_video_infouLi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ortcam.com/solidworks-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ostbahnhof.podomatic.com/entry/2013-11-15T16_31_21-08_00
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ostbahnhof.podomatic.com/entry/2013-11-15T16_31_21-08_00amd5ad2cf443931b6148e27638650e2638297
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://out.pladform.ru/getVideo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://out.pladform.ru/getVideoavideoidafailuPladformIE._real_extract.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://p.bokecc.com/servlet/playinfo?uid=%s&vid=%s&m=1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://p.bokecc.com/servlet/playinfo?uid=%s&vid=%s&m=1asiteidlavidafindallT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://p2s.cl.kankan.com/getCdnresource_flv?gcid=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://p2s.cl.kankan.com/getCdnresource_flv?gcid=%suDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://pad.philharmoniedeparis.fr/doc/CIMU/1086697/jazz-a-la-villette-knower
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://pad.philharmoniedeparis.fr/doc/CIMU/1086697/jazz-a-la-villette-knoweramd5aa0a4b195f5446450736
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://pages.rts.ch/emissions/passe-moi-les-jumelles/5624065-entre-ciel-et-mer.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://pages.rts.ch/emissions/passe-moi-les-jumelles/5624065-entre-ciel-et-mer.htmlaonly_matchingta_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://parliamentlive.tv/Event/GetShareVideo/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://parliamentlive.tv/Event/GetShareVideo/aeventatitlea_typeaurl_transparentadescriptionuaurlaie_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://parliamentlive.tv/Event/Index/c1e9d44d-fd6c-4263-b50f-97ed26cc998b
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://parliamentlive.tv/Event/Index/c1e9d44d-fd6c-4263-b50f-97ed26cc998bainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://parliamentlive.tv/event/index/3f24936f-130f-40bf-9a5d-b3d6479da6a4
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://parliamentlive.tv/event/index/3f24936f-130f-40bf-9a5d-b3d6479da6a4aonly_matchingta_TESTSa_rea
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://phantomjs.org
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://phantomjs.orgD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://phihag.de/2014/youtube-dl/rss2.xml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://phihag.de/2014/youtube-dl/rss2.xmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://phihag.de/2014/youtube-dl/rss2.xmlatitleuZero
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://pic.aebn.net/dis/t/%s/%s_%08d.jpg
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://pic.aebn.net/dis/t/%s/%s_%08d.jpgT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://play.arkena.com/config/avp/v1/player/media/327336/darkmatter/131064/?callbackMethod=jQuery111
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://play.arkena.com/embed/avp/v1/player/media/327336/darkmatter/131064/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://play.arkena.com/embed/avp/v1/player/media/327336/darkmatter/131064/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://play.iprima.cz/closer-nove-pripady/closer-nove-pripady-iv-1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://play.iprima.cz/closer-nove-pripady/closer-nove-pripady-iv-1aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://play.iprima.cz/particka/particka-92
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://play.iprima.cz/particka/particka-92aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://play.iprima.cz/prehravac/init
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://play.iprima.cz/prehravac/initanoteuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://play.lcp.fr/embed/327336/131064/darkmatter/0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://play.lcp.fr/embed/327336/131064/darkmatter/0amd5ab8bd9298542929c06c1c15788b1f277aainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://play.minoto-video.com/%s/%s.js
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://play.minoto-video.com/%s/%s.jsuvideo-metadatauvideo-filesagetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://play.rmcnmv.naver.com/vod/play/v2.0/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://play.rmcnmv.naver.com/vod/play/v2.0/aqueryakeyametaasubjectu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player-api.r7.com/video/i/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player-api.r7.com/video/i/%satitleagetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player-backend.cnevids.com/script/video/59138decb57ac36b83000005.js
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player-backend.cnevids.com/script/video/59138decb57ac36b83000005.jsaonly_matchingta_TESTSuCon
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player-pc.le.com/mms/out/video/playJson
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player-pc.le.com/mms/out/video/playJsonuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.bilibili.com/player.html?aid=92494333&cid=157926707&page=1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.bilibili.com/player.html?aid=92494333&cid=157926707&page=1aonly_matchingtuBiliBiliPlay
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.cinchcast.com/?platformId=1&assetType=single&assetId=7141703
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.cinchcast.com/?platformId=1&assetType=single&assetId=7141703aonly_matchingta
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.cinchcast.com/?show_id=5258197&platformId=1&assetType=single
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.cinchcast.com/?show_id=5258197&platformId=1&assetType=singleainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.cnevids.com/embed-api.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.cnevids.com/embed-api.jsonuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.cnevids.com/embedjs/55f9cf8b61646d1acf00000c/5511d76261646d5566020000.js
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.cnevids.com/embedjs/55f9cf8b61646d1acf00000c/5511d76261646d5566020000.jsamd5af1a6f9caf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.cnevids.com/player/loader.js
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.cnevids.com/player/loader.jsuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.cnevids.com/player/video.js
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.cnevids.com/player/video.jsuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.fc-zenit.ru/msi/video
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.fc-zenit.ru/msi/videoaqueryavideoadataanameaqualitiesagetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.ina.fr/notices/%s.mrss
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.ina.fr/notices/%s.mrssafindT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.m6web.fr/v1/player/clubic/%s.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.m6web.fr/v1/player/clubic/%s.htmla_download_webpagea_parse_jsona_search_regexu(?m)M6
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.matchtv.ntvplus.tv/embed-player/NTVEmbedPlayer.swf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.matchtv.ntvplus.tv/embed-player/NTVEmbedPlayer.swfadataavideoUrlaxpath_texta_download_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.matchtv.ntvplus.tv/player/smil
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.matchtv.ntvplus.tv/player/smilumatchtv-liveaqueryatsuaqualityaSDacontentIdu561d2c0df71
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.ooyala.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.ooyala.com/a_PLAYER_BASEuplayer_api/v1/content_tree/usas/player_api/v2/authorization/e
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.ooyala.com/hls/player/all/%s.m3u8
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.ooyala.com/hls/player/all/%s.m3u8aencodeadecodeatry_getu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.ooyala.com/player.js?embedCode=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.ooyala.com/player.js?embedCode=%saurl_resulta_url_for_embed_codeaieaie_keyaunsmuggle_u
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.ooyala.com/player.js?embedCode=FiOG81ZTrvckcchQxmalf4aQj590qTEx
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.ooyala.com/player.js?embedCode=FiOG81ZTrvckcchQxmalf4aQj590qTExamd5aa84001441b35ea492b
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.ooyala.com/player.js?embedCode=pxczE2YjpfHfn1f3M-ykG_AmJRRn0PD8
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.ooyala.com/player.js?embedCode=pxczE2YjpfHfn1f3M-ykG_AmJRRn0PD8ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.ooyala.com/player.js?embedCode=w2bnZtYjE6axZ_dw1Cd0hQtXd_ige2Is
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.ooyala.com/player.js?embedCode=w2bnZtYjE6axZ_dw1Cd0hQtXd_ige2Isaonly_matchingta_TESTSa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.ooyala.com/player.js?embedCode=x1b3lqZDq9y_7kMyC2Op5qo-p077tXD0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.ooyala.com/player.js?embedCode=x1b3lqZDq9y_7kMyC2Op5qo-p077tXD0ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.pbs.org/%s/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.pbs.org/%s/%suDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.pbs.org/widget/partnerplayer/2365297708/?start=0&end=0&chapterbar=false&endscreen=fals
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.performgroup.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.performgroup.com/eplayer/eplayer.html#d478c41c5d192f56b9aa859de8.1w4crrej5w14e1ed4s1ce
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.piksel.com/v/refid/nhkworld/prefid/nw_vod_v_en_2019_240_20190823233000_02_1566873477
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.piksel.com/v/refid/nhkworld/prefid/nw_vod_v_en_2019_240_20190823233000_02_1566873477ao
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.piksel.com/v/ums2867l
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.piksel.com/v/ums2867lamd5u34e34c8d89dc2559976a6079db531e85ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.piksel.com/ws/ws_program/api/%s/mode/json/apiv/5
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.piksel.com/ws/ws_program/api/%s/mode/json/apiv/5aquerywvaresponseagetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.r7.com/video/i/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.r7.com/video/i/%saie_keya__doc__a__file__a__spec__aoriginahas_locationa__cached__aunic
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.r7.com/video/i/54e7050b0cf2ff57e0279389?play=true&video=http://vsh.r7.com/54e7050b0cf2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.rutv.ru
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.rutv.ru/flash2v/container.swf?id=774471&sid=kultura&fbv=true&isPlay=true&ssl=false&i=5
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.rutv.ru/flash3v/osmf.swf?i=22
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.rutv.ru/iframe/data%s/id/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.rutv.ru/iframe/data%s/id/%suDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.rutv.ru/iframe/live/id/21/showZoomBtn/false/isPlay/true/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.rutv.ru/iframe/live/id/21/showZoomBtn/false/isPlay/true/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.rutv.ru/iframe/live/id/51499/showZoomBtn/false/isPlay/true/sid/sochi2014
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.rutv.ru/iframe/live/id/51499/showZoomBtn/false/isPlay/true/sid/sochi2014ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.rutv.ru/iframe/swf/id/766888/sid/hitech/?acc_video_id=4000
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.rutv.ru/iframe/swf/id/766888/sid/hitech/?acc_video_id=4000ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.rutv.ru/iframe/video/id/771852/start_zoom/true/showZoomBtn/false/sid/russiatv/?acc_vid
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.rutv.ruaplayer_urluhttp://player.rutv.ru/flash3v/osmf.swf?i=22artmp_liveaextaflvavbrap
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.vimeo.com/video/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://player.vimeo.com/video/%saie_keyaVimeow3D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/%s/%s_%s/index.html?videoId=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/%s/%s_%s/index.html?videoId=%sa_is_valid_urlupossible
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/%s/%s_%s/index.html?videoId=%slaurl_resultaGenericl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/%s/%s_%s/index.min.js
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/%s/%s_%s/index.min.jsaaccount_idaplayer_idaembedavideo_iducatalog
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/%s/default_default/index.html?videoId=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/%s/default_default/index.html?videoId=%sa_real_extractuNTVCoJpCUIE._re
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/%s/default_default/index.html?videoId=%sasmuggle_urlareferreraurl_resu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/1305187701/c832abfb-641b-44eb-9da0-2fe76786505f_default/index.html?vid
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/1582188683001/HkiHLnNRx_default/index.html?videoId=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/1582188683001/HkiHLnNRx_default/index.html?videoId=%suITVBTCCIE._real_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/1969646226001/default_default/index.html?videoId=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/3910869709001/21519b5c-4b3b-4363-accb-bdc8f358f823_default/index.html?
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/4036320279001/5d112ed9-283f-485f-a7f9-33f42e8bc042_default/index.html?
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/416418724/default_default/index.html?videoId=ref:%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/416418724/default_default/index.html?videoId=ref:%sa_match_idaBrightco
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/4460760524001/default_default/index.html?videoId=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/5647924234001/SyK2FdqjM_default/index.html?videoId=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/5690807595001/HyZNerRl7_default/index.html?playlistId=5743160747001
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/5690807595001/HyZNerRl7_default/index.html?playlistId=5743160747001aon
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/618566855001/default_default/index.html?videoId=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/618566855001/default_default/index.html?videoId=%sa_real_extractuNoovo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/665003303001/default_default/index.html?videoId=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/694940074001/default_default/index.html?videoId=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/694940074001/default_default/index.html?videoId=%sa_real_extractuGameI
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/710858724001/default_default/index.html?videoId=ref:event-stream-356
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/710858724001/default_default/index.html?videoId=ref:event-stream-356ao
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://players.brightcove.net/929656772001/e41d32dc-ec74-459e-a845-6c69f7b724ea_default/index.html?v
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://playreplay.net/video/77107.7f325710a627383d40540d8e991a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://playreplay.net/video/77107.7f325710a627383d40540d8e991aamd5u74f0a014d5b661f0f0e2361300d1620ea
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://plejada.pl/weronika-rosati-o-swoim-domniemanym-slubie/n2bq89
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://plejada.pl/weronika-rosati-o-swoim-domniemanym-slubie/n2bq89aonly_matchingtuOnetPlIE._search_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://pluzz.francetv.fr
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://pluzz.francetv.fraimageadurationaint_or_noneT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://pmd.cdn.turner.com/cnn/big
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://podcastfeeds.nbcnews.com/audio/podcast/MSNBC-MADDOW-NETCAST-M4V.xml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://podcastfeeds.nbcnews.com/audio/podcast/MSNBC-MADDOW-NETCAST-M4V.xmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://polskieradio.pl/9/305/Artykul/1632955
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://prask.nova.cz/clanek/novinky/co-si-na-sobe-nase-hvezdy-nechaly-pojistit.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://prask.nova.cz/clanek/novinky/co-si-na-sobe-nase-hvezdy-nechaly-pojistit.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://prehravac.rozhlas.cz/audio/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://prehravac.rozhlas.cz/audio/%sa_html_search_regexu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://prehravac.rozhlas.cz/audio/3421320
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://prehravac.rozhlas.cz/audio/3421320/embed
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://prehravac.rozhlas.cz/audio/3421320/embedaonly_matchingta_TESTSa_real_extractuRozhlasIE._real_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://prehravac.rozhlas.cz/audio/3421320amd5u504c902dbc9e9a1fd50326eccf02a7e2ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://prod.www.steelers.clubs.nfl.com/video-and-audio/videos/LIVE_Post_Game_vs_Browns/9d72f26a-9e2b
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://production-ps.lvp.llnw.net/r/PlaylistService/%s/%s/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://production-ps.lvp.llnw.net/r/PlaylistService/%s/%s/%saclassmethoda_extract_urlsuLimelightBase
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://profit.ndtv.com/videos/news/video-indian-economy-on-very-solid-track-international-monetary-f
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://pshared.5min.com/Scripts/PlayerSeed.js?sid=281&width=560&height=345&playList=518013791
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://pshared.5min.com/Scripts/PlayerSeed.js?sid=281&width=560&height=345&playList=518013791amd5u4f
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://pyvideo.org/pycon-us-2013/become-a-logging-expert-in-30-minutes.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://pyvideo.org/pycon-us-2013/become-a-logging-expert-in-30-minutes.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://pyvideo.org/pygotham-2012/gloriajw-spotifywitherikbernhardsson182m4v.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://pyvideo.org/pygotham-2012/gloriajw-spotifywitherikbernhardsson182m4v.htmlamd5u5fe1c7e0a8aa557
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://qi.ckm.onetapi.pl/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://qi.ckm.onetapi.pl/aqueryubody
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://racing4everyone.eu/2016/07/30/formula-1-2016-round12-germany/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://racing4everyone.eu/2016/07/30/formula-1-2016-round12-germany/aonly_matchingtuhttps://support.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://radiocnrv.com/promouvoir-radio-cnrv/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://radiocnrv.com/promouvoir-radio-cnrv/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rd3.videos.sapo.pt/%s/rss2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rd3.videos.sapo.pt/%s/rss2afindT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://redaction.actu.lemonde.fr/societe/video/2016/01/18/calais-debut-des-travaux-de-defrichement-d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://reliablesources.blogs.cnn.com/2014/02/09/criminalizing-journalism/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://reliablesources.blogs.cnn.com/2014/02/09/criminalizing-journalism/amd5u3e56f97b0b6ffb4b79f4ea
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ren.tv/novosti/2015-09-25/sluchaynyy-prohozhiy-poymal-avtougonshchika-v-murmanske-video
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ren.tv/novosti/2015-09-25/sluchaynyy-prohozhiy-poymal-avtougonshchika-v-murmanske-videoainfo_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ren.tv/novosti/2016-10-26/video-mikroavtobus-popavshiy-v-dtp-s-gruzovikami-v-podmoskove-prevr
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ren.tv/player/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ren.tv/player/118577
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ren.tv/player/118577aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ren.tv/player/a_parse_jsona_search_regexuconfig
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ren.tv/video/epizod/118577
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ren.tv/video/epizod/118577amd5ad91851bf9af73c0ad9b2cdf76c127fbbainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://res.infoq.com/downloads/mp3downloads/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://res.infoq.com/downloads/mp3downloads/a_is_valid_urlahttp_audioavcodecanonea_match_ida_downloa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://roosterteeth.com/episode/million-dollars-but-season-2-million-dollars-but-the-game-announceme
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://roosterteeth.com/episode/rt-docs-the-world-s-greatest-head-massage-the-world-s-greatest-head-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://roxwel.com/pl_one_time.php?filename=%s&quality=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://roxwel.com/pl_one_time.php?filename=%s&quality=%sa_download_webpageuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rrr.sz.xlcdn.com/?account=eyedo&file=A%s&type=live&service=wowza&protocol=http&output=playlis
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rspoplay.se/?m=elWuEH34SMKvaO4wO_cHBw
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rspoplay.se/?m=elWuEH34SMKvaO4wO_cHBwaonly_matchingta_TESTSa_real_extractuKonserthusetPlayIE.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rss.jwpcdn.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rte.ie/radio/utils/radioplayer/rteradioweb.html#
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rtlxl.nl/?_ga=1.204735956.572365465.1466978370#
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/api/metainfo/tv/%s/?format=json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/api/metainfo/tv/%s/?format=jsonuhttp://rutube.ru/api/metainfo/tv/%s/video?page=%s&f
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/api/metainfo/tv/%s/video?page=%s&format=json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/api/play/options/%s/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/api/play/options/%s/uDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/api/playlist/%s/%s/?page=%s&format=json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/api/tags/video/%s/?page=%s&format=json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/api/tags/video/%s/?page=%s&format=jsonaRutubeMovieIEurutube:movieuRutube
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/api/video/%s/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/api/video/%s/uDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/api/video/person/%s/?page=%s&format=json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/api/video/person/%s/?page=%s&format=jsonurutube:playlistuRutube
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/embed/a10e53b86e8f349080f718582ce4c661
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/embed/a10e53b86e8f349080f718582ce4c661aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/play/embed/8083783
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/play/embed/8083783aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/play/embed/a10e53b86e8f349080f718582ce4c661
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/play/embed/a10e53b86e8f349080f718582ce4c661aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/tags/video/1800/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/tags/video/1800/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/video/3eac3b4561676c17df9132a9a1e62e3e/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/video/3eac3b4561676c17df9132a9a1e62e3e/?pl_id=4252
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/video/3eac3b4561676c17df9132a9a1e62e3e/?pl_id=4252aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/video/3eac3b4561676c17df9132a9a1e62e3e/amd5u1d24f180fac7a02f3900712e5a5764d6ainfo_d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/video/embed/6722881?vk_puid37=&vk_puid38=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/video/embed/6722881?vk_puid37=&vk_puid38=ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/video/person/313878/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://rutube.ru/video/person/313878/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ruv.is/sarpurinn/klippa/secret-soltice-hefst-a-morgun
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ruv.is/sarpurinn/klippa/secret-soltice-hefst-a-morgunaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ruv.is/sarpurinn/ras-1/morgunvaktin/20170619
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ruv.is/sarpurinn/ras-1/morgunvaktin/20170619aonly_matchingta_TESTSa_real_extractuRuvIE._real_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ruv.is/sarpurinn/ras-2/morgunutvarpid/20170619
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ruv.is/sarpurinn/ras-2/morgunutvarpid/20170619amd5u395ea250c8a13e5fdb39d4670ef85378ainfo_dict
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ruv.is/sarpurinn/ruv-aukaras/fh-valur/20170516
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ruv.is/sarpurinn/ruv-aukaras/fh-valur/20170516amd5u66347652f4e13e71936817102acc1724ainfo_dict
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ruv.is/sarpurinn/ruv/frettir/20170614
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://ruv.is/sarpurinn/ruv/frettir/20170614aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://s.plcloud.music.qq.com/fcgi-bin/fcg_get_singer_desc.fcg
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://s.plcloud.music.qq.com/fcgi-bin/fcg_get_singer_desc.fcguDonwload
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://s.plcloud.music.qq.com/fcgi-bin/fcg_yqq_song_detail_info.fcg?songmid=%s&play=0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://s.plcloud.music.qq.com/fcgi-bin/fcg_yqq_song_detail_info.fcg?songmid=%s&play=0D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://s3-2u.digitallyspeaking.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://sch1298sz.mskobr.ru/dou_edu/karamel_ki/filial_galleries/video/iframe_src_http_tvc_ru_video_if
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/EyeDo.Core.Implementation.Web.ViewModels.Api
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/Itv.BB.Mercury.Common.Types
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/ensembleVideo.Data.Service.Contracts.Models.Player.Config
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/ensembleVideo.Data.Service.Contracts.Models.Player.Configa_r
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://schemas.itv.com/2009/05/Common
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/atemuhttp://tempuri.org/aitvuhttp://schemas.datacontract.or
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://scienceteachingtips.podomatic.com/entry/2009-01-02T16_03_35-08_00
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://scienceteachingtips.podomatic.com/entry/2009-01-02T16_03_35-08_00amd5u84bb855fcf3429e6bf72460
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://screencast-o-matic.com/watch/c2lD3BeOPl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://screencast-o-matic.com/watch/c2lD3BeOPlamd5u483583cb80d92588f15ccbedd90f0c18ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://screencast.com/t/aAB3iowa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://screencast.com/t/aAB3iowaaonly_matchingta_TESTSa_real_extractuScreencastIE._real_extracta__or
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://screwattack.roosterteeth.com/episode/death-battle-season-3-mewtwo-vs-shadow
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://screwattack.roosterteeth.com/episode/death-battle-season-3-mewtwo-vs-shadowaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://se.porn.com/videos/marsha-may-rides-seth-on-top-of-his-thick-cock-2658067
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://se.porn.com/videos/marsha-may-rides-seth-on-top-of-his-thick-cock-2658067aonly_matchingta_TES
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://search.yahoo.com/mrss
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://search.yahoo.com/mrss/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://search.yahoo.com/mrss/aclearleapuhttp://www.clearleap.com/namespace/clearleap/1.0/L
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://search.yahoo.com/mrss/axpath_attramedia_ns_xpatha__doc__a__file__a__spec__aoriginahas_locatio
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://search.yahoo.com/mrssaxpath_attraxpath_with_nsumedia:thumbnailumedia:contentD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://searchapp2.nba.com/nba-search/query.jsp?
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://searchapp2.nba.com/nba-search/query.jsp?acompat_urllib_parse_urlencodeatypeateamvideoastartap
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://security.video.globo.com/videos/%s/hash
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://security.video.globo.com/videos/%s/hashuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://service.canal-plus.com/video/rest/getVideosLiees/%s/%s?format=json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://service.canal-plus.com/video/rest/getVideosLiees/%s/%s?format=jsonD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://services.media.howstuffworks.com/videos/%s/smil-service.smil
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://services.media.howstuffworks.com/videos/%s/smil-service.smiluDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://services.media.howstuffworks.com/videos/450221/smil-service.smil
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://services.media.howstuffworks.com/videos/450221/smil-service.smilainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://sevt.dispeak.com/ubm/gdc/eur10/xml/11256_1282118587281VNIT.xml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://sevt.dispeak.com/ubm/gdc/eur10/xml/11256_1282118587281VNIT.xmlaonly_matchingta_TESTSuDigitall
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://share-videos.se/auto/video/83645793?uid=13
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://share-videos.se/auto/video/83645793?uid=13amd5ab68d276de422ab07ee1d49388103f457ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://share.glide.me/UZF8zlmuQbe4mr
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://shows.howstuffworks.com/more-shows/why-does-balloon-stick-to-hair-video.htm
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://shows.howstuffworks.com/more-shows/why-does-balloon-stick-to-hair-video.htmaonly_matchingta_T
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://slowtv.playtvak.cz/planespotting-0pr-/planespotting.aspx?c=A150624_164934_planespotting_cat
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://slowtv.playtvak.cz/planespotting-0pr-/planespotting.aspx?c=A150624_164934_planespotting_catai
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://sp.nicovideo.jp/watch/sm28964488?ss_pos=1&cp_in=wt_tg
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://sp.nicovideo.jp/watch/sm28964488?ss_pos=1&cp_in=wt_tgaonly_matchingta_TESTSuhttps?://(?:www
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://spiderman.marvelkids.com/embed/522900d2ced3c565e4cc0677
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://spiderman.marvelkids.com/embed/522900d2ced3c565e4cc0677aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://spiderman.marvelkids.com/videos/contest-of-champions-part-four-clip-1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://spiderman.marvelkids.com/videos/contest-of-champions-part-four-clip-1aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://sport.tn.nova.cz/clanek/sport/hokej/nhl/zivot-jde-dal-hodnotil-po-vyrazeni-z-playoff-jiri-sek
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://sports.cntv.cn/2016/02/12/ARTIaBRxv4rTT1yWf1frW2wi160212.shtml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://sports.cntv.cn/2016/02/12/ARTIaBRxv4rTT1yWf1frW2wi160212.shtmlamd5ad61ec00a493e09da810bf406a0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://sports.le.com/match/1023203003.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://sports.le.com/match/1023203003.htmlaonly_matchingta_TESTSuLeIE.roruLeIE.calc_time_keyastaticm
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://sports.le.com/video/25737697.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://sports.le.com/video/25737697.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://standards.iso.org/ittf/PubliclyAvailableStandards/c065274_ISO_IEC_23009-1_2014.zip
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://static.filmon.com/assets/channels/%s/%s.png
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://static.filmon.com/assets/channels/%s/%s.pngadisplay_idT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://static.pladform.ru/player.swf?pl=21469&videoid=100183293&vkcid=0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://static.pladform.ru/player.swf?pl=21469&videoid=100183293&vkcid=0aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://static.streamone.nl/player/ns/0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://static.videos.gouv.fr/brightcovehub/export/json/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://static.videos.gouv.fr/brightcovehub/export/json/%sa_download_jsonuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://stream.nbcolympics.com/2018-winter-olympics-nbcsn-evening-feb-8
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://stream.nbcolympics.com/2018-winter-olympics-nbcsn-evening-feb-8ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://stream.nbcolympics.com/data/%s_%s.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://stream.nbcolympics.com/data/%s_%s.jsonuNBCOlympicsStreamIE._real_extractuyoutube_dl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://stream.nbcsports.com/data/live_sources_%s.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://stream.nbcsports.com/data/live_sources_%s.jsonavideoSourceslT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://stream.nbcsports.com/nbcsn/generic?pid=206559
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://stream.nbcsports.com/nbcsn/generic?pid=206559ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://study.com/academy/lesson/north-american-exploration-failed-colonies-of-spain-france-england.h
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://superstar.markiza.sk/aktualne/1923870_to-je-ale-telo-spevacka-ukazala-sexy-postavicku-v-bikin
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://techbus.safaribooksonline.com/9780134426365
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://techbus.safaribooksonline.com/9780134426365aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://techchannel.att.com/play-video.cfm/2014/1/27/ATT-Archives-The-UNIX-System-Making-Computers-Ea
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://techcrunch.com/video/facebook-creates-on-this-day-crunch-report/518726732/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://techcrunch.com/video/facebook-creates-on-this-day-crunch-report/518726732/amd5u4c6f127a30736b
Source: namang.exe, 00000012.00000003.573957670.00000000078F3000.00000004.00000001.sdmp	String found in binary or memory: http://techknack.net/python-urllib2-handlers/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://techtv.mit.edu/videos/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://techtv.mit.edu/videos/%sareacompileu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://techtv.mit.edu/videos/25418-mit-dna-learning-center-set
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://techtv.mit.edu/videos/25418-mit-dna-learning-center-setamd5u00a3a27ee20d44bcaa0933ccec4a2cf7a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tegenlicht.vpro.nl/afleveringen/2012-2013/de-toekomst-komt-uit-afrika.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tegenlicht.vpro.nl/afleveringen/2012-2013/de-toekomst-komt-uit-afrika.htmlamd5af8065e4e5a7824
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tempuri.org/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tempuri.org/PlaylistService/GetPlaylist
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tempuri.org/PlaylistService/GetPlaylista_search_json_ldD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tg.la7.it/repliche-tgla7?id=189080
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tg.la7.it/repliche-tgla7?id=189080amd5u6b0d8888d286e39870208dfeceaf456bainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://thechive.com/2017/12/08/all-i-want-for-christmas-is-more-twerk/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://thechive.com/2017/12/08/all-i-want-for-christmas-is-more-twerk/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://thedailyshow.cc.com/podcast/episodetwelve
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://thedailyshow.cc.com/podcast/episodetwelveainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://theknow.roosterteeth.com/episode/the-know-game-news-season-1-boring-steam-sales-are-better
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://theknow.roosterteeth.com/episode/the-know-game-news-season-1-boring-steam-sales-are-betteraon
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://theothermccain.com/2010/02/02/video-proves-that-bill-kristol-has-been-watching-glenn-beck/com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://thoughtworks.wistia.com/medias/uxjb0lwrcz
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://thoughtworks.wistia.com/medias/uxjb0lwrczamd5abaf49c2baa8a7de5f3fc145a8506dcd4ainfo_dictD
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp	String found in binary or memory: http://tip.tcl.tk/48)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tn.nova.cz/clanek/tajemstvi-ukryte-v-podzemi-specialni-nemocnice-v-prazske-krci.html#player_1
Source: namang.exe, 00000012.00000003.573957670.00000000078F3000.00000004.00000001.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc4880
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tosh.cc.com/feeds/mrss
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tosh.cc.com/feeds/mrssL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tosh.cc.com/video-clips/68g93d/twitter-users-share-summer-plans
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tosh.cc.com/video-clips/68g93d/twitter-users-share-summer-plansainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tosh.cc.com/video-collections/x2iz7k/just-plain-foul/m5q4fp
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tosh.cc.com/video-collections/x2iz7k/just-plain-foul/m5q4fpaonly_matchingtaComedyCentralTVIEu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tpfeed.cbc.ca/f/ExhSPC/vms_5akSXx4Ng_Zn?byCustomValue=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://trailers.apple.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://trailers.apple.com/#section=exclusive
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://trailers.apple.com/#section=exclusiveainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://trailers.apple.com/#section=justadded
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://trailers.apple.com/#section=justaddedainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://trailers.apple.com/#section=justhd
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://trailers.apple.com/#section=justhdainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://trailers.apple.com/#section=mostpopular
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://trailers.apple.com/#section=mostpopularainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://trailers.apple.com/#section=moviestudios
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://trailers.apple.com/#section=moviestudiosainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://trailers.apple.com/ca/metropole/autrui/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://trailers.apple.com/ca/metropole/autrui/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://trailers.apple.com/trailers/feeds/data/%s.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://trailers.apple.com/trailers/feeds/data/%s.jsonD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://trailers.apple.com/trailers/fox/kungfupanda3/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://trailers.apple.com/trailers/fox/kungfupanda3/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://trailers.apple.com/trailers/home/feeds/%s.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://trailers.apple.com/trailers/home/feeds/%s.jsona_SECTIONSafeed_pathaurl_resultuhttp://trailers
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://trailers.apple.com/trailers/magnolia/blackthorn/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://trailers.apple.com/trailers/magnolia/blackthorn/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://trailers.apple.com/trailers/wb/manofsteel/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://trailers.apple.com/trailers/wb/manofsteel/ainfo_dictD
Source: namang.exe, 00000012.00000003.568204975.0000000009932000.00000004.00000001.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: namang.exe, 00000012.00000003.568204975.0000000009932000.00000004.00000001.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: namang.exe, 00000012.00000003.568204975.0000000009932000.00000004.00000001.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tt888.omroep.nl/tt888/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tt888.omroep.nl/tt888/%sa_live_titleT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv-download.dw.de/dwtv_video/flv/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv-download.dw.de/dwtv_video/flv/amedia_ida_search_regexuhref=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.biobiochile.cl/notas/2015/10/21/exclusivo-hector-pinto-formador-de-chupete-revela-version-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.biobiochile.cl/notas/2015/10/21/sobre-camaras-y-camarillas-parlamentarias.shtml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.biobiochile.cl/notas/2015/10/21/sobre-camaras-y-camarillas-parlamentarias.shtmlamd5u26f51f
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.biobiochile.cl/notas/2015/10/22/ninos-transexuales-de-quien-es-la-decision.shtml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.biobiochile.cl/notas/2015/10/22/ninos-transexuales-de-quien-es-la-decision.shtmlaonly_matc
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.biobiochile.cl/notas/2016/03/18/natalia-valdebenito-repasa-a-diputado-hasbun-paso-a-la-cat
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.cctv.com/2016/02/05/VIDEUS7apq3lKrHG9Dncm03B160205.shtml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.cctv.com/2016/02/05/VIDEUS7apq3lKrHG9Dncm03B160205.shtmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.cctv.com/2016/09/07/VIDE5C1FnlX5bUywlrjhxXOV160907.shtml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.cctv.com/2016/09/07/VIDE5C1FnlX5bUywlrjhxXOV160907.shtmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.cntv.cn/video/C39296/95cfac44cabd3ddc4a9438780a4e5c44
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.cntv.cn/video/C39296/95cfac44cabd3ddc4a9438780a4e5c44aonly_matchingta_TESTSa_real_extractu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.cntv.cn/video/C39296/e0210d949f113ddfb38d31f00a4e5c44
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.cntv.cn/video/C39296/e0210d949f113ddfb38d31f00a4e5c44aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.dfb.de/images/%s_640x360.jpg
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.dfb.de/images/%s_640x360.jpgaupload_dateaunified_strdateT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.dfb.de/server/hd_video.php?play=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.dfb.de/server/hd_video.php?play=%safindT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.dfb.de/video/u-19-em-stimmen-zum-spiel-gegen-russland/11633/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.dfb.de/video/u-19-em-stimmen-zum-spiel-gegen-russland/11633/amd5aac0f98a52a330f700b4b3034a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.kakao.com/api/v1/ft/cliplinks/%s/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.kakao.com/api/v1/ft/cliplinks/%s/L
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.kakao.com/channel/2653210/cliplink/300103180
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.kakao.com/channel/2653210/cliplink/300103180amd5aa8917742069a4dd442516b86e7d66529ainfo_dic
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.kakao.com/channel/2671005/cliplink/301965083
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.kakao.com/channel/2671005/cliplink/301965083amd5u702b2fbdeb51ad82f5c904e8c0766340ainfo_dic
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.kakao.com/embed/player/cliplink/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.kakao.com/embed/player/cliplink/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.kakao.com/embed/player/cliplink/%sD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.kakao.com/embed/player/cliplink/a__orig_bases__aDaumIEuhttps?://(?:(?:m
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.le.com/izt/wuzetian/index.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.le.com/izt/wuzetian/index.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.le.com/pzt/lswjzzjc/index.shtml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.le.com/pzt/lswjzzjc/index.shtmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.naver.com/v/395837
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.naver.com/v/395837amd5u8a38e35354d26a17f73f4e90094febd3ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.naver.com/v/81652
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.naver.com/v/81652ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.nova.cz/clanek/novinky/zivot-je-zivot-bondovsky-trailer.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.nova.cz/clanek/novinky/zivot-je-zivot-bondovsky-trailer.htmlaonly_matchingta_TESTSuNovaIE.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tv.r7.com/record-play/balanco-geral/videos/policiais-humilham-suspeito-a-beira-da-morte-morre
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvcast.naver.com/v/81652
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvcast.naver.com/v/81652aonly_matchingta_TESTSa_real_extractuNaverIE._real_extractuyoutube_dl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvnoviny.nova.cz/static/shared/app/videojs/video-js.swf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvnoviny.nova.cz/static/shared/app/videojs/video-js.swfaextaflvametaT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvpot.daum.net/clip/ClipView.do?clipid=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvpot.daum.net/clip/ClipView.do?clipid=%suhttp://tvpot.daum.net/clip/ClipView.do?clipid=52554
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvpot.daum.net/clip/ClipView.do?clipid=52554690
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvpot.daum.net/mypot/Top.do?ownerid=o2scDLIVbHc0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvpot.daum.net/mypot/Top.do?ownerid=o2scDLIVbHc0aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvpot.daum.net/mypot/View.do?ownerid=o2scDLIVbHc0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvpot.daum.net/mypot/View.do?ownerid=o2scDLIVbHc0&clipid=73801156
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvpot.daum.net/mypot/View.do?ownerid=o2scDLIVbHc0&clipid=73801156ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvpot.daum.net/mypot/View.do?ownerid=o2scDLIVbHc0&playlistid=6196631
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvpot.daum.net/mypot/View.do?ownerid=o2scDLIVbHc0&playlistid=6196631ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvpot.daum.net/mypot/View.do?ownerid=o2scDLIVbHc0ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvpot.daum.net/mypot/View.do?playlistid=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvpot.daum.net/mypot/View.do?playlistid=%sL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvpot.daum.net/mypot/View.do?playlistid=6213966&clipid=73806844
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvpot.daum.net/mypot/View.do?playlistid=6213966&clipid=73806844ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvpot.daum.net/mypot/json/GetClipInfo.do?size=48&init=true&order=date&page=%d&%s=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvpot.daum.net/mypot/json/GetClipInfo.do?size=48&init=true&order=date&page=%d&%s=%suDownloadi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvpot.daum.net/v/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvpot.daum.net/v/%savidanameagetaplaylist_beanT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvpot.daum.net/v/07dXWRka62Y%24
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvpot.daum.net/v/07dXWRka62Y%24aonly_matchingtuhttp://videofarm.daum.net/controller/player/Vo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvpot.daum.net/v/s3794Uf1NZeZ1qMpGpeqeRU
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvpot.daum.net/v/s3794Uf1NZeZ1qMpGpeqeRUamd5aa8917742069a4dd442516b86e7d66529ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvpot.daum.net/v/vab4dyeDBysyBssyukBUjBz
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvpot.daum.net/v/vab4dyeDBysyBssyukBUjBzainfo_dictaidavab4dyeDBysyBssyukBUjBzaextamp4atitleu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvthek.orf.at/profile/Universum/35429
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvthek.orf.at/profile/Universum/35429aonly_matchingta_TESTSa_real_extractuORFTVthekIE._real_e
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvthek.orf.at/program/Aufgetischt/2745173/Aufgetischt-Mit-der-Steirischen-Tafelrunde/8891389
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvthek.orf.at/program/Aufgetischt/2745173/Aufgetischt-Mit-der-Steirischen-Tafelrunde/8891389a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvthek.orf.at/topic/Fluechtlingskrise/10463081/Heimat-Fremde-Heimat/13879132/Senioren-betreue
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvthek.orf.at/topic/Im-Wandel-der-Zeit/8002126/Best-of-Ingrid-Thurnher/7982256
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://tvthek.orf.at/topic/Im-Wandel-der-Zeit/8002126/Best-of-Ingrid-Thurnher/7982256ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://udat.mtvnservices.com/service1/dispatch.htm
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://udat.mtvnservices.com/service1/dispatch.htma_FEED_URLL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://uipsyc.mediasite.com/mediasite/Catalog/Full/d5d79287c75243c58c50fef50174ec1b21
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://uipsyc.mediasite.com/mediasite/Catalog/Full/d5d79287c75243c58c50fef50174ec1b21aonly_matchingt
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://uk.businessinsider.com/how-much-radiation-youre-exposed-to-in-everyday-life-2016-6
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://uk.businessinsider.com/how-much-radiation-youre-exposed-to-in-everyday-life-2016-6amd5affed3e
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://umpire-empire.com/index.php/topic/58125-laz-decides-no-thats-low/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://umpire-empire.com/index.php/topic/58125-laz-decides-no-thats-low/amd5u96f09a37e44da40dd083e12
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://undergroundwellness.com/podcasts/306-5-steps-to-permanent-gut-healing/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://undergroundwellness.com/podcasts/306-5-steps-to-permanent-gut-healing/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://union.bokecc.com/playvideo.bo?vid=E0ABAE9D4F509B189C33DC5901307461&uid=FE644790DE9D154A
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://union.bokecc.com/playvideo.bo?vid=E0ABAE9D4F509B189C33DC5901307461&uid=FE644790DE9D154Aainfo_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://uvp-kleinezeitung.sf.apa.at/embed/f1c44979-dba2-4ebf-b021-e4cf2cac3c81
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://uvp-kleinezeitung.sf.apa.at/embed/f1c44979-dba2-4ebf-b021-e4cf2cac3c81aonly_matchingta_TESTSa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://uvp-rma.sf.apa.at/embed/70404cca-2f47-4855-bbb8-20b1fae58f76
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://uvp-rma.sf.apa.at/embed/70404cca-2f47-4855-bbb8-20b1fae58f76aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://uvp.apa.at/embed/293f6d17-692a-44e3-9fd5-7b178f3a1029
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://uvp.apa.at/embed/293f6d17-692a-44e3-9fd5-7b178f3a1029amd5u2b12292faeb0a7d930c778c7a5b4759bain
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://v.baidu.com/comic/1069.htm?frp=bdbrand&q=%E4%B8%AD%E5%8D%8E%E5%B0%8F%E5%BD%93%E5%AE%B6
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://v.baidu.com/comic/1069.htm?frp=bdbrand&q=%E4%B8%AD%E5%8D%8E%E5%B0%8F%E5%BD%93%E5%AE%B6ainfo_d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://v.baidu.com/show/11595.htm?frp=bdbrand
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://v.baidu.com/show/11595.htm?frp=bdbrandainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://v.ku6.com/fetchVideo4Player/%s.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://v.ku6.com/fetchVideo4Player/%s.htmla_download_jsonadatawfaidaurla__doc__a__file__a__spec__aor
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://v.ku6.com/show/JG-8yS14xzBr4bCn1pu0xw...html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://v.ku6.com/show/JG-8yS14xzBr4bCn1pu0xw...htmlamd5u01203549b9efbb45f4b87d55bdea1ed1ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://v.telvi.de/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://v2.videos.sapo.pt/yLqjzPtbTimsn2wWBKHz
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://v2.videos.sapo.pt/yLqjzPtbTimsn2wWBKHzamd5ae5aa7cc0bdc6db9b33df1a48e49a15acanoteuv2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://v2api.play.fm/recordings/slug/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://v2api.play.fm/recordings/slug/%sagetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vancouverisland.ctvnews.ca/video?clipId=761241
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vancouverisland.ctvnews.ca/video?clipId=761241aonly_matchingta_TESTSa_real_extractuCTVNewsIE.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vas.sim-technik.de/vas/live/v2/videos
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vas.sim-technik.de/vas/live/v2/videos/%s/sources
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vas.sim-technik.de/vas/live/v2/videos/%s/sources/url
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vas.sim-technik.de/vas/live/v2/videos/%s/sources/urlasource_idsT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vas.sim-technik.de/vas/live/v2/videos/%s/sourcesuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vas.sim-technik.de/vas/live/v2/videosuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vdn.apps.cntv.cn/api/getHttpVideoInfo.do
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vdn.apps.cntv.cn/api/getHttpVideoInfo.doaqueryapidaurlaidll
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vid.bleacherreport.com/videos/%s.akamai
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vid.bleacherreport.com/videos/%s.akamaia__doc__a__file__a__spec__aoriginahas_locationa__cache
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video%s-thumbnail.fc2.com/up/pic/%s.jpg
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video%s-thumbnail.fc2.com/up/pic/%s.jpgw/ajoin:nl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.aktualne.cz/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.aktualne.cz/aIE_DESCuhttps?://video
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.aktualne.cz/dvtv/dvtv-16-12-2014-utok-talibanu-boj-o-kliniku-uprchlici/r~973eb3bc854e11
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.aktualne.cz/dvtv/vondra-o-ceskem-stoleti-pri-pohledu-na-havla-mi-bylo-trapne/r~e5efe9ca
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.aktualne.cz/v-cechach-poprve-zazni-zelenkova-zrestaurovana-mse/r~45b4b00483ec11e4883b00
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.arkena.com/play2/embed/player?accountId=472718&mediaId=35763b3b-00090078-bf604299&pageS
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.cnbc.com/gallery/?video=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.cnbc.com/gallery/?video=%saCNBCIEa__doc__a__file__a__spec__aoriginahas_locationa__cache
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.cnbc.com/gallery/?video=3000503714
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.cnbc.com/gallery/?video=3000503714ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.disney.com/watch/moana-trailer-545ed1857afee5a0ec239977
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.disney.com/watch/moana-trailer-545ed1857afee5a0ec239977ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.disneyturkiye.com.tr/izle/7c-7-cuceler/kimin-sesi-zaten-5456f3d015f6b36c8afdd0e2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.disneyturkiye.com.tr/izle/7c-7-cuceler/kimin-sesi-zaten-5456f3d015f6b36c8afdd0e2aonly_m
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.en.disneyme.com/watch/future-worm/robo-carp-2001-544b66002aa7353cdd3f5114
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.en.disneyme.com/watch/future-worm/robo-carp-2001-544b66002aa7353cdd3f5114aonly_matching
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.fc2.com/en/a/content/20130926eZpARwsF
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.fc2.com/en/a/content/20130926eZpARwsFaonly_matchingta_TESTSuFC2IE._logina_real_extractu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.fc2.com/en/content/20121103kUan1KHs
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.fc2.com/en/content/20121103kUan1KHsamd5aa6ebe8ebe0396518689d963774a54eb7ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.fc2.com/en/content/20150125cEva0hDn/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.fc2.com/en/content/20150125cEva0hDn/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.fc2.com/flv2.swf?t=201404182936758512407645&i=20130316kwishtfitaknmcgd76kjd864hso93htfj
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.fc2.com/ginfo.php?mimi=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.foxbusiness.com/v/4442309889001
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.foxbusiness.com/v/4442309889001aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.foxnews.com/v/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.foxnews.com/v/3922535568001/rep-luis-gutierrez-on-if-obamas-immigration-plan-is-legal/#
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.foxnews.com/v/3937480/frozen-in-time/#sp=show-clips
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.foxnews.com/v/3937480/frozen-in-time/#sp=show-clipsamd5u32aaded6ba3ef0d1c04e238d01031e5
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.foxnews.com/v/aFoxNewsIEaie_keya_extract_urlsla__doc__a__file__a__spec__aoriginahas_loc
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.foxnews.com/v/video-embed.html?video_id=3937480&d=video.foxnews.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.foxnews.com/v/video-embed.html?video_id=3937480&d=video.foxnews.comaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.golem.de
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.golem.de/handy/14095/iphone-6-und-6-plus-test.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.golem.de/handy/14095/iphone-6-und-6-plus-test.htmlamd5ac1a2c0a3c863319651c7c992c5ee29bf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.golem.dea_real_extractuGolemIE._real_extracta__orig_bases__uyoutube_dl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.gq.com/watch/the-closer-with-keith-olbermann-the-only-true-surprise-trump-s-an-idiot?c=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.helsinki.fi/Arkisto/flash.php?id=20258
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.helsinki.fi/Arkisto/flash.php?id=20258ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.insider.foxnews.com/v/video-embed.html?video_id=5099377331001&autoplay=true&share_url=h
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.internetvideoarchive.net/player/6/configuration.ashx?
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.internetvideoarchive.net/player/6/configuration.ashx?acompat_parse_qsacompat_urlparseau
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.internetvideoarchive.net/player/6/configuration.ashx?customerid=69249&publishedid=19448
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.internetvideoarchive.net/player/6/configuration.ashx?domain=www.videodetective.com&cust
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.meta.ua/5502115.video
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.meta.ua/5502115.videoamd5u71b6f3ee274bef16f1ab410f7f56b476ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.meta.ua/7121015.video
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.meta.ua/7121015.videoaonly_matchingta_TESTSa_real_extractuMETAIE._real_extracta__orig_b
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.meta.ua/iframe/5502115
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.meta.ua/iframe/5502115aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.mgoon.com/5582148
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.mgoon.com/5582148aonly_matchingta_TESTSa_real_extractuMgoonIE._real_extracta__orig_base
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.n-tv.de
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.n-tv.deavideoMp4atbrl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.nationalgeographic.com/video/news/150210-news-crab-mating-vin?source=featuredvideo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.nationalgeographic.com/video/news/150210-news-crab-mating-vin?source=featuredvideoamd5u
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.nationalgeographic.com/wild/when-sharks-attack/the-real-jaws
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.nationalgeographic.com/wild/when-sharks-attack/the-real-jawsamd5u6a3105eb448c070503b310
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.pbs.org/video/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.pbs.org/video/%saPBSaplaylist_resultaextract_redirect_urlsuPBSIE._real_extract.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.pladform.ru/catalog/video/videoid/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.pladform.ru/catalog/video/videoid/%sa_og_search_titleD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.pladform.ru/catalog/video/videoid/100183293/vkcid/0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.pladform.ru/catalog/video/videoid/100183293/vkcid/0aonly_matchingta_TESTSastaticmethoda
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.wired.com/watch/3d-printed-speakers-lit-with-led
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video.wired.com/watch/3d-printed-speakers-lit-with-ledamd5u1921f713ed48aabd715691f774c451f7ai
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video1.carambatv.ru/v/%s/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video1.carambatv.ru/v/%s/aqualitiesT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video1.carambatv.ru/v/%s/videoinfo.js
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video1.carambatv.ru/v/%s/videoinfo.jsatitleagetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video1.carambatv.ru/v/191910501
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://video1.carambatv.ru/v/191910501amd5u2f4a81b7cfd5ab866ee2d7270cb34a2aainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videoarchiv.markiza.sk/embed/85295
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videoarchiv.markiza.sk/embed/85295aonly_matchingta_TESTSa_real_extractuMarkizaIE._real_extrac
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videoarchiv.markiza.sk/json/video_jwplayer7.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videoarchiv.markiza.sk/json/video_jwplayer7.jsonaqueryaida_parse_jwplayer_dataD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videoarchiv.markiza.sk/video/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videoarchiv.markiza.sk/video/%saplaylist_resulta__doc__a__file__a__spec__aoriginahas_location
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videoarchiv.markiza.sk/video/84723
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videoarchiv.markiza.sk/video/84723aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videoarchiv.markiza.sk/video/filmy/85190_kamenak
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videoarchiv.markiza.sk/video/filmy/85190_kamenakaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videoarchiv.markiza.sk/video/oteckovia/84723
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videoarchiv.markiza.sk/video/oteckovia/84723_oteckovia-109
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videoarchiv.markiza.sk/video/oteckovia/84723_oteckovia-109amd5aada4e9fad038abeed971843aa028c7
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videoarchiv.markiza.sk/video/oteckovia/84723aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videoarchiv.markiza.sk/video/reflex/zo-zakulisia/84651_pribeh-alzbetky
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videoarchiv.markiza.sk/video/reflex/zo-zakulisia/84651_pribeh-alzbetkyaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videoarchiv.markiza.sk/video/televizne-noviny/televizne-noviny/85430_televizne-noviny
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videoarchiv.markiza.sk/video/televizne-noviny/televizne-noviny/85430_televizne-novinyainfo_di
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videocdn-pmd.ora.tv/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videocdn-pmd.ora.tv/L
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videofarm.daum.net/controller/player/VodPlayer.swf?vid=vwIpVpCQsT8%24&ref=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videolectures.net/promogram_igor_mekjavic_eng/video/1/smil.xml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videolectures.net/promogram_igor_mekjavic_eng/video/1/smil.xmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videos.disneylatino.com/ver/spider-man-de-regreso-a-casa-primer-adelanto-543a33a1850bdcfcca13
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videos.francetv.fr/video/NI_657393
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videos.r7.com/policiais-humilham-suspeito-a-beira-da-morte-morre-com-dignidade-/idmedia/54e70
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videos.sapo.pt/IyusNAZ791ZdoCY5H5IF
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videos.sapo.pt/IyusNAZ791ZdoCY5H5IFamd5u90a2f283cfb49193fe06e861613a72aaanoteuHD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videos.sapo.pt/UBz95kOtiWYUMTA5Ghfi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videos.sapo.pt/UBz95kOtiWYUMTA5Ghfiamd5u79ee523f6ecb9233ac25075dee0eda83anoteuSD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://videos.sapo.pt/mrss/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vimeo.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vimeo.com/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vimeo.com/%saVimeoayoutubeaYoutubeacinematiquea_match_idasanitized_Requestuhttp://api.nowness
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vimeo.com/D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vine.co/v/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vine.co/v/%saie_keyaVinea_real_extractuNineGagIE._real_extracta__orig_bases__uyoutube_dl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vk.com/foxkidsreset
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vk.com/subziro89
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vk.com/subziro89auploaderusubziro89
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vod.afreecatv.com/PLAYER/STATION/10481652
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vod.afreecatv.com/PLAYER/STATION/10481652ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vod.afreecatv.com/PLAYER/STATION/15055030
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vod.afreecatv.com/PLAYER/STATION/15055030aonly_matchingta_TESTSastaticmethodaparse_video_keyu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vod.afreecatv.com/PLAYER/STATION/18650793
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vod.afreecatv.com/PLAYER/STATION/18650793ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vod.afreecatv.com/PLAYER/STATION/20515605
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vod.afreecatv.com/PLAYER/STATION/20515605ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vod.afreecatv.com/PLAYER/STATION/32028439
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vod.afreecatv.com/PLAYER/STATION/32028439ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vod.medialaan.io/api/1.0/item/%s/video
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vod.medialaan.io/api/1.0/item/%s/videoaqueryaapp_idauser_networka_extract_m3u8_formatsarespon
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vod.medialaan.io/vod/v2/videos
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vod.medialaan.io/vod/v2/videosachannelsaidsalimitl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vod.melon.com/delivery/streamingInfo.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vod.melon.com/delivery/streamingInfo.jsonuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vod.melon.com/video/detail2.htm?mvId=50158734
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vod.melon.com/video/detail2.htm?mvId=50158734ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vod.melon.com/video/playerInfo.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vod.melon.com/video/playerInfo.jsonanoteuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vodplayer.parliamentlive.tv/?mid=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vodplayer.parliamentlive.tv/?mid=a_parse_jsona_search_regexu(?s)kWidgetConfig
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vplayer.nbcsports.com/p/BxmELC/nbcsports_embed/select/media/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vtm.be/video/volledige-afleveringen/id/257107153551000
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vtm.be/video/volledige-afleveringen/id/257107153551000aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vtm.be/video/volledige-afleveringen/id/vtm_20170219_VM0678361_vtmwatch
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vtm.be/video/volledige-afleveringen/id/vtm_20170219_VM0678361_vtmwatchainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vtm.be/video?aid=163157
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vtm.be/video?aid=163157aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vtm.be/video?aid=168332
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vtm.be/video?aid=168332ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vtmkzoom.be/k3-dansstudio/een-nieuw-seizoen-van-k3-dansstudio
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vtmkzoom.be/k3-dansstudio/een-nieuw-seizoen-van-k3-dansstudioaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vxml.56.com/json/%s/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://vxml.56.com/json/%s/uDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://watch.cbc.ca/arthur/all/1ed4b385-cd84-49cf-95f0-80f004680057
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://watch.cbc.ca/arthur/all/1ed4b385-cd84-49cf-95f0-80f004680057ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://watch.cbc.ca/doc-zone/season-6/customer-disservice/38e815a-009e3ab12e4
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://watch.cbc.ca/doc-zone/season-6/customer-disservice/38e815a-009e3ab12e4ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://watch.geniuskitchen.com/player/3787617/Ample-Hills-Ice-Cream-Bike/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://watch.geniuskitchen.com/player/3787617/Ample-Hills-Ice-Cream-Bike/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://watch.knpb.org/video/2365616055/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://watch.knpb.org/video/2365616055/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://watch.nba.com/video/channels/playoffs/2015/05/20/0041400301-cle-atl-recap.nba
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://watch.nba.com/video/channels/playoffs/2015/05/20/0041400301-cle-atl-recap.nbaamd5ab2b39b81cf2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://watchdisneyxd.go.com/doraemon
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://watchdisneyxd.go.com/doraemonainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://whilewewatch.blogspot.ru/2012/06/whilewewatch-whilewewatch-gripping.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://whilewewatch.blogspot.ru/2012/06/whilewewatch-whilewewatch-gripping.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://wnep.com/2017/07/22/steampunk-fest-comes-to-honesdale/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://wnep.com/2017/07/22/steampunk-fest-comes-to-honesdale/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.1tv.ru/news/issue/2016-12-01/14:00
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.1tv.ru/news/issue/2016-12-01/14:00ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.1tv.ru/shows/dobroe-utro/pro-zdorove/vesennyaya-allergiya-dobroe-utro-fragment-vypuska-ot
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.1tv.ru/shows/naedine-so-vsemi/vypuski/gost-lyudmila-senchina-naedine-so-vsemi-vypusk-ot-1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.1tv.ru/shows/tochvtoch-supersezon/vystupleniya/evgeniy-dyatlov-vladimir-vysockiy-koni-pri
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.20min.ch/schweiz/news/story/So-kommen-Sie-bei-Eis-und-Schnee-sicher-an-27032552
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.20min.ch/schweiz/news/story/So-kommen-Sie-bei-Eis-und-Schnee-sicher-an-27032552D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.220.ro/sport/Luati-Le-Banii-Sez-4-Ep-1/LYV6doKo7f/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.220.ro/sport/Luati-Le-Banii-Sez-4-Ep-1/LYV6doKo7f/amd5u03af18b73a07b4088753930db7a34addai
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.2doc.nl/documentaires/series/2doc/2015/oktober/de-tegenprestatie.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.2doc.nl/documentaires/series/2doc/2015/oktober/de-tegenprestatie.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.2doc.nl/speel~VARA_101375237~mh17-het-verdriet-van-nederland~.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.2doc.nl/speel~VARA_101375237~mh17-het-verdriet-van-nederland~.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.3sat.de/mediathek/index.php?mode=play&obj=45918
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.3sat.de/mediathek/index.php?mode=play&obj=45918amd5abe37228896d30a88f315b638900a026eainfo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.3sat.de/mediathek/mediathek.php?mode=play&obj=51066
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.3sat.de/mediathek/mediathek.php?mode=play&obj=51066aonly_matchingta_TESTST
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.3sat.de/mediathek/xmlservice/web/beitragsDetails?id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.3sat.de/mediathek/xmlservice/web/beitragsDetails?id=%saextract_from_xml_urla__doc__a__fil
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.4tube.com/embed/209733
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.4tube.com/embed/209733aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.4tube.com/videos/209733/hot-babe-holly-michaels-gets-her-ass-stuffed-by-black
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.5-tv.ru/glavnoe/#itemDetails
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.5-tv.ru/glavnoe/#itemDetailsainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.5-tv.ru/glavnoe/broadcasts/508645/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.5-tv.ru/glavnoe/broadcasts/508645/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.5-tv.ru/schedule/?iframe=true&width=900&height=450
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.5-tv.ru/schedule/?iframe=true&width=900&height=450aonly_matchingta_TESTSa_real_extractuFi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.56.com/u39/v_OTM0NDA3MTY.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.56.com/u39/v_OTM0NDA3MTY.htmlamd5ae59995ac63d0457783ea05f93f12a866ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.56.com/u47/v_MTM5NjQ5ODc2.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.56.com/u47/v_MTM5NjQ5ODc2.htmlamd5uainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.90tv.ir/video/95719/%D8%B4%D8%A7%DB%8C%D8%B9%D8%A7%D8%AA-%D9%86%D9%82%D9%84-%D9%88-%D8%A7
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.abc.net.au/7.30/content/2015/s4164797.htm
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.abc.net.au/7.30/content/2015/s4164797.htmainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.adultswim.com/videos/attack-on-titan
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.adultswim.com/videos/attack-on-titanainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.adultswim.com/videos/decker/inside-decker-a-new-hero/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.adultswim.com/videos/decker/inside-decker-a-new-hero/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.adultswim.com/videos/streams/williams-stream
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.adultswim.com/videos/streams/williams-streamainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.adultswim.com/videos/tim-and-eric-awesome-show-great-job/dr-steve-brule-for-your-wine/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.adultswim.com/videos/tim-and-eric-awesome-show-great-job/dr-steve-brule-for-your-wine/ain
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.advopedia.de/videos/lenssen-klaert-auf/lenssen-klaert-auf-folge-8-staffel-3-feiertage-und
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.aetv.com/shows/duck-dynasty/season-9/episode-1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.aetv.com/shows/duck-dynasty/season-9/episode-1aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.afreecatv.com/player/Player.swf?szType=szBjId=djleegoon&nStationNo=11273158&nBbsNo=131610
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.aljazeera.com/programmes/the-slum/2014/08/deliverance-201482883754237240.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.aljazeera.com/programmes/the-slum/2014/08/deliverance-201482883754237240.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.aljazeera.com/video/news/2017/05/sierra-leone-709-carat-diamond-auctioned-170511100111930
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.allocine.fr/article/fichearticle_gen_carticle=18635087.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.allocine.fr/article/fichearticle_gen_carticle=18635087.htmlamd5u0c9fcf59a841f65635fa300ac
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.allocine.fr/video/player_gen_cmedia=19540403&cfilm=222257.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.allocine.fr/video/player_gen_cmedia=19540403&cfilm=222257.htmlad0cdce5d2b9522ce279fdfec07
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.allocine.fr/video/player_gen_cmedia=19544709&cfilm=181290.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.allocine.fr/video/player_gen_cmedia=19544709&cfilm=181290.htmlu101250fb127ef9ca3d73186ff2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.allocine.fr/video/video-19550147/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.allocine.fr/video/video-19550147/amd5u3566c0668c0235e2d224fd8edb389f67ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.allocine.fr/ws/AcVisiondataV5.ashx?media=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.allocine.fr/ws/AcVisiondataV5.ashx?media=%saremove_endu(?s)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.alphaporno.com/videos/sensual-striptease-porn-with-samantha-alexandra/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.alphaporno.com/videos/sensual-striptease-porn-with-samantha-alexandra/amd5afeb6d3bba8848c
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.amc.com/shows/preacher/full-episodes/season-01/episode-00/pilot
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.amc.com/shows/preacher/full-episodes/season-01/episode-00/pilotaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.aparat.com/v/wP8On
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.aparat.com/v/wP8Onamd5u131aca2e14fe7c4dcb3c4877ba300c89ainfo_dictawP8Onu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.aparat.com/video/video/embed/vt/frame/showvideo/yes/videohash/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.aparat.com/video/video/embed/vt/frame/showvideo/yes/videohash/a_parse_jsona_search_regexu
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.appledaily.com.tw/actionnews/appledaily/7/20161003/960588/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.appledaily.com.tw/actionnews/appledaily/7/20161003/960588/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.appledaily.com.tw/animation/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.appledaily.com.tw/animation/D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.appledaily.com.tw/animation/realtimenews/new/20150128/5003671
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.appledaily.com.tw/animation/realtimenews/new/20150128/5003671amd5u03df296d95dedc2d5886deb
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.appledaily.com.tw/animation/realtimenews/new/20150128/5003673/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.appledaily.com.tw/animation/realtimenews/new/20150128/5003673/amd5ab06182cd386ea7bc6115ec
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.appledaily.com.tw/appledaily/article/supplement/20140417/35770334/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.appledaily.com.tw/appledaily/article/supplement/20140417/35770334/amd5aeaa20e6b9df418c912
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.appledaily.com.tw/realtimenews/article/strange/20150128/550549/%E4%B8%8D%E6%BB%BF%E8%A2%A
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ardmediathek.de/play/media/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ardmediathek.de/play/media/%savideo_idT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ardmediathek.de/tv/S%C3%9CDLICHT/Was-ist-die-Kunst-der-Zukunft-liebe-Ann/BR-Fernsehen/Vid
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ardmediathek.de/tv/WDR-H%C3%B6rspiel-Speicher/Tod-eines-Fu%C3%9Fballers/WDR-3/Audio-Podca
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.audiomack.com/album/fakeshoredrive/ppp-pistol-p-project
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.audiomack.com/album/fakeshoredrive/ppp-pistol-p-projectainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.audiomack.com/album/flytunezcom/tha-tour-part-2-mixtape
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.audiomack.com/album/flytunezcom/tha-tour-part-2-mixtapeaplaylist_countl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.audiomack.com/api/music/url/album/%s/%d?extended=1&_=%d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.audiomack.com/api/music/url/album/%s/%d?extended=1&_=%danoteuQuerying
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.audiomack.com/api/music/url/song/%s?extended=1&_=%d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.audiomack.com/api/music/url/song/%s?extended=1&_=%datimeaurlaerroraExtractorErroruInvalid
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.audiomack.com/song/hip-hop-daily/black-mamba-freestyle
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.audiomack.com/song/hip-hop-daily/black-mamba-freestyleainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.audiomack.com/song/roosh-williams/extraordinary
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.audiomack.com/song/roosh-williams/extraordinaryainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.badzine.de/ansicht/datum/2014/06/09/so-funktioniert-die-neue-englische-badminton-liga.htm
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/blogs/adamcurtis/entries/3662a707-0af9-3149-963f-47bea720b460
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/blogs/adamcurtis/entries/3662a707-0af9-3149-963f-47bea720b460ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/emp/releases/iplayer/revisions/617463_618125_4/617463_618125_4_emp.swf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/iplayer/cbeebies/episode/b0480276/bing-14-atchoo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/iplayer/cbeebies/episode/b0480276/bing-14-atchooaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/iplayer/episode/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/iplayer/episode/%sudata-ip-id=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/iplayer/episode/b00yng5w/The_Man_in_Black_Series_3_The_Printed_Name/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/iplayer/episode/b00yng5w/The_Man_in_Black_Series_3_The_Printed_Name/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/iplayer/episode/b03vhd1f/The_Voice_UK_Series_3_Blind_Auditions_5/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/iplayer/episode/b03vhd1f/The_Voice_UK_Series_3_Blind_Auditions_5/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/iplayer/episode/b054fn09/ad/natural-world-20152016-2-super-powered-owls
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/iplayer/episode/b054fn09/ad/natural-world-20152016-2-super-powered-owlsainfo_di
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/iplayer/episode/b05zmgwn/royal-academy-summer-exhibition
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/iplayer/episode/b05zmgwn/royal-academy-summer-exhibitionainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/iplayer/episode/p026c7jt/tomorrows-worlds-the-unearthly-history-of-science-fict
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/iplayer/episodes/b05rcz9v
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/iplayer/episodes/b05rcz9vainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/iplayer/group/p02tcc32
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/iplayer/group/p02tcc32ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/iplayer/playlist/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/iplayer/playlist/%suDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/iplayer/playlist/p01dvks4
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/iplayer/playlist/p01dvks4aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/learningenglish/chinese/features/lingohack/ep-181227
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/learningenglish/chinese/features/lingohack/ep-181227ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/music/clips#p02frcc3
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/music/clips#p02frcc3aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/music/clips/p022h44b
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/music/clips/p022h44banoteaAudioainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/music/clips/p025c0zz
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/music/clips/p025c0zzanoteaVideoainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/news/science-environment-33661876
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/news/science-environment-33661876aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/programmes/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/programmes/%s/playlist.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/programmes/%sudata-pid=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/programmes/articles/3jNQLTMrPlYGTBn0WV6M2MS/not-your-typical-role-model-ada-lov
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/programmes/b00mfl7n/clips
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/programmes/b00mfl7n/clips?page=1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/programmes/b00mfl7n/clips?page=1ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/programmes/b00mfl7n/clipsainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/programmes/b039g8p7
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/programmes/b039g8p7ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/programmes/b04v20dw
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/programmes/b04v20dwainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/programmes/b055jkys/episodes/player
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/programmes/b055jkys/episodes/playeraonly_matchingtuBBCCoUkPlaylistIE._extract_t
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/programmes/b05rcz9v/broadcasts/2016/06
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/programmes/b05rcz9v/broadcasts/2016/06aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/programmes/b05rcz9v/clips
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/programmes/b05rcz9v/clipsainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/programmes/b05rcz9v/clipsaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/programmes/b06rkn85
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/programmes/b06rkn85ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/programmes/p028bfkf/player
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/programmes/p028bfkf/playerainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/programmes/w3csv1y9
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/programmes/w3csv1y9aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/radio/player/p03cchwf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/radio/player/p03cchwfaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/schoolreport/35744779
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/schoolreport/35744779ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/sport/live/olympics/36895975
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/sport/live/olympics/36895975ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/sport/rowing/35908187
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.uk/sport/rowing/35908187aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.co.ukaplayer_urluhttp://www.bbc.co.uk/emp/releases/iplayer/revisions/617463_618125_4/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.com/autos/story/20130513-hyundais-rock-star
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.com/autos/story/20130513-hyundais-rock-starainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.com/mundo/video_fotos/2015/06/150619_video_honduras_militares_hospitales_corrupcion_a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.com/news/business-28299555
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.com/news/business-28299555ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.com/news/video_and_audio/must_see/33376376
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.com/news/video_and_audio/must_see/33376376ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.com/news/world-europe-32041533
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.com/news/world-europe-32041533ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.com/news/world-europe-32668511
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.com/news/world-europe-32668511ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.com/sport/0/football/33653409
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.com/sport/0/football/33653409ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.com/sport/0/football/34475836
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.com/sport/0/football/34475836ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.com/travel/story/20150625-sri-lankas-spicy-secret
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.com/travel/story/20150625-sri-lankas-spicy-secretainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.com/turkce/haberler/2015/06/150615_telabyad_kentin_cogu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.com/turkce/haberler/2015/06/150615_telabyad_kentin_coguainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.com/weather/features/33601775
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbc.com/weather/features/33601775aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbcamerica.com/shows/doctor-who/full-episodes/the-power-of-the-daleks/episode-01-episode-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbcamerica.com/shows/the-hunt/full-episodes/season-1/episode-01-the-hardest-challenge
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bbcamerica.com/shows/the-hunt/full-episodes/season-1/episode-01-the-hardest-challengeaonl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.behindkink.com/2014/12/05/what-are-you-passionate-about-marley-blaze/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.behindkink.com/2014/12/05/what-are-you-passionate-about-marley-blaze/amd5u507b57d8fdcd75a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.behindkink.com/wp-content/uploads/2014/12/blaze-1.jpg
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.behindkink.com/wp-content/uploads/2014/12/blaze-1.jpgaage_limitl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bet.com/news/politics/2014/12/08/in-bet-exclusive-obama-talks-race-and-racism.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bet.com/news/politics/2014/12/08/in-bet-exclusive-obama-talks-race-and-racism.htmlainfo_d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bet.com/video/news/national/2014/justice-for-ferguson-a-community-reacts.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bet.com/video/news/national/2014/justice-for-ferguson-a-community-reacts.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bfmtv.com/video/bfmbusiness/cours-bourse/cours-bourse-l-analyse-technique-154522/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bfmtv.com/video/bfmbusiness/cours-bourse/cours-bourse-l-analyse-technique-154522/ainfo_di
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bigbrothercanada.ca/video/1457812035894/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bigbrothercanada.ca/video/1457812035894/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bigflix.com/Malayalam-movies/Drama-movies/Indian-Rupee/15967
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bigflix.com/Malayalam-movies/Drama-movies/Indian-Rupee/15967aonly_matchingta_TESTSa_real_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bigflix.com/Tamil-movies/Drama-movies/Madarasapatinam/16070
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bigflix.com/Tamil-movies/Drama-movies/Madarasapatinam/16070ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bild.de/video/clip/apple-ipad-air/das-koennen-die-neuen-ipads-38184146.bild.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bild.de/video/clip/apple-ipad-air/das-koennen-die-neuen-ipads-38184146.bild.htmlamd5add49
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bilibili.com/video/av8903802/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bilibili.com/video/av8903802/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bilibili.tv/video/av%s/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bilibili.tv/video/av%s/aieavideo_ida__doc__a__file__a__spec__ahas_locationa__cached__auni
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bilibili.tv/video/av1074402/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bilibili.tv/video/av1074402/amd5u5f7d29e1a2872f3df0cf76b1f87d3788ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.biobiochile.cl/noticias/bbtv/comentarios-bio-bio/2016/07/08/edecanes-del-congreso-figuras
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.biobiochile.cl/portada/bbtv/index.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.biobiochile.cl/portada/bbtv/index.htmlD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.blinkx.com/ce/Da0Gw3xc5ucpNduzLuDDlv4WC9PuI4fDi1-t6Y3LyfdY2SZS5Urbvn-UPJvrvbo8LTKTc67Wu2r
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.blogtalkradio.com/playerasset/mrss?assetType=single&assetId=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.blogtalkradio.com/playerasset/mrss?assetType=single&assetId=%safindT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bloomberg.com/api/embed?id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bloomberg.com/api/embed?id=%sastreamsagetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bloomberg.com/features/2016-hello-world-new-zealand/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bloomberg.com/features/2016-hello-world-new-zealand/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bloomberg.com/news/articles/2015-11-12/five-strange-things-that-have-been-happening-in-fi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bloomberg.com/news/videos/b/aaeae121-5949-481e-a1ce-4562db6f5df2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bloomberg.com/news/videos/b/aaeae121-5949-481e-a1ce-4562db6f5df2ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bloomberg.com/politics/videos/2015-11-25/karl-rove-on-jeb-bush-s-struggles-stopping-trump
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bnn.ca/video/berman-s-call-part-two-viewer-questions~939654
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bnn.ca/video/berman-s-call-part-two-viewer-questions~939654aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bostonglobe.com/metro/2017/02/11/tree-finally-succumbs-disease-leaving-hole-neighborhood/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bpb.de/mediathek/297/joachim-gauck-zu-1989-und-die-erinnerung-an-die-ddr
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bpb.de/mediathek/297/joachim-gauck-zu-1989-und-die-erinnerung-an-die-ddramd5ac4f84c8a8044
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.br.de/fernsehen/br-alpha/sendungen/kant-fuer-anfaenger/kritik-der-reinen-vernunft/kant-kr
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.br.de/mediathek/video/sendungen/abendschau/betriebliche-altersvorsorge-104.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.br.de/mediathek/video/sendungen/abendschau/betriebliche-altersvorsorge-104.htmlamd5u83a04
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.br.de/nachrichten/oberbayern/inhalt/muenchner-polizeipraesident-schreiber-gestorben-100.h
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.br.de/radio/bayern1/service/team/videos/team-video-erdelt100.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.br.de/radio/bayern1/service/team/videos/team-video-erdelt100.htmlamd5adbab0aef2e047060ea7
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bravotv.com/below-deck/season-3/ep-14-reunion-part-1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bravotv.com/below-deck/season-3/ep-14-reunion-part-1aonly_matchingta_TESTSa_real_extractu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.break.com/video/someone-forgot-boat-brakes-work
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.break.com/video/someone-forgot-boat-brakes-workainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.break.com/video/ugc/baby-flex-2773063
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.break.com/video/ugc/baby-flex-2773063aonly_matchingta_TESTSa_real_extractuBreakIE._real_e
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.break.com/video/when-girls-act-like-guys-2468056
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.break.com/video/when-girls-act-like-guys-2468056ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.buffalobills.com/video/videos/Rex_Ryan_Show_World_Wide_Rex/b1dcfab2-3190-4bb1-bfc0-d6e603
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bumm.sk/krimi/2017/07/05/biztonsagi-kamera-buktatta-le-az-agg-ferfit-utlegelo-apolot
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.bumm.sk/krimi/2017/07/05/biztonsagi-kamera-buktatta-le-az-agg-ferfit-utlegelo-apolotainfo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.businessinsider.com/excel-index-match-vlookup-video-how-to-2015-2?IR=T
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.businessinsider.com/excel-index-match-vlookup-video-how-to-2015-2?IR=Taonly_matchingta_TE
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.buzzfeed.com/abagg/this-angry-ram-destroys-a-punching-bag-like-a-boss?utm_term=4ldqpia
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.buzzfeed.com/abagg/this-angry-ram-destroys-a-punching-bag-like-a-boss?utm_term=4ldqpiaain
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.buzzfeed.com/craigsilverman/the-most-adorable-crash-landing-ever#.eq7pX0BAmK
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.buzzfeed.com/craigsilverman/the-most-adorable-crash-landing-ever#.eq7pX0BAmKainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.buzzfeed.com/sheridanwatson/look-at-this-cute-dog-omg?utm_term=4ldqpia
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.buzzfeed.com/sheridanwatson/look-at-this-cute-dog-omg?utm_term=4ldqpiaaparamsD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.byutv.org/watch/6587b9a3-89d2-42a6-a7f7-fd2f81840a7d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.byutv.org/watch/6587b9a3-89d2-42a6-a7f7-fd2f81840a7d/studio-c-season-5-episode-5
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.byutv.org/watch/6587b9a3-89d2-42a6-a7f7-fd2f81840a7d/studio-c-season-5-episode-5ainfo_dic
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.byutv.org/watch/6587b9a3-89d2-42a6-a7f7-fd2f81840a7daonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.c-span.org/assets/player/ajax-player.php?os=android&html5=%s&id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.c-span.org/assets/player/ajax-player.php?os=android&html5=%s&id=%savideou
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.c-span.org/common/services/flashXml.php?%sid=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.c-span.org/common/services/flashXml.php?%sid=%sa_html_search_metaadescriptionafind_xpath_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.c-span.org/video/?104517-1/immigration-reforms-needed-protect-skilled-american-workers
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.c-span.org/video/?104517-1/immigration-reforms-needed-protect-skilled-american-workersain
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.c-span.org/video/?313572-1/HolderonV
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.c-span.org/video/?313572-1/HolderonVamd5u94b29a4f131ff03d23471dd6f60b6a1dainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.c-span.org/video/?318608-1/gm-ignition-switch-recall
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.c-span.org/video/?318608-1/gm-ignition-switch-recallainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.c-span.org/video/?c4486943/cspan-international-health-care-models
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.c-span.org/video/?c4486943/cspan-international-health-care-modelsainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.camdemy.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.camdemy.com/folder/450
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.camdemy.com/folder/450ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.camdemy.com/folder/853
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.camdemy.com/folder/853/?displayMode=defaultOrderByOrg
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.camdemy.com/folder/853/?displayMode=defaultOrderByOrgainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.camdemy.com/folder/853ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.camdemy.com/media/13885
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.camdemy.com/media/13885amd5u4576a3bb2581f86c61044822adbd1249ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.camdemy.com/media/14842
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.camdemy.com/media/14842ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.camdemy.com/media/5181/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.camdemy.com/media/5181/amd5u5a5562b6a98b37873119102e052e311bainfo_dictu5181aextamp4uCh1-1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.camdemy.com/oembed/?format=json&url=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.camdemy.com/oembed/?format=json&url=atitleathumbnail_urlacompat_urlparseaurljoinuvideo/a_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.camdemy.comakeywordsaplaylist_resulta__doc__a__file__a__spec__aoriginahas_locationa__cach
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.canalc2.tv/video/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.canalc2.tv/video/%sa_html_search_regexu(?s)class=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.canalc2.tv/video/12163
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.canalc2.tv/video/12163amd5u060158428b650f896c542dfbb3d6487fainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.canvas.be/video/de-afspraak/najaar-2015/de-afspraak-veilt-voor-de-warmste-week
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.canvas.be/video/de-afspraak/najaar-2015/de-afspraak-veilt-voor-de-warmste-weekamd5aed6697
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.canvas.be/video/panorama/2016/pieter-0167
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.canvas.be/video/panorama/2016/pieter-0167ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cbc.ca/22minutes/videos/22-minutes-update/22-minutes-update-episode-4
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cbc.ca/22minutes/videos/22-minutes-update/22-minutes-update-episode-4amd5u162adfa070274b1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cbc.ca/22minutes/videos/clips-season-23/don-cherry-play-offs
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cbc.ca/22minutes/videos/clips-season-23/don-cherry-play-offsamd5u97e24d09672fc4cf56256d6f
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cbc.ca/archives/entry/1978-robin-williams-freestyles-on-90-minutes-live
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cbc.ca/archives/entry/1978-robin-williams-freestyles-on-90-minutes-liveamd5u0274a90b51a9b
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cbc.ca/natureofthings/blog/birds-eye-view-from-vancouvers-burrard-street-bridge-how-we-go
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cbc.ca/news/canada/calgary/dog-indoor-exercise-winter-1.3928238
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cbc.ca/news/canada/calgary/dog-indoor-exercise-winter-1.3928238ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cbc.ca/player/play/2164402062
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cbc.ca/player/play/2164402062amd5u33fcd8f6719b9dd60a5e73adcb83b9f6ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cbc.ca/player/play/2657631896
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cbc.ca/player/play/2657631896amd5ae5e708c34ae6fca156aafe17c43e8b75ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cbc.ca/player/play/2683190193
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cbc.ca/player/play/2683190193amd5u64d25f841ddf4ddb28a235338af32e2cainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cbs.com/shows/garth-brooks/video/_u7W953k6la293J7EPTd9oHkSPs6Xn6_/connect-chat-feat-garth
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cbsnews.com/live/video/clinton-sanders-prepare-to-face-off-in-nh/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cbsnews.com/live/video/clinton-sanders-prepare-to-face-off-in-nh/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cbsnews.com/news/artificial-intelligence-positioned-to-be-a-game-changer/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cbsnews.com/news/artificial-intelligence-positioned-to-be-a-game-changer/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cbsnews.com/news/maria-ridulph-murder-will-the-nations-oldest-cold-case-to-go-to-trial-ev
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cc.com/full-episodes/pv391a/the-daily-show-with-trevor-noah-november-28--2016---ryan-spee
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cc.com/shows/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cc.com/shows/D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cc.com/shows/the-daily-show-with-trevor-noah/full-episodes
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cc.com/shows/the-daily-show-with-trevor-noah/full-episodesaonly_matchingta_real_extractuC
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cc.com/shows/the-daily-show-with-trevor-noah/full-episodesathedailyshowuhttp://www.cc.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cc.com/shows/the-daily-show-with-trevor-noah/interviews/6yx39d/exclusive-rand-paul-extend
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cc.com/shows/the-opposition-with-jordan-klepper/full-episodes
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cc.com/video-clips/kllhuv/stand-up-greg-fitzsimmons--uncensored---too-good-of-a-mother
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cc.com/video-clips/kllhuv/stand-up-greg-fitzsimmons--uncensored---too-good-of-a-motheramd
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ccma.cat/catradio/alacarta/programa/el-consell-de-savis-analitza-el-derbi/audio/943685/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ccma.cat/catradio/alacarta/programa/el-consell-de-savis-analitza-el-derbi/audio/943685/am
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ccma.cat/tv3/alacarta/lespot-de-la-marato-de-tv3/lespot-de-la-marato-de-tv3/video/5630208
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cda.pl/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cda.pl/uhttp://www.cda.pl/video/5749950camd5u6f844bf51b15f31fae165365707ae970u5749950caex
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cda.pl/video/1273454c4
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cda.pl/video/1273454c4u1273454c4uBronson
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cda.pl/video/57413289
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cda.pl/video/57413289aa88828770a8310fc00be6c95faf7f4d5u57413289uL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cda.pl/video/5749950c
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ceskatelevize.cz/ivysilani/10441294653-hyde-park-civilizace/215411058090502/bonus/20641-b
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ceskatelevize.cz/ivysilani/embed/iFramePlayer.php?hash=d6a3e1370d2e4fa76296b90bad4dfc1967
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ceskatelevize.cz/ivysilani/ivysilani/10441294653-hyde-park-civilizace/214411058091220
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ceskatelevize.cz/ivysilani/ivysilani/10441294653-hyde-park-civilizace/214411058091220ainf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ceskatelevize.cz/ivysilani/zive/ct4/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ceskatelevize.cz/ivysilani/zive/ct4/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ceskatelevize.cz/porady/10520528904-queer/215562210900007-bogotart/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ceskatelevize.cz/porady/10520528904-queer/215562210900007-bogotart/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ceskatelevize.cz/porady/10614999031-neviditelni/21251212048/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ceskatelevize.cz/porady/10614999031-neviditelni/21251212048/aonly_matchingtuCeskaTelevize
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.championat.com/video/football/v/87/87499.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.championat.com/video/football/v/87/87499.htmlamd5afb973ecf6e4a78a67453647444222983ainfo_d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.chilloutzone.net/video/eine-sekunde-bevor.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.chilloutzone.net/video/eine-sekunde-bevor.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.chilloutzone.net/video/enemene-meck-alle-katzen-weg.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.chilloutzone.net/video/enemene-meck-alle-katzen-weg.htmlamd5aa76f3457e813ea0037e5244f509e
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.chilloutzone.net/video/icon-blending.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.chilloutzone.net/video/icon-blending.htmlamd5u2645c678b8dc4fefcc0e1b60db18dac1ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cinemablend.com/new/First-Joe-Dirt-2-Trailer-Teaser-Stupid-Greatness-70874.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cinemablend.com/new/First-Joe-Dirt-2-Trailer-Teaser-Stupid-Greatness-70874.htmlainfo_dict
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.clearleap.com/namespace/clearleap/1.0/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.clickhole.com/video/dont-understand-bitcoin-man-will-mumble-explanatio-2537
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.clickhole.com/video/dont-understand-bitcoin-man-will-mumble-explanatio-2537ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.clip.rs/premijera-frajle-predstavljaju-novi-spot-za-pesmu-moli-me-moli/3732
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.clip.rs/premijera-frajle-predstavljaju-novi-spot-za-pesmu-moli-me-moli/3732amd5ac412d5781
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cliphunter.com/w/1012420/Fun_Jynx_Maze_solo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cliphunter.com/w/1012420/Fun_Jynx_Maze_soloamd5ab7c9bbd4eb3a226ab91093714dcaa480ainfo_dic
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cliphunter.com/w/2019449/ShesNew__My_booty_girlfriend_Victoria_Paradices_pussy_filled_wit
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.clipsyndicate.com/video/play/4629301/brick_briscoe
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.clipsyndicate.com/video/play/4629301/brick_briscoeamd5u4d7d549451bad625e0ff3d7bd56d776cai
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cloudy.ec/embed.php?autoplay=1&id=af511e2527aac
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cloudy.ec/embed.php?autoplay=1&id=af511e2527aacaonly_matchingta_TESTSa_real_extractuCloud
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.clubic.com/video/clubic-week/video-clubic-week-2-0-le-fbi-se-lance-dans-la-photo-d-identi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.clubic.com/video/video-clubic-week-2-0-apple-iphone-6s-et-plus-mais-surtout-le-pencil-469
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cmt.com/full-episodes/537qb3/nashville-the-wayfaring-stranger-season-5-ep-501
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cmt.com/full-episodes/537qb3/nashville-the-wayfaring-stranger-season-5-ep-501aonly_matchi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cmt.com/shows/party-down-south/party-down-south-ep-407-gone-girl/1738172/playlist/#id=173
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cmt.com/video-clips/t9e4ci/nashville-juliette-in-2-minutes
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cmt.com/video-clips/t9e4ci/nashville-juliette-in-2-minutesaonly_matchingta_TESTSuCMTIE._e
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cmt.com/videos/garth-brooks/989124/the-call-featuring-trisha-yearwood.jhtml#artist=30061
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cmt.com/videos/garth-brooks/989124/the-call-featuring-trisha-yearwood.jhtml#artist=30061a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cmt.com/videos/misc/1504699/still-the-king-ep-109-in-3-minutes.jhtml#id=1739908
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cmt.com/videos/misc/1504699/still-the-king-ep-109-in-3-minutes.jhtml#id=1739908amd5ae61a8
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cnet.com/videos/hands-on-with-microsofts-windows-8-1-update/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cnet.com/videos/hands-on-with-microsofts-windows-8-1-update/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cnet.com/videos/whiny-pothole-tweets-at-local-government-when-hit-by-cars-tomorrow-daily-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cnn.com/2014/12/21/politics/obama-north-koreas-hack-not-war-but-cyber-vandalism/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cnn.com/2014/12/21/politics/obama-north-koreas-hack-not-war-but-cyber-vandalism/amd5u6890
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cnn.com/video/data/2.0/video/living/2014/12/22/growing-america-nashville-salemtown-board-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cns.nyu.edu/~eero/math-tools/Videos/lecture-05sep2017.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cns.nyu.edu/~eero/math-tools/Videos/lecture-05sep2017.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.colbertlateshow.com/podcasts/dYSwjqPs_X1tvbV_P2FcPWRa_qT6akTC/in-the-bad-room-with-stephe
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.comedycentral.tv/shows/1074-workaholics
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.comedycentral.tv/shows/1074-workaholicsaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.comedycentral.tv/shows/1727-the-mindy-project/bonus
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.comedycentral.tv/shows/1727-the-mindy-project/bonusaonly_matchingtuComedyCentralTVIE._rea
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.comedycentral.tv/staffeln/7436-the-mindy-project-staffel-4
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.comedycentral.tv/staffeln/7436-the-mindy-project-staffel-4ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cornell.edu/video/nima-arkani-hamed-standard-models-of-particle-physics
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cornell.edu/video/nima-arkani-hamed-standard-models-of-particle-physicsainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cracked.com/video_19006_4-plot-holes-you-didnt-notice-in-your-favorite-movies.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cracked.com/video_19006_4-plot-holes-you-didnt-notice-in-your-favorite-movies.htmlamd5acc
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cracked.com/video_19070_if-animal-actors-got-e21-true-hollywood-stories.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cracked.com/video_19070_if-animal-actors-got-e21-true-hollywood-stories.htmlamd5u89b90b98
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.crunchyroll.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.crunchyroll.com/11eyes/episode-1-piros-jszaka-red-night-535080
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.crunchyroll.com/a-bridge-to-the-starry-skies-hoshizora-e-kakaru-hashi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.crunchyroll.com/a-bridge-to-the-starry-skies-hoshizora-e-kakaru-hashiainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.crunchyroll.com/cosplay-complex-ova
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.crunchyroll.com/cosplay-complex-ova/episode-1-the-birth-of-the-cosplay-club-565617
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.crunchyroll.com/cosplay-complex-ova/episode-1-the-birth-of-the-cosplay-club-565617aonly_m
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.crunchyroll.com/cosplay-complex-ovaainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.crunchyroll.com/hakuoki-reimeiroku/episode-1-dawn-of-the-divine-warriors-606899
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.crunchyroll.com/hakuoki-reimeiroku/episode-1-dawn-of-the-divine-warriors-606899ainfo_dict
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.crunchyroll.com/konosuba-gods-blessing-on-this-wonderful-world/episode-1-give-me-delivera
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.crunchyroll.com/ladies-versus-butlers?skip_wall=1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.crunchyroll.com/ladies-versus-butlers?skip_wall=1aonly_matchingtuCrunchyrollShowPlaylistI
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.crunchyroll.com/media-589804/culture-japan-1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.crunchyroll.com/media-589804/culture-japan-1ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.crunchyroll.com/media-723735
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.crunchyroll.com/media-723735aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.crunchyroll.com/nyarko-san-another-crawling-chaos/episode-1-test-590532
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.crunchyroll.com/nyarko-san-another-crawling-chaos/episode-1-test-590532u590532uTV
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.crunchyroll.com/rezero-starting-life-in-another-world-/episode-5-the-morning-of-our-promi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.crunchyroll.com/wanna-be-the-strongest-in-the-world/episode-1-an-idol-wrestler-is-born-64
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.crunchyroll.comaCrunchyrollareversea_typeaplaylistaentriesa__doc__a__file__a__spec__aorig
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.crunchyroll.fr/girl-friend-beta/episode-11-goodbye-la-mode-661697
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.crunchyroll.fr/girl-friend-beta/episode-11-goodbye-la-mode-661697aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.csnne.com/video/snc-evening-update-wright-named-red-sox-no-5-starter
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.csnne.com/video/snc-evening-update-wright-named-red-sox-no-5-starterainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ctv.ca/DCs-Legends-of-Tomorrow/Video/S2E11-Turncoat-vid1051430
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ctv.ca/DCs-Legends-of-Tomorrow/Video/S2E11-Turncoat-vid1051430aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ctv.ca/YourMorning/Video/S1E6-Monday-August-29-2016-vid938009
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ctv.ca/YourMorning/Video/S1E6-Monday-August-29-2016-vid938009aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ctvnews.ca/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ctvnews.ca/%sD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ctvnews.ca/1.810401
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ctvnews.ca/1.810401aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ctvnews.ca/canadiens-send-p-k-subban-to-nashville-in-blockbuster-trade-1.2967231
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ctvnews.ca/canadiens-send-p-k-subban-to-nashville-in-blockbuster-trade-1.2967231aonly_mat
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ctvnews.ca/video?binId=1.2876780
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ctvnews.ca/video?binId=1.2876780ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ctvnews.ca/video?clipId=901995
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ctvnews.ca/video?clipId=901995amd5u9b8624ba66351a23e0b6e1391971f9afainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ctvnews.ca/video?playlistId=1.2966224
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ctvnews.ca/video?playlistId=1.2966224ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cultureunplugged.com/documentary/watch-online/play/53662
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cultureunplugged.com/documentary/watch-online/play/53662/The-Next--Best-West
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cultureunplugged.com/documentary/watch-online/play/53662/The-Next--Best-Westamd5aac6c093b
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cultureunplugged.com/documentary/watch-online/play/53662aonly_matchingta_TESTSa_real_extr
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cultureunplugged.com/movie-data/cu-%s.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cultureunplugged.com/movie-data/cu-%s.jsonaurlatitleagetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cultureunplugged.com/setClientTimezone.php?timeOffset=%d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cultureunplugged.com/setClientTimezone.php?timeOffset=%datimeatimezonel
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.cwseed.com/shows/whose-line-is-it-anyway/jeff-davis-4/?play=24282b12-ead2-42f2-95ad-26770
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dagbladet.no/2016/02/23/nyheter/nordlys/ski/troms/ver/43254897/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dagbladet.no/2016/02/23/nyheter/nordlys/ski/troms/ver/43254897/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dailymail.co.uk/api/player/%s/video-sources.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dailymail.co.uk/api/player/%s/video-sources.jsona_download_jsonagetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dailymail.co.uk/embed/video/1295863.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dailymail.co.uk/embed/video/1295863.htmlaonly_matchingta_TESTSastaticmethoda_extract_urls
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dailymail.co.uk/video/tvshowbiz/video-1295863/The-Mountain-appears-sparkling-water-ad-Hea
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dailymotion.com/playlist/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dailymotion.com/playlist/aDailymotionPlaylistuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dailymotion.com/playlist/xv4bw_nqtv_sport/1#video=xl8v3q
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dailymotion.com/playlist/xv4bw_nqtv_sport/1#video=xl8v3qainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dailymotion.com/swf/video/x3n92nf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dailymotion.com/swf/video/x3n92nfaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dailymotion.com/swf/x3ss1m_funny-magic-trick-barry-and-stuart_fun
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dailymotion.com/swf/x3ss1m_funny-magic-trick-barry-and-stuart_funaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dailymotion.com/user/UnderProject
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dailymotion.com/user/UnderProjectainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dailymotion.com/video/x149uew_katy-perry-roar-official_musi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dailymotion.com/video/x149uew_katy-perry-roar-official_musiainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dailymotion.com/video/x20su5f_the-power-of-nightmares-1-the-rise-of-the-politics-of-fear-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dailymotion.com/video/x5kesuj_office-christmas-party-review-jason-bateman-olivia-munn-t-j
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dailymotion.com/video/xhza0o
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dailymotion.com/video/xhza0oaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dailymotion.com/video/xyh2zz_leanna-decker-cyber-girl-of-the-year-desires-nude-playboy-pl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.daserste.de/information/reportage-dokumentation/dokus/videos/die-story-im-ersten-mission-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.daserste.de/information/talk/maischberger/videos/das-groko-drama-zerlegen-sich-die-volksp
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dcndigital.ae/#/video/%D8%B1%D8%AD%D9%84%D8%A9-%D8%A7%D9%84%D8%B9%D9%85%D8%B1-%D8%A7%D9%8
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dctp.tv/filme/sind-youtuber-die-besseren-lehrer/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dctp.tv/filme/sind-youtuber-die-besseren-lehrer/aonly_matchingta_TESTSuhttp://dctp-ivms2-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dctp.tv/filme/videoinstallation-fuer-eine-kaufhausfassade/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dctp.tv/filme/videoinstallation-fuer-eine-kaufhausfassade/amd5u3ffbd1556c3fe210724d7088fa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.deezer.com/playlist/176747451
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.deezer.com/playlist/176747451ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.defense.gouv.fr/layout/set/ligthboxvideo/base-de-medias/webtv/attaque-chimique-syrienne-d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.delawaresportszone.com/video-st-thomas-more-earns-first-trip-to-basketball-semis
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.delawaresportszone.com/video-st-thomas-more-earns-first-trip-to-basketball-semisamd5u2b35
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.delvenetworks.com/sample-code/playerCode-demo.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.delvenetworks.com/sample-code/playerCode-demo.htmlaplaylist_mincountl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.democracynow.org/2015/7/3/this_flag_comes_down_today_bree
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.democracynow.org/2015/7/3/this_flag_comes_down_today_breeainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.democracynow.org/shows/2015/7/3
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.democracynow.org/shows/2015/7/3amd5u3757c182d3d84da68f5c8f506c18c196ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dhm.de/filmarchiv/02-mapping-the-wall/peter-g/rolle-1/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dhm.de/filmarchiv/02-mapping-the-wall/peter-g/rolle-1/amd5u09890226332476a3e3f6f2cb74734a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dhm.de/filmarchiv/die-filme/the-marshallplan-at-work-in-west-germany/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dhm.de/filmarchiv/die-filme/the-marshallplan-at-work-in-west-germany/amd5u11c475f670209bf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.discoveryvr.com/watch/discovery-vr-an-introduction
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.discoveryvr.com/watch/discovery-vr-an-introductionamd5u32b1929798c464a54356378b7912eca4ai
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.douyu.com/t/lpl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.douyu.com/t/lplaonly_matchingta_TESTSa_real_extractuDouyuTVIE._real_extracta__orig_bases_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.douyu.com/xiaocang
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.douyu.com/xiaocangaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.douyutv.com/17732
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.douyutv.com/17732ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.douyutv.com/85982
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.douyutv.com/85982ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.douyutv.com/iseven
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.douyutv.com/isevenainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dplay.dk/videoer/ted-bundy-mind-of-a-monster/ted-bundy-mind-of-a-monster
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dplay.dk/videoer/ted-bundy-mind-of-a-monster/ted-bundy-mind-of-a-monsterainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dr.dk/bonanza/serie/154/matador/40312/matador---0824-komme-fremmede-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dr.dk/bonanza/serie/154/matador/40312/matador---0824-komme-fremmede-ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.drtuber.com/embed/489939
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.drtuber.com/embed/489939aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.drtuber.com/player_config_json/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.drtuber.com/video/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.drtuber.com/video/%sa_download_jsonuhttp://www.drtuber.com/player_config_json/aqueryavida
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.drtuber.com/video/1740434/hot-perky-blonde-naked-golf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.drtuber.com/video/1740434/hot-perky-blonde-naked-golfamd5u93e680cf2536ad0dfb7e74d94a89fac
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dw.com/en/documentaries-welcome-to-the-90s-2016-05-21/e-19220158-9798
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dw.com/en/documentaries-welcome-to-the-90s-2016-05-21/e-19220158-9798amd5u56b6214ef463bfb
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dw.com/en/intelligent-light/av-19112290
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dw.com/en/intelligent-light/av-19112290amd5u7372046e1815c5a534b43f3c3c36e6e9ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dw.com/en/no-hope-limited-options-for-refugees-in-idomeni/a-19111009
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dw.com/en/no-hope-limited-options-for-refugees-in-idomeni/a-19111009amd5u8ca657f9d068bbef
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dw.com/en/worldlink-my-business/av-19111941
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dw.com/en/worldlink-my-business/av-19111941amd5u2814c9a1321c3a51f8a7aeb067a360ddainfo_dic
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dw.com/smil/v-%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.dw.com/smil/v-%satransform_sourceu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ebaumsworld.com/video/player/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ebaumsworld.com/video/player/%safindT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ebaumsworld.com/videos/a-giant-python-opens-the-door/83367677/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ebaumsworld.com/videos/a-giant-python-opens-the-door/83367677/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.echo.msk.ru/sounds/1464134.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.echo.msk.ru/sounds/1464134.htmlamd5u2e44b3b78daff5b458e4dbc37f191f7cainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ehow.com/video_12245069_hardwood-flooring-basics.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ehow.com/video_12245069_hardwood-flooring-basics.htmlamd5u9809b4e3f115ae2088440bcb4efbf37
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.eitb.tv/es/video/60-minutos-60-minutos-2013-2014/4104995148001/4090227752001/lasa-y-zabal
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.engadget.com/video/518153925/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.engadget.com/video/518153925/amd5ac6820d4828a5064447a4d9fc73f312c9ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.eporner.com/hd-porn/3YRUtzMcWn0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.eporner.com/hd-porn/3YRUtzMcWn0/Star-Wars-XXX-Parody/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.eporner.com/hd-porn/3YRUtzMcWn0/Star-Wars-XXX-Parody/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.eporner.com/hd-porn/3YRUtzMcWn0aonly_matchingta_TESTSa_real_extractuEpornerIE._real_extra
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.eporner.com/hd-porn/95008/Infamous-Tiffany-Teen-Strip-Tease-Video/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.eporner.com/hd-porn/95008/Infamous-Tiffany-Teen-Strip-Tease-Video/amd5u39d486f046212d8e1b
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.eporner.com/xhr/video/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.eporner.com/xhr/video/%sanoteuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.eroprofile.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.eroprofile.com/a_LOGIN_URLa_download_webpageareasearchuYour
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.eroprofile.com/auth/auth.php?
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.eroprofile.com/auth/auth.php?aeroprofilea_NETRC_MACHINEL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.eroprofile.com/m/videos/view/Try-It-On-Pee_cut_2-wmv-4shared-com-file-sharing-download-mo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.eroprofile.com/m/videos/view/sexy-babe-softcore
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.eroprofile.com/m/videos/view/sexy-babe-softcoreamd5ac26f351332edf23e1ea28ce9ec9de32fainfo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.esa.int/Our_Activities/Space_Science/Rosetta/Philae_comet_touch-down_webcast
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.esa.int/Our_Activities/Space_Science/Rosetta/Philae_comet_touch-down_webcastainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.escapistmagazine.com/videos/vidconfig.php
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.escapistmagazine.com/videos/vidconfig.phpuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.escapistmagazine.com/videos/view/the-escapist-presents/6618-Breaking-Down-Baldurs-Gate
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.escapistmagazine.com/videos/view/the-escapist-presents/6618-Breaking-Down-Baldurs-Gateamd
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.escapistmagazine.com/videos/view/zero-punctuation/10044-Evolve-One-vs-Multiplayer
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.escapistmagazine.com/videos/view/zero-punctuation/10044-Evolve-One-vs-Multiplayeramd5u9e8
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.espn.com/espnw/video/26066627/arkansas-gibson-completes-hr-cycle-four-innings
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.espn.com/espnw/video/26066627/arkansas-gibson-completes-hr-cycle-four-inningsaonly_matchi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.espn.com/video/clip/_/id/17989860
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.espn.com/video/clip/_/id/17989860aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.espn.com/video/clip?id=10365079
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.espn.com/video/clip?id=10365079aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.espn.com/watch/player/_/id/19141491
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.espn.com/watch/player/_/id/19141491aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.espn.com/watch/player?bucketId=257&id=19505875
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.espn.com/watch/player?bucketId=257&id=19505875aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.espn.com/watch/player?id=19141491
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.espn.com/watch/player?id=19141491aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.espnfc.com/english-premier-league/23/video/3324163/premier-league-in-90-seconds-golden-tw
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.espnfc.us/video/espn-fc-tv/86/video/3319154/nashville-unveiled-as-the-newest-club-in-mls
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.espnfc.us/video/espn-fc-tv/86/video/3319154/nashville-unveiled-as-the-newest-club-in-mlsa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.etalk.ca/video?videoid=663455
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.etalk.ca/video?videoid=663455aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.expansion.com/multimedia/videos.html?media=EQcM30NHIPv
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.expansion.com/multimedia/videos.html?media=EQcM30NHIPvamd5u537617d06e64dfed891fa1593c4b30
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.expotv.com/videos/reviews/3/40/NYX-Butter-lipstick/667916
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.expotv.com/videos/reviews/3/40/NYX-Butter-lipstick/667916amd5afe1d728c3a813ff78f595bc8b7a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.extremetube.com/gay/video/abcde-1234
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.extremetube.com/gay/video/abcde-1234aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.extremetube.com/video/652431
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.extremetube.com/video/652431aonly_matchingta_TESTSa_real_extractuExtremeTubeIE._real_extr
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.extremetube.com/video/latina-slut-fucked-by-fat-black-dick
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.extremetube.com/video/latina-slut-fucked-by-fat-black-dickaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.extremetube.com/video/music-video-14-british-euro-brit-european-cumshots-swallow-652431
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.extremetube.com/video/music-video-14-british-euro-brit-european-cumshots-swallow-652431am
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.faz.net/-13659345.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.faz.net/-13659345.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.faz.net/aktuell/politik/-13659345.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.faz.net/aktuell/politik/-13659345.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.faz.net/aktuell/politik/berlin-gabriel-besteht-zerreissprobe-ueber-datenspeicherung-13659
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.faz.net/berlin-gabriel-besteht-zerreissprobe-ueber-datenspeicherung-13659345.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.faz.net/berlin-gabriel-besteht-zerreissprobe-ueber-datenspeicherung-13659345.htmlaonly_ma
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.faz.net/foobarblafasel-13659345.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.faz.net/foobarblafasel-13659345.htmlaonly_matchingta_TESTSa_real_extractuFazIE._real_extr
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.faz.net/multimedia/videos/stockholm-chemie-nobelpreis-fuer-drei-amerikanische-forscher-12
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.fem.com/videos/beauty-lifestyle/kurztrips-zum-valentinstag
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.fem.com/videos/beauty-lifestyle/kurztrips-zum-valentinstagainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.filmon.com/api-v2/channel/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.filmon.com/api-v2/channel/adataamessageacompat_strT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.filmon.com/tv/sports-haters
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.filmon.com/tv/sports-hatersainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.filmweb.no/trailere/article1264921.ece
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.filmweb.no/trailere/article1264921.eceamd5ae353f47df98e557d67edaceda9dece89ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.flickr.com/photos/forestwander-nature-pictures/5645318632/in/photostream/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.flickr.com/photos/forestwander-nature-pictures/5645318632/in/photostream/amd5u164fe3fa6c2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.foodnetwork.ca/shows/chopped/video/episode/chocolate-obsession/video.html?v=872683587753
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.foodnetwork.ca/shows/chopped/video/episode/chocolate-obsession/video.html?v=872683587753a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.formula1.com/content/fom-website/en/video/2016/5/Race_highlights_-_Spain_2016.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.formula1.com/content/fom-website/en/video/2016/5/Race_highlights_-_Spain_2016.htmlamd5u8c
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.formula1.com/en/video/2016/5/Race_highlights_-_Spain_2016.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.formula1.com/en/video/2016/5/Race_highlights_-_Spain_2016.htmlaonly_matchingta_TESTSa_rea
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.foxnews.com/politics/2016/09/08/buzz-about-bud-clinton-camp-denies-claims-wore-earpiece-a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.foxnews.com/us/2018/03/09/parkland-survivor-kyle-kashuv-on-meeting-trump-his-app-to-preve
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.foxsports.com/tennessee/video/432609859715
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.foxsports.com/tennessee/video/432609859715amd5ab49050e955bebe32c301972e4012ac17ainfo_dict
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.franceculture.fr/emissions/carnet-nomade/rendez-vous-au-pays-des-geeks
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.franceculture.fr/emissions/carnet-nomade/rendez-vous-au-pays-des-geeksainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.francetvinfo.fr/economie/entreprises/les-entreprises-familiales-le-secret-de-la-reussite_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.francetvinfo.fr/elections/europeennes/direct-europeennes-regardez-le-debat-entre-les-cand
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.francetvinfo.fr/politique/notre-dame-des-landes/video-sur-france-inter-cecile-duflot-deno
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.francetvinfo.fr/replay-jt/france-3/soir-3/jt-grand-soir-3-lundi-26-aout-2013_393427.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.francetvinfo.fr/replay-jt/france-3/soir-3/jt-grand-soir-3-lundi-26-aout-2013_393427.htmlD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.freesound.org/people/miklovan/sounds/194503/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.freesound.org/people/miklovan/sounds/194503/amd5u12280ceb42c81f19a515c745eae07650ainfo_di
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.freespeech.org/stories/fcc-announces-net-neutrality-rollback-whats-stake/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.freespeech.org/stories/fcc-announces-net-neutrality-rollback-whats-stake/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.frenchkissrecords.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.frenchkissrecords.comaupload_dateu20081015aparamsD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ft.dk/webtv/video/20141/eru/td.1165642.aspx?as=1#player
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ft.dk/webtv/video/20141/eru/td.1165642.aspx?as=1#playeramd5u6269e8626fa1a891bf5369b386ae9
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.fxnetworks.com/video/1032565827847
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.fxnetworks.com/video/1032565827847amd5u8d99b97b4aa7a202f55b6ed47ea7e703ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.fyi.tv/shows/tiny-house-nation/season-1/episode-8
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.fyi.tv/shows/tiny-house-nation/season-1/episode-8aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gameinformer.com/b/features/archive/2015/09/26/replay-animal-crossing.aspx
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gameinformer.com/b/features/archive/2015/09/26/replay-animal-crossing.aspxamd5u292f26da1a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gamepro.de/videos/top-10-indie-spiele-fuer-nintendo-switch-video-tolle-nindies-games-zum-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gamespot.com/videos/arma-3-community-guide-sitrep-i/2300-6410818/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gamespot.com/videos/arma-3-community-guide-sitrep-i/2300-6410818/amd5ab2a30deaa8654fcccd4
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gamespot.com/videos/the-witcher-3-wild-hunt-xbox-one-now-playing/2300-6424837/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gamespot.com/videos/the-witcher-3-wild-hunt-xbox-one-now-playing/2300-6424837/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gamestar.de/videos/top-10-indie-spiele-fuer-nintendo-switch-video-tolle-nindies-games-zum
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gamestar.de/videos/trailer
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gaskrank.tv/tv/motorrad-fun/strike-einparken-durch-anfaenger-crash-mit-groesserem-flursch
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gaskrank.tv/tv/racing/isle-of-man-tt-2011-michael-du-15920.htm
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gaskrank.tv/tv/racing/isle-of-man-tt-2011-michael-du-15920.htmamd5ac33ee32c711bc6c8224bfc
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gazeta.ru/lifestyle/video/2015/03/08/master-klass_krasivoi_byt._delaem_vesennii_makiyazh.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gazeta.ru/video/main/main/2015/06/22/platit_ili_ne_platit_po_isku_yukosa.shtml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gazeta.ru/video/main/main/2015/06/22/platit_ili_ne_platit_po_isku_yukosa.shtmlamd5u37f19f
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gazeta.ru/video/main/zadaite_vopros_vladislavu_yurevichu.shtml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gazeta.ru/video/main/zadaite_vopros_vladislavu_yurevichu.shtmlamd5ad49c9bdc6e5a7888f27475
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gdcvault.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gdcvault.com/play/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gdcvault.com/play/1014631/Classic-Game-Postmortem-PAC
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gdcvault.com/play/1014631/Classic-Game-Postmortem-PACainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gdcvault.com/play/1015301/Thexder-Meets-Windows-95-or
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gdcvault.com/play/1015301/Thexder-Meets-Windows-95-oramd5aa5eb77996ef82118afbbe8e48731b98
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gdcvault.com/play/1015683/Embracing-the-Dark-Art-of
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gdcvault.com/play/1015683/Embracing-the-Dark-Art-ofainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gdcvault.com/play/1019721/Doki-Doki-Universe-Sweet-Simple
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gdcvault.com/play/1019721/Doki-Doki-Universe-Sweet-Simpleamd5u7ce8388f544c88b7ac11c7ab1b5
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gdcvault.com/play/1435/An-American-engine-in-Tokyo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gdcvault.com/play/1435/An-American-engine-in-Tokyoainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gdcvault.com/play/a_search_regexus1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gdcvault.coma_request_webpageaHEADRequestageturlaidadisplay_idaKalturaIEa_extract_urlasmu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.geekandsundry.com/tabletop-bonus-wils-final-thoughts-on-dread/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.geekandsundry.com/tabletop-bonus-wils-final-thoughts-on-dread/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.giantbomb.com/videos/quick-look-destiny-the-dark-below/2300-9782/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.giantbomb.com/videos/quick-look-destiny-the-dark-below/2300-9782/amd5u132f5a803e7e0ab0e27
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.giga.de/api/syndication/video/video_id/%s/playlist.json?content=syndication/key/368b5f151
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.giga.de/extra/netzkultur/videos/giga-games-tom-mats-robin-werden-eigene-wege-gehen-eine-a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.giga.de/filme/anime-awesome/trailer/anime-awesome-chihiros-reise-ins-zauberland-das-beste
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.giga.de/games/channel/giga-top-montag/giga-topmontag-die-besten-serien-2014/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.giga.de/games/channel/giga-top-montag/giga-topmontag-die-besten-serien-2014/aonly_matchin
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.giga.de/tv/jonas-liest-spieletitel-eingedeutscht-episode-2/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.giga.de/tv/jonas-liest-spieletitel-eingedeutscht-episode-2/aonly_matchingta_TESTSa_real_e
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.godtube.com/media/xml/?v=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.godtube.com/media/xml/?v=%suDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.godtube.com/resource/mediaplayer/%s.xml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.godtube.com/resource/mediaplayer/%s.xmlaloweruDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.golfchannel.com/topics/shows/golftalkcentral.htm
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.golfchannel.com/topics/shows/golftalkcentral.htmaonly_matchingtuhttps://www.hsgac.senate.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.google.com/search
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.google.com/searchugvsearch:anoteuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CCUQtwIwAA&url=http%3A%2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.goshgay.com/video299069/diesel_sfw_xxx_video
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.goshgay.com/video299069/diesel_sfw_xxx_videoamd5u4b6db9a0a333142eb9f15913142b0ed1ainfo_di
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gsd.harvard.edu/event/i-m-pei-a-centennial-celebration/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.gsd.harvard.edu/event/i-m-pei-a-centennial-celebration/amd5aae5ace8eb09dc1a35d03b579a9c2c
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.guitarplayer.com/lessons/1014/legato-workout-one-hour-to-more-fluid-performance---tab/528
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.handjobhub.com/video/busty-blonde-siri-tit-fuck-while-wank-6313.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.handjobhub.com/video/busty-blonde-siri-tit-fuck-while-wank-6313.htmlamd5u9d65602bf31c6e20
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.heidelberg-laureate-forum.org/blog/video/lecture-friday-september-23-2016-sir-c-antony-r-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.heise.de/ct/artikel/c-t-uplink-3-3-Owncloud-Tastaturen-Peilsender-Smartphone-2403911.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.heise.de/ct/ausgabe/2016-12-Spiele-3214137.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.heise.de/ct/ausgabe/2016-12-Spiele-3214137.htmlaonly_matchingta_TESTSa_real_extractuHeise
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.heise.de/newsticker/meldung/Netflix-In-20-Jahren-vom-Videoverleih-zum-TV-Revolutionaer-38
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.heise.de/newsticker/meldung/c-t-uplink-Owncloud-Tastaturen-Peilsender-Smartphone-2404251.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.heise.de/video/artikel/Podcast-c-t-uplink-3-3-Owncloud-Tastaturen-Peilsender-Smartphone-2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.heise.de/videout/feed
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.heise.de/videout/feedaqueryacontainerasequenzafindallT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hellointernet.fm/podcast?format=rss
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hellointernet.fm/podcast?format=rssadescriptionuCGP
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hellointernet.fm/podcast?format=rssainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hgtv.ca/shows/bryan-inc/videos/movie-night-popcorn-with-bryan-870923331648/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hgtv.ca/shows/bryan-inc/videos/movie-night-popcorn-with-bryan-870923331648/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hgtv.com/shows/flip-or-flop/flip-or-flop-full-episodes-season-4-videos
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hgtv.com/shows/flip-or-flop/flip-or-flop-full-episodes-season-4-videosainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hgtv.com/shows/good-bones/episodes/an-old-victorian-house-gets-a-new-facelift
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hgtv.com/shows/good-bones/episodes/an-old-victorian-house-gets-a-new-faceliftaonly_matchi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.historicfilms.com/tapes/4728
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.historicfilms.com/tapes/4728amd5ad4a437aec45d8d796a38a215db064e9aainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.historicfilms.com/video/%s_%s_web.mov
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.historicfilms.com/video/%s_%s_web.movaidaurlatitleadescriptionathumbnaila__doc__a__file__
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.history.ca/the-world-without-canada/video/full-episodes/natural-resources/video.html?v=95
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.history.com/shows/ancient-aliens/season-1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.history.com/shows/ancient-aliens/season-1ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.history.com/shows/mountain-men/season-1/episode-1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.history.com/shows/mountain-men/season-1/episode-1ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.history.com/specials/sniper-into-the-kill-zone/full-special
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.history.com/specials/sniper-into-the-kill-zone/full-specialaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hitbox.tv/dimak
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hitbox.tv/dimakadimakumd5:c9f80fa4410bc588d7faa40003fc7d0eaDimakD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hitbox.tv/static/player/flowplayer/flowplayer.commercial-3.2.16.swf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hitbox.tv/static/player/flowplayer/flowplayer.commercial-3.2.16.swfuhttps://www.smashcast
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hitbox.tv/video/203213
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hitbox.tv/video/203213ainfo_dictu203213uhitbox
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hodiho.fr/2013/02/regis-plante-sa-jeep.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hodiho.fr/2013/02/regis-plante-sa-jeep.htmlamd5u85b90ccc9d73b4acd9138d3af4c27f89ainfo_dic
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hotnewhiphop.com/ajax/media/getActions/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hotnewhiphop.com/ajax/media/getActions/adataaadd_headerT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hotnewhiphop.com/freddie-gibbs-lay-it-down-song.1435540.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hotnewhiphop.com/freddie-gibbs-lay-it-down-song.1435540.htmlamd5u2c2cd2f76ef11a9b3b581e8b
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hotstar.com/1000000515
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hotstar.com/1000000515aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hotstar.com/sports/cricket/rajitha-sizzles-on-debut-with-329/2001477583
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hotstar.com/sports/cricket/rajitha-sizzles-on-debut-with-329/2001477583aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.howcast.com/videos/390161-How-to-Tie-a-Square-Knot-Properly
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.howcast.com/videos/390161-How-to-Tie-a-Square-Knot-Properlyamd5u7d45932269a288149483144f0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.huajiao.com/l/38941232
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.huajiao.com/l/38941232amd5ad08bf9ac98787d24d1e4c0283f2d372dainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hudl.com/athlete/2538180/highlights/149298443
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hudl.com/athlete/2538180/highlights/149298443ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hungama.com/video/krishna-chants/39349649/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.hungama.com/video/krishna-chants/39349649/amd5aa845a6d1ebd08d80c1035126d49bd6a0ainfo_dict
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp, namang.exe, 00000012.00000003.520105262.00000000050E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.iana.org/assignments/character-sets
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp	String found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp, namang.exe, 00000012.00000003.520105262.00000000050E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.ibiblio.org/xml/examples/shakespeare/hamlet.xml)-r
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ifc.com/movies/chaos
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ifc.com/movies/chaosaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ifc.com/shows/maron/season-04/episode-01/step-1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ifc.com/shows/maron/season-04/episode-01/step-1amd5uainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ign.com/articles/2014/08/15/rewind-theater-wild-trailer-gamescom-2014?watch
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ign.com/articles/2014/08/15/rewind-theater-wild-trailer-gamescom-2014?watchamd5u618fedb9c
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ign.com/articles/2017/06/08/new-ducktales-short-donalds-birthday-doesnt-go-as-planned
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ign.com/articles/2017/06/08/new-ducktales-short-donalds-birthday-doesnt-go-as-plannedaonl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ign.com/videos/2013/06/05/the-last-of-us-review
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ign.com/videos/2013/06/05/the-last-of-us-reviewamd5afebda82c4bafecd2d44b6e1a18a595f8ainfo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.imdb.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.imdb.com/title/tt1667889/#lb-vi2524815897
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.imdb.com/title/tt1667889/#lb-vi2524815897aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.imdb.com/title/tt1667889/?ref_=ext_shr_eml_vi#lb-vi2524815897
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.imdb.com/title/tt1667889/?ref_=ext_shr_eml_vi#lb-vi2524815897aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.imdb.com/title/tt4218696/videoplayer/vi2608641561
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.imdb.com/title/tt4218696/videoplayer/vi2608641561aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.imdb.com/video/_/vi2524815897
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.imdb.com/video/_/vi2524815897aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.imdb.com/video/imdb/vi2524815897
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.imdb.com/video/imdb/vi2524815897ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.imdb.com/videoplayer/vi1562949145
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.imdb.com/videoplayer/vi1562949145aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.imdb.comaImdbu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.improbable.com/2017/04/03/untrained-modern-youths-and-ancient-masters-in-selfie-portraits
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ina.fr/video/I12055569/francois-hollande-je-crois-que-c-est-clair-video.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ina.fr/video/I12055569/francois-hollande-je-crois-que-c-est-clair-video.htmlamd5aa667021b
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.inc.com/tip-sheet/bill-gates-says-these-5-books-will-make-you-smarter.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.inc.com/tip-sheet/bill-gates-says-these-5-books-will-make-you-smarter.htmlamd5u7416739c9c
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.inc.com/video/david-whitford/founders-forum-tripadvisor-steve-kaufer-most-enjoyable-momen
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.indiedb.com/games/king-machine/videos
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.indiedb.com/games/king-machine/videosainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.infoq.com/cn/presentations/openstack-continued-delivery
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.infoq.com/cn/presentations/openstack-continued-deliveryamd5u4918d0cca1497f2244572caf62668
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.infoq.com/fr/presentations/changez-avis-sur-javascript
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.infoq.com/fr/presentations/changez-avis-sur-javascriptaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.infoq.com/presentations/A-Few-of-My-Favorite-Python-Things
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.infoq.com/presentations/A-Few-of-My-Favorite-Python-Thingsamd5ab5ca0e0a8c1fed93b0e65e48e4
Source: Mario Deluxe InstaII.exe, 00000000.00000003.235042192.000000007FC20000.00000004.00000001.sdmp, Mario Deluxe InstaII.tmp, Mario Deluxe InstaII.tmp, 00000001.00000000.237000470.0000000000401000.00000020.00020000.sdmp, Mario Deluxe InstaII.exe, 00000002.00000003.257352931.000000007FC20000.00000004.00000001.sdmp, Mario Deluxe InstaII.tmp, 00000005.00000002.361560902.0000000000401000.00000020.00020000.sdmp	String found in binary or memory: http://www.innosetup.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.iprima.cz/filmy/desne-rande
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.iprima.cz/filmy/desne-randeaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.iqiyi.com/a_19rrhb8ce1.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.iqiyi.com/a_19rrhb8ce1.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.iqiyi.com/a_19rrhbc6kt.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.iqiyi.com/a_19rrhbc6kt.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.iqiyi.com/v_19rrhnnclk.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.iqiyi.com/v_19rrhnnclk.htmlamd5ab7dc800a4004b1b57749d9abae0472daainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.iqiyi.com/v_19rrny4w8w.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.iqiyi.com/v_19rrny4w8w.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.iqiyi.com/v_19rrojlavg.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.iqiyi.com/v_19rrojlavg.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.iqiyi.com/w_19rt6o8t9p.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.iqiyi.com/w_19rt6o8t9p.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.itv.com/btcc/races/btcc-2018-all-the-action-from-brands-hatch
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.itv.com/btcc/races/btcc-2018-all-the-action-from-brands-hatchainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.itv.com/hub/mr-bean-animated-series/2a2936a0053
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.itv.com/hub/mr-bean-animated-series/2a2936a0053ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.itv.com/mercury/Mercury_VideoPlayer.swf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.itv.com/mercury/Mercury_VideoPlayer.swfapage_urlatbraextaflvurtmpe?://
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ivi.ru/watch/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ivi.ru/watch/%s/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ivi.ru/watch/%s/%saIviIEaie_keyamatcha_VALID_URLagroupT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ivi.ru/watch/%s/season%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ivi.ru/watch/%s/season%saextendaplaylist_resultaentriesa__doc__a__file__a__spec__aorigina
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ivi.ru/watch/%sacontentidasysafrozenT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ivi.ru/watch/146500
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ivi.ru/watch/146500amd5ad63d35cdbfa1ea61a5eafec7cc523e1eainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ivi.ru/watch/53141
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ivi.ru/watch/53141amd5u6ff5be2254e796ed346251d117196cf4ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ivi.ru/watch/dvoe_iz_lartsa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ivi.ru/watch/dvoe_iz_lartsa/9549
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ivi.ru/watch/dvoe_iz_lartsa/9549amd5u221f56b35e3ed815fde2df71032f4b3eainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ivi.ru/watch/dvoe_iz_lartsa/season1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ivi.ru/watch/dvoe_iz_lartsa/season1ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ivi.ru/watch/dvoe_iz_lartsaainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.iwara.tv/api/video/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.iwara.tv/api/video/%sa_html_search_regexu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.iwara.tv/videos/nawkaumd6ilezzgq
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.iwara.tv/videos/nawkaumd6ilezzgqainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.izlesene.com/video/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.izlesene.com/video/%sa_parse_jsona_search_regexuvideoObj
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.izlesene.com/video/sevincten-cildirtan-dogum-gunu-hediyesi/7599694
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.izlesene.com/video/sevincten-cildirtan-dogum-gunu-hediyesi/7599694amd5u4384f9f0ea65086734
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.izlesene.com/video/tarkan-dortmund-2006-konseri/17997
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.izlesene.com/video/tarkan-dortmund-2006-konseri/17997u97f09b6872bffa284cb7fa4f6910cb72u17
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.jeuxvideo.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.jeuxvideo.com/reportages-videos-jeux/0004/00046170/tearaway-playstation-vita-gc-2013-tear
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.jeuxvideo.com/videos/chroniques/434220/l-histoire-du-jeu-video-la-saturn.htm
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.jeuxvideo.com/videos/chroniques/434220/l-histoire-du-jeu-video-la-saturn.htmaonly_matchin
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.jeuxvideo.coma_search_regexuid=(
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.jove.com/video-chapters?videoid=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.jove.com/video/2744/electrode-positioning-montage-transcranial-direct-current
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.jove.com/video/2744/electrode-positioning-montage-transcranial-direct-currentamd5u9372388
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.jove.com/video/51796/culturing-caenorhabditis-elegans-axenic-liquid-media-creation
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.jove.com/video/51796/culturing-caenorhabditis-elegans-axenic-liquid-media-creationamd5u91
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kabeleins.de/tv/rosins-restaurants/videos/jagd-auf-fertigkost-im-elsthal-teil-2-ganze-fol
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kabeleinsdoku.de/tv/mayday-alarm-im-cockpit/video/102-notlandung-im-hudson-river-ganze-fo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kaltura.com/index.php/kwidget/cache_st/1300318621/wid/_269692/uiconf_id/3873291/entry_id/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kanal%splay.se/api/getVideo?format=FLASH&videoId=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kanal%splay.se/api/getVideo?format=FLASH&videoId=%sagetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kanal%splay.se/api/subtitles/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kanal%splay.se/api/subtitles/%suDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kanal11play.se/#
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kanal5play.se/#
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kanal9play.se/#
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.karaoketv.co.il/%D7%A9%D7%99%D7%A8%D7%99_%D7%A7%D7%A8%D7%99%D7%95%D7%A7%D7%99/58356/%D7%9
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.karrierevideos.at/berufsvideos/mittlere-hoehere-schulen/altenpflegerin
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.karrierevideos.at/berufsvideos/mittlere-hoehere-schulen/altenpflegerinainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.karrierevideos.at/orientierung/vaeterkarenz-und-neue-chancen-fuer-muetter-baby-was-nun
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.karrierevideos.at/orientierung/vaeterkarenz-und-neue-chancen-fuer-muetter-baby-was-nunain
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.karrierevideos.at/player-playlist.xml.php?p=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.karrierevideos.at/player-playlist.xml.php?p=%satransform_sourceafix_xml_ampersandsaheader
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.keezmovies.com/video/18070681
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.keezmovies.com/video/18070681aonly_matchingta_TESTST
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.khanacademy.org/video/one-time-pad
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.khanacademy.org/video/one-time-padamd5u7b391cce85e758fb94f763ddc1bbb979ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kidzworld.com/article/30935-trolls-the-beat-goes-on-interview-skylar-astin-and-amanda-lei
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kijk.nl/sbs6/leermijvrouwenkennen/videos/jqMiXKAYan2S/aflevering-1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kijk.nl/sbs6/leermijvrouwenkennen/videos/jqMiXKAYan2S/aflevering-1ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kika.de/baumhaus/sendungen/video19636_zc-fea7f8a0_zs-4bf89c60.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kika.de/baumhaus/sendungen/video19636_zc-fea7f8a0_zs-4bf89c60.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kika.de/baumhaus/videos/video19636.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kika.de/baumhaus/videos/video19636.htmlamd5u4930515e36b06c111213e80d1e4aad0eainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kika.de/sendungen/einzelsendungen/weihnachtsprogramm/einzelsendung2534.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kika.de/sendungen/einzelsendungen/weihnachtsprogramm/einzelsendung2534.htmlaonly_matching
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kika.de/sendungen/einzelsendungen/weihnachtsprogramm/videos/video8182.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kika.de/sendungen/einzelsendungen/weihnachtsprogramm/videos/video8182.htmlamd5u5fe9c4dd7d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kinomyvi.tv/news/detail/Pervij-dublirovannij-trejler--Uzhastikov-_nOw1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kinomyvi.tv/news/detail/Pervij-dublirovannij-trejler--Uzhastikov-_nOw1ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.konserthusetplay.se/?m=CKDDnlCY-dhWAAqiMERd-A
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.konserthusetplay.se/?m=CKDDnlCY-dhWAAqiMERd-Aamd5ae3fd47bf44e864bd23c08e487abe1967ainfo_d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kusi.com/build.asp
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kusi.com/build.aspabuildtypeabuildfeaturexmlrequestafeatureTypeaClipafeatureidaaffiliaten
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kusi.com/story/32849881/turko-files-refused-to-help-it-aint-right
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kusi.com/story/32849881/turko-files-refused-to-help-it-aint-rightamd5u4e76ce8e53660ce9697
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kuwo.cn/album/%s/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kuwo.cn/album/%s/D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kuwo.cn/album/502294/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kuwo.cn/album/502294/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kuwo.cn/artist/contentMusicsAjax
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kuwo.cn/artist/contentMusicsAjaxasinger_iduDownload
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kuwo.cn/mingxing/Ali/music.htm
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kuwo.cn/mingxing/Ali/music.htmainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kuwo.cn/mingxing/bruno
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kuwo.cn/mv/6480076/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kuwo.cn/mv/6480076/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kuwo.cn/yinyue/%s/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kuwo.cn/yinyue/%s/amusicriduDownload
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kuwo.cn/yinyue/3197154?catalog=yueku2016
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kuwo.cn/yinyue/3197154?catalog=yueku2016aonly_matchingta_TESTSa_real_extractuKuwoIE._real
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kuwo.cn/yinyue/635632/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kuwo.cn/yinyue/635632/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kuwo.cn/yinyue/6446136/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kuwo.cn/yinyue/6446136/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kuwo.cn/yy/st/mvurl?rid=MUSIC_%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.kuwo.cn/yy/st/mvurl?rid=MUSIC_%suDownload
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.la7.it/crozza/video/inccool8-02-10-2015-163722
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.la7.it/crozza/video/inccool8-02-10-2015-163722amd5u8b613ffc0c4bf9b9e377169fc19c214cainfo_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.la7.it/omnibus/rivedila7/omnibus-news-02-07-2016-189077
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.la7.it/omnibus/rivedila7/omnibus-news-02-07-2016-189077aonly_matchingta_TESTSa_real_extra
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.laola1.tv/de-de/livestream/2016-03-22-belogorie-belgorod-trentino-diatec-lde
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.laola1.tv/de-de/livestream/2016-03-22-belogorie-belgorod-trentino-diatec-ldeainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.laola1.tv/de-de/video/straubing-tigers-koelner-haie
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.laola1.tv/de-de/video/straubing-tigers-koelner-haie/227883.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.laola1.tv/de-de/video/straubing-tigers-koelner-haie/227883.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.laola1.tv/de-de/video/straubing-tigers-koelner-haieainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.laola1.tv/server/hd_video.php
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.laola1.tv/server/hd_video.phpaqueryaplayastreamidapartnerapartneridaportalaportalidalanga
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.lci.fr/international/etats-unis-a-j-62-hillary-clinton-reste-sans-voix-2001679.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.lci.fr/international/etats-unis-a-j-62-hillary-clinton-reste-sans-voix-2001679.htmlamd5u2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.lcp.fr/emissions/277792-les-volontaires
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.lcp.fr/emissions/277792-les-volontairesaonly_matchingta_real_extractuLcpIE._real_extractu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.lcp.fr/la-politique-en-video/schwartzenberg-prg-preconise-francois-hollande-de-participer
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.lcp.fr/le-direct
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.lcp.fr/le-directainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.le.com/comic/92063.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.le.com/comic/92063.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.le.com/ptv/vplay/%s.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.le.com/ptv/vplay/%s.htmlL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.le.com/ptv/vplay/1118082.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.le.com/ptv/vplay/1118082.htmlamd5u2424c74948a62e5f31988438979c5ad1ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.le.com/ptv/vplay/1415246.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.le.com/ptv/vplay/1415246.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.le.com/ptv/vplay/22005890.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.le.com/ptv/vplay/22005890.htmlamd5aedadcfe5406976f42f9f266057ee5e40ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.le.com/tv/46177.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.le.com/tv/46177.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.lego.com/en-us/videos/themes/club/blocumentary-kawaguchi-55492d823b1b4d5e985787fa8c2973b1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.lego.com/nl-nl/videos/themes/nexoknights/episode-20-kingdom-of-heroes-13bdc2299ab24d96857
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.lemonde.fr/les-decodeurs/article/2016/10/18/tout-comprendre-du-ceta-le-petit-cousin-du-tr
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.lemonde.fr/pixels/article/2016/12/09/pourquoi-pewdiepie-superstar-de-youtube-a-menace-de-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.lemonde.fr/police-justice/video/2016/01/19/comprendre-l-affaire-bygmalion-en-cinq-minutes
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.lesports.com/match/1023203003.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.lesports.com/match/1023203003.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.lidovky.cz/dalsi-demonstrace-v-praze-o-migraci-duq-/video.aspx?c=A150808_214044_ln-video_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.liveleak.com/view?%s=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.liveleak.com/view?%s=%saurl_resultaieaie_keya__doc__a__file__a__spec__aoriginahas_locatio
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.liveleak.com/view?i=4f7_1392687779
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.liveleak.com/view?i=4f7_1392687779amd5u42c6d97d54f1db107958760788c5f48fainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.liveleak.com/view?i=757_1364311680
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.liveleak.com/view?i=757_1364311680amd5u0813c2430bea7a46bf13acf3406992f4ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.liveleak.com/view?i=801_1409392012
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.liveleak.com/view?i=801_1409392012amd5ac3a449dbaca5c0d1825caecd52a57d7bainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.liveleak.com/view?i=f93_1390833151
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.liveleak.com/view?i=f93_1390833151amd5ad3f1367d14cc3c15bf24fbfbe04b9abfainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ll.mit.edu/workshops/education/videocourses/antennas/lecture1/video/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ll.mit.edu/workshops/education/videocourses/antennas/lecture1/video/aplaylistL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.lnkgo.lt/visi-video/aktualai-pratesimas/ziurek-putka-trys-klausimai
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.lnkgo.lt/visi-video/aktualai-pratesimas/ziurek-putka-trys-klausimaiainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.localnews8.com/news/rexburg-business-turns-carbon-fiber-scraps-into-wedding-rings/3518330
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.lothype.com/blue-devils-drumline-stanford-lot-2016/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.lothype.com/blue-devils-drumline-stanford-lot-2016/amd5ad16797741b560b485194eddda8121b48a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.lothype.com/blue-stars-2016-preview-standstill-full-show/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.lothype.com/blue-stars-2016-preview-standstill-full-show/amd5aa47372ee61b39a7b90287094d44
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.lrt.lt/mediateka/irasas/1013074524/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.lrt.lt/mediateka/irasas/1013074524/u389da8ca3cad0f51d12bed0c844f6a0au1013074524uKita
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.lrt.lt/mediateka/irasas/54391/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.lrt.lt/mediateka/irasas/54391/amd5afe44cf7e4ab3198055f2c598fc175cb0ainfo_dictu54391aextuS
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.m6.fr/emission-les_reines_du_shopping/videos/11323908-emeline_est_la_reine_du_shopping_su
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.macrumors.com/2015/07/24/steve-jobs-the-man-in-the-machine-first-trailer/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.macrumors.com/2015/07/24/steve-jobs-the-man-in-the-machine-first-trailer/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.markiza.sk/soubiz/zahranicny/1923705_oteckovia-maju-svoj-den-ti-slavni-nie-su-o-nic-menej
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mdr.de/fakt/video189002.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mdr.de/fakt/video189002.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mdr.de/kultur/audio1312272_zc-15948bad_zs-86171fdd.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mdr.de/kultur/audio1312272_zc-15948bad_zs-86171fdd.htmlamd5u64c4ee50f0a791deb9479cd7bbe9d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mdr.de/kultur/videos-und-audios/audio-radio/operation-mindfuck-robert-wilson100.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mdr.de/kultur/videos-und-audios/audio-radio/operation-mindfuck-robert-wilson100.htmlainfo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mdr.de/mediathek/mdr-videos/a/video-1334.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mdr.de/mediathek/mdr-videos/a/video-1334.htmlaonly_matchingta_TESTSa_real_extractuMDRIE._
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.medici.tv/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.medici.tv/#
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.medici.tv/a_download_jsonadataaurlencode_postdataajsonatrueapageu/%satimezone_offsetl
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp, namang.exe, 00000012.00000003.520105262.00000000050E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.megginson.com/SAX/.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.meipai.com/media/531697625
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.meipai.com/media/531697625amd5ae3e9600f9e55a302daecc90825854b4fainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.meipai.com/media/585526361
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.meipai.com/media/585526361amd5aff7d6afdbc6143342408223d4f5fb99aainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.metacafe.com/f/index.php?inputType=filter&controllerGroup=user
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.metacafe.com/family_filter/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.metacafe.com/family_filter/a_DISCLAIMERuhttp://www.metacafe.com/f/index.php?inputType=fil
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.metacafe.com/watch/11121940/news_stuff_you_wont_do_with_your_playstation_4/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.metacafe.com/watch/11121940/news_stuff_you_wont_do_with_your_playstation_4/amd5u6e0bca200
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.metacafe.com/watch/2155630/adult_art_by_david_hart_156/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.metacafe.com/watch/2155630/adult_art_by_david_hart_156/amd5ab06082c5079bbdcde677a6291fbdf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.metacafe.com/watch/5186653/bbc_internal_christmas_tape_79_uncensored_outtakes_etc/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.metacafe.com/watch/5186653/bbc_internal_christmas_tape_79_uncensored_outtakes_etc/amd5u98
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.metacafe.com/watch/an-dVVXnuY7Jh77J/the_andromeda_strain_1971_stop_the_bomb_part_3/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.metacafe.com/watch/an-dVVXnuY7Jh77J/the_andromeda_strain_1971_stop_the_bomb_part_3/ainfo_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.metacafe.com/watch/cb-8VD4r_Zws8VP/open_this_is_face_the_nation_february_9/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.metacafe.com/watch/cb-8VD4r_Zws8VP/open_this_is_face_the_nation_february_9/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.metacafe.com/watch/mv-Wy7ZU/my_week_with_marilyn_do_you_love_me/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.metacafe.com/watch/mv-Wy7ZU/my_week_with_marilyn_do_you_love_me/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.metacritic.com/game/playstation-4/infamous-second-son/trailers/3698222
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.metacritic.com/game/playstation-4/infamous-second-son/trailers/3698222ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.metacritic.com/game/playstation-4/tales-from-the-borderlands-a-telltale-game-series/trail
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.metacritic.com/video_data?video=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.metacritic.com/video_data?video=uDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.metro.cz/video-pod-billboardem-se-na-vltavske-roztocil-kolotoc-deti-vozil-jen-par-hodin-1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mgoon.com/play/view/5582148
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mgoon.com/play/view/5582148aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mgtv.com/b/301817/3826653.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mgtv.com/b/301817/3826653.htmlaonly_matchingta_TESTSa_real_extractuMGTVIE._real_extracta_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mgtv.com/v/1/290525/f/3116640.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mgtv.com/v/1/290525/f/3116640.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.miaopai.com/show/n~0hO7sfV1nBEw4Y29-Hqg__.htm
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.miaopai.com/show/n~0hO7sfV1nBEw4Y29-Hqg__.htmamd5u095ed3f1cd96b821add957bdc29f845bainfo_d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ministrygrid.com/c/portal/render_portlet?p_l_id=%s&p_p_id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ministrygrid.com/c/portal/render_portlet?p_l_id=%s&p_p_id=%sanoteuLooking
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ministrygrid.com/training-viewer/-/training/t4g-2014-conference/the-gospel-by-numbers-4/t
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.miomio.tv%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.miomio.tv%sa_extract_mioplayerl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.miomio.tv/mioplayer/mioplayerconfigfiles/sina.php?
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.miomio.tv/mioplayer/mioplayerconfigfiles/xml.php?id=%s&r=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.miomio.tv/mioplayer/mioplayerconfigfiles/xml.php?id=%s&r=%saidarandomarandintT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.miomio.tv/watch/cc173113/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.miomio.tv/watch/cc173113/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.miomio.tv/watch/cc184024/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.miomio.tv/watch/cc184024/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.miomio.tv/watch/cc273997/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.miomio.tv/watch/cc273997/amd5u0b27a4b4495055d826813f8c3a6b2070ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.miomio.tv/watch/cc88912/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.miomio.tv/watch/cc88912/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mitele.es/programas-tv/cuarto-milenio/57b0de3dc915da14058b4876/player
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mitele.es/programas-tv/cuarto-milenio/57b0de3dc915da14058b4876/playerainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mitele.es/programas-tv/diario-de/57b0dfb9c715da65618b4afa/player
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mitele.es/programas-tv/diario-de/57b0dfb9c715da65618b4afa/playerainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mitele.es/series-online/la-que-se-avecina/57aac5c1c915da951a8b45ed/player
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mitele.es/series-online/la-que-se-avecina/57aac5c1c915da951a8b45ed/playeraonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mixcloud.com/dholbach/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mixcloud.com/dholbach/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mixcloud.com/dholbach/cryptkeeper/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mixcloud.com/dholbach/cryptkeeper/ainfo_dictadholbach_cryptkeeperaextam4aaCryptkeeperuAft
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mixcloud.com/dholbach/favorites/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mixcloud.com/dholbach/favorites/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mixcloud.com/dholbach/listens/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mixcloud.com/dholbach/listens/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mixcloud.com/dholbach/uploads/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mixcloud.com/dholbach/uploads/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mixcloud.com/gillespeterson/caribou-7-inch-vinyl-mix-chat/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mixcloud.com/gillespeterson/caribou-7-inch-vinyl-mix-chat/ugillespeterson_caribou-7-inch-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mnet.com/tv/vod/171008
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mnet.com/tv/vod/171008ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mnet.com/tv/vod/vod_view.asp?clip_id=172790&tabMenu=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mnet.com/tv/vod/vod_view.asp?clip_id=172790&tabMenu=aonly_matchingta_TESTSa_real_extractu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mofosex.com/videos/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mofosex.com/videos/318131/amateur-teen-playing-and-masturbating-318131.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mofosex.com/videos/318131/amateur-teen-playing-and-masturbating-318131.htmlamd5u558fcdafb
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mofosex.com/videos/5018/japanese-teen-music-video.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mofosex.com/videos/5018/japanese-teen-music-video.htmlaonly_matchingta_TESTSa_real_extrac
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mojvideo.com/playerapi.php?v=%s&t=1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mojvideo.com/playerapi.php?v=%s&t=1u
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mojvideo.com/video-v-avtu-pred-mano-rdecelaska-alfi-nipic/3d1ed4497707730b2906
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mojvideo.com/video-v-avtu-pred-mano-rdecelaska-alfi-nipic/3d1ed4497707730b2906amd5af7fd66
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.morningstar.com/cover/videocenter.aspx?id=615869
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.morningstar.com/cover/videocenter.aspx?id=615869amd5u6c0acface7a787aadc8391e4bbf7b0f5ainf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.motorsport.com/f1/video/main-gallery/red-bull-racing-2014-rules-explained/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.motorsport.com/f1/video/main-gallery/red-bull-racing-2014-rules-explained/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.movieclips.com/videos/warcraft-trailer-1-561180739597
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.movieclips.com/videos/warcraft-trailer-1-561180739597amd5u42b5a0352d4933a7bd54f2104f48124
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.moviezine.se/api/player.js?video=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.moviezine.se/api/player.js?video=%suDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.moviezine.se/video/205866
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.moviezine.se/video/205866ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.msn.com/en-ae/entertainment/bollywood/watch-how-salman-khan-reacted-when-asked-if-he-woul
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.msn.com/en-ae/foodanddrink/joinourtable/the-first-fart-makes-you-laugh-the-last-fart-make
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.msn.com/en-ae/news/offbeat/meet-the-nine-year-old-self-made-millionaire/ar-BBt6ZKf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.msn.com/en-ae/news/offbeat/meet-the-nine-year-old-self-made-millionaire/ar-BBt6ZKfaonly_m
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.msn.com/en-ae/video/watch/obama-a-lot-of-people-will-be-disappointed/vi-AAhxUMH
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.msn.com/en-ae/video/watch/obama-a-lot-of-people-will-be-disappointed/vi-AAhxUMHaonly_matc
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.msnbc.com/all-in-with-chris-hayes/watch/the-chaotic-gop-immigration-vote-314487875924
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.msnbc.com/all-in-with-chris-hayes/watch/the-chaotic-gop-immigration-vote-314487875924amd5
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mtv.com/episodes/g8xu7q/teen-mom-2-breaking-the-wall-season-7-ep-713
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mtv.com/episodes/g8xu7q/teen-mom-2-breaking-the-wall-season-7-ep-713aonly_matchingta_TEST
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mtv.com/feeds/mrss/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mtv.com/feeds/mrss/L
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mtv.com/full-episodes/94tujl/unlocking-the-truth-gates-of-hell-season-1-ep-101
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mtv.com/full-episodes/94tujl/unlocking-the-truth-gates-of-hell-season-1-ep-101aonly_match
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mtv.com/player/embed/AS3/rss/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mtv.com/player/embed/AS3/rss/L
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mtv.com/video-clips/vl8qof/unlocking-the-truth-trailer
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mtv.com/video-clips/vl8qof/unlocking-the-truth-traileramd5u1edbcdf1e7628e414a8c5dcebca3d3
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mtv.com/videos/misc/853555/ours-vh1-storytellers.jhtml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mtv.com/videos/misc/853555/ours-vh1-storytellers.jhtmlamd5u850f3f143316b1e71fa56a4edfd6e0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mtv.de/folgen/6b1ylu/teen-mom-2-enthuellungen-S5-F1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mtv.de/folgen/6b1ylu/teen-mom-2-enthuellungen-S5-F1ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mtv.de/musik/videoclips/2gpnv7/Traum
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mtv.de/musik/videoclips/2gpnv7/Traumainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mtv.de/news/glolix/77491-mtv-movies-spotlight--pixels--teil-3
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mtv.de/news/glolix/77491-mtv-movies-spotlight--pixels--teil-3ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mtvjapan.com/videos/prayht/fresh-info-cadillac-escalade
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mtvjapan.com/videos/prayht/fresh-info-cadillac-escaladeainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.much.com/shows/atmidnight/episode948007/tuesday-september-13-2016
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.much.com/shows/atmidnight/episode948007/tuesday-september-13-2016aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.much.com/shows/the-almost-impossible-gameshow/928979/episode-6
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.much.com/shows/the-almost-impossible-gameshow/928979/episode-6aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.muenchen.tv/livestream/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.muenchen.tv/livestream/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mylifetime.com/movies/center-stage-on-pointe/full-movie
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mylifetime.com/movies/center-stage-on-pointe/full-movieaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mylifetime.com/shows/atlanta-plastic
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mylifetime.com/shows/atlanta-plasticainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mylifetime.com/shows/project-runway-junior/season-1/episode-6
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.mylifetime.com/shows/project-runway-junior/season-1/episode-6aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.myspass.de/myspass/includes/apps/video/getvideometadataxml.php?id=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.myspass.de/myspass/includes/apps/video/getvideometadataxml.php?id=axpath_textatitleD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.myspass.de/myspass/shows/tvshows/absolute-mehrheit/Absolute-Mehrheit-vom-17022013-Die-Hig
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.myvidster.com/video/32059805/Hot_chemistry_with_raw_love_making
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.myvidster.com/video/32059805/Hot_chemistry_with_raw_love_makingamd5u95296d0231c1363222c34
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.n-joy.de/entertainment/comedy/comedy_contest/Benaissa-beim-NDR-Comedy-Contest
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.n-joy.de/entertainment/comedy/krudetv290-player_image-ab261bfe-51bf-4bf3-87ba-c5122ee35b3
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.n-joy.de/events/reeperbahnfestival/doku948-player_image-bc168e87-5263-4d6d-bd27-bb643005a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.n-joy.de/musik/Das-frueheste-DJ-Set-des-Nordens-live-mit-Felix-Jaehn-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.n-joy.de/musik/dockville882-player_image-3905259e-0803-4764-ac72-8b7de077d80a_theme-n-joy
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.n-joy.de/news_wissen/stefanrichter100-player_image-d5e938b1-f21a-4b9a-86b8-aaba8bca3a13_t
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.n-joy.de/news_wissen/webradioweltweit100-player_image-3fec0484-2244-4565-8fb8-ed25fd28b17
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.n-joy.de/radio/sendungen/morningshow/urlaubsfotos190-player_image-066a5df1-5c95-49ec-a323
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.n-joy.de/radio/webradio/morningshow209.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.n-joy.de/radio/webradio/morningshow209.htmlaonly_matchingtuNJoyIE._extract_embedaNDREmbed
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.n-tv.de/mediathek/videos/panorama/Schnee-und-Glaette-fuehren-zu-zahlreichen-Unfaellen-und
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nacentapps.com/m3u8/index.m3u8
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nacentapps.com/m3u8/index.m3u8ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nature.com/nmeth/journal/v9/n7/fig_tab/nmeth.2062_SV1.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nature.com/nmeth/journal/v9/n7/fig_tab/nmeth.2062_SV1.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nba.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nba.com/%s.xml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nba.com/%s.xmlapathD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nba.com/%s/video/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nba.com/%s/video/%sT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nba.com/aurla_fetch_pageuNBAIE._fetch_pageasplitT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nba.com/clippers/news/doc-rivers-were-not-trading-blake
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nba.com/clippers/news/doc-rivers-were-not-trading-blakeainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nba.com/timberwolves/wiggins-shootaround#
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nba.com/timberwolves/wiggins-shootaround#ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nba.com/video/games/hornets/2014/12/05/0021400276-nyk-cha-play5.nba/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nba.com/video/games/hornets/2014/12/05/0021400276-nyk-cha-play5.nba/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nba.com/video/games/nets/2012/12/04/0021200253-okc-bkn-recap.nba/index.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nba.com/video/games/nets/2012/12/04/0021200253-okc-bkn-recap.nba/index.htmlamd5u9e7729d30
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nbc.com/Kings/video/goliath/n1806
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nbc.com/Kings/video/goliath/n1806ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nbc.com/saturday-night-live/video/star-wars-teaser/2832821
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nbc.com/saturday-night-live/video/star-wars-teaser/2832821ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nbc.com/the-tonight-show/video/jimmy-fallon-surprises-fans-at-ben-jerrys/2848237
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nbc.com/the-tonight-show/video/jimmy-fallon-surprises-fans-at-ben-jerrys/2848237ainfo_dic
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nbcnews.com/business/autos/volkswagen-11-million-vehicles-could-have-suspect-software-emi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nbcnews.com/feature/dateline-full-episodes/full-episode-family-business-n285156
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nbcnews.com/feature/dateline-full-episodes/full-episode-family-business-n285156amd5afdbf3
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nbcnews.com/nightly-news/video/nightly-news-with-brian-williams-full-broadcast-february-4
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nbcnews.com/watch/dateline/full-episode--deadly-betrayal-386250819952
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nbcnews.com/watch/dateline/full-episode--deadly-betrayal-386250819952aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nbcnews.com/watch/nbcnews-com/how-twitter-reacted-to-the-snowden-interview-269389891880
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nbcnews.com/watch/nbcnews-com/how-twitter-reacted-to-the-snowden-interview-269389891880am
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nbcnews.com/widget/video-embed/701714499682
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nbcnews.com/widget/video-embed/701714499682aonly_matchingtuNBCNewsIE._real_extractaNBCOly
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nbcolympics.com/video/justin-roses-son-leo-was-tears-after-his-dad-won-gold
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nbcolympics.com/video/justin-roses-son-leo-was-tears-after-his-dad-won-goldamd5u54fecf846
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nbcsports.com//college-basketball/ncaab/tom-izzo-michigan-st-has-so-much-respect-duke
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nbcsports.com//college-basketball/ncaab/tom-izzo-michigan-st-has-so-much-respect-dukeainf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ncpa-classic.com/2013/05/22/VIDE1369219508996867.shtml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ncpa-classic.com/2013/05/22/VIDE1369219508996867.shtmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ncpa-classic.com/clt/more/416/index.shtml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ncpa-classic.com/clt/more/416/index.shtmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/%s-ppjson.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/%s-ppjson.jsonaplaylistaqualitiesT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/fernsehen/Party-Poette-und-Parade
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/fernsehen/doku952-player.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/fernsehen/doku952-player.htmlaonly_matchingtaNJoyEmbedIEunjoy:embeduhttps?://(?:ww
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/fernsehen/livestream/livestream217-externalPlayer.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/fernsehen/livestream/livestream217-externalPlayer.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/fernsehen/sendungen/hamburg_journal/hamj43006-player.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/fernsehen/sendungen/hamburg_journal/hamj43006-player.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/fernsehen/sendungen/ndr_aktuell/ndraktuell28488-player.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/fernsehen/sendungen/ndr_aktuell/ndraktuell28488-player.htmlamd5u8b9306142fe65bbdef
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/fernsehen/sendungen/nordtour/nordtour7124-player.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/fernsehen/sendungen/nordtour/nordtour7124-player.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/fernsehen/sendungen/visite/visite11010-externalPlayer.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/fernsehen/sendungen/visite/visite11010-externalPlayer.htmlamd5aae57f80511c1e1f2fd0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/fernsehen/sendungen/weltbilder/weltbilder4518-player.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/fernsehen/sendungen/weltbilder/weltbilder4518-player.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/info/La-Valette-entgeht-der-Hinrichtung
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/info/audio51535-player.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/info/audio51535-player.htmlamd5abb3cd38e24fbcc866d13b50ca59307b8ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/kultur/film/videos/videoimport10424-player.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/kultur/film/videos/videoimport10424-player.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/ndr2/events/soundcheck/soundcheck3366-player.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/ndr2/events/soundcheck/soundcheck3366-player.htmlamd5u002085c44bae38802d94ae5802a3
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/ndrkultur/audio255020-player.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/ndrkultur/audio255020-player.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/soundcheck3366-ppjson.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/soundcheck3366-ppjson.jsonaonly_matchingtuNDREmbedBaseIE._real_extractaNDREmbedIEu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ndr.de/sport/fussball/40-Osnabrueck-spielt-sich-in-einen-Rausch
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nerdcubed.co.uk/feed.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nerdcubed.co.uk/feed.jsonainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.netzkino.de/#
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.netzkino.de/beta/dist/production.min.js
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.newgrounds.com/audio/search/title/cats
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.newgrounds.com/audio/search/title/catsaonly_matchingtuNewgroundsPlaylistIE._real_extractu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.newgrounds.com/portal/search/author/ZONE-SAMA
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.newgrounds.com/portal/search/author/ZONE-SAMAainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.newgrounds.com/portal/view/689400
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.newgrounds.com/portal/view/689400ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.newstube.ru/media/telekanal-cnn-peremestil-gorod-slavyansk-v-krym
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.newstube.ru/media/telekanal-cnn-peremestil-gorod-slavyansk-v-krymamd5u9d10320ad473444352f
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.newyorker.com/online/blogs/newsdesk/2014/01/always-never-nuclear-command-and-control.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nexttv.com.tw/news/realtime/politics/11779671
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nexttv.com.tw/news/realtime/politics/11779671ainfo_dictu11779671aextamp4u
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nfl.com/news/story/0ap3000000467586/article/patriots-seahawks-involved-in-lategame-skirmi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nfl.com/videos/nfl-game-highlights/0ap3000000398478/Week-3-Redskins-vs-Eagles-highlights
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nfl.com/videos/nfl-game-highlights/0ap3000000398478/Week-3-Redskins-vs-Eagles-highlightsa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nfl.com/videos/nfl-network-top-ten/09000d5d810a6bd4/Top-10-Gutsiest-Performances-Jack-You
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nick.ch/shows/2304-adventure-time-abenteuerzeit-mit-finn-und-jake
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nick.ch/shows/2304-adventure-time-abenteuerzeit-mit-finn-und-jakeaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nick.com.pl/seriale/474-spongebob-kanciastoporty/wideo/17412-teatr-to-jest-to-rodeo-oszol
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nick.com/videos/clip/alvinnn-and-the-chipmunks-112-full-episode.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nick.com/videos/clip/alvinnn-and-the-chipmunks-112-full-episode.htmlaplaylistL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nick.de/playlist/3773-top-videos/videos/episode/17306-zu-wasser-und-zu-land-rauchende-erd
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nick.de/shows/342-icarly
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nick.de/shows/342-icarlyaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickelodeon.at/playlist/3773-top-videos/videos/episode/77993-das-letzte-gefecht
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickelodeon.at/playlist/3773-top-videos/videos/episode/77993-das-letzte-gefechtaonly_matc
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickelodeon.be/afspeellijst/4530-top-videos/videos/episode/73917-inval-broodschapper-lari
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickelodeon.com.tr/programlar/sunger-bob/videolar/kayip-yatak/mgqbjy
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickelodeon.com.tr/programlar/sunger-bob/videolar/kayip-yatak/mgqbjyaonly_matchingtuNickR
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickelodeon.dk/serier/2626-hojs-hus/videoer/761-tissepause
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickelodeon.dk/serier/2626-hojs-hus/videoer/761-tissepauseaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickelodeon.es/videos/nickelodeon-consejos-tortitas/f7w7xy
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickelodeon.es/videos/nickelodeon-consejos-tortitas/f7w7xyaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickelodeon.fr/programmes/bob-l-eponge/videos/le-marathon-de-booh-kini-bottom-mardi-31-oc
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickelodeon.hu/musorok/spongyabob-kockanadrag/videok/episodes/buborekfujas-az-elszakadt-n
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickelodeon.nl/shows/474-spongebob/videos/17403-een-kijkje-in-de-keuken-met-sandy-van-bin
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickelodeon.no/program/2626-bulderhuset/videoer/90947-femteklasse-veronica-vs-vanzilla
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickelodeon.no/program/2626-bulderhuset/videoer/90947-femteklasse-veronica-vs-vanzillaaon
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickelodeon.pt/series/spongebob-squarepants/videos/a-bolha-de-tinta-gigante/xutq1b
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickelodeon.pt/series/spongebob-squarepants/videos/a-bolha-de-tinta-gigante/xutq1baonly_m
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickelodeon.ro/emisiuni/shimmer-si-shine/video/nahal-din-bomboane/uw5u2k
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickelodeon.ro/emisiuni/shimmer-si-shine/video/nahal-din-bomboane/uw5u2kaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickelodeon.ru/shows/henrydanger/videos/episodes/3-sezon-15-seriya-licenziya-na-polyot/pm
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickelodeon.ru/videos/smotri-na-nickelodeon-v-iyule/g9hvh7
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickelodeon.ru/videos/smotri-na-nickelodeon-v-iyule/g9hvh7aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickelodeon.se/serier/2626-lugn-i-stormen/videos/998-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickelodeon.se/serier/2626-lugn-i-stormen/videos/998-aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickelodeonjunior.fr/paw-patrol-la-pat-patrouille/videos/episode-401-entier-paw-patrol/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickelodeonjunior.fr/paw-patrol-la-pat-patrouille/videos/episode-401-entier-paw-patrol/ao
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickjr.com.br/patrulha-canina/videos/210-labirinto-de-pipoca/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickjr.com.br/patrulha-canina/videos/210-labirinto-de-pipoca/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickjr.com/paw-patrol/videos/pups-save-a-goldrush-s3-ep302-full-episode/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickjr.com/paw-patrol/videos/pups-save-a-goldrush-s3-ep302-full-episode/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickjr.de/blaze-und-die-monster-maschinen/videos/f6caaf8f-e4e8-4cc1-b489-9380d6dcd059/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickjr.de/blaze-und-die-monster-maschinen/videos/f6caaf8f-e4e8-4cc1-b489-9380d6dcd059/aon
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickjr.nl/paw-patrol/videos/311-ge-wol-dig-om-terug-te-zijn/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nickjr.nl/paw-patrol/videos/311-ge-wol-dig-om-terug-te-zijn/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nicknight.at/shows/1900-faking-it
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nicknight.at/shows/1900-faking-itaonly_matchingtuNickNightIE._extract_mrss_urlaNickRuIEan
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nicknight.at/shows/977-awkward
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nicknight.at/shows/977-awkward/videos/85987-nimmer-beste-freunde
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nicknight.at/shows/977-awkward/videos/85987-nimmer-beste-freundeaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nicknight.at/shows/977-awkwardaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nicovideo.jp/mylist/27411728
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nicovideo.jp/mylist/27411728ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nicovideo.jp/watch/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nicovideo.jp/watch/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nicovideo.jp/watch/%saitem_dataavideo_idaplaylistu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nicovideo.jp/watch/astartswithT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nicovideo.jp/watch/nm14296458
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nicovideo.jp/watch/nm14296458ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nicovideo.jp/watch/sm10000
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nicovideo.jp/watch/sm10000asm10000aunknown_videou
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nicovideo.jp/watch/sm1151009
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nicovideo.jp/watch/sm1151009u8fa81c364eb619d4085354eab075598aasm1151009u
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nicovideo.jp/watch/sm18238488
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nicovideo.jp/watch/sm18238488ad265680a1f92bdcbbd2a507fc9e78a9easm18238488u
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nicovideo.jp/watch/sm22312215
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nicovideo.jp/watch/sm22312215amd5ad1a75c0823e2f629128c43e1212760f9ainfo_dictasm22312215uB
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nicovideo.jp/watch/sm31464864
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nicovideo.jp/watch/sm31464864asm31464864u
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nicovideo.jp/watch/so22543406
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nicovideo.jp/watch/so22543406ainfo_dictD
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.360437773.0000000005A75000.00000004.00000001.sdmp	String found in binary or memory: http://www.nightmare.com/squirl/python-ext/misc/syslog.py
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nintendo.com/games/detail/tokyo-mirage-sessions-fe-wii-u
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nintendo.com/games/detail/tokyo-mirage-sessions-fe-wii-uainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nobelprize.org/mediaplayer/?id=2636
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nobelprize.org/mediaplayer/?id=2636amd5u04c81e5714bb36cc4e2232fee1d8157fainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nowness.com/iframe?id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nowness.com/iframe?id=%sD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.noz.de/video/25151/32-Deutschland-gewinnt-Badminton-Lnderspiel-in-Melle
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.noz.de/video/25151/32-Deutschland-gewinnt-Badminton-Lnderspiel-in-Melleainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.npo.nl/de-mega-mike-mega-thomas-show/27-02-2009/VARA_101191800
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.npo.nl/de-mega-mike-mega-thomas-show/27-02-2009/VARA_101191800amd5ada50a5787dbfc1603c4ad8
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.npo.nl/de-nieuwe-mens-deel-1/21-07-2010/WO_VPRO_043706
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.npo.nl/de-nieuwe-mens-deel-1/21-07-2010/WO_VPRO_043706ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.npo.nl/hoe-gaat-europa-verder-na-parijs/10-01-2015/WO_NOS_762771
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.npo.nl/hoe-gaat-europa-verder-na-parijs/10-01-2015/WO_NOS_762771ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.npo.nl/jouw-stad-rotterdam/29-01-2017/RBX_FUNX_6683215/RBX_FUNX_7601437
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.npo.nl/jouw-stad-rotterdam/29-01-2017/RBX_FUNX_6683215/RBX_FUNX_7601437ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.npo.nl/live
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.npo.nl/live/npo-1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.npo.nl/live/npo-1ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.npo.nl/liveaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.npo.nl/nieuwsuur/22-06-2014/VPWON_1220719
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.npo.nl/nieuwsuur/22-06-2014/VPWON_1220719amd5u4b3f9c429157ec4775f2c9cb7b911016ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.npo.nl/radio-gaga/13-06-2017/BNN_101383373
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.npo.nl/radio-gaga/13-06-2017/BNN_101383373aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.npo.nl/radio/radio-1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.npo.nl/radio/radio-1ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.npo.nl/radio/radio-5/fragment/174356
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.npo.nl/radio/radio-5/fragment/174356amd5add8cc470dad764d0fdc70a9a1e2d18c2ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.npo.nl/tegenlicht/25-02-2013/VPWON_1169289
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.npo.nl/tegenlicht/25-02-2013/VPWON_1169289amd5af8065e4e5a7824068ed3c7e783178f2cainfo_dict
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nrk.no/kultur/bok/rivertonprisen-til-karin-fossum-1.12266449
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nrk.no/kultur/bok/rivertonprisen-til-karin-fossum-1.12266449ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nrk.no/troms/gjenopplev-den-historiske-solformorkelsen-1.12270763
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nrk.no/troms/gjenopplev-den-historiske-solformorkelsen-1.12270763ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nrk.no/video/PS
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ntdtv.ru
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ntr.nl/Aap-Poot-Pies/27/detail/Aap-poot-pies/VPWON_1233944#content
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ntr.nl/Aap-Poot-Pies/27/detail/Aap-poot-pies/VPWON_1233944#contentainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ntv.ru/novosti/863142/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ntv.ru/novosti/863142/amd5aba7ea172a91cb83eb734cad18c10e723ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ntv.ru/peredacha/segodnya/m23700/o232416
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ntv.ru/peredacha/segodnya/m23700/o232416amd5u82dbd49b38e3af1d00df16acbeab260cainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ntv.ru/serial/Delo_vrachey/m31760/o233916/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ntv.ru/serial/Delo_vrachey/m31760/o233916/amd5u9320cd0e23f3ea59c330dc744e06ff3bainfo_dict
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ntv.ru/vi%s/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ntv.ru/vi%s/avideo_iduDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ntv.ru/video/novosti/750370/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ntv.ru/video/novosti/750370/amd5aadecff79691b4d71e25220a191477124ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.numisc.com/forum/showthread.php?11696-FM15-which-pumiscer-was-this-%28-vid-%29-%28-alfa-a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nytimes.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nytimes.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nytimes.com/2015/04/14/business/owner-of-gravity-payments-a-credit-card-processor-is-sett
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nytimes.com/2016/10/14/podcasts/revelations-from-the-final-weeks.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nytimes.com/2016/10/14/podcasts/revelations-from-the-final-weeks.htmlamd5ae0d52040cafb076
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nytimes.com/2016/10/16/books/review/inside-the-new-york-times-book-review-the-rise-of-hit
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nytimes.com/T
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nytimes.com/news/minute/2014/03/17/times-minute-whats-next-in-crimea/?_php=true&_type=blo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nytimes.com/svc/video/api/v2/video/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nytimes.com/svc/video/api/v2/video/aheadlineaget_file_sizeuNYTimesBaseIE._extract_video_f
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nytimes.com/video/opinion/100000002847155/verbatim-what-is-a-photocopier.html?playlistId=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nytimes.com/video/travel/100000003550828/36-hours-in-dubai.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nytimes.com/video/travel/100000003550828/36-hours-in-dubai.htmlaonly_matchingta_TESTSa_re
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nytimes.comuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nzz.ch/zuerich/gymizyte/gymizyte-schreiben-schueler-heute-noch-diktate-ld.9153
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.nzz.ch/zuerich/gymizyte/gymizyte-schreiben-schueler-heute-noch-diktate-ld.9153ainfo_dictD
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp	String found in binary or memory: http://www.ocert.org/advisories/ocert-2011-003.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ok.ru/video/20648036891
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ok.ru/video/20648036891aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ok.ru/videoembed/20648036891
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ok.ru/videoembed/20648036891aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.oktoberfest-tv.de/de/kameras/video/hb-zelt
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.oktoberfest-tv.de/de/kameras/video/hb-zeltainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.omroepwnl.nl/video/detail/vandaag-de-dag-6-mei__060515
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.omroepwnl.nl/video/detail/vandaag-de-dag-6-mei__060515ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.omroepwnl.nl/video/fragment/vandaag-de-dag-verkiezingen__POMS_WNL_853698
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.omroepwnl.nl/video/fragment/vandaag-de-dag-verkiezingen__POMS_WNL_853698ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ondemandkorea.com/ask-us-anything-e43.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ondemandkorea.com/ask-us-anything-e43.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.onionstudios.com/embed?id=2855&autoplay=true
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.onionstudios.com/embed?id=2855&autoplay=trueaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.onionstudios.com/video/6139.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.onionstudios.com/video/6139.jsonaonly_matchingta_TESTSastaticmethoda_extract_urluOnionStu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.onionstudios.com/videos/hannibal-charges-forward-stops-for-a-cocktail-2937
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.onionstudios.com/videos/hannibal-charges-forward-stops-for-a-cocktail-2937amd5u5a118d466d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.outsidetv.com/category/snow/play/ZjQYboH6/1/10/Hdg0jukV/4
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.outsidetv.com/category/snow/play/ZjQYboH6/1/10/Hdg0jukV/4amd5u192d968fedc10b2f70ec31865ff
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.outsidetv.com/home/play/ZjQYboH6/1/10/Hdg0jukV/4
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.outsidetv.com/home/play/ZjQYboH6/1/10/Hdg0jukV/4aonly_matchingta_TESTSa_real_extractuOuts
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pandora.tv/view/mikakim/53294230#36797454_new
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pandora.tv/view/mikakim/53294230#36797454_newaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.passionpitmusic.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.patreon.com/creation?hid=743933
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.patreon.com/creation?hid=743933amd5ae25505eec1053a6e6813b8ed369875ccainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.patreon.com/creation?hid=754133
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.patreon.com/creation?hid=754133amd5u3eb09345bf44bf60451b8b0b81759d0aainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.patriots.com/video/2015/09/18/10-days-gillette
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.patriots.com/video/2015/09/18/10-days-gilletteamd5u4c319e2f625ffd0b481b4382c6fc124cainfo_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/food/features/a-chefs-life-season-3-episode-5-prickly-business/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/food/features/a-chefs-life-season-3-episode-5-prickly-business/amd5u59b0ef5009f9a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/newshour/bb/education-jan-june12-cyberschools_02-23/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/newshour/bb/education-jan-june12-cyberschools_02-23/amd5ab19856d7f5351b17a5ab1dc6
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/tpt/constitution-usa-peter-sagal/watch/a-more-perfect-union/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/tpt/constitution-usa-peter-sagal/watch/a-more-perfect-union/amd5u173dc391afd361fa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/video/2365245528/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/video/2365245528/amd5u115223d41bd55cda8ae5cd5ed4e11497ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/video/2365641075/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/video/2365641075/amd5afdf907851eab57211dd589cf12006666ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/wgbh/americanexperience/films/death/player/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/wgbh/americanexperience/films/death/player/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/wgbh/americanexperience/films/great-war/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/wgbh/americanexperience/films/great-war/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/wgbh/nova/earth/killer-typhoon.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/wgbh/nova/earth/killer-typhoon.htmlamd5u908f3e5473a693b266b84e25e1cf9703ainfo_dic
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/wgbh/pages/frontline/.json/getdir/getdir%d.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/wgbh/pages/frontline/.json/getdir/getdir%d.jsonuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/wgbh/pages/frontline/losing-iraq/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/wgbh/pages/frontline/losing-iraq/amd5u6f722cb3c3982186d34b0f13374499c7ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/wgbh/pages/frontline/the-atomic-artists
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/wgbh/pages/frontline/the-atomic-artistsainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/wgbh/pages/frontline/united-states-of-secrets/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/wgbh/pages/frontline/united-states-of-secrets/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/wgbh/roadshow/watch/episode/2105-indianapolis-hour-2/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/wgbh/roadshow/watch/episode/2105-indianapolis-hour-2/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/wnet/gperf/dudamel-conducts-verdi-requiem-hollywood-bowl-full-episode/3374/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pbs.org/wnet/gperf/dudamel-conducts-verdi-requiem-hollywood-bowl-full-episode/3374/amd5ac
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pcmag.com/article2/0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pcmag.com/videos/2015/01/06/010615-whats-new-now-is-gogo-snooping-on-your-data
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pcmag.com/videos/2015/01/06/010615-whats-new-now-is-gogo-snooping-on-your-dataamd5u212d61
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pearvideo.com/video_1076290
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pearvideo.com/video_1076290ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.people.com/people/videos/0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.phoenix.de/content/884301
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.phoenix.de/content/884301amd5aed249f045256150c92e72dbb70eadec6ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.phoenix.de/content/phoenix/die_sendungen/869815
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.phoenix.de/content/phoenix/die_sendungen/869815aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.phoenix.de/content/phoenix/die_sendungen/diskussionen/928234
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.phoenix.de/content/phoenix/die_sendungen/diskussionen/928234aonly_matchingta_TESTSa_real_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.phoenix.de/php/mediaplayer/data/beitrags_details.php?ak=web&id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.phoenix.de/php/mediaplayer/data/beitrags_details.php?ak=web&id=%saextract_from_xml_urla__
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pinkbike.com/video/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pinkbike.com/video/%sareafindalludata-quality=((?:
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pinkbike.com/video/402811/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pinkbike.com/video/402811/amd5u4814b8ca7651034cd87e3361d5c2155aainfo_dictu402811aextamp4u
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.piwiplus.fr/videos-piwi/pid1405-le-labyrinthe-boing-super-ranger.html?vid=1108190
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.piwiplus.fr/videos-piwi/pid1405-le-labyrinthe-boing-super-ranger.html?vid=1108190ainfo_di
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.playtvak.cz/embed.aspx?idvideo=V150729_141549_play-porad_kuko
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.playtvak.cz/embed.aspx?idvideo=V150729_141549_play-porad_kukoaonly_matchingta_TESTSa_real
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.playtvak.cz/vyzente-vosy-a-srsne-ze-zahrady-dn5-/hodinovy-manzel.aspx?c=A150730_150323_ho
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.playvid.com/watch/RnmBNgtrrJu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.playvid.com/watch/RnmBNgtrrJuamd5affa2f6b2119af359f544388d8c01eb6cainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.playvid.com/watch/hwb0GpNkzgH
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.playvid.com/watch/hwb0GpNkzgHamd5u39d49df503ad7b8f23a4432cbf046477ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pluralsight.com/courses/hosting-sql-server-windows-azure-iaas
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pluralsight.com/courses/hosting-sql-server-windows-azure-iaasainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pluralsight.com/training/player?author=mike-mckeown&name=hosting-sql-server-windows-azure
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pokemon.com/de/pokemon-folgen/01_20-bye-bye-smettbo/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pokemon.com/de/pokemon-folgen/01_20-bye-bye-smettbo/aonly_matchingta_TESTSa_real_extractu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pokemon.com/fr/episodes-pokemon/18_09-un-hiver-inattendu/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pokemon.com/fr/episodes-pokemon/18_09-un-hiver-inattendu/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pokemon.com/uk/pokemon-episodes/?play=2e8b5c761f1d4a9286165d7748c1ece2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pokemon.com/uk/pokemon-episodes/?play=2e8b5c761f1d4a9286165d7748c1ece2aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.polskieradio.pl/10
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.polskieradio.pl/265/5217/Artykul/1635803
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.polskieradio.pl/37
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.polskieradio.pl/7
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.polskieradio.pl/7/129
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.polskieradio.pl/7/4807
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.polskieradio.pl/7/4807ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.polskieradio.pl/7/5102
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.polskieradio.pl/7/5102/Artykul/1587943
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.polskieradio.pl/7/5102/Artykul/1587943aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.polskieradio.pl/8
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.polskieradio.pl/9/299/Artykul/1634903
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.porn.com/videos/teen-grabs-a-dildo-and-fucks-her-pussy-live-on-1hottie-i-rec-2603339
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.porn.com/videos/teen-grabs-a-dildo-and-fucks-her-pussy-live-on-1hottie-i-rec-2603339amd5u
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornhd.com/videos/1962/sierra-day-gets-his-cum-all-over-herself-hd-porn-video
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornhd.com/videos/1962/sierra-day-gets-his-cum-all-over-herself-hd-porn-videou1b7b3a40b9d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornhd.com/videos/9864/selfie-restroom-masturbation-fun-with-chubby-cutie-hd-porn-video
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornhd.com/videos/9864/selfie-restroom-masturbation-fun-with-chubby-cutie-hd-porn-videoam
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornhub.com/users/rushandlia/videos
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornhub.com/users/rushandlia/videosaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornhub.com/users/zoe_ph/videos/public
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornhub.com/users/zoe_ph/videos/publicaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornhub.com/video/show?viewkey=648719015
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornhub.com/video/show?viewkey=648719015aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornhub.com/view_video.php?viewkey=1331683002
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornhub.com/view_video.php?viewkey=1331683002u1331683002u
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornhub.com/view_video.php?viewkey=648719015
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornhub.com/view_video.php?viewkey=648719015amd5aa6391306d050e4547f62b3f485dd9ba9ainfo_di
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornhub.com/view_video.php?viewkey=788152859
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornhub.com/view_video.php?viewkey=788152859aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornhub.com/view_video.php?viewkey=ph557bbb6676d2d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornhub.com/view_video.php?viewkey=ph557bbb6676d2daonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornhub.com/view_video.php?viewkey=ph56fd731fce6b7
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornhub.com/view_video.php?viewkey=ph56fd731fce6b7aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornhub.com/view_video.php?viewkey=ph572716d15a111
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornhub.com/view_video.php?viewkey=ph572716d15a111aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornotube.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornotube.com/orientation/straight/video/4964/title/weird-hot-and-wet-science
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornotube.com/orientation/straight/video/4964/title/weird-hot-and-wet-scienceamd5u60fc5a4
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornotube.comatokenKeyuhttps://api.aebn.net/delivery/v1/clips/%s/MP4uDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornovoisines.com/api/video/%s/getsettingsurl/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornovoisines.com/api/video/%s/getsettingsurl/D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornovoisines.com/videos/show/919/recherche-appartement.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornovoisines.com/videos/show/919/recherche-appartement.htmlamd5u6f8aca6a058592ab49fe701c
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornoxo.com/videos/7564/striptease-from-sexy-secretary.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pornoxo.com/videos/7564/striptease-from-sexy-secretary.htmlamd5u582f28ecbaa9e6e24cb90f50f
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pps.tv/w_19rrbav0ph.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.pps.tv/w_19rrbav0ph.htmlaonly_matchingta_TESTSD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.premierchristianradio.com/Shows/Saturday/Unbelievable/Conference-Videos/Os-Guinness-Is-It
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.presstv.ir/Detail/2016/04/09/459911/Australian-sewerage-treatment-facility-/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.presstv.ir/Detail/2016/04/09/459911/Australian-sewerage-treatment-facility-/amd5u5d7e3195
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.programme-tv.net/videos/extraits/81095-guillaume-canet-evoque-les-rumeurs-d-infidelite-de
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.prosieben.de
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.prosieben.de/stars/oscar-award/videos/jetzt-erst-enthuellt-das-geheimnis-von-emma-stones-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.prosieben.de/tv/circus-halligalli/videos/218-staffel-2-episode-18-jahresrueckblick-ganze-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.prosieben.de/tv/joko-gegen-klaas/videos/playlists/episode-8-ganze-folge-playlist
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.prosieben.de/tv/joko-gegen-klaas/videos/playlists/episode-8-ganze-folge-playlistainfo_dic
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.prosieben.de/videokatalog/Gesellschaft/Leben/Trends/video-Lady-Umstyling-f%C3%BCr-Audrina
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.prosiebenmaxx.de/tv/experience/video/144-countdown-fuer-die-autowerkstatt-ganze-folge
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.prosiebenmaxx.de/tv/experience/video/144-countdown-fuer-die-autowerkstatt-ganze-folgeainf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.puls4.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.puls4.com/2-minuten-2-millionen/staffel-3/videos/2min2miotalk/Tobias-Homberger-von-myclub
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.puls4.com/api/json-fe/page/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.puls4.com/api/json-fe/page/acontentlaurluhttp://www.puls4.comamediaCurrentaplayerContenta
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.puls4.com/pro-und-contra/wer-wird-prasident/Ganze-Folgen/Wer-wird-Praesident-Analyse-des-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.puls4.com/pro-und-contra/wer-wird-prasident/Ganze-Folgen/Wer-wird-Praesident.-Norbert-Hof
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp	String found in binary or memory: http://www.python.org)
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp, namang.exe, 00000012.00000003.520105262.00000000050E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.python.org/
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp, namang.exe, 00000012.00000003.520105262.00000000050E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.python.org/dev/peps/pep-0205/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.q2.be/video/volledige-afleveringen/id/2be_20170301_VM0684442_q2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.q2.be/video/volledige-afleveringen/id/2be_20170301_VM0684442_q2aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.radiobremen.de/apps/php/mediathek/metadaten.php?id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.radiobremen.de/apps/php/mediathek/metadaten.php?id=%sa_download_webpageuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.radiobremen.de/mediathek/?id=141876
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.radiobremen.de/mediathek/?id=141876ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.radiojavan.com/videos/video/chaartaar-ashoobam
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.radiojavan.com/videos/video/chaartaar-ashoobamamd5ae85208ffa3ca8b83534fca9fe19af95bainfo_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rai.it/dl/RaiTV/programmi/media/ContentItem-b63a4089-ac28-48cf-bca5-9f5b5bc46df5.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rai.it/dl/RaiTV/programmi/media/ContentItem-b63a4089-ac28-48cf-bca5-9f5b5bc46df5.htmlaonl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rai.it/dl/RaiTV/programmi/media/ContentItem-efb17665-691c-45d5-a60c-5301333cbb0c.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rai.it/dl/RaiTV/programmi/media/ContentItem-efb17665-691c-45d5-a60c-5301333cbb0c.htmlamd5
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rai.tv/dl/RaiTV/dirette/PublishingBlock-1912dbbf-3f96-44c3-b4cf-523681fbacbc.html?channel
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rai.tv/dl/RaiTV/programmi/media/ContentItem-%s.html?json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rai.tv/dl/RaiTV/programmi/media/ContentItem-%s.html?jsonastripaAudioT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rainews.it/dl/rainews/live/ContentItem-3156f2f2-dc70-4953-8e2f-70d7489d4ce9.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rainews.it/dl/rainews/live/ContentItem-3156f2f2-dc70-4953-8e2f-70d7489d4ce9.htmlainfo_dic
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rainews.it/dl/rainews/media/Weekend-al-cinema-da-Hollywood-arriva-il-thriller-di-Tate-Tay
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.raiplay.it/dirette/ContentItem-%s.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.raiplay.it/dirette/ContentItem-%s.htmladisplay_ida_html_search_metaT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.raiplay.it/dirette/rainews24
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.raiplay.it/dirette/rainews24ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.raiplay.it/programmi/nondirloalmiocapo/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.raiplay.it/programmi/nondirloalmiocapo/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.raiplay.it/video/2014/04/Report-del-07042014-cb27157f-9dd0-4aee-b788-b1f67643a391.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.raiplay.it/video/2014/04/Report-del-07042014-cb27157f-9dd0-4aee-b788-b1f67643a391.htmlamd
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.raiplay.it/video/2016/10/La-Casa-Bianca-e06118bb-59a9-4636-b914-498e4cfd2c66.html?source=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.raiplay.it/video/2016/11/gazebotraindesi-efebe701-969c-4593-92f3-285f0d1ce750.html?
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.raiplay.it/video/2016/11/gazebotraindesi-efebe701-969c-4593-92f3-285f0d1ce750.html?aonly_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.raisport.rai.it/dl/raiSport/media/rassegna-stampa-04a9f4bd-b563-40cf-82a6-aad3529cb4a9.ht
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ran.de/fussball/bundesliga/video/schalke-toennies-moechte-raul-zurueck-ganze-folge
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ran.de/fussball/bundesliga/video/schalke-toennies-moechte-raul-zurueck-ganze-folgeainfo_d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rds.ca/vid%C3%A9os/un-voyage-positif-3.877934
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rds.ca/vid%C3%A9os/un-voyage-positif-3.877934aonly_matchingta_TESTSa_real_extractuRDSIE._
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rds.ca/videos/football/nfl/fowler-jr-prend-la-direction-de-jacksonville-3.1132799
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rds.ca/videos/football/nfl/fowler-jr-prend-la-direction-de-jacksonville-3.1132799ainfo_di
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.redtube.com/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.redtube.com/%sT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.redtube.com/66418
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.redtube.com/66418amd5afc08071233725f26b8f014dba9590005ainfo_dictu66418uSucked
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.regio-tv.de/video/395808
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.regio-tv.de/video/395808.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.regio-tv.de/video/395808.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.regio-tv.de/video/395808aonly_matchingta_TESTSa_real_extractuRegioTVIE._real_extracta__or
Source: Mario Deluxe InstaII.exe, 00000000.00000003.235042192.000000007FC20000.00000004.00000001.sdmp, Mario Deluxe InstaII.tmp, Mario Deluxe InstaII.exe, 00000002.00000003.257352931.000000007FC20000.00000004.00000001.sdmp, Mario Deluxe InstaII.tmp, 00000005.00000002.361560902.0000000000401000.00000020.00020000.sdmp	String found in binary or memory: http://www.remobjects.com/ps
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.report.rai.it/dl/Report/puntata/ContentItem-0c7a664b-d0f4-4b2c-8835-3f82e46f433e.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.report.rai.it/dl/Report/puntata/ContentItem-0c7a664b-d0f4-4b2c-8835-3f82e46f433e.htmlamd5
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.reuters.com/assets/iframe/yovideo?videoId=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.reuters.com/assets/iframe/yovideo?videoId=%sajs_to_jsona_search_regexu(?s)Reuters
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.reuters.com/video/2016/05/20/san-francisco-police-chief-resigns?videoId=368575562
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.reuters.com/video/2016/05/20/san-francisco-police-chief-resigns?videoId=368575562amd5u801
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.reverbnation.com/alkilados/song/16965047-mona-lisa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.reverbnation.com/alkilados/song/16965047-mona-lisaamd5ac0aaf339bcee189495fdf5a8c8ba8645ai
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp	String found in binary or memory: http://www.rfc-editor.org/rfc/rfc%d.txtz(http://www.python.org/dev/peps/pep-%04d/r
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp, namang.exe, 00000012.00000003.520105262.00000000050E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.rfc-editor.org/rfc/rfc%d.txtz(http://www.python.org/dev/peps/pep-%04d/r7
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rg.ru/2014/03/15/reg-dfo/anklav-anons.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rg.ru/2014/03/15/reg-dfo/anklav-anons.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.riderfans.com/forum/showthread.php?121827-Freeman&s=e98fa1ea6dc08e886b1678d35212494a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.riderfans.com/forum/showthread.php?121827-Freeman&s=e98fa1ea6dc08e886b1678d35212494aainfo
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp, namang.exe, 00000012.00000003.520105262.00000000050E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.robotstxt.org/norobots-rfc.txt
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rockstargames.com/videos#/?video=48
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rockstargames.com/videos#/?video=48aonly_matchingta_TESTSa_real_extractuRockstarGamesIE._
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rollingstone.com/music/videos/norwegian-dj-cashmere-cat-goes-spartan-on-with-me-premiere-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rottentomatoes.com/m/toy_story_3/trailers/11028566/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rottentomatoes.com/m/toy_story_3/trailers/11028566/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.roxwel.com/api/videos/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.roxwel.com/api/videos/%sa_download_jsonasortedamedia_ratesastartswithT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.roxwel.com/player/passionpittakeawalklive.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.roxwel.com/player/passionpittakeawalklive.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtbf.be/auvio/detail_jeudi-en-prime-siegfried-bracke?id=2102996
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtbf.be/auvio/detail_jeudi-en-prime-siegfried-bracke?id=2102996aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtbf.be/ouftivi/heros/detail_scooby-doo-mysteres-associes?id=1097&videoId=2057442
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtbf.be/ouftivi/heros/detail_scooby-doo-mysteres-associes?id=1097&videoId=2057442aonly_ma
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtbf.be/ouftivi/niouzz?videoId=2055858
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtbf.be/ouftivi/niouzz?videoId=2055858aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rte.ie/player/ie/show/iwitness-862/10478715/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rte.ie/player/ie/show/iwitness-862/10478715/amd5u4a76eb3396d98f697e6e8110563d2604ainfo_di
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rte.ie/radio/utils/radioplayer/rteradioweb.html#
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rte.ie/rteavgen/getplaylist/?type=web&format=json&id=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtl.be/info/video/589263.aspx?CategoryID=288
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtl.be/info/video/589263.aspx?CategoryID=288ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtl.nl/system/s4m/vfd/version=2/uuid=%s/fmt=adaptive/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtl.nl/system/s4m/vfd/version=2/uuid=%s/fmt=adaptive/amateriallaabstractsanameagetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtl.nl/system/videoplayer/derden/embed.html#
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtl.nl/system/videoplayer/derden/rtlnieuws/video_embed.html#uuid=84ae5571-ac25-4225-ae0c-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtl.nl/system/videoplayer/derden/rtlnieuws/video_embed.html#uuid=f536aac0-1dc3-4314-920e-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtl2.de/sendung/grip-das-motormagazin/folge/folge-203-0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtl2.de/sendung/grip-das-motormagazin/folge/folge-203-0ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtl2.de/sendung/koeln-50667/video/5512-anna/21040-anna-erwischt-alex/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtl2.de/sendung/koeln-50667/video/5512-anna/21040-anna-erwischt-alex/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtlnieuws.nl/nieuws/buitenland/aanslagen-kopenhagen
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtlnieuws.nl/nieuws/buitenland/aanslagen-kopenhagenaplaylist_mincountl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtlxl.nl/#
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtp.pt/play/p405/e174042/paixoes-cruzadas
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtp.pt/play/p405/e174042/paixoes-cruzadasamd5ae736ce0c665e459ddb818546220b4ef8ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtp.pt/play/p831/a-quimica-das-coisas
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtp.pt/play/p831/a-quimica-das-coisasaonly_matchingta_TESTSa_real_extractuRTPIE._real_ext
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rts.ch/a/%s.html?f=json/article
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rts.ch/a/%s.html?f=json/articlea_search_regexu-(
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rts.ch/archives/tv/divers/3449373-les-enfants-terribles.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rts.ch/archives/tv/divers/3449373-les-enfants-terribles.htmlamd5aff7f8450a90cf58dacb64e29
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rts.ch/audio/couleur3/programmes/la-belle-video-de-stephane-laurenceau/5706148-urban-hipp
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rts.ch/emissions/passe-moi-les-jumelles/5624067-entre-ciel-et-mer.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rts.ch/emissions/passe-moi-les-jumelles/5624067-entre-ciel-et-mer.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rts.ch/sport/hockey/6693917-hockey-davos-decroche-son-31e-titre-de-champion-de-suisse.htm
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rts.ch/video/info/journal-continu/5745356-londres-cachee-par-un-epais-smog.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rts.ch/video/info/journal-continu/5745356-londres-cachee-par-un-epais-smog.htmlu1bae984fe
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rts.ch/video/sport/hockey/5745975-1-2-kloten-fribourg-5-2-second-but-pour-gotteron-par-kw
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/alacarta/videos/balonmano/o-swiss-cup-masculina-final-espana-suecia/2491869/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/alacarta/videos/balonmano/o-swiss-cup-masculina-final-espana-suecia/2491869/amd5u
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/alacarta/videos/servir-y-proteger/servir-proteger-capitulo-104/4236788/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/alacarta/videos/servir-y-proteger/servir-proteger-capitulo-104/4236788/amd5ae55e1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/alacarta/videos/television/24h-live/1694255/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/alacarta/videos/television/24h-live/1694255/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/api/videos/%s/config/alacarta_videos.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/api/videos/%s/config/alacarta_videos.jsonapageaitemsastateaDESPUaExtractorErrorT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/directo/la-1/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/directo/la-1/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/filmoteca/no-do/not-1-introduccion-primer-noticiario-espanol/1465256/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/filmoteca/no-do/not-1-introduccion-primer-noticiario-espanol/1465256/aonly_matchi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/infantil/serie/cleo/video/maneras-vivir/3040283/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/infantil/serie/cleo/video/maneras-vivir/3040283/amd5u915319587b33720b8e0357caaa66
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/m/alacarta/videos/cuentame-como-paso/cuentame-como-paso-t16-ultimo-minuto-nuestra
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/odin/loki/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/odin/loki/uFetching
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/resources/jpg/6/5/1426182947956.JPG
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/resources/jpg/6/5/1426182947956.JPGadurationf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/television/20160628/revolucion-del-movil/1364141.shtml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/television/20160628/revolucion-del-movil/1364141.shtmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/ztnr/movil/thumbnail/%s/videos/%s.png
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/ztnr/movil/thumbnail/%s/videos/%s.pngasanitized_Requestaadd_headeraReferera_downl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/ztnr/movil/thumbnail/amonet/videos/%s.png
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/ztnr/movil/thumbnail/amonet/videos/%s.pngD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/ztnr/movil/thumbnail/default/videos/%s.png
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtve.es/ztnr/movil/thumbnail/default/videos/%s.pngamp4atimeagmtimearemove_enda_og_search_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtvnh.nl/video/131946
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtvnh.nl/video/131946amd5acdbec9f44550763c8afc96050fa747dcainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtvnh.nl/video/json?m=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtvnh.nl/video/json?m=agetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtvnh.nl/video/smil?m=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtvnh.nl/video/smil?m=aextendu%s/%saurlaplay_pathacopyaextaupdateaformat_idareplaceT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtvs.sk/radio/archiv/11224/414872
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtvs.sk/radio/archiv/11224/414872amd5u134d5d6debdeddf8a5d761cbc9edacb8ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtvs.sk/televizia/archiv/8249/63118
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.rtvs.sk/televizia/archiv/8249/63118amd5u85e2c55cf988403b70cac24f5c086dc6ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ruhd.ru
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ruhd.ru/play.php?vid=207
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ruhd.ru/play.php?vid=207amd5ad1a9ec4edf8598e3fbd92bb16072ba83ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ruhd.ruaidaurla__doc__a__file__a__spec__aoriginahas_locationa__cached__aunicode_literalsl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ruutu.fi/video/2057306
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ruutu.fi/video/2057306amd5u065a10ae4d5b8cfd9d0c3d332465e3d9ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ruutu.fi/video/2058907
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ruutu.fi/video/2058907amd5aab2093f39be1ca8581963451b3c0234fainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ruutu.fi/video/3193728
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ruutu.fi/video/3193728aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ruv.is/node/1151854
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ruv.is/node/1151854aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.sat1.de/film/der-ruecktritt/video/im-interview-kai-wiesinger-clip
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.sat1.de/film/der-ruecktritt/video/im-interview-kai-wiesinger-clipainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.sat1gold.de/tv/edel-starck/playlist/die-gesamte-1-staffel
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.sat1gold.de/tv/edel-starck/playlist/die-gesamte-1-staffelaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.sat1gold.de/tv/edel-starck/video/11-staffel-1-episode-1-partner-wider-willen-ganze-folge
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.sat1gold.de/tv/edel-starck/video/11-staffel-1-episode-1-partner-wider-willen-ganze-folgea
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.sbs.com.au/api/video_pdkvars/id/%s?form=json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.sbs.com.au/api/video_pdkvars/id/%s?form=jsonagetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.sbs.com.au/news/video/471395907773/The-Feed-July-9
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.sbs.com.au/news/video/471395907773/The-Feed-July-9aonly_matchingta_TESTSa_real_extractuSB
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.sbs.com.au/ondemand/video/320403011771/Dingo-Conservation-The-Feed
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.sbs.com.au/ondemand/video/320403011771/Dingo-Conservation-The-Feedaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.sbs.com.au/ondemand/video/single/320403011771/?source=drupal&vertical=thefeed
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.sbs.com.au/ondemand/video/single/320403011771/?source=drupal&vertical=thefeedamd5u3150cf2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.schooltv.nl/video/ademhaling-de-hele-dag-haal-je-adem-maar-wat-gebeurt-er-dan-eigenlijk-i
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.screencast.com/t/3ZEjQXlT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.screencast.com/t/3ZEjQXlTamd5u917df1c13798a3e96211dd1561fded83ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.screencast.com/t/V2uXehPJa1ZI
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.screencast.com/t/V2uXehPJa1ZIamd5ae8e4b375a7660a9e7e35c33973410d34ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.screencast.com/t/X3ddTrYh
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.screencast.com/t/X3ddTrYhamd5u669ee55ff9c51988b4ebc0877cc8b159ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.screencast.com/t/aAB3iowa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.screencast.com/t/aAB3iowaamd5adedb2734ed00c9755761ccaee88527cdainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.sedona.com/FacilitatorTraining2017
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.sedona.com/FacilitatorTraining2017ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.seeker.com/changes-expected-at-zoos-following-recent-gorilla-lion-shootings-1834116536.ht
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.seeker.com/should-trump-be-required-to-release-his-tax-returns-1833805621.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.seeker.com/should-trump-be-required-to-release-his-tax-returns-1833805621.htmlamd5u897d44
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.showcase.ca/eyewitness/video/eyewitness
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.simpsonsworld.com/video/716094019682
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.simpsonsworld.com/video/716094019682aonly_matchingta_TESTSa_real_extractuFXNetworksIE._re
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.sixx.de/stars-style/video/sexy-laufen-in-ugg-boots-clip
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.sixx.de/stars-style/video/sexy-laufen-in-ugg-boots-clipainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.skipass.com/news/116090-bon-appetit-s5ep3-baqueira-mi-cor.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.skipass.com/news/116090-bon-appetit-s5ep3-baqueira-mi-cor.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.spi0n.com/zap-spi0n-com-n216/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.spi0n.com/zap-spi0n-com-n216/amd5u441aeeb82eb72c422c7f14ec533999cdainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.sportsnet.ca/baseball/mlb/sn-presents-russell-martin-world-citizen/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.sportsnet.ca/baseball/mlb/sn-presents-russell-martin-world-citizen/amd5u4ae374f1f8b91c889
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.stack.com/video/3167554373001/learn-to-hit-open-three-pointers-with-damian-lillard-s-base
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.starwars.com/embed/54690d1e6c42e5f09a0fb097
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.starwars.com/embed/54690d1e6c42e5f09a0fb097aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.starwars.com/video/rogue-one-a-star-wars-story-intro-featurette
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.starwars.com/video/rogue-one-a-star-wars-story-intro-featuretteainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.steelers.com/news/article-1/Tomlin-on-Ben-getting-Vick-ready/56399c96-4160-48cf-a7ad-1d17
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.stufftoblowyourmind.com/videos/optical-illusions-video.htm
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.stufftoblowyourmind.com/videos/optical-illusions-video.htmamd5u76646a5acc0c92bf7cd66751ca
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.suffolk.edu/sjc/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.suffolk.edu/sjc/D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.suffolk.edu/sjc/live.php
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.suffolk.edu/sjc/live.phpainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.supla.fi/supla/2231370
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.supla.fi/supla/2231370amd5adf14e782d49a2c0df03d3be2a54ef949ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.telegraaf.nl/xml/playlist/2015/8/7/mZlp2ctYIUEB.xspf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.telegraaf.nl/xml/playlist/2015/8/7/mZlp2ctYIUEB.xspfainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.tested.com/science/weird/460206-tested-grinding-coffee-2000-frames-second/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.tested.com/science/weird/460206-tested-grinding-coffee-2000-frames-second/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.tg1.rai.it/dl/tg1/2010/edizioni/ContentSet-9b6e0cba-4bef-4aef-8cf0-9f7f665b7dfb-tg1.html?
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.tgcom24.mediaset.it/politica/serracchiani-voglio-vivere-in-una-societa-aperta-reazioni-sp
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.the-voice-of-germany.de/video/31-andreas-kuemmert-rocket-man-clip
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.the-voice-of-germany.de/video/31-andreas-kuemmert-rocket-man-clipainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.theatlantic.com/video/index/484130/what-do-black-holes-sound-like/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.theatlantic.com/video/index/484130/what-do-black-holes-sound-like/amd5aa3e0df96369831de32
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.thecomedynetwork.ca/video/player?vid=923582
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.thecomedynetwork.ca/video/player?vid=923582aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.theguardian.com/world/2014/mar/11/obama-zach-galifianakis-between-two-ferns
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.theguardian.com/world/2014/mar/11/obama-zach-galifianakis-between-two-fernsainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.today.com/video/see-the-aurora-borealis-from-space-in-stunning-new-nasa-video-66983123578
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.tsn.ca/video/expectations-high-for-milos-raonic-at-us-open~939549
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.tsn.ca/video/expectations-high-for-milos-raonic-at-us-open~939549aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.tsprod.com/replay-du-concert-alcaline-de-calogero
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.tsprod.com/replay-du-concert-alcaline-de-calogeroainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.tv-replay.fr/redirection/09-04-16/arte-reportage-arte-11508975.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.tv-replay.fr/redirection/09-04-16/arte-reportage-arte-11508975.htmlamd5u850bfe45417ddf221
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.tv-replay.fr/redirection/20-03-14/x-enius-arte-10753389.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.tv-replay.fr/redirection/20-03-14/x-enius-arte-10753389.htmlamd5u7653032cbb25bf6c80d80f21
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.tvnoviny.sk/domace/1923887_po-smrti-manzela-ju-cakalo-poriadne-prekvapenie
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.tvnoviny.sk/domace/1923887_po-smrti-manzela-ju-cakalo-poriadne-prekvapenieaonly_matchingt
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.txxx.com/videos/3326530/ariele/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.txxx.com/videos/3326530/ariele/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ultimedia.com/deliver/video?video=%s&topic=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.ultimedia.com/deliver/video?video=%s&topic=%sagetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.un.org/chinese/News/story.asp?NewsID=27724
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.un.org/chinese/News/story.asp?NewsID=27724amd5u36d74ef5e37c8b4a2ce92880d208b968ainfo_dict
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.unsafespeech.com/video/2016/5/10/student-self-censorship-and-the-thought-police-on-univer
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.vanityfair.com/hollywood/2017/04/donald-trump-tv-pitches
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.vanityfair.com/hollywood/2017/04/donald-trump-tv-pitchesD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.vestifinance.ru/articles/25753
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.vestifinance.ru/articles/25753ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.video-cdn.com/assets/flowplayer/flowplayer.commercial-3.2.18.swf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.video-cdn.com/assets/flowplayer/flowplayer.commercial-3.2.18.swfartmp_real_timeaextaflvai
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.vol.at/blue-man-group/5593454
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.vol.at/blue-man-group/5593454ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.vpro.nl/programmas/2doc/2015/education-education.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.vpro.nl/programmas/2doc/2015/education-education.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.vpro.nl/programmas/2doc/2015/sergio-herman.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.vpro.nl/programmas/2doc/2015/sergio-herman.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.vulture.com/2016/06/letterman-couldnt-care-less-about-late-night.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.vulture.com/2016/06/letterman-couldnt-care-less-about-late-night.htmlamd5u1aa589c675898ae
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.vulture.com/2016/06/new-key-peele-sketches-released.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.vulture.com/2016/06/new-key-peele-sketches-released.htmlamd5aca1aef97695ef2c1d6973256a57e
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.waoanime.tv/the-super-dimension-fortress-macross-episode-1/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.waoanime.tv/the-super-dimension-fortress-macross-episode-1/amd5u2baf4ddd70f697d94b1c18cf7
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.wetv.com/shows/la-hair/videos/season-05/episode-09-episode-9-2/episode-9-sneak-peek-3
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.wetv.com/shows/la-hair/videos/season-05/episode-09-episode-9-2/episode-9-sneak-peek-3aonl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.wetv.com/shows/mama-june-from-not-to-hot/full-episode/season-01/thin-tervention
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.wetv.com/shows/mama-june-from-not-to-hot/full-episode/season-01/thin-terventionaonly_matc
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.wetv.com/shows/million-dollar-matchmaker/season-01/episode-06-the-dumped-dj-and-shallow-h
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.wired.com/2014/04/honda-asimo/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.wired.com/2014/04/honda-asimo/amd5aba0dfe966fa007657bd1443ee672db0fainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.wykop.pl/link/3088787/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.wykop.pl/link/3088787/u7619da8c820e835bef21a1efa2a0fc71D
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp, namang.exe, 00000012.00000003.520105262.00000000050E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.xmlrpc.com/discuss/msgReader$1208
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp, namang.exe, 00000012.00000003.520105262.00000000050E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.xmlrpc.com/discuss/msgReader$1208z
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.youtube.com/Kiamet/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.youtube.com/Kiamet/auploaderaJonTronaupload_dateu20140125aparamsD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.youtube.com/user/ContinueShow
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.youtube.com/user/xXJerryTerryXx
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.youtube.com/watch?v=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.youtube.com/watch?v=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.youtube.com/watch?v=%saYoutubeacbutheplatform:%saThePlatformaCookieuuser=%s;
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.youtube.com/watch?v=BaW_jenozKc
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.youtube.com/watch?v=BaW_jenozKcaonly_matchingtuUnicodeBOMIE._real_extractuyoutube_dl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.youtube.com/watch?v=ayoutube_idaplaylistunerdcubed.co.uk
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.zapp.nl/beste-vrienden-quiz/extra-video-s/WO_NTR_1067990
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.zapp.nl/beste-vrienden-quiz/extra-video-s/WO_NTR_1067990aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.zapp.nl/de-bzt-show/filmpjes/POMS_KN_7315118
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.zapp.nl/de-bzt-show/filmpjes/POMS_KN_7315118aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.zapp.nl/de-bzt-show/gemist/KN_1687547
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.zapp.nl/de-bzt-show/gemist/KN_1687547aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.zdnet.com/video/huawei-matebook-x-video/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.zdnet.com/video/huawei-matebook-x-video/aonly_matchingta_TESTSD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.zdnet.com/video/share/video-keeping-android-smartphones-and-tablets-secure/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www.zdnet.com/video/share/video-keeping-android-smartphones-and-tablets-secure/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www8.hp.com/cn/zh/home.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://www8.hp.com/cn/zh/home.htmlainfo_dictD
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.360437773.0000000005A75000.00000004.00000001.sdmp, namang.exe, 00000012.00000003.573866039.0000000004FE3000.00000004.00000001.sdmp	String found in binary or memory: http://wwwsearch.sf.net/):
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://x%sx.api.channel.livestream.com/2.0/clipdetails?extendedInfo=true&id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://x%sx.api.channel.livestream.com/2.0/clipdetails?extendedInfo=true&id=%sa_download_xmlafindT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://x%sx.api.channel.livestream.com/3.0/getstream.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://x%sx.api.channel.livestream.com/3.0/getstream.jsonu?id=%sa_og_search_titlea_og_search_descrip
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp, namang.exe, 00000012.00000003.520105262.00000000050E0000.00000004.00000001.sdmp	String found in binary or memory: http://xml.org/sax/features/external-general-entities
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp, namang.exe, 00000012.00000003.520105262.00000000050E0000.00000004.00000001.sdmp	String found in binary or memory: http://xml.org/sax/features/external-parameter-entities
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp, namang.exe, 00000012.00000003.520105262.00000000050E0000.00000004.00000001.sdmp	String found in binary or memory: http://xml.org/sax/features/namespaces
Source: namang.exe, 00000012.00000003.520105262.00000000050E0000.00000004.00000001.sdmp	String found in binary or memory: http://xml.org/sax/features/namespacesz.http://xml.org/sax/features/namespace-prefixesz
Source: namang.exe, 00000012.00000003.520105262.00000000050E0000.00000004.00000001.sdmp	String found in binary or memory: http://xml.org/sax/features/string-interningz&http://xml.org/sax/features/validationz5http://xml.org
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp, namang.exe, 00000012.00000003.520105262.00000000050E0000.00000004.00000001.sdmp	String found in binary or memory: http://xml.python.org/entities/fragment-builder/internalz
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp, namang.exe, 00000012.00000003.520105262.00000000050E0000.00000004.00000001.sdmp	String found in binary or memory: http://xmlrpc.usefulinc.com/doc/reserved.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://xspf.org/ns/0/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://xspf.org/ns/0/a_match_idaidaopadownload1amethod_freeuContinue
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://xspf.org/ns/0/as1uhttp://static.streamone.nl/player/ns/0axpath_with_nsu./xspf:trackList/xspf:
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://y.qq.com/n/yqq/playlist/3462654915.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://y.qq.com/n/yqq/playlist/3462654915.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://y.qq.com/y/static/%s/%s/%s/%s.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://y.qq.com/y/static/%s/%s/%s/%s.htmll
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://yinyue.kankan.com/vod/48/48863.shtml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://yinyue.kankan.com/vod/48/48863.shtmlamd5u29aca1e47ae68fc28804aca89f29507eainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://yinyue.kuwo.cn/billboard_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://yinyue.kuwo.cn/yy/cinfo_86375.htm
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://yinyue.kuwo.cn/yy/cinfo_86375.htmainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://you.rtl2.de/video/%s/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://you.rtl2.de/video/%s/%saRTL2Youaplaylist_resulta__doc__a__file__a__spec__aoriginahas_location
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://you.rtl2.de/video/3002/15740/MJUNIK%20%E2%80%93%20Home%20of%20YOU/307-hirn-wo-bist-du
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://you.rtl2.de/video/3002/15740/MJUNIK%20%E2%80%93%20Home%20of%20YOU/307-hirn-wo-bist-duainfo_di
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://you.rtl2.de/videos/115/dragon-ball
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://you.rtl2.de/videos/115/dragon-ballainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://you.rtl2.de/youplayer/index.html?vid=15712
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://you.rtl2.de/youplayer/index.html?vid=15712aonly_matchingtc
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://youtube-dl.bandcamp.com/track/youtube-dl-test-song
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://youtube-dl.bandcamp.com/track/youtube-dl-test-songamd5ac557841d5e50261777a6585648adf439ainfo_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://youtube.com/yt/2012/10/10
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://yt-dash-mse-test.commondatastorage.googleapis.com/media/car-20120827-manifest.mpd
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://yt-dash-mse-test.commondatastorage.googleapis.com/media/car-20120827-manifest.mpdamd5u4b57baa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://yt-dl.org/bug
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://yt-dl.org/bugaExtractorErroruNo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://yule.iqiyi.com/pcb.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://yule.iqiyi.com/pcb.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://yuntv.letv.com/bcloud.html?uu=p7jnfw5hw9&vu=187060b6fd
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://yuntv.letv.com/bcloud.html?uu=p7jnfw5hw9&vu=187060b6fdamd5acb988699a776b22d4a41b9d43acfb3acai
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://yuntv.letv.com/bcloud.html?uu=p7jnfw5hw9&vu=467623dedf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://yuntv.letv.com/bcloud.html?uu=p7jnfw5hw9&vu=467623dedfamd5u26450599afd64c513bc77030ad15db44ai
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://yuntv.letv.com/bcloud.html?uu=p7jnfw5hw9&vu=ec93197892&pu=2c7cd40209&auto_play=1&gpcflag=1&wi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: http://zpravy.idnes.cz/pes-zavreny-v-aute-rozbijeni-okynek-v-aute-fj5-/domaci.aspx?c=A150809_104116_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://%%s/%s_dctp_%s.m4v
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://%%s/%s_dctp_%s.m4vaextendaformat_iduhls-ucdn-segments.dctp.tvu/playlist.m3u8aprotocolam3u8_n
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://%s.com/anonymous
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://%s.com/anonymousuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://%s.jamendo.com/?trackid=%s&format=%s&from=app-97dab294
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://%s.jamendo.com/?trackid=%s&format=%s&from=app-97dab294aformat_idaextaqualitya_sort_formatsac
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://%s/%s/%sid/v1/%s/details/web-v1.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://%s/%s/%sid/v1/%s/details/web-v1.jsona_CONTENT_DOMAIN:nl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://%s/%s/w.a_parse_jsonabase64aurlsafe_b64decodeasplitT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://%s/ajax/movie/watch/%s/adataaurlencode_postdataaxEventuUIVideoPlayer.PingOutcomeaxJsonajsona
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://%s/hls/%s/index.m3u8
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://%s/hls/%s/index.m3u8amp4apreferenceam3u8_idw-ajoinafataluvideo/mp4aMP4T
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://%s/mp4/%s.mp4
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://%s/mp4/%s.mp4aformat_ida_sort_formatsT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://%sbeeg.com/api/v6/%s/video/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://%sbeeg.com/api/v6/%s/video/%safataluapi.avideoaitemsutoo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://a_extract_m3u8_formatsamp4am3u8_nativeam3u8_idafatalaf4ma_extract_f4m_formatsaf4m_idu./quali
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://abc.com/shows/the-rookie/episode-guide/season-02/03-the-bet
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://abc.com/shows/the-rookie/episode-guide/season-02/03-the-betainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://account.atresmedia.com/api/login
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://account.atresmedia.com/api/loginnuLogging
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://account.bbc.com/signin
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://account.bbc.com/signinabbca_NETRC_MACHINEL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://account.nicovideo.jp/api/v1/login
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://account.nicovideo.jp/api/v1/loginnanoteuLogging
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://accounts.eu1.gigya.com/accounts.login
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://accounts.eu1.gigya.com/accounts.loginnanoteuLogging
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://air.mozilla.org/privacy-lab-a-meetup-for-privacy-minded-people-in-san-francisco/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://air.mozilla.org/privacy-lab-a-meetup-for-privacy-minded-people-in-san-francisco/amd5u8d02f53
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://amfphp.indavideo.hu/SYm0json.php/player.playerHandler.getVideoData/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://amfphp.indavideo.hu/SYm0json.php/player.playerHandler.getVideoData/%sadataatitleagetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://andrei-bt.livejournal.com/video/album/407/?mode=view&id=51272
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://andrei-bt.livejournal.com/video/album/407/?mode=view&id=51272amd5aadaf018388572ced8a6f301ace
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://animemanga.popcorntv.it/guarda/food-wars-battaglie-culinarie-episodio-01/9183
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://animemanga.popcorntv.it/guarda/food-wars-battaglie-culinarie-episodio-01/9183amd5u47d65a48d1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api-cbc.cloud.clearleap.com/cloffice/client/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api-cbc.cloud.clearleap.com/cloffice/client/D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api-cbc.cloud.clearleap.com/cloffice/client/web/play/?contentId=3c84472a-1eea-4dee-9267-2655
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api-prod.ellentube.com/ellenapi/api/feed/?%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api-prod.ellentube.com/ellenapi/api/item/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api-prod.ellentube.com/ellenapi/api/item/%sa_extract_videoa_download_webpagea_extract_data_c
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api-prod.ellentube.com/ellenapi/api/item/0822171c-3829-43bf-b99f-d77358ae75e3
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api-prod.ellentube.com/ellenapi/api/item/0822171c-3829-43bf-b99f-d77358ae75e3amd5u2fabc27713
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.%s/embeddedVideoPlayer
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.%s/embeddedVideoPlayeraqueryaidaentry_iduentry_id
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.aebn.net/auth/v2/origins/authenticate
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.aebn.net/auth/v2/origins/authenticateanoteuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.aebn.net/content/v2/clips/%s?fields=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.aebn.net/content/v2/clips/%s?fields=%sw
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.aebn.net/delivery/v1/clips/%s/MP4
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.ardmediathek.de/public-gateway
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.ardmediathek.de/public-gatewayadataajsonadumpsaqueryu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.arte.tv/api/player/v1/collectionData/%s/%s?source=videos
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.arte.tv/api/player/v1/collectionData/%s/%s?source=videosT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.arte.tv/api/player/v1/config/%s/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.arte.tv/api/player/v1/config/%s/%sutoo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.atresplayer.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.byutv.org/api3/catalog/getvideosforcontent
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.byutv.org/api3/catalog/getvideosforcontentaqueryacontentidachannelabyutvux-byutv-context
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.camtube.co
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.camtube.coa_real_extractuCamTubeIE._real_extracta__orig_bases__uyoutube_dl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.clyp.it/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.clyp.it/%sT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.curiositystream.com/v1/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.curiositystream.com/v1/uCuriosityStreamBaseIE._handle_errorsuCuriosityStreamBaseIE._call
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.discovery.com/v1/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.discovery.com/v1/a_real_extractuDiscoveryIE._real_extracta__orig_bases__uyoutube_dl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.entitlement.watchabc.go.com/vp2/ws-secure/entitlement/2020/authorize.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.entitlement.watchabc.go.com/vp2/ws-secure/entitlement/2020/authorize.jsonadataaurlencode
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.flickr.com/services/rest?
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.frontendmasters.com/v1/kabuki
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.frontendmasters.com/v1/kabuki/video/a2qogef6ba
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.frontendmasters.com/v1/kabuki/video/a2qogef6baamd5u7f161159710d6b7016a4f4af6fcb05e2ainfo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.frontendmasters.com/v1/kabukiuhttps://frontendmasters.com/login/afrontendmastersa_NETRC_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.gfycat.com/v1/gfycats/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.gfycat.com/v1/gfycats/%suDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.hotstar.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.hotstar.com/aheadersahotstarauthux-country-codeaINux-platform-codeaJIOaqueryastatusCodea
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.ivi.ru/light/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.ivi.ru/light/L
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.loginradius.com/identity/v2/auth/login
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.loginradius.com/identity/v2/auth/loginuhttps://cloud-api.loginradius.com/sso/jwt/api/tok
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.nexx.cloud/v3/%s/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.nexx.cloud/v3/%s/%suDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.nexx.cloud/v3/%s/videos/byid/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.nexx.cloud/v3/%s/videos/byid/%sa_extract_urlslaint_or_noneatry_getu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.nexx.cloud/v3/741/videos/byid/247858
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.nexx.cloud/v3/741/videos/byid/247858ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.nexx.cloud/v3/748/videos/byid/128907
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.nexx.cloud/v3/748/videos/byid/128907amd5u31899fd683de49ad46f4ee67e53e83feainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.nexxcdn.com/v3/748/videos/byid/128907
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.nexxcdn.com/v3/748/videos/byid/128907aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.nhk.or.jp/nhkworld/%sod%slist/v7a/episode/%s/%s/all%s.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.noco.tv/1.1/%s?ts=%s&tk=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.nova.cz/bin/player/videojs/config.php
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.nova.cz/bin/player/videojs/config.phpasiteamedial
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.oreilly.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.oreilly.comanextla_download_json_handleT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.periscope.tv/api/v2/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.periscope.tv/api/v2/%saqueryagetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.picarto.tv/v1/channel/name/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.picarto.tv/v1/channel/name/agetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.playplus.tv/api/media/v2/get
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.playplus.tv/api/media/v2/getaheadersaAuthorizationuBearer
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.playplus.tv/api/web/login
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.playplus.tv/api/web/loginajsonadumpsaemailapasswordaencodeD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.redbull.tv/v3/products/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.redbull.tv/v3/products/anoteuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.redbull.tv/v3/session
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.redbull.tv/v3/sessionD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.reverbnation.com/song/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.reverbnation.com/song/%sanoteuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.steemit.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.steemit.com/adataajsonadumpsajsonrpcu2.0amethodaget_contentaparamsaencodearesultaloadsaj
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.vk.com/method/video.get
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.vk.com/method/video.getD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.vmh.univision.com/metadata/v1/content/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api.vmh.univision.com/metadata/v1/content/avideoMetadataaphotoVideoMetadataIPTCaenT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api2.fox.com/v2.0/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://api2.fox.com/v2.0/adataaheadersaExtractorErroracauseacompat_HTTPErroracodel
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://apib4.blinkx.com/api.php?action=play_video&
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://apib4.blinkx.com/api.php?action=play_video&uvideo=%sa_download_webpageajsonaloadsaapiaresult
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://app.curiositystream.com/collection/2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://app.curiositystream.com/collection/2ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://app.curiositystream.com/video/2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://app.curiositystream.com/video/2amd5u262bb2f257ff301115f1973540de8983ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://app.lecturio.com/#/course/c/6434
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://app.lecturio.com/#/course/c/6434aonly_matchingtuLecturioCourseIE._real_extractaLecturioDeCou
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://app.lecturio.com/#/lecture/c/%s/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://app.lecturio.com/#/lecture/c/%s/%saurl_resultaieaLecturioIEaie_keyavideo_idaplaylist_resultT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://app.lecturio.com/#/lecture/c/6434/39634
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://app.lecturio.com/#/lecture/c/6434/39634aonly_matchingta_TESTSD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://app.lecturio.com/api/en/latest/html5/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://app.lecturio.com/api/en/latest/html5/uhttps://app.lecturio.com/en/loginalecturioa_NETRC_MACH
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://app.lecturio.com/en/login
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://app.lecturio.com/medical-courses/important-concepts-and-terms-introduction-to-microbiology.l
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://app.lecturio.com/medical-courses/microbiology-introduction.course#/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://app.lecturio.com/medical-courses/microbiology-introduction.course#/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://app.pluralsight.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://app.pluralsight.com/id/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://app.pluralsight.com/id/a_NETRC_MACHINEL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://app.pluralsight.com/library/courses/understanding-microsoft-azure-amazon-aws/table-of-conten
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://app.pluralsight.com/player/user/api/v1/player/payload
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://app.pluralsight.com/player/user/api/v1/player/payloadadataaurlencode_postdataacourseIdaheade
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://app.pluralsight.com/player?course=ccna-intro-networking&author=ross-bagurdes&name=ccna-intro
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://app.pluralsight.com/training/player?course=angularjs-get-started&author=scott-allen&name=ang
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://app.pluralsight.comu%s/player/api/graphqlD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://apps.hkedcity.net
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://apps.hkedcity.neta_real_extractuHKETVIE._real_extracta__orig_bases__uyoutube_dl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://arc.nexx.cloud/api/video/%s.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://arc.nexx.cloud/api/video/%s.jsonD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://arc.nexx.cloud/api/video/128907.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://arc.nexx.cloud/api/video/128907.jsonaonly_matchingta_TESTSastaticmethoduNexxIE._extract_doma
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://archive.org/details/Cops1922
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://archive.org/details/Cops1922amd5u0869000b4ce265e8ca62738b336b268aainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://ardmediathek.de/ard/video/die-robuste-roswita/Y3JpZDovL2Rhc2Vyc3RlLmRlL3RhdG9ydC9mYmM4NGM1NC
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://ardmediathek.de/ard/video/saartalk/saartalk-gesellschaftsgift-haltung-gegen-hass/sr-fernsehe
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://assets.delvenetworks.com/player/loader.swf?channelListId=301b117890c4465c8179ede21fd92e2b
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://assets.delvenetworks.com/player/loader.swf?channelListId=301b117890c4465c8179ede21fd92e2baon
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://assets.delvenetworks.com/player/loader.swf?mediaId=8018a574f08d416e95ceaccae4ba0452
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://assets.delvenetworks.com/player/loader.swf?mediaId=8018a574f08d416e95ceaccae4ba0452aonly_mat
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://audioboom.com/posts/4279833-3-09-2016-czaban-hour-3?t=0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://audioboom.com/posts/4279833-3-09-2016-czaban-hour-3?t=0aonly_matchingta_TESTSa_real_extractu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://audioboom.com/posts/7398103-asim-chaudhry
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://audioboom.com/posts/7398103-asim-chaudhryamd5u7b00192e593ff227e6a315486979a42dainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://auth.gaia.com/v1/login
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://auth.gaia.com/v1/loginnadataaurlencode_postdataausernameapasswordT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://auth.roosterteeth.com/oauth/token
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://auth.roosterteeth.com/oauth/tokennuLogging
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://auth.univision.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://auth.univision.comu/api/v3/video-auth/url-signature-tokensamcpidsT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://auto.ndtv.com/videos/the-cnb-daily-october-13-2017-469935
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://auto.ndtv.com/videos/the-cnb-daily-october-13-2017-469935aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://autosalon.iprima.cz/motorsport/7-epizoda-1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://autosalon.iprima.cz/motorsport/7-epizoda-1aonly_matchingta_TESTSa_real_extractuIPrimaIE._rea
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://bandcamp.com/?blah/blah
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://bandcamp.com/?show=224
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://bandcamp.com/?show=224amd5ab00df799c733cf7e0c567ed187dea0fdainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://beatport.com/track/birds-original-mix/4991738
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://beatport.com/track/birds-original-mix/4991738amd5aa1fd8e8046de3950fd039304c186c05fainfo_dict
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://beatport.com/track/love-and-war-original-mix/3756896
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://beatport.com/track/love-and-war-original-mix/3756896amd5ae44c3025dfa38c6577fbaeb43da43514ain
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://beatport.com/track/synesthesia-original-mix/5379371
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://beatport.com/track/synesthesia-original-mix/5379371amd5ab3c34d8639a2f6a7f734382358478887ainf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://beeg.com/1277207756
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://beeg.com/1277207756aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://beeg.com/1941093077?t=911-1391
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://beeg.com/1941093077?t=911-1391aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://beeg.porn/5416503
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://beeg.porn/5416503aonly_matchingta_TESTSa_real_extractuBeegIE._real_extracta__orig_bases__uyo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://beeg.porn/video/5416503
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://beeg.porn/video/5416503aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://beta.ardmediathek.de/ard/video/Y3JpZDovL2Rhc2Vyc3RlLmRlL3RhdG9ydC9mYmM4NGM1NC0xNzU4LTRmZGYtY
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://beta.mixcloud.com/RedLightRadio/nosedrip-15-red-light-radio-01-18-2016/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://beta.mixcloud.com/RedLightRadio/nosedrip-15-red-light-radio-01-18-2016/aonly_matchingta_TEST
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://biqle.ru/watch/-115995369_456239081
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://biqle.ru/watch/-115995369_456239081amd5u97af5a06ee4c29bbf9c001bdb1cf5c06ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://broadband.espn.go.com/video/clip?id=18910086
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://broadband.espn.go.com/video/clip?id=18910086ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://brooklyn.gaia.com/media/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://brooklyn.gaia.com/media/aheadersa_extract_m3u8_formatsamediaUrlsabcHLSamp4a_sort_formatsatex
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://brooklyn.gaia.com/node/%d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://brooklyn.gaia.com/pathinfo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://brooklyn.gaia.com/pathinfoaqueryapathuvideo/aiduhttps://brooklyn.gaia.com/node/%dacompat_str
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://burgenland.orf.at/player/20200423/BGM
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://burgenland.orf.at/player/20200423/BGMaonly_matchingtaORFOOEIEuorf:oberoesterreichuRadio
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://c.y.qq.com/v8/fcg-bin/fcg_v8_singer_track_cp.fcg
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://c.y.qq.com/v8/fcg-bin/fcg_v8_singer_track_cp.fcgaqueryajsonainCharsetautf8aoutCharsetuutf-8a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://camtube.co/recording/minafay-030618-1136-chaturbate-female
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://camtube.co/recording/minafay-030618-1136-chaturbate-femaleainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cdn-ondemand.rtp.pt
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cdn-ondemand.rtp.ptapreferencel
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cdn.embedly.com/widgets/media.html?src=http%3A%2F%2Fwww.youtube.com%2Fembed%2Fvideoseries%3F
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cdn.espn.go.com/video/clip/_/id/19771774
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cdn.espn.go.com/video/clip/_/id/19771774aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cdn.jwplayer.com/players/nPripu9l-ALJ3XQCI.js
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cdn.jwplayer.com/players/nPripu9l-ALJ3XQCI.jsaonly_matchingta_TESTSastaticmethoda_extract_ur
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cdn.jwplayer.com/v2/media/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cdn.jwplayer.com/v2/media/a_parse_jwplayer_dataa__doc__a__file__a__spec__aoriginahas_locatio
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cdn.portal.restudy.dk/dynamic/themes/front/awsmedia/SmilDirectory/video_%s.xml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cdn.portal.restudy.dk/dynamic/themes/front/awsmedia/SmilDirectory/video_%s.xmla_sort_formats
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cdnapisec.kaltura.com/html5/html5lib/v2.30.2/mwEmbedFrame.php/p/1337/uiconf_id/20540612/entr
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cdnapisec.kaltura.com/html5/html5lib/v2.37.1/mwEmbedFrame.php
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cdnapisec.kaltura.com/html5/html5lib/v2.37.1/mwEmbedFrame.phpaKalturau%s/%suDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cdnapisec.kaltura.com/index.php/kwidget/wid/_557781/uiconf_id/22845202/entry_id/1_plr1syf3
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cdnapisec.kaltura.com/index.php/kwidget/wid/_557781/uiconf_id/22845202/entry_id/1_plr1syf3ao
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://channel9.msdn.com/Events/CPP/CppCon-2015/Ranges-for-the-Standard-Library
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://channel9.msdn.com/Events/CPP/CppCon-2015/Ranges-for-the-Standard-Libraryainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://channel9.msdn.com/Events/DEVintersection/DEVintersection-2016/RSS
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://channel9.msdn.com/Events/DEVintersection/DEVintersection-2016/RSSainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://channel9.msdn.com/Events/Speakers/scott-hanselman/RSS?UrlSafeName=scott-hanselman
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://channel9.msdn.com/Events/Speakers/scott-hanselman/RSS?UrlSafeName=scott-hanselmanaonly_match
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://channel9.msdn.com/Niners/Splendid22/Queue/76acff796e8f411184b008028e0d492b/RSS
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://channel9.msdn.com/Niners/Splendid22/Queue/76acff796e8f411184b008028e0d492b/RSSaonly_matching
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://channel9.msdn.com/odata
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://channel9.msdn.com/odatau?$select=Captions
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://charlierose.com/episodes/30887?autoplay=true
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://charlierose.com/episodes/30887?autoplay=trueaonly_matchingta_TESTSuhttps://charlierose.com/v
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://charlierose.com/video/player/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://charlierose.com/videos/27996
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://charlierose.com/videos/27996amd5afda41d49e67d4ce7c2411fd2c4702e09ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://charlierose.com/videos/27996aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://chaturbate.com/%s/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://chaturbate.com/%s/aheadersageo_verification_headersa_parse_jsona_search_regexuinitialRoomDos
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://chaturbate.com/fullvideo/?b=caylin
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://chaturbate.com/fullvideo/?b=caylinaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://chirb.it/fb_chirbit_player.swf?key=PrIPv5
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://chirb.it/fb_chirbit_player.swf?key=PrIPv5aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://chirb.it/wp/MN58c2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://chirb.it/wp/MN58c2aonly_matchingta_TESTSa_real_extractuChirbitIE._real_extracta__orig_bases_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cinema.popcorntv.it/guarda/smash-cut/10433
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cinema.popcorntv.it/guarda/smash-cut/10433aonly_matchingta_TESTSa_real_extractuPopcornTVIE._
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://ciscolive.cisco.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://ciscolive.cisco.com/on-demand-library/?#/session/1423353499155001FoSs
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://ciscolive.cisco.com/on-demand-library/?#/session/1423353499155001FoSsamd5ac98acf395ed9c9f766
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://ciscolive.cisco.com/on-demand-library/?search.event=ciscoliveus2018&search.technicallevel=sc
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://ciscolive.cisco.com/on-demand-library/?search.technology=scpsTechnology_applicationDevelopme
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://classic.ardmediathek.de/tv/Panda-Gorilla-Co/Panda-Gorilla-Co-Folge-274/Das-Erste/Video?bcast
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cloud-api.loginradius.com/sso/jwt/api/token
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cloudflarestream.com/31c9291ab41fac05471db4e73aa11717/manifest/video.mpd
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cloudflarestream.com/31c9291ab41fac05471db4e73aa11717/manifest/video.mpdaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://club.laola1.tv/sp/laola1/api/v3/user/session/premium/player/stream-access
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://club.laola1.tv/sp/laola1/api/v3/user/session/premium/player/stream-accessavideoIdaidatargetu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://clyp.it/b04p1odi?token=b0078e077e15835845c528a44417719d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://clyp.it/b04p1odi?token=b0078e077e15835845c528a44417719dainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://clyp.it/ojz2wfah
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://clyp.it/ojz2wfahamd5u1d4961036c41247ecfdcc439c0cddcbbainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cn.nowness.com/story/kasper-bjorke-ft-jaakko-eino-kalevi-tnr
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cn.nowness.com/story/kasper-bjorke-ft-jaakko-eino-kalevi-tnramd5ae79cf125e387216f86b2e0a5b5c
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cnn.iprima.cz/videa/70-epizoda
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cnn.iprima.cz/videa/70-epizodaainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cognito-identity.%s.amazonaws.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cognito-identity.%s.amazonaws.com/adataaheadersaAcceptu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://collegerama.tudelft.nl/Mediasite/Play/585a43626e544bdd97aeb71a0ec907a01d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://collegerama.tudelft.nl/Mediasite/Play/585a43626e544bdd97aeb71a0ec907a01damd5u481fda1c11f6758
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://collegerama.tudelft.nl/Mediasite/Play/86a9ea9f53e149079fbdb4202b521ed21d?catalog=fd32fd35-6c
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://collegerama.tudelft.nl/Mediasite/Showcase/livebroadcast/Presentation/ada7020854f743c49fbb45c
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cool.iprima.cz/derava-silnice-nevadi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cool.iprima.cz/derava-silnice-nevadiaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://courses.platzi.com/classes/1367-communication-codestream/13430-background/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://courses.platzi.com/classes/1367-communication-codestream/13430-background/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://courses.platzi.com/classes/communication-codestream/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://courses.platzi.com/classes/communication-codestream/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cu.ntv.co.jp/televiva-chill-gohan_181031/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://cu.ntv.co.jp/televiva-chill-gohan_181031/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://culturebox.francetvinfo.fr/opera-classique/musique-classique/c-est-baroque/concerts/cantates
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://curiositystream.com/series/2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://curiositystream.com/series/2aonly_matchingta_TESTSuCuriosityStreamCollectionIE._real_extract
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://curiositystream.com/video/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://curiositystream.com/video/aCuriosityStreamIEaie_keyaplaylist_resultT
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp	String found in binary or memory: https://curl.haxx.se/V
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp	String found in binary or memory: https://curl.haxx.se/docs/copyright.htmlD
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp	String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://d.tube/#
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://dce-frontoffice.imggaming.com/api/v2/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://dce-frontoffice.imggaming.com/api/v2/u857a1e5d-e35e-4fdf-805b-a87b6f8364bfD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://de.pornhub.com/playlist/4667351
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://de.pornhub.com/playlist/4667351aonly_matchingtaclassmethoduPornHubPagedVideoListIE.suitableu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://disneynow.com/shows/minnies-bow-toons/video/happy-campers/vdka4872013
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://disneynow.com/shows/minnies-bow-toons/video/happy-campers/vdka4872013aonly_matchingta_TESTST
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://dl.dropboxusercontent.com/u/29092637/interview.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://dl.dropboxusercontent.com/u/29092637/interview.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://dlive.tv/p/pdp
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://dlive.tv/p/pdpreplay
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://dms.redbull.tv/v3/%s/%s/playlist.m3u8
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://dms.redbull.tv/v3/%s/%s/playlist.m3u8amp4D
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp	String found in binary or memory: https://docs.python.org/
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp	String found in binary or memory: https://docs.python.org/%d.%d/libraryNr
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp	String found in binary or memory: https://docs.python.org/X.Y/library/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://doctor.ndtv.com/videos/top-health-stories-of-the-week-467396
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://doctor.ndtv.com/videos/top-health-stories-of-the-week-467396aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://dotsub.com/api/media/%s/metadata
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://dotsub.com/api/media/%s/metadataagetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://dotsub.com/view/747bcf58-bd59-45b7-8c8c-ac312d084ee6
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://dotsub.com/view/747bcf58-bd59-45b7-8c8c-ac312d084ee6u2bb4a83896434d5c26be868c609429a3u168006
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://dotsub.com/view/9c63db2a-fa95-4838-8e6e-13deafe47f09
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://dotsub.com/view/9c63db2a-fa95-4838-8e6e-13deafe47f09amd5u21c7ff600f545358134fea762a6d42b6u9c
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://dr-massive.com/drtv/se/bonderoeven_71769
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://dr-massive.com/drtv/se/bonderoeven_71769aonly_matchingta_TESTSa_real_extractuDRTVIE._real_ex
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://drive.google.com/file/d/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://drive.google.com/file/d/%sagroupT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://drive.google.com/file/d/0B-vUyvmDLdWDcEt4WjBqcmI2XzQ/view
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://drive.google.com/file/d/0B-vUyvmDLdWDcEt4WjBqcmI2XzQ/viewamd5abfbd670d03a470bb1e6d4a257adec1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://drive.google.com/file/d/0ByeS4oOUV-49Zzh4R1J6R09zazQ/edit?pli=1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://drive.google.com/file/d/0ByeS4oOUV-49Zzh4R1J6R09zazQ/edit?pli=1amd5u5c602afbbf2c1db91831f5d8
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://drive.google.com/file/d/1ENcQ_jeCuj7y19s66_Ou9dRP4GKGsodiDQ/edit
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://drive.google.com/file/d/1ENcQ_jeCuj7y19s66_Ou9dRP4GKGsodiDQ/editainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://drive.google.com/open?id=0B2fjwgkl1A_CX083Tkowdmt6d28
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://drive.google.com/open?id=0B2fjwgkl1A_CX083Tkowdmt6d28aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://drive.google.com/timedtext
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://drive.google.com/timedtextD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://drive.google.com/uc
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://drive.google.com/uc?id=0B2fjwgkl1A_CX083Tkowdmt6d28
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://drive.google.com/uc?id=0B2fjwgkl1A_CX083Tkowdmt6d28aonly_matchingta_TESTSD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://drive.google.com/ucaexportadownloadarequest_source_fileuGoogleDriveIE._real_extract.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://edge-graphql.crepo-production.redbullaws.com/v1/graphql
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://edge-graphql.crepo-production.redbullaws.com/v1/graphqlD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://edge.api.brightcove.com/playback/v1/accounts/%s/%ss/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://edge.api.brightcove.com/playback/v1/accounts/%s/%ss/%sT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://edge.sf.hitbox.tv
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://edge.sf.hitbox.tvT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://educourse.ga/Bootstrap-tutorials/Using-exercise-files/110885/114408-4.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://educourse.ga/Bootstrap-tutorials/Using-exercise-files/110885/114408-4.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://egghead.io/api/v1/lessons/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://egghead.io/api/v1/lessons/%saidatitleamedia_urlsaitemsutoo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://egghead.io/api/v1/lessons/react-add-redux-to-a-react-application
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://egghead.io/api/v1/lessons/react-add-redux-to-a-react-applicationaonly_matchingta_TESTSuEgghe
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://egghead.io/api/v1/series/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://egghead.io/api/v1/series/%s/lessons
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://egghead.io/api/v1/series/%s/lessonsuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://egghead.io/api/v1/series/%suDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://egghead.io/courses/professor-frisby-introduces-composable-functional-javascript
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://egghead.io/courses/professor-frisby-introduces-composable-functional-javascriptaplaylist_cou
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://egghead.io/lessons/javascript-linear-data-flow-with-container-style-types-box
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://egghead.io/lessons/javascript-linear-data-flow-with-container-style-types-boxainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://einthusan.ca/movie/watch/4E9n/?lang=hindi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://einthusan.ca/movie/watch/4E9n/?lang=hindiaonly_matchingta_TESTSuEinthusanIE._decrypta_real_e
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://einthusan.com/movie/watch/9097/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://einthusan.com/movie/watch/9097/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://einthusan.tv/movie/watch/51MZ/?lang=hindi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://einthusan.tv/movie/watch/51MZ/?lang=hindiaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://einthusan.tv/movie/watch/9097/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://einthusan.tv/movie/watch/9097/amd5aff0f7f2065031b8a2cf13a933731c035ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://embed.cloudflarestream.com/embed/we4g.fla9.latest.js?video=31c9291ab41fac05471db4e73aa11717
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://embed.cloudflarestream.com/embed/we4g.fla9.latest.js?video=31c9291ab41fac05471db4e73aa11717a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://embed.crooksandliars.com/embed/8RUoRhRi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://embed.crooksandliars.com/embed/8RUoRhRiainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://embed.life.ru/video/e50c2dec2867350528e2574c899b8291
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://embed.life.ru/video/e50c2dec2867350528e2574c899b8291aonly_matchingtuLifeEmbedIE._real_extrac
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://embed.nexx.cloud/11888/video/DSRTO7UVOX06S7
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://embed.nexx.cloud/11888/video/DSRTO7UVOX06S7aonly_matchingtuNexxEmbedIE._extract_urlsuNexxEmb
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://embed.rtl.nl/#uuid=84ae5571-ac25-4225-ae0c-ef8d9efb2aed/autoplay=false
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://embed.rtl.nl/#uuid=84ae5571-ac25-4225-ae0c-ef8d9efb2aed/autoplay=falseaonly_matchingta_TESTS
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://embed.videodelivery.net/embed/r4xu.fla9.latest.js?video=81d80727f3022488598f68d323c1ad5e
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://embed.videodelivery.net/embed/r4xu.fla9.latest.js?video=81d80727f3022488598f68d323c1ad5eaonl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://emocounter.hkedcity.net/handler.php
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://emocounter.hkedcity.net/handler.phpaget_emotionudata
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://en.chaturbate.com/siswet19/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://en.chaturbate.com/siswet19/aonly_matchingta_TESTSuRoom
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://en.support.wordpress.com/videopress/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://en.support.wordpress.com/videopress/D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://es.dplay.com/dmax/la-fiebre-del-oro/temporada-8-episodio-1/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://es.dplay.com/dmax/la-fiebre-del-oro/temporada-8-episodio-1/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://espn.go.com/video/iframe/twitter/?cms=espn&id=10365079
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://espn.go.com/video/iframe/twitter/?cms=espn&id=10365079aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://events.rainfocus.com/api/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://events.rainfocus.com/api/%saNa3vqYdAlJFSxhYTYQGuMbpafMqftalzaRAINFOCUS_API_PROFILE_IDan6l4Lo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://feed.entertainment.tv.theplatform.eu/f/PR1GhC/mediaset-prod-all-programs/guid/-/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://feed.entertainment.tv.theplatform.eu/f/PR1GhC/mediaset-prod-all-programs/guid/-/afatalafield
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://feed.theplatform.com/f/BKQ29B/foxsports-all?byId=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://feed.theplatform.com/f/BKQ29B/foxsports-all?byId=aThePlatformFeeda__doc__a__file__a__spec__a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://feedapi.b2c.on.aol.com/v1.0/app/videos/aolon/%s/details
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://feedapi.b2c.on.aol.com/v1.0/app/videos/aolon/%s/detailsaresponseastatusTextaOkaExtractorErro
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://feeds.rasset.ie/rteavgen/player/playlist?type=iptv&format=json&showId=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://feeds.rasset.ie/rteavgen/player/playlist?type=iptv&format=json&showId=uhttp://www.rte.ie/rte
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://feeds.video.aetnd.com/api/v2/history/videos
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://feeds.video.aetnd.com/api/v2/history/videosaqueryufilter
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://framatube.org/accounts/framasoft
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://framatube.org/accounts/framasoftuLes
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://framatube.org/video-channels/bf54d359-cfad-4935-9d45-9d6be93f63e8
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://framatube.org/video-channels/bf54d359-cfad-4935-9d45-9d6be93f63e8uAttribution
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://framatube.org/videos/watch/9c9de5e8-0a1e-484a-b099-e80766180a6d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://framatube.org/videos/watch/9c9de5e8-0a1e-484a-b099-e80766180a6damd5u9bed8c0137913e17b86334e5
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://freshlive.tv/satotv/74712
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://freshlive.tv/satotv/74712amd5u9f0cf5516979c4454ce982df3d97f352ainfo_dictu74712aextu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://friendship.nbc.co/v2/graphql
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://friendship.nbc.co/v2/graphqlaqueryuquery
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://front.njpwworld.com/auth
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://front.njpwworld.com/auth/login
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://front.njpwworld.com/auth/logina_real_initializeuNJPWWorldIE._real_initializeuNJPWWorldIE._lo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://front.njpwworld.com/authageturlareport_warningT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://frontendmasters.com/courses/web-development/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://frontendmasters.com/courses/web-development/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://frontendmasters.com/courses/web-development/tools
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://frontendmasters.com/courses/web-development/toolsainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://frontendmasters.com/login/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://fusion.tv/show/food-exposed-with-nelufar-hedayat/?ancla=full-episodes&video=588644
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://fusion.tv/show/food-exposed-with-nelufar-hedayat/?ancla=full-episodes&video=588644aonly_matc
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://galadriel.puhutv.com/seasons/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://galadriel.puhutv.com/seasons/%suDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://gatling.nelonenmedia.fi/media-xml-cache
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://gatling.nelonenmedia.fi/media-xml-cacheaqueryaidaextract_formatsuRuutuIE._real_extract.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://gem.cbc.ca/media/this-hour-has-22-minutes/season-26/episode-20/38e815a-0108c6c6a42
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://gem.cbc.ca/media/this-hour-has-22-minutes/season-26/episode-20/38e815a-0108c6c6a42aonly_matc
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://gfycat.com/acceptablehappygoluckyharborporpoise-baseball
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://gfycat.com/acceptablehappygoluckyharborporpoise-baseballaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://gfycat.com/gifs/detail/UnconsciousLankyIvorygull
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://gfycat.com/gifs/detail/UnconsciousLankyIvorygullaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://gfycat.com/ru/RemarkableDrearyAmurstarfish
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://gfycat.com/ru/RemarkableDrearyAmurstarfishaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://giant.gfycat.com/acceptablehappygoluckyharborporpoise.mp4
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://giant.gfycat.com/acceptablehappygoluckyharborporpoise.mp4aonly_matchingta_TESTSa_real_extrac
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://github.com/ytdl-org/youtube-dl/issues/9841#issuecomment-227871201
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://global-nvapis.line.me/linetv/rmcnmv/vod_play_videoInfo.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://global-nvapis.line.me/linetv/rmcnmv/vod_play_videoInfo.jsonaqueryavideoIdakeyastreamslu?__gd
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://globalcontent.corusappservices.com/templates/%s/playlist/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://globalcontent.corusappservices.com/templates/%s/playlist/aqueryabyIdaheadersD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://go.discovery.com/tv-shows/alaskan-bush-people/videos/follow-your-own-road
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://go.discovery.com/tv-shows/alaskan-bush-people/videos/follow-your-own-roadaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://go.discovery.com/tv-shows/cash-cab/videos/riding-with-matthew-perry
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://go.discovery.com/tv-shows/cash-cab/videos/riding-with-matthew-perryainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://graphigo.prd.dlive.tv/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://graphigo.prd.dlive.tv/adataajsonadumpsaqueryuquery
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://graphql.api.dailymotion.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://graphql.api.dailymotion.com/ajsonadumpsaqueryu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://graphql.api.dailymotion.com/oauth/token
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://graphql.api.dailymotion.com/oauth/tokennuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://hearthis.at/moofi/dr-kreep
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://hearthis.at/playlist.php
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://hearthis.at/playlist.phpuhttps://hearthis.at/moofi/dr-kreepamd5aab6ec33c8fed6556029337c7885e
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://hearthis.at/twitchsf/dj-jim-hopkins-totally-bitchin-80s-dance-mix/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://hearthis.at/twitchsf/dj-jim-hopkins-totally-bitchin-80s-dance-mix/u5980ceb7c461605d30f1f039d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://hitrecord.org/api/web/records/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://hitrecord.org/api/web/records/%satitleasource_urlamp4_urlatry_getu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://hitrecord.org/records/2954362
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://hitrecord.org/records/2954362amd5afe1cdc2023bce0bbb95c39c57426aa71ainfo_dictu2954362aextamp4
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://hitsmediaweb.h-its.org/mediasite/Play/2db6c271-681e-4f19-9af3-c60d1f82869b1d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://hitsmediaweb.h-its.org/mediasite/Play/2db6c271-681e-4f19-9af3-c60d1f82869b1daonly_matchingta
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://hitsmediaweb.h-its.org/mediasite/Play/2db6c271681e4f199af3c60d1f82869b1d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://hitsmediaweb.h-its.org/mediasite/Play/2db6c271681e4f199af3c60d1f82869b1dainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://host1.rjmusicmedia.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://host1.rjmusicmedia.coma_download_webpageareafindalluRJ
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://hrti.hrt.hr
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://hrti.hrt.hr/#/video/list/category/212/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://hrti.hrt.hr/#/video/list/category/212/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://hrti.hrt.hr/#/video/list/category/212/ekumena
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://hrti.hrt.hr/#/video/list/category/212/ekumenaainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://hrti.hrt.hr/#/video/show/2181385/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://hrti.hrt.hr/#/video/show/2181385/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://hrti.hrt.hr/#/video/show/2181385/republika-dokumentarna-serija-16-hd
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://hrti.hrt.hr/#/video/show/2181385/republika-dokumentarna-serija-16-hdainfo_dictu2181385urepub
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://hrti.hrt.hr/video/list/category/212/ekumena
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://hrti.hrt.hr/video/list/category/212/ekumenaaonly_matchingtuHRTiPlaylistIE._real_extractuyout
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://hrti.hrt.hr/video/show/3873068/cuvar-dvorca-dramska-serija-14
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://hrti.hrt.hr/video/show/3873068/cuvar-dvorca-dramska-serija-14aonly_matchingta_TESTSa_real_ex
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://html5-player.libsyn.com/embed/episode/id/3727166/height/75/width/200/theme/standard/directio
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://i.imgur.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://i.imgur.com/A61SaA1.gifv
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://i.imgur.com/A61SaA1.gifvainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://i.imgur.com/crGpqCV.mp4
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://i.imgur.com/crGpqCV.mp4aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://i.imgur.com/jxBXAMC.gifv
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://i.imgur.com/jxBXAMC.gifvaonly_matchingta_TESTSa_real_extractuImgurIE._real_extracta__orig_ba
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://i.kinja-img.com/gawker-media/image/upload/%s.%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://i.kinja-img.com/gawker-media/image/upload/%s.%sT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://ici.radio-canada.ca/info/videos/media-7527184/barack-obama-au-vietnam
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://ici.radio-canada.ca/info/videos/media-7527184/barack-obama-au-vietnamaonly_matchingtuRadioCa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://img.ardmediathek.de/standard/00/70/15/33/90/-1852531467/16x9/960?mandant=ard
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://img.ardmediathek.de/standard/00/70/15/33/90/-1852531467/16x9/960?mandant=ardatimestampq
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://imgur.com/A61SaA1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://imgur.com/A61SaA1aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://imgur.com/gallery/%s.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://imgur.com/gallery/%s.jsonadataaimageT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://imgur.com/gallery/YcAQlkx
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://imgur.com/gallery/YcAQlkxainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://instagram.com/explore/tags/lolcats
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://instagram.com/explore/tags/lolcatsainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://instagram.com/p/%s/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://instagram.com/p/%s/aieaInstagramIEaie_keyavideo_iduInstagramPlaylistIE._extract_graphql.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://instagram.com/p/-Cmh1cukG2/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://instagram.com/p/-Cmh1cukG2/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://instagram.com/p/aye83DjauH/?foo=bar#abc
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://instagram.com/p/aye83DjauH/?foo=bar#abcu0d2da106a9d2631273e192b372806516ainfo_dictaaye83Djau
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://instagram.com/porsche
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://instagram.com/porscheainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://instances.joinpeertube.org/instances
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://insulters.bandcamp.com/album/we-are-the-plague
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://insulters.bandcamp.com/album/we-are-the-plagueainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://itunes.apple.com/us/album/chunk-of-change-ep/id300087641
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://itunes.apple.com/us/post/idsa.4ab17a39-2720-11e5-96c5-a5b38f6c42d3
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://itunes.apple.com/us/post/idsa.4ab17a39-2720-11e5-96c5-a5b38f6c42d3amd5ae7c38568a01ea45402570
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://joinpeertube.org/fr/home/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://joinpeertube.org/fr/home/ainfo_dictD
Source: Mario Deluxe InstaII.exe	String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdline
Source: Mario Deluxe InstaII.exe, 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Mario Deluxe InstaII.exe, 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Mario Deluxe InstaII.exe, 00000003.00000000.254726059.0000000000401000.00000020.00020000.sdmp, Mario Deluxe InstaII.exe, 00000006.00000002.273279500.0000000000401000.00000020.00020000.sdmp	String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://jstrecords.bandcamp.com/album/entropy-ep
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://jstrecords.bandcamp.com/album/entropy-epainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kaernten.orf.at/player/20200423/KGUMO
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kaernten.orf.at/player/20200423/KGUMOaonly_matchingtaORFSBGIEuorf:salzburguRadio
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://khabar.ndtv.com/video/show/prime-time/prime-time-ill-system-and-poor-education-468818
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://khabar.ndtv.com/video/show/prime-time/prime-time-ill-system-and-poor-education-468818amd5u78
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=fb-10103303356633621
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=fb-10103303356633621aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=kinjavideo-100313
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=kinjavideo-100313aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=megaphone-PPY1300931075
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=megaphone-PPY1300931075aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=ooyala-xzMXhleDpopuT0u1ijt_qZj3Va-34pEX%2FZTIxYmJjZDM2NWYzZDV
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=soundcloud-128574047
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=soundcloud-128574047aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=soundcloud-playlist-317413750
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=soundcloud-playlist-317413750aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=tumblr-post-160130699814-daydreams-at-midnight
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=tumblr-post-160130699814-daydreams-at-midnightaonly_matchingt
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=twitch-stream-libratus_extra
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=twitch-stream-libratus_extraaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=twitter-1068875942473404422
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=twitter-1068875942473404422aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=ustream-channel-10414700
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=ustream-channel-10414700aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=vimeo-120153502
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=vimeo-120153502aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=vine-5BlvV5qqPrD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=vine-5BlvV5qqPrDaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=youtube-list-BCQ3KyrPjgA/PLE6509247C270A72E
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=youtube-list-BCQ3KyrPjgA/PLE6509247C270A72Eaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=youtube-video-00QyL0AgPAE
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/ajax/inset/iframe?id=youtube-video-00QyL0AgPAEaonly_matchingta_TESTST
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/api/core/video/views/videoById
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://kinja.com/api/core/video/views/videoByIdaqueryavideoIdadataatitleT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://krimi.iprima.cz/mraz-0/sebevrazdy
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://krimi.iprima.cz/mraz-0/sebevrazdyaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://lc-mediaplayerns-live-s.legocdn.com/public/%s/%s_%s_%s_%s_sub.srt
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://lc-mediaplayerns-live-s.legocdn.com/public/%s/%s_%s_%s_%s_sub.srtaidatitleadescriptionT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://learning.oreilly.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://learning.oreilly.com/accounts/login-check/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://learning.oreilly.com/accounts/login-check/nuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://learning.oreilly.com/accounts/login/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://learning.oreilly.com/accounts/login/a_LOGIN_URLasafaria_NETRC_MACHINEuhttps://learning.oreil
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://learning.oreilly.com/api/v1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://learning.oreilly.com/videos/hadoop-fundamentals-livelessons/9780133392838
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://learning.oreilly.com/videos/hadoop-fundamentals-livelessons/9780133392838/9780133392838-00_S
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://learning.oreilly.com/videos/hadoop-fundamentals-livelessons/9780133392838aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://learning.scte.org/course/view.php?id=3073
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://learning.scte.org/course/view.php?id=3073aonly_matchingtuSCTECourseIE._real_extractuyoutube_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://learning.scte.org/course/view.php?id=3639
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://learning.scte.org/course/view.php?id=3639aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://learning.scte.org/mod/scorm/view.php?id=31484
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://learning.scte.org/mod/scorm/view.php?id=31484ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://learning.scte.org/mod/subcourse/view.php?id=31491
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://learning.scte.org/mod/subcourse/view.php?id=31491aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://learning.scte.org/pluginfile.php/%s/mod_scorm/content/8/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://learning.scte.org/pluginfile.php/%s/mod_scorm/content/8/adecode_packed_codesu%smobile/data.j
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://lecture2go.uni-hamburg.de/veranstaltungen/-/v/17473
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://lecture2go.uni-hamburg.de/veranstaltungen/-/v/17473amd5aac02b570883020d208d405d5a3fd2f7fainf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://lenta.ru/news/2018/03/22/savshenko_go/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://lenta.ru/news/2018/03/22/savshenko_go/ainfo_dictaidu964400aextamp4atitleu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://licensing.jamendo.com/en/track/1496667/energetic-rock
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://licensing.jamendo.com/en/track/1496667/energetic-rockaonly_matchingta_TESTSa_real_extractuJa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://life.ru/t/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://life.ru/t/%D0%BD%D0%BE%D0%B2%D0%BE%D1%81%D1%82%D0%B8/153461
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://life.ru/t/%D0%BD%D0%BE%D0%B2%D0%BE%D1%81%D1%82%D0%B8/153461aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://link.brightcove.com/services/player/bcpid1722935254001/?bctid=5360463607001&autoStart=false&
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://link.theplatform.com/s/ip77QC/media/guid/%d/%s?mbr=true
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://link.theplatform.com/s/ip77QC/media/guid/%d/%s?mbr=trueuScrippsNetworksIE._real_extractuyout
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://linuxacademy.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://linuxacademy.com/cp/courses/lesson/course/1498/lesson/2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://linuxacademy.com/cp/courses/lesson/course/1498/lesson/2/module/154
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://linuxacademy.com/cp/courses/lesson/course/1498/lesson/2/module/154ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://linuxacademy.com/cp/courses/lesson/course/1498/lesson/2aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://linuxacademy.com/cp/login/tokenValidateLogin/token/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://linuxacademy.com/cp/login/tokenValidateLogin/token/%suDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://linuxacademy.com/cp/modules/view/id/154
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://linuxacademy.com/cp/modules/view/id/154ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://live.aliexpress.com/live/2800002704436634
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://live.aliexpress.com/live/2800002704436634amd5ae729e25d47c5e557f2630eaf99b740a5ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://live.libraries.psu.edu/Mediasite/Catalog/Full/8376d4b24dd1457ea3bfe4cf9163feda21
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://live.libraries.psu.edu/Mediasite/Catalog/Full/8376d4b24dd1457ea3bfe4cf9163feda21aonly_matchi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://live.philharmoniedeparis.fr
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://live.philharmoniedeparis.fr/embed/1098406/berlioz-fantastique-lelio-les-siecles-national-you
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://live.philharmoniedeparis.fr/embedapp/1098406/berlioz-fantastique-lelio-les-siecles-national-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://live.prd.dlive.tv/hls/live/%s.m3u8
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://live.prd.dlive.tv/hls/live/%s.m3u8a_live_titleauploaderais_liveT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://lnk.lt/all-images/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://lnk.lt/all-images/adurationaint_or_noneT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://lnk.lt/api/main/video-page/%s/%s/false
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://lnk.lt/api/main/video-page/%s/%s/falsew0avideoConfigavideoInfoacompat_straidatitleagetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://lnk.lt/video/neigalieji-tv-bokste/37413
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://lnk.lt/video/neigalieji-tv-bokste/37413aonly_matchingta_TESTSD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://login.afreecatv.com/afreeca/second_login.php
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://login.afreecatv.com/afreeca/second_login.phpl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://login.afreecatv.com/app/LoginAction.php
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://login.afreecatv.com/app/LoginAction.phpnuLogging
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://login.afreecatv.com/membership/changeMember.php
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://login.afreecatv.com/membership/changeMember.phpl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://login.globo.com/api/authentication
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://login.globo.com/api/authenticationnadataajsonadumpsapayloadaemailapasswordaserviceIdl.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://login.linuxacademy.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://login.linuxacademy.com/authorize
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://login.linuxacademy.com/authorizeuhttps://linuxacademy.comaKaWxNn1C2Gc7n83W9OFeXltd8Utb5vvxal
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://login.linuxacademy.com/login/callback
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://login.linuxacademy.com/login/callbacknuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://login.linuxacademy.com/usernamepassword/login
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://login.linuxacademy.com/usernamepassword/loginnuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://login.linuxacademy.comaRefereraExtractorErroracauseacompat_HTTPErroracodel
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://love.iprima.cz/laska-az-za-hrob/slib-dany-bratrovi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://love.iprima.cz/laska-az-za-hrob/slib-dany-bratroviaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://m.ok.ru/dk?st.cmd=movieLayer&st.discId=863789452017&st.retLoc=friend&st.rtu=%2Fdk%3Fst.cmd%3
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://m.pornerbros.com/videos/skinny-brunette-takes-big-cock-down-her-anal-hole_181369
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://m.pornerbros.com/videos/skinny-brunette-takes-big-cock-down-her-anal-hole_181369aonly_matchi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://m.porntube.com/videos/teen-couple-doing-anal_7089759
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://m.porntube.com/videos/teen-couple-doing-anal_7089759aonly_matchingtuPornTubeIE._real_extract
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp, namang.exe, 00000012.00000003.520105262.00000000050E0000.00000004.00000001.sdmp	String found in binary or memory: https://mahler:8092/site-updates.py
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://massengeschmack.tv/play/fktv202
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://massengeschmack.tv/play/fktv202amd5aa9e054db9c2b5a08f0a0527cc201e8d3ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://medaudio.medicine.iu.edu/Mediasite/Catalog/Full/9518c4a6c5cf4993b21cbd53e828a92521/97a9db45f
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://media-services-public.vrt.be/vualto-video-aggregator-web/rest/external/v1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://media-services-public.vrt.be/vualto-video-aggregator-web/rest/external/v1a_real_extractuCanv
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://media.ccc.de/c/30c3
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://media.ccc.de/c/30c3ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://media.ccc.de/public/conferences/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://media.ccc.de/public/conferences/aeventsaurl_or_noneT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://media.ccc.de/public/events/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://media.ccc.de/public/events/%sagetarecordingsT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://media.ccc.de/v/30C3_-_5443_-_en_-_saal_g_-_201312281830_-_introduction_to_processor_design_-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://media.ccc.de/v/32c3-7368-shopshifting#download
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://media.ccc.de/v/32c3-7368-shopshifting#downloadaonly_matchingta_TESTSa_real_extractuCCCIE._re
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://media.cms.nova.cz/embed/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://media.cms.nova.cz/embed/%saie_keyaNovaEmbedIEadescriptionaupload_dateL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://media.cms.nova.cz/embed/8o0n0r?autoplay=1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://media.cms.nova.cz/embed/8o0n0r?autoplay=1amd5aee009bafcc794541570edd44b71cbea3ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://media.joj.sk/embed/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://media.joj.sk/embed/%sa_search_regexT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://media.joj.sk/embed/9i1cxv
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://media.joj.sk/embed/9i1cxvaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://media.joj.sk/embed/a388ec4c-6019-4a4a-9312-b1bee194e932
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://media.joj.sk/embed/a388ec4c-6019-4a4a-9312-b1bee194e932ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://media.joj.sk/services/Video.php?clip=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://media.joj.sk/services/Video.php?clip=%safindallT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://media.loc.gov/services/v1/media?id=%s&context=json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://media.loc.gov/services/v1/media?id=%s&context=jsonamediaObjectaderivativesladerivativeUrlage
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mediahub.rice.edu/api/player/GetPlayerConfig
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mediahub.rice.edu/api/player/GetPlayerConfigatemporaryLinkIdadimensionsasplitT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mediahub.rice.edu/api/portal/GetContentTitle
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mediahub.rice.edu/api/portal/GetContentTitleaqueryaportalIdaplaylistIdacontentIdaxpath_eleme
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mediahub.rice.edu/app/Portal/video.aspx?PortalID=25ffd62c-3d01-4b29-8c70-7c94270efb3e&Destin
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mediasite.ntnu.no/Mediasite/Showcase/default/Presentation/7d8b913259334b688986e970fae6fcb31d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mediazone.vrt.be/api/v1/%s/assets/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mediazone.vrt.be/api/v1/%s/assets/%suDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mediazone.vrt.be/api/v1/canvas/assets/mz-ast-5e5f90b6-2d72-4c40-82c2-e134f884e93e
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mediazone.vrt.be/api/v1/canvas/assets/mz-ast-5e5f90b6-2d72-4c40-82c2-e134f884e93eaonly_match
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mediazone.vrt.be/api/v1/ketnet/assets/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mediazone.vrt.be/api/v1/ketnet/assets/%saCanvasIEaie_keyavideo_idatitleT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mediazone.vrt.be/api/v1/ketnet/assets/md-ast-4ac54990-ce66-4d00-a8ca-9eac86f4c475
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mediazone.vrt.be/api/v1/ketnet/assets/md-ast-4ac54990-ce66-4d00-a8ca-9eac86f4c475amd5u68993e
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mediazone.vrt.be/api/v1/vrtvideo/assets/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mediazone.vrt.be/api/v1/vrtvideo/assets/%saseason_numbera__doc__a__file__a__spec__aoriginaha
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://member.afreecatv.com/app/pop_login_block.php
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://member.afreecatv.com/app/pop_login_block.phpl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://member.afreecatv.com/app/user_delete_progress.php
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://member.afreecatv.com/app/user_delete_progress.phpl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://member.afreecatv.com/app/user_security.php
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://member.afreecatv.com/app/user_security.phpluThe
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://milo.yiannopoulos.net/2017/06/concealed-carry-robbery/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://milo.yiannopoulos.net/2017/06/concealed-carry-robbery/D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mimir.nrk.no/plugin/1.0/static?mediaId=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mimir.nrk.no/plugin/1.0/static?mediaId=%su
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mixer.com/api/v1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mixer.com/api/v1D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mixer.com/streamer?vod=IxFno1rqC0S_XJ1a2yGgNw
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mixer.com/streamer?vod=IxFno1rqC0S_XJ1a2yGgNwaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mixer.com/streamer?vod=Rh3LY0VAqkGpEQUe2pN-ig
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mixer.com/streamer?vod=Rh3LY0VAqkGpEQUe2pN-igaonly_matchingta_TESTSastaticmethoduBeamProVodI
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mixer.com/willow8714?vod=2259830
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mixer.com/willow8714?vod=2259830amd5ab2431e6e8347dc92ebafb565d368b76bu2259830uwillow8714
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mobile.france.tv/france-5/c-dans-l-air/137347-emission-du-vendredi-12-mai-2017.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mobile.france.tv/france-5/c-dans-l-air/137347-emission-du-vendredi-12-mai-2017.htmlaonly_mat
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://msite.misis.ru/Mediasite/Catalog/catalogs/2016-industrial-management-skriabin-o-o
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://msite.misis.ru/Mediasite/Catalog/catalogs/2016-industrial-management-skriabin-o-oaonly_match
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://my.mail.ru
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://my.mail.ru/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://my.mail.ru//list//sinyutin10/video/_myvideo/4.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://my.mail.ru//list//sinyutin10/video/_myvideo/4.htmlaonly_matchingta_TESTSa_real_extractuMailR
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://my.mail.ru//list/sinyutin10/video/_myvideo/4.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://my.mail.ru//list/sinyutin10/video/_myvideo/4.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://my.mail.ru/cgi-bin/my/ajax
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://my.mail.ru/cgi-bin/my/ajaxuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://my.mail.ru/music/search/black%20shadow
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://my.mail.ru/music/search/black%20shadowainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://my.mail.ru/music/songs/%D0%BC8%D0%BB8%D1%82%D1%85-l-a-h-luciferian-aesthetics-of-herrschaft-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://my.mail.ru/video/embed/7949340477499637815
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://my.mail.ru/video/embed/7949340477499637815aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://my.mail.ruT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mychannels.com/missholland/miss-holland?production_id=3416
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://mychannels.com/missholland/miss-holland?production_id=3416amd5ab8993daad4262dd68d89d651c0c52
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://myspace.com/fiveminutestothestage/video/little-big-town/109594919
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://myspace.com/fiveminutestothestage/video/little-big-town/109594919amd5u9c1483c106f4a695c47d29
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://myspace.com/killsorrow/music/album/the-demo-18596029
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://myspace.com/killsorrow/music/album/the-demo-18596029ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://myspace.com/killsorrow/music/song/of-weakened-soul...-93388656-103880681
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://myspace.com/killsorrow/music/song/of-weakened-soul...-93388656-103880681amd5u1d7ee4604a3da22
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://myspace.com/starset2/music/album/transmissions-19455773
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://myspace.com/starset2/music/album/transmissions-19455773ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://myspace.com/starset2/music/song/first-light-95799905-106964426
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://myspace.com/starset2/music/song/first-light-95799905-106964426aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://myspace.com/thelargemouthbassband/music/song/02-pure-eyes.mp3-94422330-105113388
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://myspace.com/thelargemouthbassband/music/song/02-pure-eyes.mp3-94422330-105113388aonly_matchi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://myspace.com/threedaysgrace/music/song/animal-i-have-become-28400208-28218041
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://myspace.com/threedaysgrace/music/song/animal-i-have-become-28400208-28218041ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://ndtvod.bc-ssl.cdn.bitgravity.com/23372/ndtv/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://ndtvod.bc-ssl.cdn.bitgravity.com/23372/ndtv/alstripT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://new.livestream.com/accounts/362/events/3557232/videos/67864563/player?autoPlay=false&height=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://new.vk.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://nhkworld-vh.akamaihd.net/i%s/master.m3u8
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://nieuws.vtm.be/stadion/stadion/genk-nog-moeilijk-programma
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://nieuws.vtm.be/stadion/stadion/genk-nog-moeilijk-programmaaonly_matchingta_TESTSa_real_initia
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://njpwworld.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://njpwworld.com/nD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://nm.reddit.com/r/Cricket/comments/8idvby/lousy_cameraman_finds_himself_in_cairns_line_of/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://nm.reddit.com/r/Cricket/comments/8idvby/lousy_cameraman_finds_himself_in_cairns_line_of/aonl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://noco.tv/do.php
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://noco.tv/do.phpuhttps://api.noco.tv/1.1/%s?ts=%s&tk=%su&sub_lang=%sanocoa_NETRC_MACHINEL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://noe.orf.at/player/20200423/NGM
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://noe.orf.at/player/20200423/NGMaonly_matchingtaORFWIEIEuorf:wienuRadio
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://novaplus.nova.cz/porad/ulice/epizoda/18760-2180-dil
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://novaplus.nova.cz/porad/ulice/epizoda/18760-2180-dilainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://npo.nl/KN_1698996
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://npo.nl/KN_1698996aonly_matchingta_TESTSaclassmethoduNPOIE.suitablea_real_extractuNPOIE._real
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://oe3.orf.at/player/20200424/3WEK
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://oe3.orf.at/player/20200424/3WEKaonly_matchingtaORFOE1IEuorf:oe1uRadio
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://ok.ru/video/954886983203
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://ok.ru/video/954886983203aonly_matchingta_TESTSastaticmethoda_extract_urluOdnoklassnikiIE._ex
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://old.reddit.com/r/MadeMeSmile/comments/6t7wi5/wait_for_it/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://old.reddit.com/r/MadeMeSmile/comments/6t7wi5/wait_for_it/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://olympics.cbc.ca/api/api-akamai/tokenize
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://olympics.cbc.ca/api/api-akamai/tokenizeaVideoSourceuContent-Typeuapplication/jsonaRefereraCo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://olympics.cbc.ca/video/whats-on-tv/olympic-morning-featuring-the-opening-ceremony/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://olympics.cbc.ca/video/whats-on-tv/olympic-morning-featuring-the-opening-ceremony/aonly_match
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://olympics.cbc.ca/videodata/%s.xml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://olympics.cbc.ca/videodata/%s.xmlakindaLivea_live_titleT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://ondemand.npr.org/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://ondemand.npr.org/a__doc__a__file__a__spec__aoriginahas_locationa__cached__aunicode_literalsa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://one.ard.de/tv/Mord-mit-Aussicht/Mord-mit-Aussicht-6-39-T%C3%B6dliche-Nach/ONE/Video?bcastId=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://onet100.vod.pl/k/openerfestival
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://onet100.vod.pl/k/openerfestival/open-er-festival-2016-najdziwniejsze-wymagania-gwiazd/qbpyqc
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://onet100.vod.pl/k/openerfestivalaonly_matchingtuOnetChannelIE._real_extractaOnetPlIEuhttps?:/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://ooe.orf.at/player/20200423/OGMO
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://ooe.orf.at/player/20200423/OGMOaonly_matchingtaORFSTMIEuorf:steiermarkuRadio
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://openclassrooms.com/courses/understanding-the-web
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://openclassrooms.com/courses/understanding-the-webamd5u64d86f1c7d369afd9a78b38cbb88d80aainfo_d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://original.livestream.com/newplay/folder?dirId=a07bf706-d0e4-4e75-a747-b021d84f2fd3
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://original.livestream.com/newplay/folder?dirId=a07bf706-d0e4-4e75-a747-b021d84f2fd3ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://ott-widget.kinopoisk.ru/v1/kp/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://ott-widget.kinopoisk.ru/v1/kp/aqueryakpIda_parse_jsona_search_regexu(?s)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://out.pladform.ru/player?pl=64471&videoid=3777899&vk_puid15=0&vk_puid34=0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://out.pladform.ru/player?pl=64471&videoid=3777899&vk_puid15=0&vk_puid34=0amd5u53362fac3a27352d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://p-you-backwerk.rtl2apps.de/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://p-you-backwerk.rtl2apps.de/aRTL2YouIEurtl2:youuhttp?://you
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.360437773.0000000005A75000.00000004.00000001.sdmp	String found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://pcweb.api.mgtv.com/player/getSource
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://pcweb.api.mgtv.com/player/getSourceapm2aatcastream_domainlastreamutoo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://pcweb.api.mgtv.com/player/video
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://pcweb.api.mgtv.com/player/videoaqueryatk2abase64aurlsafe_b64encodecdid=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://peertube.tamanoir.foucry.net/videos/watch/0b04f13d-1e18-4f1d-814e-4979aa7c9c44
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://peertube.tamanoir.foucry.net/videos/watch/0b04f13d-1e18-4f1d-814e-4979aa7c9c44aonly_matching
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://picarto.tv/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://picarto.tv/%saage_limitaformatsathumbnailsaweba_match_ida_download_webpagea_parse_jsona_sear
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://picarto.tv/Setz
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://picarto.tv/Setzainfo_dictaSetzaexture:
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://picarto.tv/process/channel
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://picarto.tv/process/channeladataaurlencode_postdataaloadbalancinginfoanoteuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://picarto.tv/videopopout/ArtofZod_2017.12.12.00.13.23.flv
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://picarto.tv/videopopout/ArtofZod_2017.12.12.00.13.23.flvamd5u3ab45ba4352c52ee841a28fb73f2d9ca
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://picarto.tv/videopopout/Plague
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://picarto.tv/videopopout/Plagueaonly_matchingta_TESTSuPicartoVodIE._real_extractuyoutube_dl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://platform.fusion.net/wp-json/fusiondotnet/v1/video/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://platform.fusion.net/wp-json/fusiondotnet/v1/video/aidatitleadescriptionagetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://platzi.com/clases/1311-next-js/12074-creando-nuestra-primera-pagina/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://platzi.com/clases/1311-next-js/12074-creando-nuestra-primera-pagina/amd5u8f56448241005b561c1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://platzi.com/clases/next-js/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://platzi.com/clases/next-js/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://platzi.com/login/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://platzi.com/login/aplatzia_NETRC_MACHINEa_real_initializeuPlatziBaseIE._real_initializeuPlatz
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://play.arkena.com/config/avp/v2/player/media/%s/0/%s/?callbackMethod=_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://play.arkena.com/config/avp/v2/player/media/%s/0/%s/?callbackMethod=_atransform_sourceastrip_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://play.arkena.com/config/avp/v2/player/media/b41dda37-d8e7-4d3f-b1b5-9a9db578bdfe/1/129411/?ca
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://play.arkena.com/embed/avp/v2/player/media/b41dda37-d8e7-4d3f-b1b5-9a9db578bdfe/1/129411
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://play.arkena.com/embed/avp/v2/player/media/b41dda37-d8e7-4d3f-b1b5-9a9db578bdfe/1/129411amd5a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=com.gameloft.android.ANMP.GloftA8HM
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=com.gameloft.android.ANMP.GloftA8HMainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://player.bfi.org.uk/free/film/watch-computer-doctor-1974-online
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://player.bfi.org.uk/free/film/watch-computer-doctor-1974-onlineamd5ae8783ebd8e061ec4bc6e9501ed
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://player.cnevids.com/inline/video/%s.js
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://player.cnevids.com/inline/video/%s.jsuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://player.cnevids.com/inline/video/59138decb57ac36b83000005.js?target=js-cne-player
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://player.cnevids.com/inline/video/59138decb57ac36b83000005.js?target=js-cne-playeraonly_matchi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://player.mangomolo.com/v1/%s?%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://player.mangomolo.com/v1/%s?%sa_TYPEasplitT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://player.megaphone.fm/GLT9749789991?
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://player.ooyala.com/player.js?externalId=espn:10365079&pcode=1kNG061cgaoolOncv54OAO1ceO-I&adSe
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://player.pbs.org/partnerplayer/tOz9tM5ljOXQqIIWke53UA==/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://player.pbs.org/partnerplayer/tOz9tM5ljOXQqIIWke53UA==/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://player.pbs.org/portalplayer/3004638221/?uid=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://player.pbs.org/portalplayer/3004638221/?uid=aonly_matchingta_TESTSD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://player.piksel.com/v/refid/nhkworld/prefid/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://player.piksel.com/v/refid/nhkworld/prefid/avod_idaaudioa_extract_m3u8_formatsuhttps://nhkwor
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://player.piksel.com/v/v80kqp41
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://player.piksel.com/v/v80kqp41amd5u753ddcd8cc8e4fa2dda4b7be0e77744dainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://player.vgtrk.com/flash2v/container.swf?id=774016&sid=russiatv&fbv=true&isPlay=true&ssl=false
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://player.vimeo.com/video/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://player.vimeo.com/video/%saieaie_keyavideo_idaRayWenderlichIEasuitableaRayWenderlichCourseIEa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://player.zype.com/embed/%s.js?api_key=jZ9GUhRmxcPvX7M3SlfejB6Hle9jyHTdk2jVxG7wOHPLODgncEKVdPYB
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://players.brightcove.net/1752604059001/S13cJdUBz_default/index.html?playlistId=5718313430001
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://players.brightcove.net/1752604059001/S13cJdUBz_default/index.html?playlistId=5718313430001ai
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://plays.tv/embeds/56af17f56c95335490
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://plays.tv/embeds/56af17f56c95335490aonly_matchingta_TESTSa_real_extractuPlaysTVIE._real_extra
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://plays.tv/video/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://plays.tv/video/%sa_search_json_ldareasearchu(?s)
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://plays.tv/video/56af17f56c95335490/when-you-outplay-the-azir-wall
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://plays.tv/video/56af17f56c95335490/when-you-outplay-the-azir-wallamd5adfeac1198506652b5257a62
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://plus.google.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://plus.google.com/a_search_regexu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://plus.google.com/u/0/108897254135232129896/posts/ZButuJc6CtH
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://plus.google.com/u/0/108897254135232129896/posts/ZButuJc6CtHainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://popcorntimes.tv/de/m/A1XCFvz/haensel-und-gretel-opera-fantasy
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://popcorntimes.tv/de/m/A1XCFvz/haensel-und-gretel-opera-fantasyamd5u93f210991ad94ba8c3485950a2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://portal.restudy.dk/video/leiden-frosteffekt/id/1637
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://portal.restudy.dk/video/leiden-frosteffekt/id/1637aonly_matchingta_TESTSa_real_extractuRestu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://prima.iprima.cz/my-little-pony/mapa-znameni-2-2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://prima.iprima.cz/my-little-pony/mapa-znameni-2-2aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://prima.iprima.cz/particka/92-epizoda
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://prima.iprima.cz/particka/92-epizodaainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://prima.iprima.cz/porady/jak-se-stavi-sen/rodina-rathousova-praha
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://prima.iprima.cz/porady/jak-se-stavi-sen/rodina-rathousova-prahaaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://prod-api-funimationnow.dadcdigital.com/api/auth/login/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://prod-api-funimationnow.dadcdigital.com/api/auth/login/nuLogging
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://proxy-base.master.mango.express/graphql
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://proxy-base.master.mango.express/graphqladataajsonadumpsaqueryu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://puhutv.com/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://puhutv.com/%s-izle
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://puhutv.com/%s-izlea__doc__a__file__a__spec__aoriginahas_locationa__cached__aunicode_literals
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://puhutv.com/%saieaPuhuTVIEaie_keyavideo_idavideo_titleT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://puhutv.com/api/assets/%s/videos
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://puhutv.com/api/assets/%s/videosuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://puhutv.com/deniz-yildizi-detay
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://puhutv.com/deniz-yildizi-detayainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://puhutv.com/dip-1-bolum-izle
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://puhutv.com/dip-1-bolum-izleaonly_matchingta_TESTSD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://puhutv.com/jet-sosyete-1-bolum-izle
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://puhutv.com/jet-sosyete-1-bolum-izleaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://puhutv.com/kaybedenler-kulubu-detay
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://puhutv.com/kaybedenler-kulubu-detayaonly_matchingtuPuhuTVSerieIE._real_extractuyoutube_dl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://puhutv.com/sut-kardesler-izle
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://puhutv.com/sut-kardesler-izleamd5aa347470371d56e1585d1b2c8dab01c96ainfo_dictu5085usut-kardes
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://radio.nrk.no/direkte/p1_oslo_akershus
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://radio.nrk.no/direkte/p1_oslo_akershusaonly_matchingtaNRKPlaylistBaseIEuNRKPlaylistBaseIE._ex
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://radio.nrk.no/serie/dagsnytt/NPUB21019315/12-07-2015#
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://radio.nrk.no/serie/dagsnytt/NPUB21019315/12-07-2015#aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://raw.githubusercontent.com/pyvideo/data/master/%s/videos/%s.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://raw.githubusercontent.com/pyvideo/data/master/%s/videos/%s.jsonD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://relapsealumni.bandcamp.com/track/hail-to-fire
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://relapsealumni.bandcamp.com/track/hail-to-fireamd5afec12ff55e804bb7f7ebeb77a800c8b7ainfo_dict
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://resources.redbull.tv/%s/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://resources.redbull.tv/%s/%saextT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://rmcdecouverte.bfmtv.com/mediaplayer-direct/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://rmcdecouverte.bfmtv.com/mediaplayer-direct/aonly_matchingta_TESTSuhttp://players.brightcove.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://rmcdecouverte.bfmtv.com/wheeler-dealers-occasions-a-saisir/program_2566/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://rmcdecouverte.bfmtv.com/wheeler-dealers-occasions-a-saisir/program_2566/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://roomimg.stream.highwebmedia.com/ri/%s.jpg
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://roomimg.stream.highwebmedia.com/ri/%s.jpgaage_limita_rta_searchais_liveaformatsawebpageu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://roosterteeth.com/watch/million-dollars-but-season-2-million-dollars-but-the-game-announcemen
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://rutube.ru/play/embed/10631925?p=IbAigKqWd1do4mjaM5XLIQ
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://rutube.ru/play/embed/10631925?p=IbAigKqWd1do4mjaM5XLIQaonly_matchingtuRutubeEmbedIE._real_ex
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://rutube.ru/video/10b3a03fc01d5bbcc632a2f3514e8aab/?pl_id=4252&pl_type=source
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://rutube.ru/video/10b3a03fc01d5bbcc632a2f3514e8aab/?pl_id=4252&pl_type=sourceaonly_matchingtuh
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://rutube.ru/video/10b3a03fc01d5bbcc632a2f3514e8aab/?pl_type=source
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://rutube.ru/video/10b3a03fc01d5bbcc632a2f3514e8aab/?pl_type=sourceaonly_matchingta_TESTSaclass
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://rutube.ru/video/cecd58ed7d531fc0f3d795d51cee9026/?pl_id=3097&pl_type=tag
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://rutube.ru/video/cecd58ed7d531fc0f3d795d51cee9026/?pl_id=3097&pl_type=tagainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://s3.amazonaws.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://s3.amazonaws.com/a_sort_formatsadescriptionT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://salzburg.orf.at/player/20200423/SGUM
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://salzburg.orf.at/player/20200423/SGUMaonly_matchingtaORFTIRIEuorf:tiroluRadio
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://schema.org/ImageObject
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://secure.id.fc2.com/index.php?mode=login&switch_language=en
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://secure.id.fc2.com/index.php?mode=login&switch_language=ena_download_webpageD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://service.rtl2.de/api-player-vipo/video.php
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://service.rtl2.de/api-player-vipo/video.phpaqueryavideoatitelagetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://services.packtpub.com/auth-v1/users/tokens
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://services.packtpub.com/auth-v1/users/tokensnuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://services.packtpub.com/products-v1/products/%s/%s/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://services.packtpub.com/products-v1/products/%s/%s/%suDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://services.radio-canada.ca/media/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://services.radio-canada.ca/media/aqueryaExtractorErroracauseacompat_HTTPErroracodeT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://services.slingshot.lego.com/mediaplayer/v2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://services.slingshot.lego.com/mediaplayer/v2aqueryavideoIdu%s_%sauuidaUUIDaheadersageo_verific
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://sivideo.webservices.francetelevisions.fr/tools/getInfosOeuvre/v2/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://sivideo.webservices.francetelevisions.fr/tools/getInfosOeuvre/v2/?idDiffusion=162311093&call
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://sivideo.webservices.francetelevisions.fr/tools/getInfosOeuvre/v2/?idDiffusion=NI_1004933&cat
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://sivideo.webservices.francetelevisions.fr/tools/getInfosOeuvre/v2/uDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://sk.mall.tv/gejmhaus/reklamacia-nehreje-vyrobnik-tepla-alebo-spekacka
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://sk.mall.tv/gejmhaus/reklamacia-nehreje-vyrobnik-tepla-alebo-spekackaaonly_matchingta_TESTSa_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://skiplagged.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://skiplagged.com/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://slowtv.playtvak.cz/zive-sledujte-vlaky-v-primem-prenosu-dwi-/hlavni-nadrazi.aspx?c=A151218_1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://sport.francetvinfo.fr/les-jeux-olympiques/retour-sur-les-meilleurs-moments-de-pyeongchang-20
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://sports.ndtv.com/cricket/videos/2nd-t20i-rock-thrown-at-australia-cricket-team-bus-after-win-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://start-player.npo.nl/video/%s/streams
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://start-player.npo.nl/video/%s/streamsuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://static.packt-cdn.com/products/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://static.packt-cdn.com/products/a__orig_bases__uhttps?://(?:(?:www
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://static.rtl.nl/embed/?uuid=1a2970fc-5c0b-43ff-9fdc-927e39e6d1bc&autoplay=false&publicatiepunt
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://static3.mediasetplay.mediaset.it/player/index.html?appKey=5ad3966b1de1c4000d5cec48&programGu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://steiermark.orf.at/player/20200423/STGMS
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://steiermark.orf.at/player/20200423/STGMSaonly_matchingtaORFKTNIEuorf:kaerntenuRadio
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://streaming.ivideon.com/flv/live?%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://streaming.ivideon.com/flv/live?%sacompat_urllib_parse_urlencodeaserveracameraasessionIdademo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://streetkitchen.hu/receptek/igy_kell_otthon_hamburgert_sutni/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://streetkitchen.hu/receptek/igy_kell_otthon_hamburgert_sutni/D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://sts.amazonaws.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://sts.amazonaws.com/aurlencode_postdataaActionaAssumeRoleWithWebIdentityaRoleArnuarn:aws:iam::
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://sts.amazonaws.com/doc/2011-06-15/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://subscription.packtpub.com/video/programming/9781838988906/p1/video1_1/business-card-project
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://subscription.packtpub.com/video/programming/9781838988906/p1/video1_1/business-card-projecta
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://subscription.packtpub.com/video/web_development/9781787122215
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://subscription.packtpub.com/video/web_development/9781787122215/20528/20530/project-intro
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://subscription.packtpub.com/video/web_development/9781787122215/20528/20530/project-introaonly
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://subscription.packtpub.com/video/web_development/9781787122215aonly_matchingtaclassmethoduPac
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://support.arkena.com/display/PLAY/Ways
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://svod-be.roosterteeth.com/api/v1/episodes/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://swirlster.ndtv.com/video/how-to-make-friends-at-work-469324
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://swirlster.ndtv.com/video/how-to-make-friends-at-work-469324aonly_matchingta_TESTSa_real_extr
Source: namang.exe, 00000012.00000003.573866039.0000000004FE3000.00000004.00000001.sdmp	String found in binary or memory: https://t.co/xg6OhpyKfN
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://testplayer.vgtrk.com/iframe/live/id/19201/showZoomBtn/false/isPlay/true/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://testplayer.vgtrk.com/iframe/live/id/19201/showZoomBtn/false/isPlay/true/aonly_matchingta_TES
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://thumbs.gfycat.com/acceptablehappygoluckyharborporpoise-size_restricted.gif
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://thumbs.gfycat.com/acceptablehappygoluckyharborporpoise-size_restricted.gifaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tirol.orf.at/player/20200423/TGUMO
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tirol.orf.at/player/20200423/TGUMOaonly_matchingtaORFVBGIEuorf:vorarlberguRadio
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tkx2-%s.anvato.net/rest/v2/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tkx2-%s.anvato.net/rest/v2/aprodastageumcp/video/%s?anvack=%sa_server_timeu%d~%s~%samd5_text
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://token.playmakerservices.com/cdn
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://token.playmakerservices.com/cdnarequestorIdapidaapplicationaNBCSportsaversionav1aplatformade
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://token.vrt.be
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://token.vrt.benanoteuRequesting
Source: namang.exe, 00000012.00000003.572343002.00000000097F2000.00000004.00000001.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3610
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tube.22decembre.eu/videos/embed/fed67262-6edb-4d1c-833b-daa9085c71d7
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tube.22decembre.eu/videos/embed/fed67262-6edb-4d1c-833b-daa9085c71d7aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tube.22decembre.eu/videos/watch/9bb88cd3-9959-46d9-9ab9-33d2bb704c39
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tube.22decembre.eu/videos/watch/9bb88cd3-9959-46d9-9ab9-33d2bb704c39aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tube.openalgeria.org/api/v1/videos/c1875674-97d0-4c94-a058-3f7e64c962e8
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tube.openalgeria.org/api/v1/videos/c1875674-97d0-4c94-a058-3f7e64c962e8aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.ittf.com/video/peng-wang-wei-matsudaira-kenta/951802
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.ittf.com/video/peng-wang-wei-matsudaira-kenta/951802aonly_matchingta_TESTuITTFIE._real_ex
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.line.me/v/2587507_%E6%B4%BE%E9%81%A3%E5%A5%B3%E9%86%ABx-ep1-02/list/185245
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.line.me/v/2587507_%E6%B4%BE%E9%81%A3%E5%A5%B3%E9%86%ABx-ep1-02/list/185245aonly_matchingt
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.line.me/v/793123_goodbye-mrblack-ep1-1/list/69246
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.line.me/v/793123_goodbye-mrblack-ep1-1/list/69246ainfo_dictu793123_ep1-1aextamp4uGoodbye
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.naver.com/api/json/v/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.naver.com/api/json/v/aheadersageo_verification_headersT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/direkte/nrk1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/direkte/nrk1aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/program/Episodes/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/program/MDDP12000117
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/program/MDDP12000117amd5u8270824df46ec629b66aeaa5796b36fbainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/program/episodes/nytt-paa-nytt/69031
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/program/episodes/nytt-paa-nytt/69031ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/program/mdfp15000514
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/program/mdfp15000514ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/20-spoersmaal-tv/MUHH48000314/23-05-2014
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/20-spoersmaal-tv/MUHH48000314/23-05-2014amd5u9a167e54d04671eb6317a37b7bc8a28
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/anno/KMTE50001317/sesong-3/episode-13
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/anno/KMTE50001317/sesong-3/episode-13ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/backstage
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/backstage/sesong/1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/backstage/sesong/1/episode/8
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/backstage/sesong/1/episode/8ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/backstage/sesong/1ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/backstageainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/blank
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/blankainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/broedrene-dal-og-spektralsteinene
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/broedrene-dal-og-spektralsteineneaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/groenn-glede
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/groenn-gledeainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/hellums-kro/sesong/1/episode/2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/hellums-kro/sesong/1/episode/2ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/lindmo/2018/MUHU11006318/avspiller
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/lindmo/2018/MUHU11006318/avspilleraonly_matchingtuhttps?://tv
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/nytt-paa-nytt/MUHH46000317/27-01-2017
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/nytt-paa-nytt/MUHH46000317/27-01-2017ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/postmann-pat
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/postmann-pataonly_matchingtuNRKTVSeriesIE.suitableuNRKTVSeriesIE._real_extra
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/saving-the-human-race
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/saving-the-human-raceaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/tour-de-ski/MSPO40010515/06-01-2015
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/tour-de-ski/MSPO40010515/06-01-2015#del=2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/tour-de-ski/MSPO40010515/06-01-2015#del=2ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrk.no/serie/tour-de-ski/MSPO40010515/06-01-2015aplaylistL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrksuper.no/serie/labyrint
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv.nrksuper.no/serie/labyrintainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv5.ca/videos?v=xuu8qowr291ri
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tv5.ca/videos?v=xuu8qowr291riainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tvrain.ru/amp/418921/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tvrain.ru/amp/418921/amd5acc00413936695987e8de148b67d14f1dainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tvrain.ru/lite/teleshow/kak_vse_nachinalos/namin-418921/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://tvrain.ru/lite/teleshow/kak_vse_nachinalos/namin-418921/u582306u
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://uvp-apapublisher.sf.apa.at/embed/2f94e9e6-d945-4db2-9548-f9a41ebf7b78
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://uvp-apapublisher.sf.apa.at/embed/2f94e9e6-d945-4db2-9548-f9a41ebf7b78aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://v.douyu.com/author/XrZwYelr5wbK
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://v.douyu.com/author/XrZwYelr5wbKaupload_dateu20170402D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://v.douyu.com/show/rjNBdvnVXNzvE2yw
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://v.douyu.com/show/rjNBdvnVXNzvE2ywamd5u0c2cfd068ee2afe657801269b2d86214ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://v.redd.it/%s/DASHPlaylist.mpd
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://v.redd.it/%s/DASHPlaylist.mpdD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://v.redd.it/%s/HLSPlaylist.m3u8
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://v.redd.it/%s/HLSPlaylist.m3u8amp4D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://v.redd.it/zv89llsvexdz
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://v.redd.it/zv89llsvexdzamd5u0a070c53eba7ec4534d95a5a1259e253ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://v1.escapistmagazine.com/videos/view/the-escapist-presents/6618-Breaking-Down-Baldurs-Gate
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://v1.escapistmagazine.com/videos/view/the-escapist-presents/6618-Breaking-Down-Baldurs-Gateaon
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://v8-psapi.nrk.no/mediaelement/ecc1b952-96dc-4a98-81b9-5296dc7a98d9
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://v8-psapi.nrk.no/mediaelement/ecc1b952-96dc-4a98-81b9-5296dc7a98d9aonly_matchingta_TESTSuNRK
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://vas-v4.p7s1video.net/4.0/get
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://vas-v4.p7s1video.net/4.0/getuProSiebenSat1BaseIE._extract_video_infoa__orig_bases__aProSiebe
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://vid.ly/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://video%s.internazionale.it/%s/%s.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://video%s.internazionale.it/%s/%s.uu-itaa_extract_m3u8_formatsam3u8amp4D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://video.aktualne.cz/dvtv/zeman-si-jen-leci-mindraky-sobotku-nenavidi-a-babis-se-mu-te/r~960cdb
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://video.aktualne.cz/dvtv/zive-mistryne-sveta-eva-samkova-po-navratu-ze-sampionatu/r~182654c228
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://video.dtube.top/ipfs/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://video.dtube.top/ipfs/a__doc__a__file__a__spec__aoriginahas_locationa__cached__aunicode_liter
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://video.esri.com/watch/1124/arcgis-online-_dash_-developing-applications
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://video.esri.com/watch/1124/arcgis-online-_dash_-developing-applicationsamd5ad4aaf1408b221f1b3
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://video.golem.de/xml/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://video.internetvideoarchive.net/videojs7/videojs7.ivasettings.ashx
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://video.sibnet.ru/shell.php?videoid=3422904
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://video.sibnet.ru/shell.php?videoid=3422904ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://video.udn.com/news/300346
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://video.udn.com/news/300346amd5afd2060e988c326991037b9aff9df21a6ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://videos.raywenderlich.com/api/v1/videos/%s.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://videos.raywenderlich.com/api/v1/videos/%s.jsonaheadersavideoaclipslaprovider_idaupdatea_type
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://videos.raywenderlich.com/courses/105-testing-in-ios/lessons/1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://videos.raywenderlich.com/courses/105-testing-in-ios/lessons/1aonly_matchingta_TESTSastaticme
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://vine.co/v/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://viqeo.tv/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://viqeo.tv/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://vmobile.douyu.com/show/rjNBdvnVXNzvE2yw
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://vmobile.douyu.com/show/rjNBdvnVXNzvE2ywaonly_matchingtuDouyuShowIE._real_extractuyoutube_dl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://vmobile.douyu.com/video/getInfo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://vmobile.douyu.com/video/getInfoavidaRefererux-requested-withaXMLHttpRequesta_sleepl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://vod.lnk.lt/lnk_vod/lnk/lnk/%s:%s/playlist.m3u8%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://vod.lnk.lt/lnk_vod/lnk/lnk/%s:%s/playlist.m3u8%sa_real_extractuLnkGoIE._real_extracta__orig_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://vorarlberg.orf.at/player/20200423/VGUM
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://vorarlberg.orf.at/player/20200423/VGUMaonly_matchingtaORFOE3IEuorf:oe3uRadio
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://vplayer.nbcsports.com/p/BxmELC/nbcsports_embed/select/9CsDKds0kvHI
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://vplayer.nbcsports.com/p/BxmELC/nbcsports_embed/select/9CsDKds0kvHIainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://vplayer.nbcsports.com/p/BxmELC/nbcsports_embed/select/media/_hqLjQ95yx8Z
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://vplayer.nbcsports.com/p/BxmELC/nbcsports_embed/select/media/_hqLjQ95yx8Zaonly_matchingtastat
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://vtmkzoom.be/video?aid=45724
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://vtmkzoom.be/video?aid=45724ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://watch.cloudflarestream.com/9df17203414fd1db3e3ed74abbe936c1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://watch.cloudflarestream.com/9df17203414fd1db3e3ed74abbe936c1aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://web-api-us.crackle.com/Service.svc/details/media/%s/%s?disableProtocols=true
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://web-api-us.crackle.com/Service.svc/details/media/%s/%s?disableProtocols=trueatimeastrftimeu%
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://wien.orf.at/player/20200423/WGUM
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://wien.orf.at/player/20200423/WGUMaonly_matchingtaORFBGLIEuorf:burgenlanduRadio
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.%s/view_video.php?viewkey=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.%s/view_video.php?viewkey=%suDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.4tube.com/videos/%s/video
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.4tube.com/videos/%s/videoutoken.4tube.comuhttp://www.4tube.com/videos/209733/hot-babe-ho
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.9now.com.au/afl-footy-show/2016/clip-ciql02091000g0hp5oktrnytc
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.9now.com.au/afl-footy-show/2016/clip-ciql02091000g0hp5oktrnytcamd5u17cf47d63ec9323e562c9
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.9now.com.au/afl-footy-show/2016/episode-19
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.9now.com.au/afl-footy-show/2016/episode-19aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.9now.com.au/andrew-marrs-history-of-the-world/season-1/episode-1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.9now.com.au/andrew-marrs-history-of-the-world/season-1/episode-1aonly_matchingta_TESTSuh
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.adultswim.com/api/search
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.adultswim.com/api/searchadataajsonadumpsaqueryaencodeaheadersD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.adultswim.com/api/shows/v1/videos/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.adultswim.com/api/shows/v1/videos/D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.aetv.com/specials/hunting-jonbenets-killer-the-untold-story/preview-hunting-jonbenets-ki
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.americastestkitchen.com/episode/582-weeknight-japanese-suppers
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.americastestkitchen.com/episode/582-weeknight-japanese-suppersamd5ab861c3e365ac38ad319cf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.americastestkitchen.com/videos/3420-pan-seared-salmon
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.americastestkitchen.com/videos/3420-pan-seared-salmonaonly_matchingta_TESTSa_real_extrac
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.anime-on-demand.de/anime/12
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.anime-on-demand.de/anime/12aonly_matchingta_TESTSuAnimeOnDemandIE._logina_real_initializ
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.anime-on-demand.de/anime/161
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.anime-on-demand.de/anime/161ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.anime-on-demand.de/anime/162
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.anime-on-demand.de/anime/162aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.anime-on-demand.de/anime/169
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.anime-on-demand.de/anime/169aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.anime-on-demand.de/anime/185
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.anime-on-demand.de/anime/185aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.anime-on-demand.de/anime/39
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.anime-on-demand.de/anime/39aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.anime-on-demand.de/assets/jwplayer.flash-55abfb34080700304d49125ce9ffb4a6.swf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.anime-on-demand.de/assets/jwplayer.flash-55abfb34080700304d49125ce9ffb4a6.swfartmp_real_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.anime-on-demand.de/html5apply
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.anime-on-demand.de/users/sign_in
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.anime-on-demand.de/users/sign_inuhttps://www.anime-on-demand.de/html5applyaanimeondemand
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.aol.ca/video/view/u-s-woman-s-family-arrested-for-murder-first-pinned-on-panhandler-poli
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.aol.co.uk/video/view/-one-dead-and-22-hurt-in-bus-crash-/5cb3a6f3d21f1a072b457347/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.aol.co.uk/video/view/-one-dead-and-22-hurt-in-bus-crash-/5cb3a6f3d21f1a072b457347/aonly_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.aol.com/video/playlist/PL8245/5ca79d19d21f1a04035db606/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.aol.com/video/playlist/PL8245/5ca79d19d21f1a04035db606/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.aol.com/video/view/donald-trump-spokeswoman-tones-down-megyn-kelly-attacks/519442220/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.aol.com/video/view/donald-trump-spokeswoman-tones-down-megyn-kelly-attacks/519442220/aon
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.aol.com/video/view/netflix-is-raising-rates/5707d6b8e4b090497b04f706/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.aol.com/video/view/netflix-is-raising-rates/5707d6b8e4b090497b04f706/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.aol.com/video/view/park-bench-season-2-trailer/559a1b9be4b0c3bfad3357a7/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.aol.com/video/view/park-bench-season-2-trailer/559a1b9be4b0c3bfad3357a7/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.aol.com/video/view/u-s--official-warns-of-largest-ever-irs-phone-scam/518167793/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.aol.com/video/view/u-s--official-warns-of-largest-ever-irs-phone-scam/518167793/amd5u18e
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.aol.de/video/view/eva-braun-privataufnahmen-von-hitlers-geliebter-werden-digitalisiert/5
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.aol.jp/video/playlist/5a28e936a1334d000137da0c/5a28f3151e642219fde19831/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.aol.jp/video/playlist/5a28e936a1334d000137da0c/5a28f3151e642219fde19831/aonly_matchingta
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.aparat.com/v/8dflw/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.aparat.com/v/8dflw/aonly_matchingta_TESTSa_real_extractuAparatIE._real_extracta__orig_ba
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ardmediathek.de/ard/player/Y3JpZDovL3N3ci5kZS9hZXgvbzEwNzE5MTU/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ardmediathek.de/ard/player/Y3JpZDovL3N3ci5kZS9hZXgvbzEwNzE5MTU/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ardmediathek.de/ard/video/trailer/private-eyes-s01-e01/one/Y3JpZDovL3dkci5kZS9CZWl0cmFnL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ardmediathek.de/play/media/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ardmediathek.de/play/media/D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ardmediathek.de/swr/live/Y3JpZDovL3N3ci5kZS8xMzQ4MTA0Mg
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ardmediathek.de/swr/live/Y3JpZDovL3N3ci5kZS8xMzQ4MTA0Mgaonly_matchingtuARDBetaMediathekI
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.arte.tv/en/videos/088501-000-A/mexico-stealing-petrol-to-survive/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.arte.tv/en/videos/088501-000-A/mexico-stealing-petrol-to-survive/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.arte.tv/en/videos/RC-016954/earn-a-living/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.arte.tv/en/videos/RC-016954/earn-a-living/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.asiancrush.com/series/012481s/scholar-walks-night/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.asiancrush.com/series/012481s/scholar-walks-night/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.asiancrush.com/video/012869v/women-who-flirt/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.asiancrush.com/video/012869v/women-who-flirt/amd5ac3b740e48d0ba002a42c0b72857beae6ainfo_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.asiancrush.com/video/she-was-pretty/011886v-pretty-episode-3/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.asiancrush.com/video/she-was-pretty/011886v-pretty-episode-3/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.atresplayer.com/antena3/series/el-secreto-de-puente-viejo/el-chico-de-los-tres-lunares/c
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.atresplayer.com/antena3/series/pequenas-coincidencias/temporada-1/capitulo-7-asuntos-pen
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.atresplayer.com/lasexta/programas/el-club-de-la-comedia/temporada-4/capitulo-10-especial
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.audi-mediacenter.com/en/audimediatv/60-seconds-of-audi-sport-104-2015-wec-bahrain-rookie
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.audi-mediacenter.com/en/audimediatv/video/60-seconds-of-audi-sport-104-2015-wec-bahrain-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.audimedia.tv/api/video/v1/videos/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.audimedia.tv/api/video/v1/videos/D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bbc.co.uk/bbcthree/clip/73d0bbd0-abc3-4cea-b3c0-cdae21905eb1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bbc.co.uk/bbcthree/clip/73d0bbd0-abc3-4cea-b3c0-cdae21905eb1ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bbc.co.uk/music/audiovideo/popular#p055bc55
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bbc.co.uk/music/audiovideo/popular#p055bc55aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bbc.co.uk/programmes/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bbc.co.uk/programmes/%saieaie_keyudata-(?:video-player
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bbc.co.uk/programmes/m00005xn
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bbc.co.uk/programmes/m00005xnaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bbc.co.uk/programmes/w172w4dww1jqt5s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bbc.co.uk/programmes/w172w4dww1jqt5saonly_matchingta_TESTSu/(
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bbc.co.uk/radio/play/b0b9z4yl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bbc.co.uk/radio/play/b0b9z4ylainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bbc.co.uk/sounds/play/m0007jzb
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bbc.co.uk/sounds/play/m0007jzbanoteaAudioainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.beinsports.com/us/copa-del-rey/video/the-locker-room-valencia-beat-barca-in-copa/1203804
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bigbrothercanada.ca/video/big-brother-canada-704/1457812035894/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bigbrothercanada.ca/video/big-brother-canada-704/1457812035894/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bilibili.com/audio/am10624
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bilibili.com/audio/am10624ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bilibili.com/audio/au
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bilibili.com/audio/au1003142
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bilibili.com/audio/au1003142afec4987014ec94ef9e666d4d158ad03bainfo_dictu1003142aextam4au
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bilibili.com/audio/auaBilibiliAudioIEumenu/infoT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bilibili.com/audio/music-service-c/web/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bilibili.com/audio/music-service-c/web/aquerya_call_apiacdnsT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bilibili.com/video/BV1JE411F741
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bilibili.com/video/BV1JE411F741aonly_matchingta_TESTSaiVGUTjsxvpLeuDCfaaHRmhWMLkdeMuILqO
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bitchute.com/channel/%s/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bitchute.com/channel/%s/achannel_idaitertoolsacountT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bitchute.com/channel/victoriaxrave/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bitchute.com/channel/victoriaxrave/aplaylist_mincountl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bitchute.com/embed/lbb5G1hjPhw/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bitchute.com/embed/lbb5G1hjPhw/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bitchute.com/torrent/Zee5BE49045h/szoMrox2JEI.webtorrent
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bitchute.com/torrent/Zee5BE49045h/szoMrox2JEI.webtorrentaonly_matchingta_TESTSa_real_ext
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bitchute.com/video/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bitchute.com/video/%sD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bitchute.com/video/szoMrox2JEI/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bitchute.com/video/szoMrox2JEI/amd5u66c4a70e6bfc40dcb6be3eb1d74939ebainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bloomberg.com/politics/articles/2017-02-08/le-pen-aide-briefed-french-central-banker-on-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bnnbloomberg.ca/video/david-cockfield-s-top-picks~1403070
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bnnbloomberg.ca/video/david-cockfield-s-top-picks~1403070amd5u36d3ef559cfe8af8efe15922cd
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bostonglobe.com/lifestyle/names/2017/02/17/does-ben-affleck-play-matt-damon-favorite-ver
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.br-klassik.de/audio/peeping-tom-premierenkritik-dance-festival-muenchen-100.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.br-klassik.de/audio/peeping-tom-premierenkritik-dance-festival-muenchen-100.htmlamd5u8b5
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.br.de/mediathek/video/gesundheit-die-sendung-vom-28112017-av:5a1e6a6e8fce6d001871cc8e
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.br.de/mediathek/video/gesundheit-die-sendung-vom-28112017-av:5a1e6a6e8fce6d001871cc8eamd
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bravotv.com/top-chef/season-16/episode-15/videos/the-top-chef-season-16-winner-is
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.bravotv.com/top-chef/season-16/episode-15/videos/the-top-chef-season-16-winner-isamd5ae3
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.businessinsider.nl/5-scientifically-proven-things-make-you-less-attractive-2017-7/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.businessinsider.nl/5-scientifically-proven-things-make-you-less-attractive-2017-7/amd5u4
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.byutv.org/player/27741493-dc83-40b0-8420-e7ae38a2ae98/byu-football-toledo-vs-byu-93016?l
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.byutv.org/player/8f1dab9b-b243-47c8-b525-3e2d021a3451/byu-softball-pacific-vs-byu-41219-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.c-span.org/video/?114917-1/armed-services
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.c-span.org/video/?114917-1/armed-servicesainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.c-span.org/video/?437336-1/judiciary-antitrust-competition-policy-consumer-rights
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.c-span.org/video/?437336-1/judiciary-antitrust-competition-policy-consumer-rightsaonly_m
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cammodels.com/cam/AutumnKnight/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cammodels.com/cam/AutumnKnight/aonly_matchingtaage_limitl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.canvas.be/check-point/najaar-2016/de-politie-uw-vriend
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.canvas.be/check-point/najaar-2016/de-politie-uw-vriendaonly_matchingtuCanvasEenIE._real_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cartoonnetwork.com/video/ben-10/how-to-draw-upgrade-episode.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cartoonnetwork.com/video/ben-10/how-to-draw-upgrade-episode.htmlainfo_dictD
Source: namang.exe, 00000012.00000003.572343002.00000000097F2000.00000004.00000001.sdmp	String found in binary or memory: https://www.catcert.net/verarrel
Source: namang.exe, 00000012.00000003.572343002.00000000097F2000.00000004.00000001.sdmp	String found in binary or memory: https://www.catcert.net/verarrel05
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cbsnews.com/embed/video/?v=1.c9b5b61492913d6660db0b2f03579ef25e86307a#1Vb7b9s2EP5XBAHbT6
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cbsnews.com/video/fort-hood-shooting-army-downplays-mental-illness-as-cause-of-attack/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cbsnews.com/video/fort-hood-shooting-army-downplays-mental-illness-as-cause-of-attack/ai
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cbssports.com/nba/news/nba-playoffs-2018-watch-76ers-vs-heat-game-3-series-schedule-tv-c
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cbssports.com/nba/video/donovan-mitchell-flashes-star-potential-in-game-2-victory-over-t
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ceskatelevize.cz/ivysilani/ajax/get-client-playlist
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ceskatelevize.cz/ivysilani/ajax/get-client-playlistadataaurlencode_postdataaadd_headerT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.chaturbate.com/siswet19/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.chaturbate.com/siswet19/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cinemax.com/%s.xml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cinemax.com/%s.xmlaida__doc__a__file__a__spec__aoriginahas_locationa__cached__aunicode_l
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cinemax.com/warrior/video/s1-ep-1-recap-20126903
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cinemax.com/warrior/video/s1-ep-1-recap-20126903.embed
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cinemax.com/warrior/video/s1-ep-1-recap-20126903.embedaonly_matchingta_TESTSa_real_extra
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cinemax.com/warrior/video/s1-ep-1-recap-20126903amd5u82e0734bba8aa7ef526c9dd00cf35a05ain
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ciscolive.com/global/on-demand-library.html?#/session/1490051371645001kNaS
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ciscolive.com/global/on-demand-library.html?#/session/1490051371645001kNaSaonly_matching
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ciscolive.com/global/on-demand-library.html?search.event=ciscoliveemea2019#/session/1536
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ciscolive.com/global/on-demand-library.html?search.technicallevel=scpsSkillLevel_aintrod
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.clippituser.tv/c/evmgm
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.clippituser.tv/c/evmgmamd5u963ae7a59a2ec4572ab8bf2f2d2c5f09ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.clippituser.tv/p/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.clippituser.tv/p/lizllove
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.clippituser.tv/p/lizlloveatimestampq
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.clippituser.tv/p/udatetime=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cloudflare.com/products/cloudflare-stream/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cloudflare.com/products/cloudflare-stream/D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cloudy.ec/embed.php
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cloudy.ec/embed.phpaqueryaidaplayerPagel
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cloudy.ec/v/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cloudy.ec/v/%sD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cloudy.ec/v/af511e2527aac
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cloudy.ec/v/af511e2527aacamd5u29832b05028ead1b58be86bf319397caainfo_dictaaf511e2527aacae
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cnbc.com/video/2018/07/19/trump-i-dont-necessarily-agree-with-raising-rates.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cnbc.com/video/2018/07/19/trump-i-dont-necessarily-agree-with-raising-rates.htmlainfo_di
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cocoro.tv/series/008549s/the-wonderful-wizard-of-oz/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cocoro.tv/series/008549s/the-wonderful-wizard-of-oz/aonly_matchingtuAsianCrushPlaylistIE
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cocoro.tv/video/the-wonderful-wizard-of-oz/008878v-the-wonderful-wizard-of-oz-ep01/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cocoro.tv/video/the-wonderful-wizard-of-oz/008878v-the-wonderful-wizard-of-oz-ep01/aonly
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.contv.com/details-movie/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.contv.com/details-movie/CEG10022949/days-of-thrills-&-laughter
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.contv.com/details-movie/CEG10022949/days-of-thrills-&-laughterainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.contv.com/details-movie/CLIP-show_fotld_bts/fight-of-the-living-dead:-behind-the-scenes-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.contv.com/details-movie/aCONtvIEaie_keyaplaylist_resultT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cookingchanneltv.com/videos/the-best-of-the-best-0260338
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cookingchanneltv.com/videos/the-best-of-the-best-0260338ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cookscountry.com/episode/554-smoky-barbecue-favorites
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cookscountry.com/episode/554-smoky-barbecue-favoritesD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cp24.com/video?clipId=1982548
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.cp24.com/video?clipId=1982548aonly_matchingta_TESTSD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.crackle.com/andromeda/2502343
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.crackle.com/andromeda/2502343ainfo_dictu2502343aextuUnder
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.crunchyroll.com/en-gb/mob-psycho-100/episode-2-urban-legends-encountering-rumors-780921
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.crunchyroll.com/en-gb/mob-psycho-100/episode-2-urban-legends-encountering-rumors-780921a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.crunchyroll.com/login
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.crunchyroll.com/loginalogin_formacrunchyrolla_NETRC_MACHINET
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.crunchyroll.com/xml/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.crunchyroll.com/xml/afataladataaheadersD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dagbladet.no/video/PynxJnNWChE/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dagbladet.no/video/PynxJnNWChE/amd5ab8f850ba1860adbda668d367f9b77699ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dagbladet.no/video/embed/xlGmyIeN9Jo/?autoplay=false
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dagbladet.no/video/embed/xlGmyIeN9Jo/?autoplay=falseaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dagbladet.no/video/truer-iran-bor-passe-dere/PalfB2Cw
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dagbladet.no/video/truer-iran-bor-passe-dere/PalfB2Cwaonly_matchingta_TESTSastaticmethod
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dailymotion.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dailymotion.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dailymotion.com/agetavaluea_set_cookieuwww.dailymotion.coma_get_dailymotion_cookiesa_get
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dailymotion.com/embed/video/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dailymotion.com/embed/video/T
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dailymotion.com/player/metadata/video/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dailymotion.com/player/metadata/video/uDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dailymotion.com/user/nqtv
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dailymotion.com/user/nqtvainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dailymotion.com/video/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dailymotion.com/video/aYouTubeaYoutubeaNBCSportsuhttp://vplayer.nbcsports.com/p/BxmELC/n
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dailymotion.com/video/x2iuewm_steam-machine-models-pricing-listed-on-steam-store-ign-new
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dailymotion.com/video/x3z49k?playlist=xv4bw
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dailymotion.com/video/x3z49k?playlist=xv4bwaonly_matchingta_TESTSa_GEO_BYPASSudescriptio
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dailymotion.comadailymotiona_NETRC_MACHINEuDailymotionBaseInfoExtractor._get_dailymotion
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.daserste.de/information/reportage-dokumentation/erlebnis-erde/videosextern/woelfe-und-he
Source: namang.exe, 00000012.00000003.568204975.0000000009932000.00000004.00000001.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.digiteka.net/deliver/generic/iframe/mdtk/01637594/src/lqm3kl/zone/1/showtitle/1/autoplay
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.discovery.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.discovery.com/aaccess_tokenageo_verification_headersuBearer
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.discovery.com/videos/guardians-of-the-glades-cooking-with-tom-cobb-5578368
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.discovery.com/videos/guardians-of-the-glades-cooking-with-tom-cobb-5578368aonly_matching
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.discoverygo.com/bering-sea-gold/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.discoverygo.com/bering-sea-gold/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.discoverygo.com/bering-sea-gold/reaper-madness/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.discoverygo.com/bering-sea-gold/reaper-madness/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.disneychannel.ca/shows/gabby-duran-the-unsittables/video/crybaby-duran-clip/2f557eec-058
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.diynetwork.com/videos/diy-barnwood-tablet-stand-0265790
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.diynetwork.com/videos/diy-barnwood-tablet-stand-0265790aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dmax.de/programme/dmax-highlights/video/tuning-star-sidney-hoffmann-exklusiv-bei-dmax/19
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dplay.co.uk/show/ghost-adventures/video/hotel-leger-103620/EHD_280313B
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dplay.co.uk/show/ghost-adventures/video/hotel-leger-103620/EHD_280313Baonly_matchingta_T
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dplay.fi/videot/shifting-gears-with-aaron-kaufman/episode-16
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dplay.fi/videot/shifting-gears-with-aaron-kaufman/episode-16aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dplay.jp/video/gold-rush/24086
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dplay.jp/video/gold-rush/24086aonly_matchingta_TESTSuDPlayIE._get_disco_api_infoa_real_e
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dplay.no/videoer/i-kongens-klr/sesong-1-episode-7
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dplay.no/videoer/i-kongens-klr/sesong-1-episode-7ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dplay.se/videos/nugammalt-77-handelser-som-format-sverige/nugammalt-77-handelser-som-for
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dr.dk/drtv/episode/bonderoeven_71769
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dr.dk/drtv/episode/bonderoeven_71769aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dr.dk/drtv/se/bonderoeven_71769
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dr.dk/drtv/se/bonderoeven_71769ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dr.dk/mu-online/api/1.0/channel/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dr.dk/mu-online/api/1.0/channel/a_live_titleaTitleaStreamingServersT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dr.dk/mu-online/api/1.4/programcard
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dr.dk/mu-online/api/1.4/programcardD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dr.dk/nyheder/indland/live-christianias-rydning-af-pusher-street-er-i-gang
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dr.dk/nyheder/indland/live-christianias-rydning-af-pusher-street-er-i-gangainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dr.dk/radio/p4kbh/regionale-nyheder-kh4/p4-nyheder-2019-06-26-17-30-9
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dr.dk/radio/p4kbh/regionale-nyheder-kh4/p4-nyheder-2019-06-26-17-30-9aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dr.dk/tv/live/dr1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dr.dk/tv/live/dr1ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dr.dk/tv/se/boern/ultra/klassen-ultra/klassen-darlig-taber-10
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dr.dk/tv/se/boern/ultra/klassen-ultra/klassen-darlig-taber-10amd5u25e659cccc9a2ed956110a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dr.dk/tv/se/historien-om-danmark/-/historien-om-danmark-stenalder
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dr.dk/tv/se/historien-om-danmark/-/historien-om-danmark-stenalderainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dropbox.com/s/nelirfsxnmcfbfh/youtube-dl%20test%20video%20%27%C3%A4%22BaW_jenozKc.mp4?dl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dropbox.com/sh/662glsejgzoj9sr/AAByil3FGH9KFNZ13e08eSa1a/Pregame%20Ceremony%20Program%20
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dumpert.nl/embed/6675421_dc440fe7
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dumpert.nl/embed/6675421_dc440fe7aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dumpert.nl/item/6646981_951bc60f
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.dumpert.nl/item/6646981_951bc60famd5u1b9318d7d5054e7dcb9dc7654f21d643ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.een.be/thuis/emma-pakt-thilly-aan
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.een.be/thuis/emma-pakt-thilly-aanainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ehftv.com/int/video/paris-saint-germain-handball-pge-vive-kielce/1166761
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ehftv.com/int/video/paris-saint-germain-handball-pge-vive-kielce/1166761ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ellentube.com/episode/dax-shepard-jordan-fisher-haim.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ellentube.com/episode/dax-shepard-jordan-fisher-haim.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ellentube.com/studios/macey-goes-rving0.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ellentube.com/studios/macey-goes-rving0.htmlaonly_matchingtuEllenTubePlaylistIE._real_ex
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ellentube.com/video/ellen-meets-las-vegas-survivors-jesus-campos-and-stephen-schuck.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.engadget.com/video/57a28462134aa15a39f0421a/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.engadget.com/video/57a28462134aa15a39f0421a/aonly_matchingta_TESTSa_real_extractuEngadge
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.expressen.se/tv/kultur/kulturdebatt-med-expressens-karin-olsson/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.expressen.se/tv/kultur/kulturdebatt-med-expressens-karin-olsson/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.expressen.se/tv/ledare/ledarsnack/ledarsnack-om-arbetslosheten-bland-kvinnor-i-speciellt
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.expressen.se/tvspelare/video/tv/ditv/ekonomistudion/experterna-har-ar-fragorna-som-avgor
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.expressen.se/videoplayer/embed/tv/ditv/ekonomistudion/experterna-har-ar-fragorna-som-avg
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.eyedo.tv/en-US/#
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.facebookcorewwwi.onion/video.php?v=274175099429670
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.facebookcorewwwi.onion/video.php?v=274175099429670aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.filmon.com/api/vod/movie?id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.filmon.com/api/vod/movie?id=%saresponseaExtractorErroracauseacompat_HTTPErrora_parse_jso
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.filmon.com/channel/filmon-sports
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.filmon.com/channel/filmon-sportsaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.filmon.com/tv/2894
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.filmon.com/tv/2894aonly_matchingtL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.filmon.com/vod/view/24869-0-plan-9-from-outer-space
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.filmon.com/vod/view/24869-0-plan-9-from-outer-spaceainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.filmon.com/vod/view/2825-1-popeye-series-1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.filmon.com/vod/view/2825-1-popeye-series-1ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.filmweb.no/template_v2/ajax/json_trailerEmbed.jsp
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.filmweb.no/template_v2/ajax/json_trailerEmbed.jspaqueryaarticleIdaembedCodea_proto_relat
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.flickr.com/hermes_error_beacon.gne
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.flickr.com/hermes_error_beacon.gneuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.flickr.com/photos/%s/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.flickr.com/photos/%s/aidatitleadescriptionT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.flickr.com/photos/forestwander-nature-pictures/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.flickr.com/photos/forestwander-nature-pictures/aintalistuAttribution-ShareAlikea_TESTuht
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.foodnetwork.com/videos/chocolate-strawberry-cake-roll-7524591
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.foodnetwork.com/videos/chocolate-strawberry-cake-roll-7524591aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.fox.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.fox.com/watch/087036ca7f33c8eb79b08152b4dd75c1/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.fox.com/watch/087036ca7f33c8eb79b08152b4dd75c1/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.fox.com/watch/30056b295fb57f7452aeeb4920bc3024/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.fox.com/watch/30056b295fb57f7452aeeb4920bc3024/aonly_matchingta_TESTSa_GEO_BYPASSuhttps:
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.fox.com/watch/4b765a60490325103ea69888fb2bd4e8/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.fox.com/watch/4b765a60490325103ea69888fb2bd4e8/amd5aebd296fcc41dd4b19f8115d8461a3165ainf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.fox9.com/news/black-bear-in-tree-draws-crowd-in-downtown-duluth-minnesota
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.fox9.com/news/black-bear-in-tree-draws-crowd-in-downtown-duluth-minnesotaamd5ad6e1b2572c
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.fox9.com/video/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.fox9.com/video/aFOX9a__doc__a__file__a__spec__aoriginahas_locationa__cached__aunicode_li
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.france.tv/142749-rouge-sang.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.france.tv/142749-rouge-sang.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.france.tv/documentaires/histoire/136517-argentine-les-500-bebes-voles-de-la-dictature.ht
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.france.tv/france-2/13h15-le-dimanche/140921-les-mysteres-de-jesus.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.france.tv/france-2/13h15-le-dimanche/140921-les-mysteres-de-jesus.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.france.tv/france-2/direct.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.france.tv/france-2/direct.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.france.tv/france-3/des-chiffres-et-des-lettres/139063-emission-du-mardi-9-mai-2017.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.france.tv/france-3/des-chiffres-et-des-lettres/139063-emission-du-mardi-9-mai-2017.htmla
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.france.tv/france-3/direct.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.france.tv/france-3/direct.htmlaonly_matchingtuFranceTVSiteIE._real_extractaFranceTVEmbed
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.france.tv/france-4/hero-corp/saison-1/134151-apres-le-calme.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.france.tv/france-4/hero-corp/saison-1/134151-apres-le-calme.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.france.tv/france-5/c-a-dire/saison-10/137013-c-a-dire.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.france.tv/france-5/c-a-dire/saison-10/137013-c-a-dire.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.france.tv/france-o/archipels/132249-mon-ancetre-l-esclave.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.france.tv/france-o/archipels/132249-mon-ancetre-l-esclave.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.france.tv/jeux-et-divertissements/divertissements/133965-le-web-contre-attaque.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.france.tv/jeux-et-divertissements/divertissements/133965-le-web-contre-attaque.htmlaonly
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.franceinter.fr/emissions/affaires-sensibles/affaires-sensibles-07-septembre-2016
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.franceinter.fr/emissions/affaires-sensibles/affaires-sensibles-07-septembre-2016amd5u9e5
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.franceinter.fr/emissions/le-7-9/le-7-9-27-juin-2016
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.franceinter.fr/emissions/le-7-9/le-7-9-27-juin-2016atimestampqv
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.freespeech.org/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.freespeech.org/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.funimation.com/api/showexperience/%s/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.funimation.com/api/showexperience/%s/aheadersaqueryapinst_iduajoin;ll
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.funimation.com/shows/attack-on-titan-junior-high/broadcast-dub-preview/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.funimation.com/shows/attack-on-titan-junior-high/broadcast-dub-preview/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.funimation.com/shows/hacksign/role-play/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.funimation.com/shows/hacksign/role-play/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.funimationnow.uk/shows/puzzle-dragons-x/drop-impact/simulcast/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.funimationnow.uk/shows/puzzle-dragons-x/drop-impact/simulcast/aonly_matchingta_TESTSuFun
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.funk.net/api/v4.0/videos/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.funk.net/api/v4.0/videos/a_typeaurl_transparentaurlunexx:741:aie_keyaNexxIEaidatitleaget
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.funk.net/channel/ba-793/die-lustigsten-instrumente-aus-dem-internet-teil-2-1155821
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.funk.net/channel/ba-793/die-lustigsten-instrumente-aus-dem-internet-teil-2-1155821amd5u8
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.funk.net/playlist/neuesteVideos/kameras-auf-dem-fusion-festival-1618699
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.funk.net/playlist/neuesteVideos/kameras-auf-dem-fusion-festival-1618699aonly_matchingta_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.fux.com/embed/195359
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.fux.com/embed/195359aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.fux.com/video/%s/video
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.fux.com/video/%s/videoutoken.fux.comuhttps://www.fux.com/video/195359/awesome-fucking-ki
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.fux.com/video/195359/awesome-fucking-kitchen-ends-cum-swallow
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.fux.com/video/195359/awesome-fucking-kitchen-ends-cum-swallowaonly_matchingtaPornTubeIEu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.gaia.com/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.gaia.com/agetT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.gaia.com/video/connecting-universal-consciousness?fullplayer=feature
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.gaia.com/video/connecting-universal-consciousness?fullplayer=featureainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.gaia.com/video/connecting-universal-consciousness?fullplayer=preview
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.gaia.com/video/connecting-universal-consciousness?fullplayer=previewainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.galileo.tv/video/diese-emojis-werden-oft-missverstanden
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.galileo.tv/video/diese-emojis-werden-oft-missverstandenaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.gameinformer.com/video-feature/new-gameplay-today/2019/07/09/new-gameplay-today-streets-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.gamespot.com/articles/the-last-of-us-2-receives-new-ps4-trailer/1100-6454469/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.gamespot.com/articles/the-last-of-us-2-receives-new-ps4-trailer/1100-6454469/aonly_match
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.gamespot.com/reviews/gears-of-war-review/1900-6161188/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.gamespot.com/reviews/gears-of-war-review/1900-6161188/aonly_matchingta_TESTSa_real_extra
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.gamespot.com/videos/embed/6439218/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.gamespot.com/videos/embed/6439218/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.gdcvault.com/play/1026180/Mastering-the-Apex-of-Scaling
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.gdcvault.com/play/1026180/Mastering-the-Apex-of-Scalingainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.getdrip.com/university/brennan-dunn-drip-workshop/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.getdrip.com/university/brennan-dunn-drip-workshop/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.giantbomb.com/shows/ben-stranding/2970-20212
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.giantbomb.com/shows/ben-stranding/2970-20212aonly_matchingta_TESTSa_real_extractuGiantBo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.godtube.com/watch/?v=0C0CNNNU
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.godtube.com/watch/?v=0C0CNNNUamd5u77108c1e4ab58f48031101a1a2119789ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.groupon.com/deals/bikram-yoga-huntington-beach-2#ooid=tubGNycTo_9Uxg82uESj4i61EYX8nyuf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.groupon.com/deals/bikram-yoga-huntington-beach-2#ooid=tubGNycTo_9Uxg82uESj4i61EYX8nyufai
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hbo.com/video/game-of-thrones/seasons/season-8/videos/trailer
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hbo.com/video/game-of-thrones/seasons/season-8/videos/traileramd5u8126210656f433c452a213
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.heise.de/ct/artikel/c-t-uplink-20-8-Staubsaugerroboter-Xiaomi-Vacuum-2-AR-Brille-Meta-2-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.heise.de/video/artikel/nachgehakt-Wie-sichert-das-c-t-Tool-Restric-tor-Windows-10-ab-370
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hgtv.com/videos/cookie-decorating-101-0301929
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hgtv.com/videos/cookie-decorating-101-0301929aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hidive.com/account/login
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hidive.com/account/loginL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hidive.com/play/settings
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hidive.com/play/settingsaTitleaKeyaPlayerIdaf4f895ce1ca713ba263b91caeb1daa2d08904783aget
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hidive.com/stream/the-comic-artist-and-his-assistants/s01e001
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hidive.com/stream/the-comic-artist-and-his-assistants/s01e001ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.history.com/topics/valentines-day/history-of-valentines-day-video
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.history.com/topics/valentines-day/history-of-valentines-day-videoainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.historyvault.com/collections/america-the-story-of-us/westward
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.historyvault.com/collections/america-the-story-of-us/westwardaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hkedcity.net/etv/resource/2932360618
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hkedcity.net/etv/resource/2932360618amd5af193712f5f7abb208ddef3c5ea6ed0b7ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hkedcity.net/etv/resource/972641418
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hkedcity.net/etv/resource/972641418amd5u1ed494c1c6cf7866a8290edad9b07dc9ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hostblogger.de/blog/archives/6181-Auto-jagt-Betonmischer.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hostblogger.de/blog/archives/6181-Auto-jagt-Betonmischer.htmlamd5afbcde74f534176ecb01584
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hotstar.com/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hotstar.com/%sacontentIdaieaHotStarIEaie_keyavideo_idaplaylist_resulta__doc__a__file__a_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hotstar.com/can-you-not-spread-rumours/1000076273
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hotstar.com/can-you-not-spread-rumours/1000076273ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hotstar.com/movies/radha-gopalam/1000057157
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hotstar.com/movies/radha-gopalam/1000057157aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hotstar.com/tv/ek-bhram-sarvagun-sampanna/s-2116/janhvi-targets-suman/1000234847
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hotstar.com/tv/ek-bhram-sarvagun-sampanna/s-2116/janhvi-targets-suman/1000234847aonly_ma
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hotstar.com/tv/savdhaan-india/s-26/list/extras/t-2480
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hotstar.com/tv/savdhaan-india/s-26/list/extras/t-2480aonly_matchingtuHotStarPlaylistIE._
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hotstar.com/tv/savdhaan-india/s-26/list/popular-clips/t-3_2_26
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hotstar.com/tv/savdhaan-india/s-26/list/popular-clips/t-3_2_26ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hsgac.senate.gov/hearings/canadas-fast-track-refugee-plan-unanswered-questions-and-impli
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hungama.com/audio-player-data/track/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hungama.com/audio-player-data/track/%sD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hungama.com/index.php
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hungama.com/index.phpadataaurlencode_postdataacontent_idaheadersD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hungama.com/movie/kahaani-2/44129919/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hungama.com/movie/kahaani-2/44129919/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hungama.com/song/kitni-haseen-zindagi/2931166/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hungama.com/song/kitni-haseen-zindagi/2931166/amd5aa845a6d1ebd08d80c1035126d49bd6a0ainfo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.hungama.com/tv-show/padded-ki-pushup/season-1/44139461/episode/ep-02-training-sasu-pathl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.imdb.com/list/ls009921623/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.imdb.com/list/ls009921623/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.imdb.com/list/ls009921623/videoplayer/vi260482329
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.imdb.com/list/ls009921623/videoplayer/vi260482329aonly_matchingta_TESTSa_real_extractuIm
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.imdb.com/ve/data/VIDEO_PLAYBACK_DATA
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.imdb.com/ve/data/VIDEO_PLAYBACK_DATAaqueryakeyabase64ab64encodeajsonadumpsatypeaVIDEO_PL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.imdb.com/video/vi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.imdb.com/video/via_parse_jsona_search_regexuargs
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ina.fr/audio/P16173408
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ina.fr/audio/P16173408aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ina.fr/video/P16173408-video.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ina.fr/video/P16173408-video.htmlaonly_matchingta_TESTSa_real_extractuInaIE._real_extrac
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ina.fr/video/S806544_001/don-d-organes-des-avancees-mais-d-importants-besoins-video.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.inc.com/oscar-raymundo/richard-branson-young-entrepeneurs.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.inc.com/oscar-raymundo/richard-branson-young-entrepeneurs.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.infoq.com/presentations/Simple-Made-Easy
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.infoq.com/presentations/Simple-Made-Easyamd5u0e34642d4d9ef44bf86f66f6399672dbainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.instagram.com/graphql/query/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.instagram.com/graphql/query/uDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.instagram.com/p/BA-pQFBG8HZ/?taken-by=britneyspears
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.instagram.com/p/BA-pQFBG8HZ/?taken-by=britneyspearsuBA-pQFBG8HZuVideo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.instagram.com/p/BQ0eAlwhDrw/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.instagram.com/p/BQ0eAlwhDrw/aplaylistL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.instagram.com/tv/aye83DjauH/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.instagram.com/tv/aye83DjauH/aonly_matchingta_TESTSastaticmethoda_extract_embed_urluInsta
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.internazionale.it/video/2015/02/19/richard-linklater-racconta-una-scena-di-boyhood
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.internazionale.it/video/2015/02/19/richard-linklater-racconta-una-scena-di-boyhoodamd5u3
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.internazionale.it/video/2018/08/29/telefono-stare-con-noi-stessi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.internazionale.it/video/2018/08/29/telefono-stare-con-noi-stessiamd5u9db8663704cab73eb97
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.investigationdiscovery.com/tv-shows/final-vision/full-episodes/final-vision
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.investigationdiscovery.com/tv-shows/final-vision/full-episodes/final-visionaonly_matchin
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.itv.com/hub/james-martins-saturday-morning/2a5159a0034
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.itv.com/hub/james-martins-saturday-morning/2a5159a0034aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.itv.com/hub/through-the-keyhole/2a2271a0033
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.itv.com/hub/through-the-keyhole/2a2271a0033aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.itv.com/hub/whos-doing-the-dishes/2a2898a0024
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.itv.com/hub/whos-doing-the-dishes/2a2898a0024aonly_matchingta_TESTSa_real_extractuITVIE.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ivi.tv/watch/33560/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ivi.tv/watch/33560/aonly_matchingta_TESTST
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ivideon.com/tv/camera/100-916ca13b5c4ad9f564266424a026386d/0/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ivideon.com/tv/camera/100-916ca13b5c4ad9f564266424a026386d/0/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ivideon.com/tv/camera/100-c4ee4cb9ede885cf62dfbe93d7b53783/589824/?lang=ru
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ivideon.com/tv/camera/100-c4ee4cb9ede885cf62dfbe93d7b53783/589824/?lang=ruaonly_matching
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ivideon.com/tv/map/22.917923/-31.816406/16/camera/100-e7bc16c7d4b5bbd633fd5350b66dfa9a/0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.jamendo.com
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.jamendo.com/album/121486/duck-on-cover
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.jamendo.com/album/121486/duck-on-coverainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.jamendo.com/track/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.jamendo.com/track/196219/stories-from-emona-i
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.jamendo.com/track/196219/stories-from-emona-iamd5u6e9e82ed6db98678f171c25a8ed09ffdainfo_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.jamendo.com/track/a_parse_jsona_html_search_regexudata-bundled-models=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.jamendo.comaqueryuid
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.kaltura.com/index.php/extwidget/preview/partner_id/1770401/uiconf_id/37307382/entry_id/0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.kaltura.com:443/index.php/extwidget/preview/partner_id/1770401/uiconf_id/37307382/entry_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.keezmovies.com/video/arab-wife-want-it-so-bad-i-see-she-thirsty-and-has-tiny-money-18070
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ketnet.be/achter-de-schermen/sien-repeteert-voor-stars-for-life
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ketnet.be/achter-de-schermen/sien-repeteert-voor-stars-for-lifeaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ketnet.be/kijken/karrewiet/uitzending-8-september-2016
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ketnet.be/kijken/karrewiet/uitzending-8-september-2016aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ketnet.be/kijken/nachtwacht/de-bermadoe
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ketnet.be/kijken/nachtwacht/de-bermadoeaonly_matchingta_TESTSa_real_extractuKetnetIE._re
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ketnet.be/kijken/nachtwacht/de-greystook
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ketnet.be/kijken/nachtwacht/de-greystookamd5u90139b746a0a9bd7bb631283f6e2a64eainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ketnet.be/kijken/zomerse-filmpjes
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ketnet.be/kijken/zomerse-filmpjesamd5u6bdeb65998930251bbd1c510750edba9ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.khanacademy.org/math/applied-math/cryptography
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.khanacademy.org/math/applied-math/cryptographyainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.kickstarter.com/projects/1404461844/intersection-the-story-of-josh-grant/description
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.kickstarter.com/projects/1404461844/intersection-the-story-of-josh-grant/descriptionamd5
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.kickstarter.com/projects/1420158244/power-drive-2000/widget/video.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.kickstarter.com/projects/1420158244/power-drive-2000/widget/video.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.kickstarter.com/projects/597507018/pebble-e-paper-watch-for-iphone-and-android/posts/659
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.kinopoisk.ru/film/81041
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.kinopoisk.ru/film/81041/watch/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.kinopoisk.ru/film/81041/watch/amd5u4f71c80baea10dfa54a837a46111d326ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.kinopoisk.ru/film/81041aonly_matchingta_TESTSa_real_extractuKinoPoiskIE._real_extracta__
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.laola1.tv/titanplayer.php
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.laola1.tv/titanplayer.php?videoid=708065&type=V&lang=en&portal=int&customer=1024
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.laola1.tv/titanplayer.php?videoid=708065&type=V&lang=en&portal=int&customer=1024ainfo_di
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.laola1.tv/titanplayer.phpatypewVaenaintacustomerl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lecturio.de/jura/grundrechte.kurs
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lecturio.de/jura/grundrechte.kursaonly_matchingta_TESTuLecturioDeCourseIE._real_extractu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lecturio.de/jura/oeffentliches-recht-staatsexamen.vortrag
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lecturio.de/jura/oeffentliches-recht-staatsexamen.vortragaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lego.com/nl-nl/kids/videos/classic/creative-storytelling-the-little-puppy-aa24f27c7d5242
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lequipe.fr/video/k7MtHciueyTcrFtFKA2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lequipe.fr/video/k7MtHciueyTcrFtFKA2aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lequipe.fr/video/x791mem
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lequipe.fr/video/x791memaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lifetimemovieclub.com/movies/a-killer-among-us
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lifetimemovieclub.com/movies/a-killer-among-usaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.linkedin.com/learning-api/detailedCourses
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.linkedin.com/learning-api/detailedCoursesa_download_jsonuDownloading%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.linkedin.com/learning/%s/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.linkedin.com/learning/%s/%sachapterachapter_numberachapter_idaie_keyaplaylist_resultT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.linkedin.com/learning/programming-foundations-fundamentals
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.linkedin.com/learning/programming-foundations-fundamentals/welcome?autoplay=true
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.linkedin.com/learning/programming-foundations-fundamentals/welcome?autoplay=trueamd5aa1d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.linkedin.com/learning/programming-foundations-fundamentalsainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.linkedin.com/uas/login-submit
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.linkedin.com/uas/login-submitagroupaurla_hidden_inputsasession_keyasession_passworduLogg
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.linkedin.com/uas/login?trk=learning
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.linkedin.com/uas/login?trk=learningT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.litv.tv/promo/miyuezhuan/?content_id=VOD00044841&
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.litv.tv/promo/miyuezhuan/?content_id=VOD00044841&amd5u88322ea132f848d6e3e18b32a832b918ai
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.litv.tv/vod/%s/content.do?id=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.litv.tv/vod/%s/content.do?id=%sL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.litv.tv/vod/ajax/getProgramInfo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.litv.tv/vod/ajax/getProgramInfoaqueryaheadersD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.litv.tv/vod/drama/content.do?brc_id=root&id=VOD00041610&isUHEnabled=true&autoPlay=1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.litv.tv/vod/drama/content.do?brc_id=root&id=VOD00041610&isUHEnabled=true&autoPlay=1ainfo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.litv.tv/vod/drama/content.do?brc_id=root&id=VOD00041610&isUHEnabled=true&autoPlay=1amd5u
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.litv.tv/vod/getMainUrl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.litv.tv/vod/getMainUrladataajsonadumpsaencodeT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.liveleak.com/ll_embed?f=ab065df993c1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.liveleak.com/ll_embed?f=ab065df993c1aonly_matchingtuLiveLeakEmbedIE._real_extractuyoutub
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.liveleak.com/ll_embed?i=874_1459135191
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.liveleak.com/ll_embed?i=874_1459135191aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.liveleak.com/view?i=677_1439397581
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.liveleak.com/view?i=677_1439397581ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.liveleak.com/view?t=C26ZZ_1558612804
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.liveleak.com/view?t=C26ZZ_1558612804aonly_matchingta_TESTSastaticmethoda_extract_urlsuLi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.liveleak.com/view?t=HvHi_1523016227
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.liveleak.com/view?t=HvHi_1523016227aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.loc.gov/item/78710669/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.loc.gov/item/78710669/u78710669uLa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.loc.gov/item/afc1981005_afs20503/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.loc.gov/item/afc1981005_afs20503/aonly_matchingta_TESTSa_real_extractuLibraryOfCongressI
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.loc.gov/item/ihas.200197114/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.loc.gov/item/ihas.200197114/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.loc.gov/today/cyberlc/feature_wdesc.php?rec=5578
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.loc.gov/today/cyberlc/feature_wdesc.php?rec=5578u5578uHelp
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ludo.fr/heros/ninjago
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ludo.fr/heros/ninjagoainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lynda.com/%s/%%s-4.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lynda.com/%s/%%s-4.htmluhttps://www.lynda.com/ajax/player?courseId=%s&type=courseuDownlo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lynda.com/ASP-NET-tutorials/What-you-should-know/5034180/2811512-4.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lynda.com/ASP-NET-tutorials/What-you-should-know/5034180/2811512-4.htmlaonly_matchingta_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lynda.com/Bootstrap-tutorials/Using-exercise-files/110885/114408-4.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lynda.com/Bootstrap-tutorials/Using-exercise-files/110885/114408-4.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lynda.com/Graphic-Design-tutorials/Grundlagen-guten-Gestaltung/393570-2.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lynda.com/Graphic-Design-tutorials/Grundlagen-guten-Gestaltung/393570-2.htmlaonly_matchi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lynda.com/ajax/course/%s/%s/play
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lynda.com/ajax/course/%s/%s/playuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lynda.com/ajax/player
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lynda.com/ajax/player/conviva
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lynda.com/ajax/player/convivauDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lynda.com/ajax/player?courseId=%s&type=course
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lynda.com/ajax/player?videoId=%s&type=transcript
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lynda.com/ajax/player?videoId=%s&type=transcriptuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lynda.com/ajax/playeruDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lynda.com/de/Graphic-Design-tutorials/Grundlagen-guten-Gestaltung/393570-2.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lynda.com/de/Graphic-Design-tutorials/Grundlagen-guten-Gestaltung/393570-2.htmlaonly_mat
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lynda.com/de/Graphic-Design-tutorials/Willkommen-Grundlagen-guten-Gestaltung/393570/3935
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lynda.com/player/embed/133770?tr=foo=1;bar=g;fizz=rt&fs=0
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lynda.com/player/embed/133770?tr=foo=1;bar=g;fizz=rt&fs=0aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lynda.com/signin/lynda
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lynda.com/signin/lyndauhttps://www.lynda.com/signin/passworduhttps://www.lynda.com/signi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lynda.com/signin/password
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.lynda.com/signin/user
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mall.tv/18-miliard-pro-neziskovky-opravdu-jsou-sportovci-nebo-clovek-v-tisni-pijavice
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mall.tv/18-miliard-pro-neziskovky-opravdu-jsou-sportovci-nebo-clovek-v-tisni-pijaviceamd
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mall.tv/kdo-to-plati/18-miliard-pro-neziskovky-opravdu-jsou-sportovci-nebo-clovek-v-tisn
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.manyvids.com/Video/133957/everthing-about-me/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.manyvids.com/Video/133957/everthing-about-me/amd5u03f11bb21c52dd12a05be21a5c7dcc97ainfo_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.manyvids.com/Video/935718/MY-FACE-REVEAL/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.manyvids.com/Video/935718/MY-FACE-REVEAL/af3e8f7086409e9b470e2643edb96bdccu935718uMY
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.manyvids.com/includes/ajax_repository/you_had_me_at_hello.php
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.manyvids.com/includes/ajax_repository/you_had_me_at_hello.phpafataladataaurlencode_postd
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mediaite.com/tv/dem-senator-claims-gary-cohn-faked-a-bad-connection-during-trump-call-to
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mediasetplay.mediaset.it/video/cherryseason/anticipazioni-degli-episodi-del-23-ottobre_F
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mediasetplay.mediaset.it/video/gogglebox/un-grande-classico-della-commedia-sexy_FAFU0000
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mediasetplay.mediaset.it/video/grandefratellovip/benedetta-una-doccia-gelata_F3093444010
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mediasetplay.mediaset.it/video/hellogoodbye/quarta-puntata_FAFU000000661824
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mediasetplay.mediaset.it/video/hellogoodbye/quarta-puntata_FAFU000000661824amd5u9b75534d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mediasetplay.mediaset.it/video/matrix/puntata-del-25-maggio_F309013801000501
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mediasetplay.mediaset.it/video/matrix/puntata-del-25-maggio_F309013801000501amd5u288532f
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mediasetplay.mediaset.it/video/mediasethaacuoreilfuturo/palmieri-alicudi-lisola-dei-tre-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mediasetplay.mediaset.it/video/tg5/ambiente-onda-umana-per-salvare-il-pianeta_F309453601
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.microsoftvirtualacademy.com/en-US/training-courses/microsoft-azure-fundamentals-virtual-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.midnightpulp.com/series/016375s/mononoke/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.midnightpulp.com/series/016375s/mononoke/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.midnightpulp.com/video/010400v/drifters/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.midnightpulp.com/video/010400v/drifters/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.midnightpulp.com/video/mononoke/016378v-zashikiwarashi-part-1/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.midnightpulp.com/video/mononoke/016378v-zashikiwarashi-part-1/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mitele.es/programas-tv/diario-de/la-redaccion/programa-144-40_1006364575251/player/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mitele.es/programas-tv/diario-de/la-redaccion/programa-144-40_1006364575251/player/aonly
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mixcloud.com/FirstEar/stream/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mixcloud.com/FirstEar/stream/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mixcloud.com/graphql
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mixcloud.com/graphqlaqueryu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mixcloud.com/maxvibes/playlists/jazzcat-on-ness-radio/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mixcloud.com/maxvibes/playlists/jazzcat-on-ness-radio/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mlb.com/cardinals/video/piscottys-great-sliding-catch/c-51175783
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mlb.com/cardinals/video/piscottys-great-sliding-catch/c-51175783aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mlb.com/cut4/carlos-gomez-borrowed-sunglasses-from-an-as-fan/c-278912842
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mlb.com/cut4/carlos-gomez-borrowed-sunglasses-from-an-as-fan/c-278912842aonly_matchingta
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mlb.com/mariners/video/ackleys-spectacular-catch/c-34698933
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mlb.com/mariners/video/ackleys-spectacular-catch/c-34698933amd5u632358dacfceec06bad823b8
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mlb.com/news/blue-jays-kevin-pillar-goes-spidey-up-the-wall-to-rob-tim-beckham-of-a-home
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mlb.com/video/bautista-on-home-run-derby/c-34577915
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mlb.com/video/bautista-on-home-run-derby/c-34577915amd5ada8b57a12b060e7663ee1eebd6f330ec
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mlb.com/video/cespedes-repeats-as-derby-champ/c-34578115
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mlb.com/video/cespedes-repeats-as-derby-champ/c-34578115amd5u99bb9176531adc600b90880fb8b
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mlb.com/video/hargrove-homers-off-caldwell/c-1352023483?tid=67793694
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mlb.com/video/hargrove-homers-off-caldwell/c-1352023483?tid=67793694aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mlb.com/video/stanton-prepares-for-derby/c-34496663
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mlb.com/video/stanton-prepares-for-derby/c-34496663amd5abf2619bf9cacc0a564fc35e6aeb9219f
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mofosex.com/embed/?videoid=318131&referrer=KM
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mofosex.com/embed/?videoid=318131&referrer=KMaonly_matchingtastaticmethoda_extract_urlsu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.msn.com/en-in/money/news/meet-vikram-%E2%80%94-chandrayaan-2s-lander/vi-AAGUr0v
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.msn.com/en-in/money/news/meet-vikram-%E2%80%94-chandrayaan-2s-lander/vi-AAGUr0vaonly_mat
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.msn.com/en-in/money/sports/hottest-football-wags-greatest-footballers-turned-managers-an
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.msn.com/en-in/money/video/7-ways-to-get-rid-of-chest-congestion/vi-BBPxU6d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.msn.com/en-in/money/video/7-ways-to-get-rid-of-chest-congestion/vi-BBPxU6damd5u087548191
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/football_nfl/week-13-preview-redskins-vs-panthers/vi-BBXsCDb
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/football_nfl/week-13-preview-redskins-vs-panthers/vi-BBXsCDbaonly_ma
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/other/jupiter-is-about-to-come-so-close-you-can-see-its-moons-with-b
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.msn.com/es-ve/entretenimiento/watch/winston-salem-paire-refait-des-siennes-en-perdant-sa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mycanal.fr/d17-emissions/lolywood/p/1397061
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.mycanal.fr/d17-emissions/lolywood/p/1397061ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.myvi.ru/watch/YwbqszQynUaHPn_s82sx0Q2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.myvi.ru/watch/YwbqszQynUaHPn_s82sx0Q2aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.myvi.tv/embed/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.myvi.tv/embed/ccdqic3wgkqwpb36x9sxg43t4r
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.myvi.tv/embed/ccdqic3wgkqwpb36x9sxg43t4rainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.myvi.tv/idmi6o?v=ccdqic3wgkqwpb36x9sxg43t4r#watch
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.myvi.tv/idmi6o?v=ccdqic3wgkqwpb36x9sxg43t4r#watchaonly_matchingtuMyviEmbedIE.suitableuMy
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nationalgeographic.com/tv/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nationalgeographic.com/tv/a_HOME_PAGE_URLu238bb0a0c2aba67922c48709ce0c06fda_API_KEYuyout
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nationalgeographic.com/tv/watch/6a875e6e734b479beda26438c9f21138/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nationalgeographic.com/tv/watch/6a875e6e734b479beda26438c9f21138/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nbc.com/classic-tv/charles-in-charge/video/charles-in-charge-pilot/n3310
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nbc.com/classic-tv/charles-in-charge/video/charles-in-charge-pilot/n3310aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nbc.com/up-all-night/video/day-after-valentine%27s-day/n2189
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nbc.com/up-all-night/video/day-after-valentine%27s-day/n2189aonly_matchingta_TESTSa_real
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ndr.de/Fettes-Brot-Ferris-MC-und-Thees-Uhlmann-live-on-stage
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ndtv.com/video/news/news/delhi-s-air-quality-status-report-after-diwali-is-very-poor-470
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.newgrounds.com/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.newgrounds.com/%saieaNewgroundsIEaie_keyavideo_idaplaylist_resulta__doc__a__file__a__spe
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.newgrounds.com/audio/listen/549479
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.newgrounds.com/audio/listen/549479amd5afe6033d297591288fa1c1f780386f07aainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.newgrounds.com/collection/cats
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.newgrounds.com/collection/catsainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.newgrounds.com/portal/view/673111
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.newgrounds.com/portal/view/673111amd5u3394735822aab2478c31b1004fe5e5bcainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.newstube.ru/embed/api/player/getsources2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.newstube.ru/embed/api/player/getsources2aqueryaguidaffl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nhl.com/news/dennis-wideman-suspended/c-278258934
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nhl.com/news/dennis-wideman-suspended/c-278258934amd5u1f39f4ea74c1394dea110699a25b366cai
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nhl.com/predators/video/poile-laviolette-on-subban-trade/t-277437416/c-44315003
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nhl.com/predators/video/poile-laviolette-on-subban-trade/t-277437416/c-44315003amd5u50b2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nhl.com/video/anisimov-cleans-up-mess/t-277752844/c-43663503
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nhl.com/video/anisimov-cleans-up-mess/t-277752844/c-43663503amd5u0f7b9a8f986fb4b4eeeece9
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nintendo.com/games/detail/duck-hunt-wii-u/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nintendo.com/games/detail/duck-hunt-wii-u/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nintendo.com/nintendo-direct/09-04-2019/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nintendo.com/nintendo-direct/09-04-2019/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nonktube.com/embed/118636
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nonktube.com/embed/118636aonly_matchingta_TESTSa_real_extractuNonkTubeIE._real_extracta_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nonktube.com/video/118636/sensual-wife-uncensored-fucked-in-hairy-pussy-and-facialized
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nonktube.com/video/118636/sensual-wife-uncensored-fucked-in-hairy-pussy-and-facializedai
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.noviny.sk/slovensko/238543-slovenskom-sa-prehnala-vlna-silnych-burok
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.noviny.sk/slovensko/238543-slovenskom-sa-prehnala-vlna-silnych-burokD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nowness.com/playlist/3286/i-guess-thats-why-they-call-it-the-blues
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nowness.com/playlist/3286/i-guess-thats-why-they-call-it-the-bluesainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nowness.com/series/60-seconds
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nowness.com/series/60-secondsainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nowness.com/series/nowness-picks/jean-luc-godard-supercut
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nowness.com/series/nowness-picks/jean-luc-godard-supercutamd5u9a5a6a8edf806407e411296ab6
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nowness.com/story/candor-the-art-of-gesticulation
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nowness.com/story/candor-the-art-of-gesticulationamd5u068bc0202558c2e391924cb8cc470676ai
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.npo3.nl/3onderzoekt/16-09-2015/VPWON_1239870
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.npo3.nl/3onderzoekt/16-09-2015/VPWON_1239870aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.npostart.nl/api/token
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.npostart.nl/api/tokenuDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.npostart.nl/broodje-gezond-ei/28-05-2018/KN_1698996
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.npostart.nl/broodje-gezond-ei/28-05-2018/KN_1698996aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.npostart.nl/live/npo-1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.npostart.nl/live/npo-1aonly_matchingtuNPOLiveIE._real_extractunpo.nl:radiouhttps?://(?:w
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.npostart.nl/player/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.npostart.nl/player/%suDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.npr.org/2017/06/19/533198237/tigers-jaw-tiny-desk-concert
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.npr.org/2017/06/19/533198237/tigers-jaw-tiny-desk-concertainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.npr.org/2020/02/14/805476846/laura-stevenson-tiny-desk-concert
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.npr.org/2020/02/14/805476846/laura-stevenson-tiny-desk-concertaonly_matchingta_TESTSa_re
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.npr.org/sections/allsongs/2015/10/21/449974205/new-music-from-beach-house-chairlift-cmj-
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.npr.org/sections/deceptivecadence/2015/10/09/446928052/music-from-the-shadows-ancient-ar
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nrk.no/skole/?page=objectives&subject=naturfag&objective=K15114&mediaId=19355
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nrk.no/skole/?page=objectives&subject=naturfag&objective=K15114&mediaId=19355aonly_match
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nrk.no/skole/?page=search&q=&mediaId=14099
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nrk.no/skole/?page=search&q=&mediaId=14099amd5u18c12c3d071953c3bf8d54ef6b2587b7ainfo_dic
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nrl.com/tv/news/match-highlights-titans-v-knights-862805/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nrl.com/tv/news/match-highlights-titans-v-knights-862805/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ntv.ru/kino/Koma_film/m70281/o336036/video/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ntv.ru/kino/Koma_film/m70281/o336036/video/amd5ae9c7cde24d9d3eaed545911a04e6d4f4ainfo_di
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ntv.ru/video/1797442
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ntv.ru/video/1797442aonly_matchingta_TESTSL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nzz.ch/video/nzz-standpunkte/cvp-auf-der-suche-nach-dem-mass-der-mitte-ld.1368112
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.nzz.ch/video/nzz-standpunkte/cvp-auf-der-suche-nach-dem-mass-der-mitte-ld.1368112ainfo_d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ok.ru/live/484531969818
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ok.ru/live/484531969818aonly_matchingtD
Source: namang.exe, 00000012.00000003.567864406.0000000009A67000.00000004.00000001.sdmp	String found in binary or memory: https://www.openssl.org/H
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ora.tv/larrykingnow/2015/12/16/vine-youtube-stars-zach-king-king-bach-on-their-viral-vid
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.oreilly.com/ideas/my-cloud-makes-pretty-pictures
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.oreilly.com/ideas/my-cloud-makes-pretty-picturesainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.oreilly.com/library/view/hadoop-fundamentals-livelessons/9780133392838/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.oreilly.com/library/view/hadoop-fundamentals-livelessons/9780133392838/00_SeriesIntro.ht
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.oreilly.com/library/view/hadoop-fundamentals-livelessons/9780133392838/aonly_matchingtac
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.oreilly.com/member/auth/login/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.oreilly.com/member/auth/login/nuLogging
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.packtpub.com/mapt/video/web-development/9781787122215
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.packtpub.com/mapt/video/web-development/9781787122215/20528/20530/Project
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.packtpub.com/mapt/video/web-development/9781787122215ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.paragon-software.com/home/rk-free/keyscenarios.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.paragon-software.com/home/rk-free/keyscenarios.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.patreon.com/api/posts/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.patreon.com/api/posts/D
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.patreon.com/creation?hid=1682498
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.patreon.com/creation?hid=1682498ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.patreon.com/posts/743933
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.patreon.com/posts/743933aonly_matchingta_TESTSa_real_extractuPatreonIE._real_extracta__o
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.patreon.com/posts/episode-166-of-743933
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.patreon.com/posts/episode-166-of-743933aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pbs.org/video/pbs-newshour-full-episode-july-31-2017-1501539057/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pbs.org/video/pbs-newshour-full-episode-july-31-2017-1501539057/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pbs.org/wgbh/masterpiece/episodes/victoria-s2-e1/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pbs.org/wgbh/masterpiece/episodes/victoria-s2-e1/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.periscope.tv/%s/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.periscope.tv/%s/%saplaylist_resulta__doc__a__file__a__spec__aoriginahas_locationa__cache
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.periscope.tv/LularoeHusbandMike/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.periscope.tv/LularoeHusbandMike/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.periscope.tv/bastaakanoggano/1OdKrlkZZjOJX
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.periscope.tv/bastaakanoggano/1OdKrlkZZjOJXaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.periscope.tv/w/1ZkKzPbMVggJv
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.periscope.tv/w/1ZkKzPbMVggJvaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.periscope.tv/w/1ZkKzPbMVggJvaonly_matchingta_TESTSa_extract_urluPeriscopeIE._extract_url
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.periscope.tv/w/aJUQnjY3MjA3ODF8NTYxMDIyMDl2zCg2pECBgwTqRpQuQD352EMPTKQjT4uqlM3cgWFA-g==
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.periscope.tv/w/aJUQnjY3MjA3ODF8NTYxMDIyMDl2zCg2pECBgwTqRpQuQD352EMPTKQjT4uqlM3cgWFA-g==a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.play.fm/dan-drastic/sven-tasnadi-leipzig-electronic-music-batofar-paris-fr-2014-07-12
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.play.fm/dan-drastic/sven-tasnadi-leipzig-electronic-music-batofar-paris-fr-2014-07-12amd
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.playplus.tv/VOD/7572/db8d274a5163424e967f35a30ddafb8e
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.playplus.tv/VOD/7572/db8d274a5163424e967f35a30ddafb8eamd5ad078cb89d7ab6b9df37ce23c647aef
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pluralsight.com/courses/angularjs-get-started
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pluralsight.com/courses/angularjs-get-startedaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.podomatic.com/podcasts/scienceteachingtips/episodes/2009-01-02T16_03_35-08_00
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.podomatic.com/podcasts/scienceteachingtips/episodes/2009-01-02T16_03_35-08_00aonly_match
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pokemon.com/fr/episodes-pokemon/films-pokemon/pokemon-lascension-de-darkrai-2008
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pokemon.com/fr/episodes-pokemon/films-pokemon/pokemon-lascension-de-darkrai-2008ainfo_di
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pokemon.com/us/pokemon-episodes/20_30-the-ol-raise-and-switch/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pokemon.com/us/pokemon-episodes/20_30-the-ol-raise-and-switch/amd5u2fe8eaec69768b25ef898
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornerbros.com/embed/181369
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornerbros.com/embed/181369aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornerbros.com/videos/skinny-brunette-takes-big-cock-down-her-anal-hole_181369
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornerbros.com/videos/video_%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornerbros.com/videos/video_%sutoken.pornerbros.comuhttps://www.pornerbros.com/videos/sk
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/categories/teen
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/categories/teen?page=3
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/categories/teen?page=3aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/categories/teenaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/channels/povd
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/channels/povd/videos
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/channels/povd/videos?o=da
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/channels/povd/videos?o=daaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/channels/povd/videos?o=ra
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/channels/povd/videos?o=raaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/channels/povd/videos?o=vi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/channels/povd/videos?o=viaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/channels/povd/videosainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/channels/povdaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/described-video
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/described-video?page=2
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/described-video?page=2aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/described-videoaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/hd
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/hd?page=3
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/hd?page=3aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/hdaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/model/zoe_ph
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/model/zoe_ph/videos
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/model/zoe_ph/videos/upload
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/model/zoe_ph/videos/uploadaonly_matchingtuyoutube_dl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/model/zoe_ph/videosaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/model/zoe_ph?abc=1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/model/zoe_ph?abc=1aonly_matchingtuPornHubUserIE._real_extractaPornHubPagedPl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/model/zoe_phaplaylist_mincountlvD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/playlist/44121572
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/playlist/44121572ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/playlist/4667351
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/playlist/4667351aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/pornstar/jenny-blighe/videos
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/pornstar/jenny-blighe/videos/upload
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/pornstar/jenny-blighe/videos/uploadainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/pornstar/jenny-blighe/videos?page=3
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/pornstar/jenny-blighe/videos?page=3ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/pornstar/jenny-blighe/videosainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/pornstar/liz-vicious
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/pornstar/liz-vicious/videos/fanonly
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/pornstar/liz-vicious/videos/fanonlyaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/pornstar/liz-vicious/videos/paid
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/pornstar/liz-vicious/videos/paidaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/pornstar/liz-vicious/videos?o=cm
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/pornstar/liz-vicious/videos?o=cmaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/pornstar/liz-vicious/videos?o=lg
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/pornstar/liz-vicious/videos?o=lgaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/pornstar/liz-vicious/videos?o=mv
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/pornstar/liz-vicious/videos?o=mvaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/pornstar/liz-vicious/videos?o=tr
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/pornstar/liz-vicious/videos?o=traonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/pornstar/liz-viciousainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/users/russianveet69
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/users/russianveet69aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/video
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/video/incategories/60fps-1/hd-porn
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/video/incategories/60fps-1/hd-pornaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/video/search?search=123
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/video/search?search=123aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/video?page=3
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/video?page=3aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/videoaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/view_video.php?viewkey=ph5af5fef7c2aa7
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.com/view_video.php?viewkey=ph5af5fef7c2aa7aph5af5fef7c2aa7uBFFS
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.net/view_video.php?viewkey=203640933
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhub.net/view_video.php?viewkey=203640933aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhubpremium.com/view_video.php?viewkey=ph5e4acdae54a82
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.pornhubpremium.com/view_video.php?viewkey=ph5e4acdae54a82aonly_matchingta_TESTSastaticme
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.porntube.com/embed/7089759
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.porntube.com/embed/7089759aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.porntube.com/videos/squirting-teen-ballerina-ecg_1331406
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.porntube.com/videos/squirting-teen-ballerina-ecg_1331406u1331406uSquirting
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.porntube.com/videos/teen-couple-doing-anal_7089759
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.porntube.com/videos/video_%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.porntube.com/videos/video_%sutkn.porntube.comuhttps://www.porntube.com/videos/teen-coupl
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp	String found in binary or memory: https://www.python.org/dev/peps/pep-0506/
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp	String found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.quartier-rouge.be/prive/femmes/kamila-avec-video-jaime-sadomie.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.quartier-rouge.be/prive/femmes/kamila-avec-video-jaime-sadomie.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.radiojavan.com/videos/video_host
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.radiojavan.com/videos/video_hostadataaurlencode_postdataaidaheadersuContent-Typeuapplica
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.rainews.it/tgr/marche/notiziari/video/2019/02/ContentItem-6ba945a2-889c-4a80-bdeb-8489c7
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.raywenderlich.com/3530-testing-in-ios
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.raywenderlich.com/3530-testing-in-ios/lessons/1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.raywenderlich.com/3530-testing-in-ios/lessons/1ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.raywenderlich.com/3530-testing-in-iosainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.rbmaradio.com/shows/main-stage/episodes/ford-lopatin-live-at-primavera-sound-2011
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.rbmaradio.com/shows/main-stage/episodes/ford-lopatin-live-at-primavera-sound-2011amd5u6b
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/embed/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/embed/aRedBullEmbedIEaie_keyutoo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/embed/rrn:content:episode-videos:f3021f4f-3ed4-51ac-915a-11987126e405:en-INT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/gb-en/live/fia-wrc-saturday-recap-estonia
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/gb-en/live/fia-wrc-saturday-recap-estoniaaonly_matchingtL
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/int-en/episodes/AP-1TQWK7XE11W11
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/int-en/episodes/AP-1TQWK7XE11W11aonly_matchingta_TESTSuRedBullTVIE.extract_i
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/int-en/episodes/grime-hashtags-s02-e04
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/int-en/episodes/grime-hashtags-s02-e04amd5adb8271a7200d40053a1809ed0dd574ffa
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/int-en/films/AP-1ZSMAW8FH2111
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/int-en/films/AP-1ZSMAW8FH2111aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/int-en/films/kilimanjaro-mountain-of-greatness
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/int-en/films/kilimanjaro-mountain-of-greatnessaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/int-en/live/mens-dh-finals-fort-william
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/int-en/live/mens-dh-finals-fort-williamaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/int-en/recap-videos/uci-mountain-bike-world-cup-2017-mens-xco-finals-from-va
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/int-en/trailer-videos/kings-of-content
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/int-en/trailer-videos/kings-of-contentaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/int-en/tv/film/rrn:content:films:d1f4d00e-4c04-5d19-b510-a805ffa2ab83/follow
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/int-en/tv/video/AP-1UWHCAR9S1W11/rob-meets-sam-gaze?playlist=playlists::3f81
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/int-en/tv/video/rrn:content:live-videos:e3e6feb4-e95f-50b7-962a-c70f8fd13c73
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/int-en/tv/video/rrn:content:videos:a36a0f36-ff1b-5db8-a69d-ee11a14bf48b/tn-t
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/int-en/videos/tnts-style-red-bull-dance-your-style-s1-e12
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/int-en/videos/tnts-style-red-bull-dance-your-style-s1-e12aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/us-en/events/AP-1XV2K61Q51W11/live/AP-1XUJ86FDH1W11
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/us-en/events/AP-1XV2K61Q51W11/live/AP-1XUJ86FDH1W11aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/us-en/videos/AP-1YM9QCYE52111
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/us-en/videos/AP-1YM9QCYE52111aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/v3/api/graphql/v1/v3/query/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.com/v3/api/graphql/v1/v3/query/ufilter
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.tv/video/AP-1PMHKJFCW1W11
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.tv/video/AP-1PMHKJFCW1W11ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.tv/video/AP-1Q6XCDTAN1W11
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.redbull.tv/video/AP-1Q6XCDTAN1W11amd5afb0445b98aa4394e504b413d98031d1fainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.reddit.com/r/MadeMeSmile/comments/6t7wi5/wait_for_it/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.reddit.com/r/MadeMeSmile/comments/6t7wi5/wait_for_it/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.reddit.com/r/videos/comments/6rrwyj
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.reddit.com/r/videos/comments/6rrwyj/that_small_heart_attack/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.reddit.com/r/videos/comments/6rrwyj/that_small_heart_attack/ainfo_dictazv89llsvexdzaextu
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.reddit.com/r/videos/comments/6rrwyjaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.reddit.com/r/videos/comments/6t75wq/southern_man_tries_to_speak_without_an_accent/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.reddit.com/r/videos/comments/6t75wq/southern_man_tries_to_speak_without_an_accent/aonly_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.reddit.com/r/videos/comments/6t7sg9/comedians_hilarious_joke_about_the_guam_flag/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.reddit.com/r/videos/comments/6t7sg9/comedians_hilarious_joke_about_the_guam_flag/aonly_m
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.restudy.dk/awsmedia/SmilDirectory/video_1637.xml
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.restudy.dk/awsmedia/SmilDirectory/video_1637.xmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.restudy.dk/video/play/id/1637
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.restudy.dk/video/play/id/1637ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.rockstargames.com/videoplayer/videos/get-video.json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.rockstargames.com/videoplayer/videos/get-video.jsonaqueryaidalocaleaen_usavideoatitleafi
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.rockstargames.com/videos/video/11544/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.rockstargames.com/videos/video/11544/amd5u03b5caa6e357a4bd50e3143fc03e5733ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.rtbf.be/auvio/detail_cinq-heures-cinema?id=2360811
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.rtbf.be/auvio/detail_cinq-heures-cinema?id=2360811aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.rtbf.be/auvio/detail_les-carnets-du-bourlingueur?id=2361588
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.rtbf.be/auvio/detail_les-carnets-du-bourlingueur?id=2361588aonly_matchingta_TESTSuhttp:/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.rtbf.be/auvio/direct_pure-fm?lid=134775
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.rtbf.be/auvio/direct_pure-fm?lid=134775aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.rtbf.be/auvio/embed/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.rtbf.be/auvio/embed/adirectamediaaqueryaida_parse_jsona_html_search_regexudata-media=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.rtbf.be/video/detail_les-diables-au-coeur-episode-2?id=1921274
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.rtbf.be/video/detail_les-diables-au-coeur-episode-2?id=1921274amd5u8c876a1cceeb6cf31b476
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.rtl.nl/video/c603c9c2-601d-4b5e-8175-64f1e942dc7d/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.rtl.nl/video/c603c9c2-601d-4b5e-8175-64f1e942dc7d/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.rtl2.de/sites/default/modules/rtl2/jwplayer/jwplayer-7.6.0/jwplayer.flash.swf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.rtl2.de/sites/default/modules/rtl2/jwplayer/jwplayer-7.6.0/jwplayer.flash.swfapage_urlaf
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.rtlxl.nl/programma/rtl-nieuws/0bd1384d-d970-3086-98bb-5c104e10c26f
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.rtlxl.nl/programma/rtl-nieuws/0bd1384d-d970-3086-98bb-5c104e10c26famd5u490428f1187b60d71
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.safaribooksonline.com/api/v1/book/9780133392838/chapter/part00.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.safaribooksonline.com/api/v1/book/9780133392838/chapter/part00.htmlaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.safaribooksonline.com/api/v1/book/9780134664057/chapter/RHCE_Introduction.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.safaribooksonline.com/api/v1/book/9780134664057/chapter/RHCE_Introduction.htmlaonly_matc
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.safaribooksonline.com/api/v1/book/9781449396459/?override_format=json
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.safaribooksonline.com/api/v1/book/9781449396459/?override_format=jsonaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.safaribooksonline.com/library/tutorials/introduction-to-python-anon/3469/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.safaribooksonline.com/library/tutorials/introduction-to-python-anon/3469/aparamsD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.safaribooksonline.com/library/view/create-a-nodejs/100000006A0210/part00.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.safaribooksonline.com/library/view/create-a-nodejs/100000006A0210/part00.htmlaonly_match
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.safaribooksonline.com/library/view/hadoop-fundamentals-livelessons/9780133392838/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.safaribooksonline.com/library/view/hadoop-fundamentals-livelessons/9780133392838/ainfo_d
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.safaribooksonline.com/library/view/hadoop-fundamentals-livelessons/9780133392838/part00.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.safaribooksonline.com/library/view/learning-path-red/9780134664057/RHCE_Introduction.htm
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.safaribooksonline.com/videos/python-programming-language/9780134217314
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.safaribooksonline.com/videos/python-programming-language/9780134217314/9780134217314-PYM
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.safaribooksonline.com/videos/python-programming-language/9780134217314aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.sciencechannel.com/tv-shows/mythbusters-on-science/full-episodes/christmas-special
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.sciencechannel.com/tv-shows/mythbusters-on-science/full-episodes/christmas-specialaonly_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.scte.org/SCTE/Sign_In.aspx
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.scte.org/SCTE/Sign_In.aspxasctea_NETRC_MACHINEa_real_initializeuSCTEBaseIE._real_initial
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.seriesplus.com/emissions/dre-mary-mort-sur-ordonnance/videos/deux-coeurs-battant/SERP005
Source: namang.exe, 00000022.00000003.988817120.000000000505F000.00000004.00000001.sdmp	String found in binary or memory: https://www.seznamzpravy.cz/iframe/player?duration=241&serviceSlug=zpravy&src=https%3A%2F%2Fv39-a.sd
Source: namang.exe, 00000012.00000003.573957670.00000000078F3000.00000004.00000001.sdmp	String found in binary or memory: https://www.seznamzpravy.cz/iframe/player?duration=null&serviceSlug=zpravy&src=https%3A%2F%2Flive-a.
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.smashcast.tv/api/media/live
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.smashcast.tv/api/media/video
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.smashcast.tv/api/media/videoaformatsaHitboxIEasuitableaHitboxLiveIEuhttps://www.smashcas
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.smashcast.tv/api/player/config/live/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.smashcast.tv/api/player/config/video/%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.smashcast.tv/api/player/config/video/%suDownloading
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.smashcast.tv/dimak
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.smashcast.tv/dimakaonly_matchingtaclassmethoduHitboxLiveIE.suitableuHitboxLiveIE._real_e
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.smashcast.tv/hitboxlive/videos/203213
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.smashcast.tv/hitboxlive/videos/203213aonly_matchingta_TESTSuHitboxIE._extract_metadataa_
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.sonycrackle.com/andromeda/2502343
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.sonycrackle.com/andromeda/2502343aonly_matchingta_TESTSD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.sundancetv.com/shows/riviera/full-episodes/season-1/episode-01-episode-1
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.sundancetv.com/shows/riviera/full-episodes/season-1/episode-01-episode-1aonly_matchingta
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.supla.fi/supla/3382410
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.supla.fi/supla/3382410amd5ab9d7155fed37b2ebf6021d74c4b8e908ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.telebaern.tv/telebaern-news/montag-1-oktober-2018-ganze-sendung-133531189#video=0_7xjo9l
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.telezueri.ch/sonntalk/bundesrats-vakanzen-eu-rahmenabkommen-133214569
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.telezueri.ch/sonntalk/bundesrats-vakanzen-eu-rahmenabkommen-133214569ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.thumbzilla.com/video/ph56c6114abd99a/horny-girlfriend-sex
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.thumbzilla.com/video/ph56c6114abd99a/horny-girlfriend-sexaonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.tlc.de/programme/breaking-amish/video/die-welt-da-drauen/DCB331270001100
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.tlc.de/programme/breaking-amish/video/die-welt-da-drauen/DCB331270001100ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.travelchannel.com/videos/two-climates-one-bag-5302184
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.travelchannel.com/videos/two-climates-one-bag-5302184aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ultimedia.com/default/index/videogeneric/id/s8uk0r
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ultimedia.com/default/index/videogeneric/id/s8uk0ramd5u276a0e49de58c7e85d32b057837952a2a
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ultimedia.com/default/index/videomusic/id/xvpfp8
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.ultimedia.com/default/index/videomusic/id/xvpfp8amd5u2ea3513813cf230605c7e2ffe7eca61cain
Source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp	String found in binary or memory: https://www.unicode.org/Public/13.0.0/ucd/DerivedCoreProperties.txt
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.vooplayer.com/v3/watch/watch.php?v=NzgwNTg=
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.vooplayer.com/v3/watch/watch.php?v=NzgwNTg=ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.vrt.be/vrtnu/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.vrt.be/vrtnu/a-z/kamp-waes/1/kamp-waes-s1a5/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.vrt.be/vrtnu/a-z/kamp-waes/1/kamp-waes-s1a5/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.vrt.be/vrtnu/a-z/postbus-x/1/postbus-x-s1a1/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.vrt.be/vrtnu/a-z/postbus-x/1/postbus-x-s1a1/ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.vrt.be/vrtnu/adataajsonadumpsauidaUIDauidsigaUIDSignatureatsasignatureTimestampaemailapr
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.wch2016.com/news/3-stars-team-europe-vs-team-canada/c-282195068
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.wch2016.com/news/3-stars-team-europe-vs-team-canada/c-282195068aonly_matchingta_TESTSuyo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.wch2016.com/video/caneur-best-of-game-2-micd-up/t-281230378/c-44983703
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.wch2016.com/video/caneur-best-of-game-2-micd-up/t-281230378/c-44983703aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.yapfiles.ru/show/1872528/690b05d3054d2dbe1e69523aa21bb3b1.mp4.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.yapfiles.ru/show/1872528/690b05d3054d2dbe1e69523aa21bb3b1.mp4.htmlD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.youtube.com/shared?ci=1nEzmT-M4fU
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.youtube.com/shared?ci=1nEzmT-M4fUD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.youtube.com/watch?v=BaW_jenozKc
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.yuyutv.com/series/013920s/peep-show/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.yuyutv.com/series/013920s/peep-show/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.yuyutv.com/video/013886v/the-act-of-killing/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.yuyutv.com/video/013886v/the-act-of-killing/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.yuyutv.com/video/peep-show/013922v-warring-factions/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.yuyutv.com/video/peep-show/013922v-warring-factions/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.zapp.nl/1803-skelterlab/instructie-video-s/740-instructievideo-s/POMS_AT_11736927
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.zapp.nl/1803-skelterlab/instructie-video-s/740-instructievideo-s/POMS_AT_11736927aonly_m
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.zouzous.fr/heros/simon
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.zouzous.fr/heros/simon?abc
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.zouzous.fr/heros/simon?abcaonly_matchingtuFranceTVJeunesseIE._real_extractuyoutube_dl
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www.zouzous.fr/heros/simonainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www3.nhk.or.jp
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www3.nhk.or.jp/nhkworld/en/ondemand/audio/j_art-20150903-1/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www3.nhk.or.jp/nhkworld/en/ondemand/audio/j_art-20150903-1/aonly_matchingta_TESTSuhttps://ap
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www3.nhk.or.jp/nhkworld/en/ondemand/audio/plugin-20190404-1/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www3.nhk.or.jp/nhkworld/en/ondemand/audio/plugin-20190404-1/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www3.nhk.or.jp/nhkworld/en/ondemand/video/2015173/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www3.nhk.or.jp/nhkworld/en/ondemand/video/2015173/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www3.nhk.or.jp/nhkworld/en/ondemand/video/9999011/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www3.nhk.or.jp/nhkworld/en/ondemand/video/9999011/amd5u256a1be14f48d960a7e61e2532d95ec3ainfo
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www3.nhk.or.jp/nhkworld/fr/ondemand/audio/plugin-20190404-1/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www3.nhk.or.jp/nhkworld/fr/ondemand/audio/plugin-20190404-1/aonly_matchingtD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://www3.nhk.or.jpu%s
Source: namang.exe, 00000012.00000003.572343002.00000000097F2000.00000004.00000001.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://y.qq.com/n/yqq/album/000gXCTb2AhRR1.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://y.qq.com/n/yqq/album/000gXCTb2AhRR1.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://y.qq.com/n/yqq/album/002Y5a3b3AlCu3.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://y.qq.com/n/yqq/album/002Y5a3b3AlCu3.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://y.qq.com/n/yqq/playlist/1374105607.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://y.qq.com/n/yqq/playlist/1374105607.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://y.qq.com/n/yqq/singer/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://y.qq.com/n/yqq/singer/001BLpXF2DyJe2.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://y.qq.com/n/yqq/singer/001BLpXF2DyJe2.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://y.qq.com/n/yqq/singer/afindT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://y.qq.com/n/yqq/song/
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://y.qq.com/n/yqq/song/%s.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://y.qq.com/n/yqq/song/%s.htmlaQQMusicaget_entries_from_pageuDownload
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://y.qq.com/n/yqq/song/001JyApY11tIp6.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://y.qq.com/n/yqq/song/001JyApY11tIp6.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://y.qq.com/n/yqq/song/004295Et37taLD.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://y.qq.com/n/yqq/song/004295Et37taLD.htmlamd5u5f1e6cea39e182857da7ffc5ef5e6bb8ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://y.qq.com/n/yqq/song/004MsGEo3DdNxV.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://y.qq.com/n/yqq/song/004MsGEo3DdNxV.htmlamd5afa3926f0c585cda0af8fa4f796482e3eainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://y.qq.com/n/yqq/song/u.htmlT
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://y.qq.com/n/yqq/toplist/106.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://y.qq.com/n/yqq/toplist/106.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://y.qq.com/n/yqq/toplist/123.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://y.qq.com/n/yqq/toplist/123.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://y.qq.com/n/yqq/toplist/3.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://y.qq.com/n/yqq/toplist/3.htmlainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://youtube-dl-demo.neocities.org/vshare.html
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://youtube-dl-demo.neocities.org/vshare.htmlamd5u17b39f55b5497ae8b59f5fbce8e35886ainfo_dictD
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://youtube.com/watch?v=%s
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://youtube.com/watch?v=%sa__doc__a__file__a__spec__aoriginahas_locationa__cached__aunicode_lite
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://zoom.iprima.cz/10-nejvetsich-tajemstvi-zahad/posvatna-mista-a-stavby
Source: namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	String found in binary or memory: https://zoom.iprima.cz/10-nejvetsich-tajemstvi-zahad/posvatna-mista-a-stavbyaonly_matchingtD

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822

System Summary:

Source: C:\Users\user\AppData\Local\Namang\namang.exe

Process Stats: CPU usage > 98%

Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_004AF100 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	0_2_004AF100
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Code function: 1_2_005FA9A8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	1_2_005FA9A8
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 2_2_004AF100 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	2_2_004AF100
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 3_2_004AF100 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	3_2_004AF100

Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_004323D4	0_2_004323D4
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_004255DC	0_2_004255DC
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_0040E9C4	0_2_0040E9C4
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Code function: 1_2_0064F1DC	1_2_0064F1DC
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Code function: 1_2_0040AC84	1_2_0040AC84
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 2_2_004323D4	2_2_004323D4
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 2_2_004255DC	2_2_004255DC
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 2_2_0040E9C4	2_2_0040E9C4
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 3_2_004323D4	3_2_004323D4
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 3_2_004255DC	3_2_004255DC
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 3_2_0040E9C4	3_2_0040E9C4

Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: String function: 00427840 appears 63 times
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: String function: 0040CC60 appears 51 times
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: String function: 0040873C appears 54 times
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Code function: String function: 005C94E0 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Code function: String function: 005E08AC appears 46 times
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Code function: String function: 006013D8 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Code function: String function: 005F8384 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Code function: String function: 005E0B90 appears 60 times

Source: Mario Deluxe InstaII.exe

Static PE information: invalid certificate

Source: Mario Deluxe InstaII.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: Mario Deluxe InstaII.tmp.2.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-TTJH7.tmp.5.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows

Source: Mario Deluxe InstaII.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Mario Deluxe InstaII.tmp.0.dr	Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: Mario Deluxe InstaII.tmp.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Mario Deluxe InstaII.tmp.2.dr	Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: Mario Deluxe InstaII.tmp.2.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: is-TTJH7.tmp.5.dr	Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: is-TTJH7.tmp.5.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: is-VQD2J.tmp.5.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: Mario Deluxe InstaII.exe, 00000000.00000000.234208185.00000000004C6000.00000002.00020000.sdmp	Binary or memory string: OriginalFileName vs Mario Deluxe InstaII.exe
Source: Mario Deluxe InstaII.exe, 00000000.00000002.260359339.0000000000980000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamekernel32j% vs Mario Deluxe InstaII.exe
Source: Mario Deluxe InstaII.exe, 00000000.00000002.260563575.0000000000A70000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamenetmsg.DLL.MUIj% vs Mario Deluxe InstaII.exe
Source: Mario Deluxe InstaII.exe, 00000000.00000002.260351898.0000000000960000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamenetmsg.DLLj% vs Mario Deluxe InstaII.exe
Source: Mario Deluxe InstaII.exe, 00000000.00000002.260654389.00000000023A0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameKernelbase.dll.muij% vs Mario Deluxe InstaII.exe
Source: Mario Deluxe InstaII.exe, 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp	Binary or memory string: OriginalFileName vs Mario Deluxe InstaII.exe
Source: Mario Deluxe InstaII.exe, 00000002.00000003.368565651.00000000021C8000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenamekernel32j% vs Mario Deluxe InstaII.exe
Source: Mario Deluxe InstaII.exe, 00000002.00000002.370418688.0000000000880000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamenetmsg.DLL.MUIj% vs Mario Deluxe InstaII.exe
Source: Mario Deluxe InstaII.exe, 00000002.00000002.370868700.0000000002410000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameKernelbase.dll.muij% vs Mario Deluxe InstaII.exe
Source: Mario Deluxe InstaII.exe, 00000003.00000000.254798996.00000000004C6000.00000002.00020000.sdmp	Binary or memory string: OriginalFileName vs Mario Deluxe InstaII.exe
Source: Mario Deluxe InstaII.exe, 00000006.00000002.273389787.00000000004C6000.00000002.00020000.sdmp	Binary or memory string: OriginalFileName vs Mario Deluxe InstaII.exe

Source: C:\Users\user\AppData\Local\Namang\namang.exe	Section loaded: python3.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Update\namang.exe	Section loaded: python3.dll
Source: C:\Users\user\AppData\Local\Packages\Update\namang.exe	Section loaded: python3.dll
Source: C:\Users\user\AppData\Local\Google\Update\namang.exe	Section loaded: python3.dll

Source: Mario Deluxe InstaII.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI, RELOCS_STRIPPED

Source: classification engine

Classification label: unknown16.evad.winEXE@19/2060@36/1

Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_004AF100 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	0_2_004AF100
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Code function: 1_2_005FA9A8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	1_2_005FA9A8
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 2_2_004AF100 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	2_2_004AF100
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 3_2_004AF100 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	3_2_004AF100

Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe

Code function: 0_2_0041A4DC GetDiskFreeSpaceW,

0_2_0041A4DC

Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp

Code function: 1_2_0060F338 GetVersion,CoCreateInstance,

1_2_0060F338

Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe

Code function: 0_2_004AF9D8 FindResourceW,SizeofResource,LoadResource,LockResource,

0_2_004AF9D8

Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe

File created: C:\Users\user\AppData\Local\Temp\is-LE572.tmp

Jump to behavior

Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Users\user\AppData\Local\Namang\download.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll

Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: C:\Users\user\AppData\Local\Update\namang.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Update\namang.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Packages\Update\namang.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Packages\Update\namang.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Google\Update\namang.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Google\Update\namang.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: Mario Deluxe InstaII.exe	String found in binary or memory: Prevents Setup from restarting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file af
Source: Mario Deluxe InstaII.exe	String found in binary or memory: Prevents Setup from restarting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file af
Source: Mario Deluxe InstaII.exe	String found in binary or memory: Prevents Setup from restarting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file af

Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe

File read: C:\Users\user\Desktop\Mario Deluxe InstaII.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Mario Deluxe InstaII.exe 'C:\Users\user\Desktop\Mario Deluxe InstaII.exe' -install
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp 'C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp' /SL5='$E021E,30541068,861184,C:\Users\user\Desktop\Mario Deluxe InstaII.exe' -install
Source: unknown	Process created: C:\Users\user\Desktop\Mario Deluxe InstaII.exe 'C:\Users\user\Desktop\Mario Deluxe InstaII.exe' /SILENT
Source: unknown	Process created: C:\Users\user\Desktop\Mario Deluxe InstaII.exe 'C:\Users\user\Desktop\Mario Deluxe InstaII.exe' /install
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp 'C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp' /SL5='$40372,30541068,861184,C:\Users\user\Desktop\Mario Deluxe InstaII.exe' /SILENT
Source: unknown	Process created: C:\Users\user\Desktop\Mario Deluxe InstaII.exe 'C:\Users\user\Desktop\Mario Deluxe InstaII.exe' /load
Source: unknown	Process created: C:\Users\user\AppData\Local\Namang\namang.exe C:\Users\user\AppData\Local\Namang\namang.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Namang\download.exe C:\Users\user\AppData\Local\Namang\download.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Update\namang.exe C:\Users\user\AppData\Local\Update\namang.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Packages\Update\namang.exe C:\Users\user\AppData\Local\Packages\Update\namang.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Google\Update\namang.exe C:\Users\user\AppData\Local\Google\Update\namang.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Mozilla\Update\namang.exe C:\Users\user\AppData\Local\Mozilla\Update\namang.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Microsoft\Update\namang.exe C:\Users\user\AppData\Local\Microsoft\Update\namang.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Mozilla\Update\namang.exe C:\Users\user\AppData\Local\Mozilla\Update\namang.exe
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Process created: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp 'C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp' /SL5='$E021E,30541068,861184,C:\Users\user\Desktop\Mario Deluxe InstaII.exe' -install	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Process created: C:\Users\user\Desktop\Mario Deluxe InstaII.exe 'C:\Users\user\Desktop\Mario Deluxe InstaII.exe' /SILENT	Jump to behavior
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Process created: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp 'C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp' /SL5='$40372,30541068,861184,C:\Users\user\Desktop\Mario Deluxe InstaII.exe' /SILENT	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Process created: C:\Users\user\AppData\Local\Namang\namang.exe C:\Users\user\AppData\Local\Namang\namang.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Process created: C:\Users\user\AppData\Local\Namang\download.exe C:\Users\user\AppData\Local\Namang\download.exe	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp

Window found: window name: TMainForm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Namang\download.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Namang\download.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Source: Mario Deluxe InstaII.exe

Static file information: File size 31289608 > 1048576

Source: Mario Deluxe InstaII.exe

Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: class pdb.Pdb(completekey='tab', stdin=None, stdout=None, skip=None, nosigint=False, readrc=True) source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: Changed in version 3.2: ".pdbrc" can now contain commands that source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: Initial commands are read from .pdbrc files in your home directory source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: .pdbr0 source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp, namang.exe, 00000012.00000003.520105262.00000000050E0000.00000004.00000001.sdmp
Source:	Binary string: comctl32v582.pdb source: namang.exe, 00000012.00000003.567864406.0000000009A67000.00000004.00000001.sdmp
Source:	Binary string: ~/.pdbrcz source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: ucrtbase.pdb source: namang.exe, 00000012.00000003.462720942.00000000099C2000.00000004.00000001.sdmp
Source:	Binary string: Raises an auditing event "pdb.Pdb" with no arguments. source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: in the ".pdbrc" file): source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: commands as if given in a ".pdbrc" file, see Debugger Commands. source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: If a file ".pdbrc" exists in the user source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: .pdbrc) source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: import pdb; pdb.Pdb(skip=['django.*']).set_trace() source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: placed in the .pdbrc file): source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: C:\A\31\b\bin\amd64\pyexpat.pdb source: namang.exe, 00000012.00000003.567864406.0000000009A67000.00000004.00000001.sdmp
Source:	Binary string: ucrtbase.pdbUGP source: namang.exe, 00000012.00000003.462720942.00000000099C2000.00000004.00000001.sdmp
Source:	Binary string: -c are executed after commands from .pdbrc files. source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: will load .pdbrc files from the filesystem. source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: If a file ".pdbrc" exists in your home directory or in the current source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp
Source:	Binary string: comctl32v582.pdbGCTL source: namang.exe, 00000012.00000003.567864406.0000000009A67000.00000004.00000001.sdmp
Source:	Binary string: pdb.Pdbr source: Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp

Data Obfuscation:

Source: Mario Deluxe InstaII.tmp.0.dr	Static PE information: real checksum: 0x0 should be: 0x2945c5
Source: is-TTJH7.tmp.5.dr	Static PE information: real checksum: 0x0 should be: 0x28dbe6
Source: Mario Deluxe InstaII.tmp.2.dr	Static PE information: real checksum: 0x0 should be: 0x2945c5
Source: is-VQD2J.tmp.5.dr	Static PE information: real checksum: 0x470b78d should be:
Source: Mario Deluxe InstaII.exe	Static PE information: real checksum: 0x1de2029 should be:

Source: Mario Deluxe InstaII.exe	Static PE information: section name: .didata
Source: Mario Deluxe InstaII.tmp.0.dr	Static PE information: section name: .didata
Source: Mario Deluxe InstaII.tmp.2.dr	Static PE information: section name: .didata
Source: is-TTJH7.tmp.5.dr	Static PE information: section name: .didata
Source: is-VQD2J.tmp.5.dr	Static PE information: section name: .xdata

Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_004B5000 push 004B50DEh; ret	0_2_004B50D6
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_004B5980 push 004B5A48h; ret	0_2_004B5A40
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_004B106C push 004B10D4h; ret	0_2_004B10CC
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_0045807C push ecx; mov dword ptr [esp], ecx	0_2_00458081
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_0049B034 push ecx; mov dword ptr [esp], edx	0_2_0049B035
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_004A00F0 push ecx; mov dword ptr [esp], edx	0_2_004A00F1
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_004A108C push ecx; mov dword ptr [esp], edx	0_2_004A108D
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_0041A0B4 push ecx; mov dword ptr [esp], ecx	0_2_0041A0B8
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_004270B4 push 004270FCh; ret	0_2_004270F4
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_00458100 push ecx; mov dword ptr [esp], ecx	0_2_00458105
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_004321C0 push ecx; mov dword ptr [esp], edx	0_2_004321C1
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_004A21D0 push ecx; mov dword ptr [esp], edx	0_2_004A21D1
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_0049E1B0 push ecx; mov dword ptr [esp], edx	0_2_0049E1B1
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_0049A258 push 0049A370h; ret	0_2_0049A368
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_00455260 push ecx; mov dword ptr [esp], ecx	0_2_00455264
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_0045B27C push ecx; mov dword ptr [esp], edx	0_2_0045B27D
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_004252D4 push ecx; mov dword ptr [esp], eax	0_2_004252D9
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_004592F4 push ecx; mov dword ptr [esp], edx	0_2_004592F5
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_00430350 push ecx; mov dword ptr [esp], eax	0_2_00430351
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_00430368 push ecx; mov dword ptr [esp], eax	0_2_00430369
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_0045938C push ecx; mov dword ptr [esp], ecx	0_2_00459390
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_0049B41C push ecx; mov dword ptr [esp], edx	0_2_0049B41D
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_004A1420 push ecx; mov dword ptr [esp], edx	0_2_004A1421
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_004A24D0 push ecx; mov dword ptr [esp], edx	0_2_004A24D1
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_004304E8 push ecx; mov dword ptr [esp], eax	0_2_004304E9
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_004224F0 push 004225F4h; ret	0_2_004225EC
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_00499488 push ecx; mov dword ptr [esp], edx	0_2_0049948B
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_0045855C push ecx; mov dword ptr [esp], edx	0_2_0045855D
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_0049F568 push ecx; mov dword ptr [esp], ecx	0_2_0049F56C
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_0049356C push ecx; mov dword ptr [esp], edx	0_2_0049356E
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_0045856C push ecx; mov dword ptr [esp], edx	0_2_0045856D

Persistence and Installation Behavior:

Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-OVAMO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\pywintypes38.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_cfb.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-AFHFV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\curl.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-2J1FT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-CJHHV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-5GU2L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Cryptodome\Util\is-88VCG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-GN0N4.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	File created: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-5051K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-2UDQE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Cryptodome\Cipher\_raw_des3.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-0AT7Q.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-DC86T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Cryptodome\Hash\_BLAKE2s.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-EHAHO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Crypto\Protocol\_scrypt.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_ecb.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-AIQ09.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-QN546.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_des.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\libffi-7.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\tk86t.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\pythoncom38.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-L89JI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\lz4\is-1QL7M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-8SGSD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\lz4\block\is-I10AM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_cbc.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Crypto\Hash\is-S31N4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-9M215.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_ofb.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-USANP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\win32ui.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-BIFT9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-NDJQP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Crypto\Util\is-2MB92.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-367FV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-IEM93.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\gdiplus.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-NK0ND.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Cryptodome\Hash\_ghash_portable.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-8GUQE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\_elementtree.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-GUURJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\lz4\block\_block.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-7NL24.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Cryptodome\Util\_cpuid_c.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-MK6ED.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-AR55O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-3BH1D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_ocb.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Temp\is-4CLRJ.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-0BL0M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\_tkinter.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-3NDN2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-P9QA7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Cryptodome\Cipher\_raw_cast.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	File created: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-PAM29.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-HHNG8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-UABBS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Cryptodome\Hash\_SHA1.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Crypto\Util\_strxor.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-RQL6N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_des3.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-851DG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-719IV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-719E9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\_msi.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Cryptodome\Hash\_MD5.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-B0O35.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-eventing-provider-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\_win32sysloader.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\comctl32.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Crypto\Cipher\_Salsa20.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Cryptodome\Cipher\_raw_ctr.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-4LBF9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\lz4\_version.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-7OJ3D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Cryptodome\Util\is-VT0V5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Cryptodome\Cipher\_raw_blowfish.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-92ISP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-SQD7U.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Cryptodome\Hash\_SHA256.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-55GVB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\_socket.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Crypto\Util\is-73OKI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-BBQV4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-T9BI3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-3OV7I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-6MJ1R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Crypto\Util\_cpuid_c.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\tcl86t.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-RDR1K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-07UFK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-99CD4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-4ICTU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Crypto\Hash\_ghash_portable.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_aes.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-VAP3B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-DHM82.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-44UBE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-NCH0D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-3VUD8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-7Q1BP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-PUH42.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Crypto\Hash\is-H8Q5K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-C9I3L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_arc2.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\win32api.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Cryptodome\Cipher\_raw_des.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\_queue.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-2QAI1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Cryptodome\Hash\is-MJCRM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-BOJ1H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_cast.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-KQ45L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-SB5O9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Cryptodome\Cipher\_raw_ofb.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-7L0PM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-GSM56.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-J0EJL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-BD08H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-F4RC1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-8CIKO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Cryptodome\Hash\is-3UH3H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\download.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-QG91C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Cryptodome\Cipher\_raw_ecb.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-5L8LG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-2R8KL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Crypto\Hash\is-BF829.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\python38.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Cryptodome\Cipher\_raw_aesni.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-CT016.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-0ULDI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-MLMHT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-DK7A8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Cryptodome\Cipher\_raw_cfb.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\libcurl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-4S6NI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-B9INP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-1FDLC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Cryptodome\Hash\is-138AA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-J5HDU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-MP1MU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-7ED9R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-MCE9O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\mfc140u.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-JS94H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-3EHDU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Cryptodome\Protocol\_scrypt.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Crypto\Protocol\is-32JQ4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Crypto\Hash\_SHA1.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-PR6D6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-TTJH7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-MNIHA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-D2DA5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Cryptodome\Protocol\is-5H32Q.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\namang.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-3F7C6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-A86EC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Crypto\Hash\is-V5PJJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-E2BP1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Crypto\Hash\_MD5.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\select.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-HA3E7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-QJ8JF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Temp\is-D5BMH.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_aesni.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\ucrtbase.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Cryptodome\Hash\is-K3D9A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Cryptodome\Cipher\_raw_ocb.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-GB4LH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\_sqlite3.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-UMDPE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\msg.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_blowfish.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Crypto\Hash\_BLAKE2s.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\unins000.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Cryptodome\Util\_strxor.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Crypto\Hash\_SHA256.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-VQD2J.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-UFBAQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-TSAQJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-9M87S.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-NJLQ8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Cryptodome\Hash\is-D4VOI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-46R2O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Crypto\Hash\is-JT72P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-T3LEA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-P9703.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_ctr.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	File created: C:\Users\user\AppData\Local\Namang\is-S4QUJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File created: C:\Users\user\AppData\Local\Update\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file

Hooking and other Techniques for Hiding and Protection:

Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Code function: 1_2_0063E56C IsIconic,GetWindowLongW,GetWindowLongW,GetActiveWindow,SetActiveWindow,		1_2_0063E56C
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Code function: 1_2_005B261C IsIconic,GetWindowLongW,GetWindowLongW,GetActiveWindow,MessageBoxW,SetActiveWindow,		1_2_005B261C

Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Namang\download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Update\namang.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Update\namang.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Packages\Update\namang.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Packages\Update\namang.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Google\Update\namang.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Google\Update\namang.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp

File opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Jump to behavior

Source: C:\Users\user\AppData\Local\Namang\download.exe

Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-OVAMO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-07UFK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-RDR1K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-99CD4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-4ICTU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-VAP3B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-AFHFV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-DHM82.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-44UBE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-NCH0D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\curl.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-3VUD8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-CJHHV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-2J1FT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-7Q1BP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-5GU2L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-PUH42.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Cryptodome\Util\is-88VCG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Crypto\Hash\is-H8Q5K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-GN0N4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-5051K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-C9I3L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-2UDQE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_arc2.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\Cryptodome\Cipher\_raw_des.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-2QAI1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-0AT7Q.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-DC86T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Cryptodome\Hash\is-MJCRM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-BOJ1H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_cast.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-EHAHO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-SB5O9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-KQ45L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-AIQ09.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-QN546.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_des.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-7L0PM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-GSM56.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-L89JI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-J0EJL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-F4RC1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-BD08H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\lz4\is-1QL7M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-8CIKO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Cryptodome\Hash\is-3UH3H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\lz4\block\is-I10AM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-8SGSD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-QG91C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Crypto\Hash\is-S31N4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-9M215.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-5L8LG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-2R8KL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Crypto\Hash\is-BF829.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-USANP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\win32ui.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-CT016.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-0ULDI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Crypto\Util\is-2MB92.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-BIFT9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-NDJQP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-MLMHT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-367FV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-DK7A8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\libcurl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-4S6NI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-IEM93.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-NK0ND.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-B9INP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-1FDLC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Cryptodome\Hash\is-138AA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-8GUQE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-J5HDU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-GUURJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-MP1MU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-7ED9R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\mfc140u.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-MCE9O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-JS94H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-7NL24.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-3EHDU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-MK6ED.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-AR55O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-3BH1D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Crypto\Protocol\is-32JQ4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4CLRJ.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-PR6D6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-TTJH7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-0BL0M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-3NDN2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-P9QA7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\Cryptodome\Cipher\_raw_cast.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-MNIHA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-PAM29.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Cryptodome\Protocol\is-5H32Q.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-UABBS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-HHNG8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-D2DA5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-3F7C6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Crypto\Hash\is-V5PJJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-A86EC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-E2BP1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-QJ8JF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-D5BMH.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-HA3E7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-RQL6N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Cryptodome\Hash\is-K3D9A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-851DG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-719IV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-719E9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\_msi.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-B0O35.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-GB4LH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-eventing-provider-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-UMDPE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\msg.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_blowfish.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\unins000.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-4LBF9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-7OJ3D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-UFBAQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Cryptodome\Util\is-VT0V5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-TSAQJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\Cryptodome\Cipher\_raw_blowfish.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-92ISP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-SQD7U.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-NJLQ8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-55GVB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Cryptodome\Hash\is-D4VOI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-46R2O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Crypto\Util\is-73OKI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-BBQV4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-T9BI3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-3OV7I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Crypto\Hash\is-JT72P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-T3LEA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-6MJ1R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-P9703.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Namang\is-S4QUJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Update\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_1-21558

Source: C:\Users\user\AppData\Local\Namang\download.exe TID: 7044

Thread sleep time: -922337203685477s >= -30000s

Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_0040AEF4 FindFirstFileW,FindClose,	0_2_0040AEF4
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 0_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,	0_2_0040A928
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Code function: 1_2_0040C86C FindFirstFileW,FindClose,	1_2_0040C86C
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Code function: 1_2_005F790C FindFirstFileW,GetLastError,	1_2_005F790C
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Code function: 1_2_0040C2A0 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,	1_2_0040C2A0
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Code function: 1_2_00650754 FindFirstFileW,SetFileAttributesW,FindNextFileW,FindClose,	1_2_00650754
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 2_2_0040AEF4 FindFirstFileW,FindClose,	2_2_0040AEF4
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 2_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,	2_2_0040A928
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 3_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,	3_2_0040A928
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: 3_2_0040AEF4 FindFirstFileW,FindClose,	3_2_0040AEF4

Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe

Code function: 0_2_004AF904 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,

0_2_004AF904

Source: C:\Users\user\AppData\Local\Namang\namang.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File opened: C:\Users\user\AppData\Local\Namang\	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File opened: C:\Users\user\AppData\Local\Namang\tcl\encoding\	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	File opened: C:\Users\user\AppData\Local\Namang\tcl\	Jump to behavior

Source: Mario Deluxe InstaII.exe, 00000000.00000002.260359339.0000000000980000.00000002.00000001.sdmp, Mario Deluxe InstaII.tmp, 00000001.00000002.257481744.00000000025A0000.00000002.00000001.sdmp, Mario Deluxe InstaII.exe, 00000002.00000002.370484988.0000000002220000.00000002.00000001.sdmp, Mario Deluxe InstaII.tmp, 00000005.00000002.366874725.0000000002770000.00000002.00000001.sdmp	Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: Mario Deluxe InstaII.exe, 00000000.00000002.260359339.0000000000980000.00000002.00000001.sdmp, Mario Deluxe InstaII.tmp, 00000001.00000002.257481744.00000000025A0000.00000002.00000001.sdmp, Mario Deluxe InstaII.exe, 00000002.00000002.370484988.0000000002220000.00000002.00000001.sdmp, Mario Deluxe InstaII.tmp, 00000005.00000002.366874725.0000000002770000.00000002.00000001.sdmp	Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: Mario Deluxe InstaII.exe, 00000000.00000002.260359339.0000000000980000.00000002.00000001.sdmp, Mario Deluxe InstaII.tmp, 00000001.00000002.257481744.00000000025A0000.00000002.00000001.sdmp, Mario Deluxe InstaII.exe, 00000002.00000002.370484988.0000000002220000.00000002.00000001.sdmp, Mario Deluxe InstaII.tmp, 00000005.00000002.366874725.0000000002770000.00000002.00000001.sdmp	Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: Mario Deluxe InstaII.exe, 00000000.00000002.260359339.0000000000980000.00000002.00000001.sdmp, Mario Deluxe InstaII.tmp, 00000001.00000002.257481744.00000000025A0000.00000002.00000001.sdmp, Mario Deluxe InstaII.exe, 00000002.00000002.370484988.0000000002220000.00000002.00000001.sdmp, Mario Deluxe InstaII.tmp, 00000005.00000002.366874725.0000000002770000.00000002.00000001.sdmp	Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service.

Source: C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging:

Source: C:\Users\user\AppData\Local\Namang\download.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion:

Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp

Code function: 1_2_0063DDA4 ShellExecuteExW,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle,

1_2_0063DDA4

Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp

Process created: C:\Users\user\Desktop\Mario Deluxe InstaII.exe 'C:\Users\user\Desktop\Mario Deluxe InstaII.exe' /SILENT

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp

Code function: 1_2_005B20A4 InitializeSecurityDescriptor,SetSecurityDescriptorDacl,

1_2_005B20A4

Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp

Code function: 1_2_005B1248 AllocateAndInitializeSid,GetVersion,GetModuleHandleW,CheckTokenMembership,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,GetTokenInformation,EqualSid,CloseHandle,FreeSid,

1_2_005B1248

Language, Device and Operating System Detection:

Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe

Code function: 0_2_00405AE0 cpuid

0_2_00405AE0

Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: GetUserDefaultUILanguage,GetLocaleInfoW,	0_2_0040B044
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: GetLocaleInfoW,	0_2_0041E034
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: GetLocaleInfoW,	0_2_0041E080
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: GetLocaleInfoW,	0_2_004AF208
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_0040A4CC
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Code function: GetUserDefaultUILanguage,GetLocaleInfoW,	1_2_0040C9BC
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Code function: GetLocaleInfoW,	1_2_005FB6B8
Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp	Code function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	1_2_0040BE44
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: GetUserDefaultUILanguage,GetLocaleInfoW,	2_2_0040B044
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: GetLocaleInfoW,	2_2_0041E034
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: GetLocaleInfoW,	2_2_0041E080
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: GetLocaleInfoW,	2_2_004AF208
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	2_2_0040A4CC
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: GetUserDefaultUILanguage,GetLocaleInfoW,	3_2_0040B044
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: GetLocaleInfoW,	3_2_0041E034
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: GetLocaleInfoW,	3_2_0041E080
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: GetLocaleInfoW,	3_2_004AF208
Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe	Code function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	3_2_0040A4CC

Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\init.tcl VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\certifi\cacert.pem VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Temp VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\gen_py\3.8\__init__.py VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\gen_py\3.8\dicts.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\config.json VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\config.json VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\log.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\log.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\log.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\log.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\log.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\log.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\log.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Packages VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Google VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\certifi VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\Crypto\Hash VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\Crypto\Protocol VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\Crypto\Util VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\Cryptodome VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\Cryptodome\Hash VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\Cryptodome\Protocol VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\Cryptodome\Util VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\lz4 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\lz4\block VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\http1.0 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\opt0.4 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Argentina VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Indiana VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Kentucky VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\North_Dakota VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Antarctica VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Arctic VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Atlantic VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Australia VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Brazil VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Canada VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Chile VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Indian VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Mexico VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\SystemV VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\US VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tk VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tk\images VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tk\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tk\ttk VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Port-au-Prince VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Port-au-Prince VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update\tcl\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Port-au-Prince VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Port-au-Prince VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Port-au-Prince VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Port-au-Prince VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Port-au-Prince VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\El_Aaiun VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update\tcl\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\El_Aaiun VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\El_Aaiun VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\El_Aaiun VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\El_Aaiun VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\El_Aaiun VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\El_Aaiun VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Atikokan VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update\tcl\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Atikokan VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Atikokan VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Atikokan VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Atikokan VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Atikokan VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Atikokan VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Boise VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Boise VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Boise VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Boise VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Boise VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Boise VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Boise VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\GMT-8 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\GMT-8 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\GMT-8 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\GMT-8 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\GMT-8 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT-8 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\GMT-8 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\msgs\pt_br.msg VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update\tcl VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\msgs\pt_br.msg VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update\tcl\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\msgs\pt_br.msg VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\msgs\pt_br.msg VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\msgs\pt_br.msg VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update\tcl\msgs\pt_br.msg VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\msgs\pt_br.msg VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\api-ms-win-crt-filesystem-l1-1-0.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\api-ms-win-crt-filesystem-l1-1-0.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\api-ms-win-crt-filesystem-l1-1-0.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\api-ms-win-crt-filesystem-l1-1-0.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\api-ms-win-crt-filesystem-l1-1-0.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update\api-ms-win-crt-filesystem-l1-1-0.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\api-ms-win-crt-filesystem-l1-1-0.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\Andorra VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\Andorra VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\Andorra VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\Andorra VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\Andorra VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Andorra VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\Andorra VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Argentina\Salta VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update\tcl\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Argentina\Salta VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Argentina VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Argentina\Salta VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Argentina\Salta VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Argentina\Salta VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Argentina\Salta VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Argentina\Salta VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\Sakhalin VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\Sakhalin VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\Sakhalin VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\Sakhalin VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\Sakhalin VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Sakhalin VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\Sakhalin VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\encoding\iso8859-2.enc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\encoding\iso8859-2.enc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update\tcl\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\encoding\iso8859-2.enc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\encoding\iso8859-2.enc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\encoding\iso8859-2.enc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update\tcl\encoding\iso8859-2.enc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\encoding\iso8859-2.enc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Antarctica\Troll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Antarctica\Troll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update\tcl\tzdata\Antarctica VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Antarctica\Troll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Antarctica\Troll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Antarctica\Troll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Update\tcl\tzdata\Antarctica\Troll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Antarctica\Troll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\Enderbury VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\namang.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\Enderbury VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Users\user\AppData\Local\Namang\download.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Namang\download.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp

Code function: 1_2_0061A76C GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeW,GetLastError,CreateFileW,SetNamedPipeHandleState,CreateProcessW,CloseHandle,CloseHandle,

1_2_0061A76C

Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe

Code function: 0_2_0041C3D8 GetLocalTime,

0_2_0041C3D8

Source: C:\Users\user\Desktop\Mario Deluxe InstaII.exe

Code function: 0_2_004B5114 GetModuleHandleW,GetVersion,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetProcessDEPPolicy,

0_2_004B5114

Source: C:\Users\user\AppData\Local\Namang\namang.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Command and Scripting Interpreter2	DLL Side-Loading1	Exploitation for Privilege Escalation1	Masquerading1	OS Credential Dumping	System Time Discovery1	Remote Services	Archive Collected Data11	Exfiltration Over Other Network Medium	Encrypted Channel12	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	System Shutdown/Reboot1
Default Accounts	Native API1	Boot or Logon Initialization Scripts	Access Token Manipulation1	Virtualization/Sandbox Evasion3	LSASS Memory	Security Software Discovery11	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Process Injection12	Disable or Modify Tools1	Security Account Manager	Virtualization/Sandbox Evasion3	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	DLL Side-Loading1	Access Token Manipulation1	NTDS	Process Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Proxy1	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Process Injection12	LSA Secrets	Application Window Discovery1	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Deobfuscate/Decode Files or Information1	Cached Domain Credentials	System Owner/User Discovery2	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Obfuscated Files or Information2	DCSync	Remote System Discovery1	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	DLL Side-Loading1	Proc Filesystem	File and Directory Discovery3	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Masquerading	/etc/passwd and /etc/shadow	System Information Discovery36	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Link
Mario Deluxe InstaII.exe	0%	Virustotal	Browse
Mario Deluxe InstaII.exe	3%	Metadefender	Browse
Mario Deluxe InstaII.exe	0%	ReversingLabs

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\is-D5BMH.tmp\_isetup\_setup64.tmp	0%	Metadefender		Browse
C:\Users\user\AppData\Local\Temp\is-D5BMH.tmp\_isetup\_setup64.tmp	0%	ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
scookie.notrespone.com	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
http://nbavod-f.akamaihd.neta__doc__a__file__a__spec__aoriginahas_locationa__cached__aunicode_litera	0%	Avira URL Cloud	safe
http://www.onionstudios.com/videos/hannibal-charges-forward-stops-for-a-cocktail-2937	0%	Avira URL Cloud	safe
http://www.abc.net.au/7.30/content/2015/s4164797.htm	0%	Avira URL Cloud	safe
http://ep3.performfeeds.com/ep%s/%s/%s/	0%	Avira URL Cloud	safe
http://news.cts.com.tw/action/test_mp4feed.php	0%	Avira URL Cloud	safe
http://tempuri.org/	0%	Avira URL Cloud	safe
http://closertotruth.com/interviews/1725ainfo_dictD	0%	Avira URL Cloud	safe
http://rspoplay.se/?m=elWuEH34SMKvaO4wO_cHBwaonly_matchingta_TESTSa_real_extractuKonserthusetPlayIE.	0%	Avira URL Cloud	safe
http://www.ntdtv.ru	0%	Avira URL Cloud	safe
http://vas.sim-technik.de/vas/live/v2/videos	0%	Avira URL Cloud	safe
http://news.cts.com.tw/cts/international/201501/201501291578109.htmlamd5aa9875cb790252b08431186d741b	0%	Avira URL Cloud	safe
https://friendship.nbc.co/v2/graphqlaqueryuquery	0%	Avira URL Cloud	safe
http://www.dailymail.co.uk/api/player/%s/video-sources.jsona_download_jsonagetT	0%	Avira URL Cloud	safe
http://www.appledaily.com.tw/animation/realtimenews/new/20150128/5003673/amd5ab06182cd386ea7bc6115ec	0%	Avira URL Cloud	safe
http://open.live.bbc.co.uk/mediaselector/5/select/version/2.0/mediaset/journalism-pc/vpid/%s	0%	Avira URL Cloud	safe
http://www.karrierevideos.at/orientierung/vaeterkarenz-und-neue-chancen-fuer-muetter-baby-was-nunain	0%	Avira URL Cloud	safe
http://www.nickelodeonjunior.fr/paw-patrol-la-pat-patrouille/videos/episode-401-entier-paw-patrol/	0%	Avira URL Cloud	safe
https://feed.entertainment.tv.theplatform.eu/f/PR1GhC/mediaset-prod-all-programs/guid/-/	0%	Avira URL Cloud	safe
http://bbc.co.uk/2008/emp/playlist	0%	Avira URL Cloud	safe
http://www.hitbox.tv/video/203213	0%	Avira URL Cloud	safe
http://ai-radio.org:8000/radio.opusainfo_dictD	0%	Avira URL Cloud	safe
http://link.theplatform.%s/s/%s	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
scookie.notrespone.com	172.67.185.155	true	false	0%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.metacafe.com/watch/an-dVVXnuY7Jh77J/the_andromeda_strain_1971_stop_the_bomb_part_3/ainfo_	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://tv.nrk.no/serie/backstage/sesong/1ainfo_dictD	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://chaturbate.com/%s/aheadersageo_verification_headersa_parse_jsona_search_regexuinitialRoomDos	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://music.163.com/api/aclassmethoduNetEaseMusicBaseIE._encryptuNetEaseMusicBaseIE.extract_formats	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://www.npo.nl/jouw-stad-rotterdam/29-01-2017/RBX_FUNX_6683215/RBX_FUNX_7601437	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://www.puls4.com/2-minuten-2-millionen/staffel-3/videos/2min2miotalk/Tobias-Homberger-von-myclub	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://nbavod-f.akamaihd.neta__doc__a__file__a__spec__aoriginahas_locationa__cached__aunicode_litera	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false	Avira URL Cloud: safe	low
http://www.onionstudios.com/videos/hannibal-charges-forward-stops-for-a-cocktail-2937	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	true	Avira URL Cloud: safe	unknown
http://www.cultureunplugged.com/setClientTimezone.php?timeOffset=%datimeatimezonel	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://www.abc.net.au/7.30/content/2015/s4164797.htm	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false	Avira URL Cloud: safe	unknown
http://ep3.performfeeds.com/ep%s/%s/%s/	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.le.com/tv/46177.html	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://news.cts.com.tw/action/test_mp4feed.php	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.patreon.com/api/posts/	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://vtm.be/video/volledige-afleveringen/id/257107153551000aonly_matchingtD	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://frontendmasters.com/courses/web-development/	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://www.dumpert.nl/item/6646981_951bc60famd5u1b9318d7d5054e7dcb9dc7654f21d643ainfo_dictD	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://closertotruth.com/interviews/1725ainfo_dictD	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.5-tv.ru/glavnoe/#itemDetails	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://footyroom.com/matches/79922154/hull-city-vs-chelsea/review	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://cache.video.qiyi.com/jp/avlist/%s/%d/%d/	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://www.nickelodeon.hu/musorok/spongyabob-kockanadrag/videok/episodes/buborekfujas-az-elszakadt-n	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://auth.roosterteeth.com/oauth/tokennuLogging	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://www.hungama.com/song/kitni-haseen-zindagi/2931166/	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://y.qq.com/n/yqq/song/%s.htmlaQQMusicaget_entries_from_pageuDownload	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://rspoplay.se/?m=elWuEH34SMKvaO4wO_cHBwaonly_matchingta_TESTSa_real_extractuKonserthusetPlayIE.	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false	Avira URL Cloud: safe	unknown
http://cnn.com/video/?/video/	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://egghead.io/courses/professor-frisby-introduces-composable-functional-javascriptaplaylist_cou	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://v.douyu.com/show/rjNBdvnVXNzvE2ywamd5u0c2cfd068ee2afe657801269b2d86214ainfo_dictD	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://tv.nrk.no/serie/anno/KMTE50001317/sesong-3/episode-13	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://www.ntdtv.ru	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false	Avira URL Cloud: safe	unknown
https://chirb.it/fb_chirbit_player.swf?key=PrIPv5	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://static.rtl.nl/embed/?uuid=1a2970fc-5c0b-43ff-9fdc-927e39e6d1bc&autoplay=false&publicatiepunt	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://iwara.tv/videos/amVwUl1EHpAD9RDainfo_dictD	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://vas.sim-technik.de/vas/live/v2/videos	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.bet.com/news/politics/2014/12/08/in-bet-exclusive-obama-talks-race-and-racism.html	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://tv.biobiochile.cl/notas/2015/10/22/ninos-transexuales-de-quien-es-la-decision.shtmlaonly_matc	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://news.cts.com.tw/cts/international/201501/201501291578109.htmlamd5aa9875cb790252b08431186d741b	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false	Avira URL Cloud: safe	unknown
https://friendship.nbc.co/v2/graphqlaqueryuquery	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.nobelprize.org/mediaplayer/?id=2636amd5u04c81e5714bb36cc4e2232fee1d8157fainfo_dictD	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://admin.mangomolo.com/analytics/index.php/customers/embed/index?	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://www.liveleak.com/view?i=4f7_1392687779amd5u42c6d97d54f1db107958760788c5f48fainfo_dictD	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://www.liveleak.com/ll_embed?i=874_1459135191aonly_matchingtD	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://zoom.iprima.cz/10-nejvetsich-tajemstvi-zahad/posvatna-mista-a-stavby	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://live.huffingtonpost.com/r/segment/legalese-it/52dd3e4b02a7602131000677amd5u55f5e8981c1c80a647	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://www.mixcloud.com/graphql	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://techtv.mit.edu/videos/25418-mit-dna-learning-center-setamd5u00a3a27ee20d44bcaa0933ccec4a2cf7a	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://ooe.orf.at/player/20200423/OGMOaonly_matchingtaORFSTMIEuorf:steiermarkuRadio	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://maison.radiofrance.fr/radiovisions/one-one	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://www.pornhub.com/video?page=3	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://xml.python.org/entities/fragment-builder/internalz	Mario Deluxe InstaII.tmp, 00000005.00000003.359643096.0000000005360000.00000004.00000001.sdmp, namang.exe, 00000012.00000003.520105262.00000000050E0000.00000004.00000001.sdmp	false		high
http://media.rozhlas.cz/_audio/%s.mp3avcodecanonea__doc__a__file__a__spec__aoriginahas_locationa__ca	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://www.dailymail.co.uk/api/player/%s/video-sources.jsona_download_jsonagetT	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.appledaily.com.tw/animation/realtimenews/new/20150128/5003673/amd5ab06182cd386ea7bc6115ec	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false	Avira URL Cloud: safe	unknown
https://services.slingshot.lego.com/mediaplayer/v2aqueryavideoIdu%s_%sauuidaUUIDaheadersageo_verific	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://www.lynda.com/ajax/playeruDownloading	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://list.le.com/listn/c1009_sc532002_d2_p1_o1.htmlaonly_matchingtaclassmethoduLePlaylistIE.suitab	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://ott-widget.kinopoisk.ru/v1/kp/aqueryakpIda_parse_jsona_search_regexu(?s)	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://api.arte.tv/api/player/v1/collectionData/%s/%s?source=videos	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://open.live.bbc.co.uk/mediaselector/5/select/version/2.0/mediaset/journalism-pc/vpid/%s	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false	Avira URL Cloud: safe	unknown
http://play.rmcnmv.naver.com/vod/play/v2.0/	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://www.karrierevideos.at/orientierung/vaeterkarenz-und-neue-chancen-fuer-muetter-baby-was-nunain	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.rtve.es/television/20160628/revolucion-del-movil/1364141.shtmlainfo_dictD	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://tv.nrk.no/serie/backstageainfo_dictD	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://hornbunny.com/videos/panty-slut-jerk-off-instruction-5227.htmlamd5ae20fd862d1894b67564c96f180	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://tv.kakao.com/api/v1/ft/cliplinks/%s/	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://www.ndr.de/fernsehen/sendungen/ndr_aktuell/ndraktuell28488-player.html	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://music.163.com/#/playlist?id=79177352ainfo_dictD	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://www.aol.com/video/view/donald-trump-spokeswoman-tones-down-megyn-kelly-attacks/519442220/	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://www.myvidster.com/video/32059805/Hot_chemistry_with_raw_love_makingamd5u95296d0231c1363222c34	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://www.liveleak.com/view?%s=%s	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://www.meipai.com/media/585526361	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://www.nbc.com/saturday-night-live/video/star-wars-teaser/2832821ainfo_dictD	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://www.nickelodeonjunior.fr/paw-patrol-la-pat-patrouille/videos/episode-401-entier-paw-patrol/	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false	Avira URL Cloud: safe	unknown
https://learning.oreilly.com/videos/hadoop-fundamentals-livelessons/9780133392838aonly_matchingtD	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://www.nhl.com/video/anisimov-cleans-up-mess/t-277752844/c-43663503amd5u0f7b9a8f986fb4b4eeeece9	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://feed.entertainment.tv.theplatform.eu/f/PR1GhC/mediaset-prod-all-programs/guid/-/	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.tv-replay.fr/redirection/09-04-16/arte-reportage-arte-11508975.html	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://www.suffolk.edu/sjc/live.php	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://graphql.api.dailymotion.com/oauth/tokennuDownloading	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://www.internazionale.it/video/2015/02/19/richard-linklater-racconta-una-scena-di-boyhood	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://my.mail.ru/corp/hitech/video/news_hi-tech_mail_ru/1263.html	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://bbc.co.uk/2008/emp/playlist	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.hitbox.tv/video/203213	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false	Avira URL Cloud: safe	unknown
http://www8.hp.com/cn/zh/home.html	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://api.khanacademy.org/api/v1/topic/uDownloading	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://www.frenchkissrecords.com	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://hitsmediaweb.h-its.org/mediasite/Play/2db6c271-681e-4f19-9af3-c60d1f82869b1daonly_matchingta	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://ai-radio.org:8000/radio.opusainfo_dictD	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false	Avira URL Cloud: safe	unknown
http://ec.europa.eu/avservices/audio/audioDetails.cfm?ref=I-109295&sitelang=en	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://myvi.ru/player/api/Video/Get/%s?sigasprutoDataa_extract_sprutoaMyviIEasuitableaMyviEmbedIEa_d	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://link.theplatform.%s/s/%s	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false	Avira URL Cloud: safe	low
http://www.break.com/video/ugc/baby-flex-2773063	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://tv.nrk.no/serie/tour-de-ski/MSPO40010515/06-01-2015#del=2	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://www.cliphunter.com/w/1012420/Fun_Jynx_Maze_soloamd5ab7c9bbd4eb3a226ab91093714dcaa480ainfo_dic	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://player.megaphone.fm/GLT9749789991?	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://embed.live.huffingtonpost.com/api/segments/%s.json	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
http://watch.nba.com/video/channels/playoffs/2015/05/20/0041400301-cle-atl-recap.nba	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high
https://www.jamendo.com/track/	namang.exe, 00000012.00000000.357100822.00000000049CB000.00000008.00020000.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.67.185.155	unknown	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	344779
Start date:	27.01.2021
Start time:	06:48:58
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 25m 56s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Mario Deluxe InstaII.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run name:	Cmdline fuzzy
Number of analysed new started processes analysed:	40
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	UNKNOWN
Classification:	unknown16.evad.winEXE@19/2060@36/1
EGA Information:	Successful, ratio: 75%
HDC Information:	Successful, ratio: 32.9% (good quality ratio 32%) Quality average: 80.3% Quality standard deviation: 24.4%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Max analysis timeout: 720s exceeded, the analysis took too long Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, MusNotifyIcon.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 168.61.161.212, 104.43.193.48, 2.20.84.85, 51.104.139.180, 93.184.221.240, 95.101.22.224, 95.101.22.216, 52.155.217.156, 20.54.26.129, 51.132.208.181, 40.126.31.139, 40.126.31.137, 40.126.31.135, 40.126.31.1, 40.126.31.8, 40.126.31.143, 40.126.31.6, 20.190.159.136, 51.104.136.2, 20.49.150.241, 51.11.168.232, 20.190.159.132, 51.11.168.160 Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, www.tm.lg.prod.aadmsa.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, wu.azureedge.net, www.tm.a.prd.aadg.trafficmanager.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, login.live.com, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, wu.wpc.apr-52dd2.edgecastdns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, fs.microsoft.com, wu.ec.azureedge.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, settings-win.data.microsoft.com, login.msa.msidentity.com, skypedataprdcolcus15.cloudapp.net, settingsfd-geo.trafficmanager.net, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, dub2.next.a.prd.aadg.trafficmanager.net Execution Graph export aborted for target Mario Deluxe InstaII.exe, PID 5312 because there are no executed function Report creation exceeded maximum time and may have missing behavior and disassembly information. Report creation exceeded maximum time and may have missing disassembly code information. Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtEnumerateKey calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryAttributesFile calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtQueryVolumeInformationFile calls found. Report size getting too big, too many NtReadFile calls found. Report size getting too big, too many NtSetInformationFile calls found. Report size getting too big, too many NtWriteFile calls found.
Errors:	Corrupt sample or wrongly selected analyzer. Details: Access is denied. Corrupt sample or wrongly selected analyzer. Details: Access is denied.

Simulations

Behavior and APIs

Time	Type	Description
06:51:11	API Interceptor	8x Sleep call for process: download.exe modified
06:52:38	Task Scheduler	Run new task: UpdateCore0x300 path: C:\Users\user\AppData\Local\Update\namang.exe
06:53:06	Task Scheduler	Run new task: UpdateCore0x301 path: C:\Users\user\AppData\Local\Packages\Update\namang.exe
06:53:06	Task Scheduler	Run new task: UpdateCore0x302 path: C:\Users\user\AppData\Local\Google\Update\namang.exe
06:53:06	Task Scheduler	Run new task: UpdateCore0x303 path: C:\Users\user\AppData\Local\Mozilla\Update\namang.exe
06:53:06	Task Scheduler	Run new task: UpdateCore0x304 path: C:\Users\user\AppData\Local\Microsoft\Update\namang.exe

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
CLOUDFLARENETUS	SecuriteInfo.com.BehavesLike.Win32.SoftPulse.gc.exe	Get hash	malicious	Browse	104.21.27.240
	SecuriteInfo.com.Generic.mg.d82abc4e3bc3179d.exe	Get hash	malicious	Browse	172.67.169.213
	SecuriteInfo.com.BehavesLike.Win32.SoftPulse.gc.exe	Get hash	malicious	Browse	104.21.27.240
	SecuriteInfo.com.BehavesLike.Win32.PUPXAA.gc.exe	Get hash	malicious	Browse	172.67.169.213
	SecuriteInfo.com.Heur.30497.xls	Get hash	malicious	Browse	172.67.198.109
	SecuriteInfo.com.Exploit.Siggen3.8790.14645.xls	Get hash	malicious	Browse	172.67.200.147
	SecuriteInfo.com.Trojan.DOC.Agent.ATB.11104.xls	Get hash	malicious	Browse	172.67.201.174
	SecuriteInfo.com.Trojan.Inject4.6746.26345.exe	Get hash	malicious	Browse	162.159.130.233
	SecuriteInfo.com.Trojan.Inject4.6746.26345.exe	Get hash	malicious	Browse	162.159.134.233
	case (2553).xls	Get hash	malicious	Browse	104.21.44.135
	case (2553).xls	Get hash	malicious	Browse	104.21.60.169
	case (1057).xls	Get hash	malicious	Browse	172.67.198.109
	case (4374).xls	Get hash	malicious	Browse	104.21.73.69
	case (4335).xls	Get hash	malicious	Browse	104.21.73.69
	case (1522).xls	Get hash	malicious	Browse	104.21.73.69
	case (4374).xls	Get hash	malicious	Browse	104.21.60.169
	case (166).xls	Get hash	malicious	Browse	172.67.198.109
	PAYMENT.xlsx	Get hash	malicious	Browse	104.16.19.94
	PAYMENT.xlsx	Get hash	malicious	Browse	104.16.18.94
	Informacion.doc	Get hash	malicious	Browse	104.21.89.78

JA3 Fingerprints

No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\Users\user\AppData\Local\Temp\is-D5BMH.tmp\_isetup\_setup64.tmp	FrC4UAhnvX.exe	Get hash	malicious	Browse
	SecuriteInfo.com.Trojan.DownLoader36.34557.26355.exe	Get hash	malicious	Browse
	9oUx9PzdSA.exe	Get hash	malicious	Browse
	atikmdag-patcher 1.4.7.exe	Get hash	malicious	Browse
	Atikmdag Patcher 1.4.8.sfx.exe	Get hash	malicious	Browse
	atikmdag-patcher 1.4.7.sfx.exe	Get hash	malicious	Browse
	VoiceMan Reflex-Setup-V3.0.3.exe	Get hash	malicious	Browse
	FastKeys_Setup.exe	Get hash	malicious	Browse
	FastKeys_Setup.exe	Get hash	malicious	Browse
	atiflash_293.sfx.exe	Get hash	malicious	Browse
	sfk_setup.exe	Get hash	malicious	Browse
	atiflash_293.exe	Get hash	malicious	Browse
	Softerra Adaxes 2011.3.exe	Get hash	malicious	Browse
	atikmdag-patcher 1.4.8.exe	Get hash	malicious	Browse
	atikmdag-patcher_1.4.8.exe	Get hash	malicious	Browse
	OhGodAnETHlargementPill2.exe	Get hash	malicious	Browse
	atikmdag-patcher-1.4.8.exe	Get hash	malicious	Browse
	atiflash_293.exe	Get hash	malicious	Browse
	OhGodAnETHlargementPill.sfx.exe	Get hash	malicious	Browse
	godflex-r2.exe	Get hash	malicious	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Google\Update\log.txt Download File
Process:	C:\Users\user\AppData\Local\Google\Update\namang.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	534
Entropy (8bit):	5.301460928801728
Encrypted:	false
SSDEEP:	6:mJ8pZaptpP0ckDbM5oYyAPnP0ckDbM5oYycpL0ckDbMv2HHda0C8pZKpdNFiR3dp:7ZysCi6nsCiyom2rCSZQdXE3dWY
MD5:	050A33B14B4E194CC854A1570D7D8611
SHA1:	45258D6D263C83A2119DD7FC164A213E12A90F8F
SHA-256:	E031AA47DCE5BE44C4EF18C086AF9BB5212B408CD8C78A943DA4FB216271DB9E
SHA-512:	8EC4B43206DCC34DE0D7FADD957C5FADA35577C6E7EFC6E453C6FCBAFFC0AD251AE17E2612BB7A0AF2E86F54DC2E45C5F44E14B33854891B6D2EC45C2CB5492F
Malicious:	false
Reputation:	low
Preview:	2021/01/27 06:53:41 \| ('--------------------',)..2021/01/27 06:53:41 \| ('START APP',)..2021/01/27 06:53:41 \| ('__file__', 'C:\\Users\\user\\AppData\\Local\\Google\\Update\\service_updater.py')..2021/01/27 06:53:41 \| ('C:\\Users\\user\\AppData\\Local\\Google\\Update\\service_updater.py',)..2021/01/27 06:53:41 \| ('cwd', 'C:\\Users\\user\\AppData\\Local\\Google\\Update')..2021/01/27 06:53:41 \| ('0xecf4bb862ded',)..2021/01/27 06:53:41 \| ('STARTUP CHECK',)..2021/01/27 06:54:51 \| ('ACT', 'WAIT')..2021/01/27 06:54:51 \| ('WAIT', 1)..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\download.exe.log Download File
Process:	C:\Users\user\AppData\Local\Namang\download.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	5.367899416177239
Encrypted:	false
SSDEEP:	24:ML9E4KrL1qE4GiD0E4KeGiKDE4KGKN08AKhPKIE4TKD1KoZAE4KKPz:MxHKn1qHGiD0HKeGiYHKGD8AoPtHTG1Q
MD5:	7115A3215A4C22EF20AB9AF4160EE8F5
SHA1:	A4CAB34355971C1FBAABECEFA91458C4936F2C24
SHA-256:	A4A689E8149166591F94A8C84E99BE744992B9E80BDB7A0713453EB6C59BBBB2
SHA-512:	2CEF2BCD284265B147ABF300A4D26AD1AAC743EFE0B47A394FB614B6843A60B9F918E56261A56334078D0D9681132F3403FB734EE66E1915CF76F29411D5CE20
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\49e5c0579db170be9741dccc34c1998e\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\6d7d43e19d7fc0006285b85b7e2c8702\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\4e05e2e48b8a6dd267a8c9e25ef129a7\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Mozilla\Update\log.txt Download File
Process:	C:\Users\user\AppData\Local\Update\namang.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	946
Entropy (8bit):	5.295646472311757
Encrypted:	false
SSDEEP:	12:2ey7CnVF67CwsVFy7CV07CJrCS7CWQLE3y6nrZysFi6nsFiyor2rCSZk:v0Cz8Cw80C8CJrCUCW8j69q6DqrCck
MD5:	917EB0C636E064CEDBEA7259D5C69963
SHA1:	CE81EE4D915D783F6E31C69A0EDCE09FAA8462C9
SHA-256:	952632BC9FEF8D9904928B8AF4BCAFC4EE0B701F4204646F8316B0ECD9345728
SHA-512:	70711829B2765D07FD8B935536E36C4402902DAC6FF9A34CD00119D9631946CD43C48184179D23530C9C30CD8609DEB37E9EEA0D62C9790B674135FAEEB54B93
Malicious:	false
Preview:	2021/01/27 06:51:15 \| ('--------------------',)..2021/01/27 06:51:15 \| ('START APP',)..2021/01/27 06:51:16 \| ('__file__', 'C:\\Users\\user\\AppData\\Local\\Namang\\service_updater.py')..2021/01/27 06:51:16 \| ('C:\\Users\\user\\AppData\\Local\\Namang\\service_updater.py',)..2021/01/27 06:51:16 \| ('cwd', 'C:\\Users\\user\\AppData\\Local\\Namang')..2021/01/27 06:51:16 \| ('0xecf4bb862ded',)..2021/01/27 06:51:16 \| ('STARTUP CHECK',)..2021/01/27 06:52:37 \| ('ACT', 'WAIT')..2021/01/27 06:52:37 \| ('WAIT', 1)..2021/01/27 06:53:41 \| ('--------------------',)..2021/01/27 06:53:41 \| ('START APP',)..2021/01/27 06:53:41 \| ('__file__', 'C:\\Users\\user\\AppData\\Local\\Update\\service_updater.py')..2021/01/27 06:53:41 \| ('C:\\Users\\user\\AppData\\Local\\Update\\service_updater.py',)..2021/01/27 06:53:41 \| ('cwd', 'C:\\Users\\user\\AppData\\Local\\Update')..2021/01/27 06:53:41 \| ('0xecf4bb862ded',)..2021/01/27 06:53:41 \| ('STARTUP CHECK',)..

C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-07UFK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15360
Entropy (8bit):	4.869873603847906
Encrypted:	false
SSDEEP:	384:9Z4VPJJaWHT+WoNYANC8HpTcMExffDKP:CGkdQHNC8JZExffDKP
MD5:	9FB7DAEDD82BDDE61D467B7A568BF577
SHA1:	8772A438D9735498BE7ED4D566BB0439361AAA56
SHA-256:	CF235E8F929568EE0C24C676BE7FB15E6A8820CB8437CD06BEE1E038B80DEB2B
SHA-512:	456DB61224D9F3EE5786173BE2998ECD54D05BC29919EC8E1A7A917EB5F42FBB3EDB1AEE374D9B97B4DB94591BE440F58DDBD0F32AAB1A2977DB28573223E806
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................<................................................!.P..........Rich....................PE..d...*R.^.........." .........$............................................................`..........................................6.......7..d....p.......P..X....................1...............................1...............0...............................text............................... ..`.rdata.......0......................@..@.data... ....@.......,..............@....pdata..X....P.......2..............@..@.gfids.......`.......6..............@..@.rsrc........p.......8..............@..@.reloc...............:..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-4S6NI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	5.166087238848412
Encrypted:	false
SSDEEP:	192:MLMEqiq0vJwKh/hXsht0D71s7iluU/ZM7E6txffDKPEYUGMG:MLME/Jwy/Sa71s0ucMJxffDKPEYUG
MD5:	0FFCFFFDC650194CD9F803E7593FCAC1
SHA1:	7488AAB01D38E69BAC8A1858A92FC7458F7F0A42
SHA-256:	63C184B6E7B17E319611AE141CFD06CC94B86833B6C9F4ADDABA80F547299F55
SHA-512:	380CD213157F9F32541049F455D0B723ED1C9F3528D827A540BC89C2908318F3EE9947C26FAFD4D27768FD93CA366607387201DE8923C39409AE7CAA197E8AD2
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................x.......................................................!.............Rich....................PE..d...(R.^.........." .........$............................................................`..........................................8.......8..d....p.......P.......................1...............................1...............0..0............................text............................... ..`.rdata..\....0......."..............@..@.data........@.......0..............@....pdata.......P.......6..............@..@.gfids.......`.......:..............@..@.rsrc........p.......<..............@..@.reloc...............>..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-6MJ1R.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	4.744645578247188
Encrypted:	false
SSDEEP:	192:h60yFw04d1jmM0psOI4isz/U/ZMcb6txffDKPh:h1yFw3Cdp9u6cMfxffDKP
MD5:	D4535F5B8683CD4B523D1F97232D3772
SHA1:	1A6CE4EEB5ACD1762F629478DB14DFE8E361967F
SHA-256:	A8BD1B23F25393B26570A23F3083227DCA1E2A6C4422581FF3E46CEA3C4AC4AD
SHA-512:	447C9B1772F4A4F91961268E1B87C3576415F5257197DB16336A3BE8601DCFC8CD01DD1BB0676403633C58B8593AA9F558BBD53CCD994F5702DF38C265358730
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.E...E...E...L..G...~...G.......F...E...e...~...G...~...O...~...L.......D.......D.......D.......D...RichE...........PE..d...)R.^.........." ......................................................................`..........................................%.......&..P....`.......@...............p......p!...............................!............... ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....pdata.......@.......$..............@..@.gfids.......P.......&..............@..@.rsrc........`.......(..............@..@.reloc.......p.......*..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-851DG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	4.842784266684081
Encrypted:	false
SSDEEP:	192:7cpTqUY/ziJ3t3KI66wPU/ZMrE6txffDKP:7cpTqyJd3ZEcM5xffDKP
MD5:	B537C5216BD68311D50B10D62D02B9BB
SHA1:	EB613BDABC18EE0F43AFA4A13E684D0F8BC57817
SHA-256:	2B4FEFD3688F5E92B1C3EF745D3463D44D9C071B9E2E190A7179191CD3B1E3A5
SHA-512:	1A3A8E9454646D7AC87F0ACC34092DA9C3873E4912EA8CB7C335D58A1BF7336D370DDA9DA13FDC6148EBFE93E3B75CEEBC0684A5EE7B4AE24E8E2B5D053AFE38
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................... ................................................!.L..........Rich............PE..d...R.^.........." ......... ............................................................`..........................................6......H7..d....p.......P..(....................1...............................1...............0...............................text............................... ..`.rdata.......0......................@..@.data........@......."..............@....pdata..(....P.......&..............@..@.gfids.......`.....................@..@.rsrc........p.......,..............@..@.reloc..............................@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-B9INP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13312
Entropy (8bit):	4.881042404291281
Encrypted:	false
SSDEEP:	384:7upTqyJd3I4NRI9IJr+tJrWcM5xffDKP:7yII94tS5xffDKP
MD5:	03C703A8F4C2A1443CCCC8316AF8940C
SHA1:	046D8C846D9393E472064AA1250826994A785577
SHA-256:	CA09E03D93F3A330A467AFD7FB998AD81DFD75FA7A1C2E202D6898F229C269D4
SHA-512:	A65BF31452E984DE1F951A3BCA97C9DC27AC113E5FD4E0D29FA2B67E6C1B24D48BA6513D1E2CEAA7617E92305171E9675379A0E97980A3CEEC209C49CD687329
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................... ................................................!.L..........Rich............PE..d...)R.^.........." ........."............................................................`..........................................6.......7..d....p.......P..d....................1...............................1...............0...............................text............................... ..`.rdata.......0......................@..@.data........@.......&..............@....pdata..d....P.......*..............@..@.gfids.......`......................@..@.rsrc........p.......0..............@..@.reloc...............2..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-GSM56.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	14336
Entropy (8bit):	4.824956860065785
Encrypted:	false
SSDEEP:	192:0Cf3gWtFziJM87vAxEu/XLU/ZM7E6txffDKPu6+6g:0CfsJM87YqGcMJxffDKPVl
MD5:	C04554CF7F89E2D360EBCC39F85A2970
SHA1:	42AC403BD2A854D7F6AC60A299594A9C4A793F35
SHA-256:	264ED03313EFC36EF0794E3C716319E0AA4774C3D0A26C522DCFA7BE1F46349F
SHA-512:	668928ABB8510D36DCC2E9FF7CD10353C3CBC10AF199CA4C909770921FDCBE4AEEDC5DFB106C91CF480C86A2AB78E2DA6278D859AAE93CB72BC50DE432411ED9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!A..@/.@/.@/.8..@/....@/..(..@/.@..@/..,.@/...@/..+.@/...'.@/.../.@/.#...@/...-.@/.Rich.@/.........PE..d...R.^.........." .........$............................................................`.........................................@7.......8..d....p.......P..p....................1...............................1...............0..0............................text............................... ..`.rdata.......0......................@..@.data...0....@.......(..............@....pdata..p....P......................@..@.gfids.......`.......2..............@..@.rsrc........p.......4..............@..@.reloc...............6..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-HA3E7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15872
Entropy (8bit):	5.442995425168784
Encrypted:	false
SSDEEP:	384:72pTqYrd3hOG8QRbSw3XzD07irfcM5xffDKP:7Gj8QRbXDR5xffDKP
MD5:	6BFB3849D64A049436F42B982C29727B
SHA1:	678DBAD627DA656DD55EC7BC33B67D244BA11FD6
SHA-256:	8A039CEF8A954F43217B31005B260C949C5B437796263F94629F76A2E67CD4FF
SHA-512:	FD4BC5A88B3901CEF07D50C8F4725C198981EFD4D1F5A155F2A8BFDC4499F74D4718ECC29F53BA6830FF8A212B38E4D2B6AC9ED1CE09CDA8B3EF9DCAF154626A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................... ................................................!.L..........Rich............PE..d...(R.^.........." ........."............................................................`.........................................p8.......9..d....p.......P.......................2...............................2...............0...............................text............................... ..`.rdata.......0......."..............@..@.data........@.......0..............@....pdata.......P.......4..............@..@.gfids.......`.......8..............@..@.rsrc........p.......:..............@..@.reloc...............<..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-MCE9O.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	19968
Entropy (8bit):	5.8239487510065455
Encrypted:	false
SSDEEP:	384:7KONZ5SEKInoZGqoOWCx5pJgLa0Mp8hNhv5BUcM5xffDKP:7rzdOWCxpgLa16NHBC5xffDKP
MD5:	9E32123400ADB0529FC4559D99750498
SHA1:	2E5709724C0ADDB8DDAFE3F55C836CED3412577F
SHA-256:	959EB9F68FF3C24100BD623B4677A8BDC93F3FC0130D3DAF79D29669FB0A0B48
SHA-512:	42F4A3A5A0E4C04EA559B428577805F12C55D1CFB9AB143FBE6038421C3774F87CFAE2BF6735C6EBE6E15C2A4D36E41CF9BEE2EC246EBBF7F7EC0AFDFFF20A53
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................... ................................................!.L..........Rich............PE..d...(R.^.........." .........4............................................................`..........................................G......PH..d............`.................. ....A...............................B...............0...............................text............................... ..`.rdata.......0....... ..............@..@.data... ....P.......>..............@....pdata.......`.......D..............@..@.gfids.......p.......H..............@..@.rsrc................J..............@..@.reloc.. ............L..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-MLMHT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15360
Entropy (8bit):	4.933354199557525
Encrypted:	false
SSDEEP:	384:xJ/gxJNTIPf8RNhNwHizcItcMmxffDKPy:Q487/wCYITmxffDKP
MD5:	17C326C453A2D25B25358AF4E121B285
SHA1:	0998EA09CC6B44C1A3ED30571E28D9C43097E259
SHA-256:	EECBBBCFF336430B675077B2C375DB070F12F21E89535367FF7DAFC446486975
SHA-512:	B1E46D1071DD6BE3E5F8FAA168F0948CABD5F57422261FD46A8FD6079F7778F7B9525FACFE3479B2C29F01423211BB8F9A2768703EC4BFFFD8C7823A4D38E85E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................(................................................!.D..........Rich....................PE..d...*R.^.........." .........$............................................................`..........................................7.......8..d....p.......P.......................1...............................1...............0.. ............................text............................... ..`.rdata.......0......................@..@.data...@....@.......,..............@....pdata.......P.......2..............@..@.gfids.......`.......6..............@..@.rsrc........p.......8..............@..@.reloc...............:..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-MP1MU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	54272
Entropy (8bit):	3.958532589679522
Encrypted:	false
SSDEEP:	384:HrgmoP5KxmIcQFq86G4cJg+rZ7fcMgxffDBP8:sjycfcgxffDBP
MD5:	154F2B33E92A439BFCE987BAD831E9C9
SHA1:	23A960EFC3BFFD8B688EECA33EA370FC3B11BEC1
SHA-256:	197560B24B509BE799DBE497FD2C657CF625CC5BD0E46F71601AB6C215FCD9A8
SHA-512:	9A6A8810900046D7E19120547C35FB66013A552C83CEC42BE630E26259B156B34200FDC45C619833344FDCF647BE9A1D9989D48149F986592449A7E4FD9E1BE8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../../../..WR./..q../...G../../../..q../..q../..q../...q../...q../...q>./...q../..Rich./..........................PE..d...)R.^.........." .....(...................................................0............`.........................................p...........d...............<............ .. ...................................0................@...............................text....&.......(.................. ..`.rdata..~....@.......,..............@..@.data...............................@....pdata..<...........................@..@.gfids..............................@..@.rsrc...............................@..@.reloc.. .... ......................@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-PUH42.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	34816
Entropy (8bit):	6.529743411975845
Encrypted:	false
SSDEEP:	768:RDe3TnPAnqMgS4j990th9Vs51sExffDKPk:RAPAqrS430r9VExffDKPk
MD5:	6CA7EA319CCA4740384488A4C5A2C61A
SHA1:	013CCBC61EF87D47426783E33DC6A1909BBB1A0E
SHA-256:	BD1D83F2E473D9838327EE5AEB758896459616F5ED006479EAEA80629C9D3CA2
SHA-512:	2E5455136E5C844369D1F1FAFE6C96A4AA0BC5356D1786459439E1295461A6AF30BB6DF37565E283B68116F69567E032D4591B7715301C9B418446EBD2FD7061
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!...@..@..@..8`.@.....@...(..@..@..@.....@.....@.....@......@......@..#...@......@..Rich.@..........PE..d...'R.^.........." .....>...L............................................................`.........................................`...........d............................... ....y...............................y...............P...............................text...#=.......>.................. ..`.rdata..\4...P...6...B..............@..@.data... ............x..............@....pdata...............~..............@..@.gfids..............................@..@.rsrc...............................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-RQL6N.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	26624
Entropy (8bit):	6.396335971733679
Encrypted:	false
SSDEEP:	384:veEylHQeQMG+2Rsxkn2hZXmrfXA+UA10ol31tuXdqEcMkxffDKP89y:lpMsVn2jXmrXA+NNxWNqSkxffDKP3
MD5:	1541709C23CC83957DCF0A72AD38B0E1
SHA1:	D295C60C65BFC416F5EC0ED9FEB2F1B4BE3F1890
SHA-256:	98F1B53979E1CD8CA7EB511FB98DC53947F94B779B6C51001B6C18E5BFDC2167
SHA-512:	48C8C1792E5442C2813E212E01161A173DEC287BDE74C378B984E083521549530652BECE13468EC1D10261DFE9749DC256D23059A78AAE122298EA7FD836088F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................<................................................!.P..........Rich....................PE..d...(R.^.........." .....&...D............................................................`..........................................g.......h..d...............0............... ....a...............................a...............@...............................text...C$.......&.................. ..`.rdata...,...@.......*..............@..@.data........p.......X..............@....pdata..0............^..............@..@.gfids...............b..............@..@.rsrc................d..............@..@.reloc.. ............f..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-T3LEA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13824
Entropy (8bit):	4.65813044523921
Encrypted:	false
SSDEEP:	192:ZQMl3QyKUPJvBQ4WeU/Zz/YE6txffDKPrI:KMlpJvRcz/+xffDKPr
MD5:	6F1D3ED33D7DFEAE5642406D76FF2084
SHA1:	014CFEE7D754564928ED2DF2FEF933AEDA915918
SHA-256:	F5918822781473D44F69030A9B32BCAEFFA8671F1328C48085C9671F140D1273
SHA-512:	E55F57EF9411979AB164D5C3FACA609856DDAA273EE817225BA77A12DDAD02DA464378CA0CBD98DDEC708AEAC96845AB8C718D35EDC88B0AB06BB14ED53647CA
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!a..@..@..@..8..@.....@...(..@..@..@.....@.....@.....@......@......@..#...@......@..Rich.@..........................PE..d...*R.^.........." .........$............................................................`..........................................6.......7..d....p.......P..@....................1...............................1...............0..(............................text............................... ..`.rdata..$....0......................@..@.data........@.......&..............@....pdata..@....P.......,..............@..@.gfids.......`.......0..............@..@.rsrc........p.......2..............@..@.reloc...............4..............@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Crypto\Cipher\is-UABBS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	54272
Entropy (8bit):	3.9493333228477514
Encrypted:	false
SSDEEP:	384:PrgmoP5KxpcQFq86G4MJNv8QrZKMcMAxffDBP2PN:kjScflGAxffDBPo
MD5:	60C9776A18EFC553A79A595E18F7CE97
SHA1:	1C1AF825013F967A73F2E7FBBA159A1FFD8FE3F9
SHA-256:	8BEC34BB5E092EBA39402A97A11E62BD39AAB56716401D2A968D117A973C54C8
SHA-512:	0DD8F1B0E1C767DD7673071B007A267EE5763BEA2F900DBC20220D6B405818BB3FE7CEADD0C8AE4127C682D45DCD459FE3498CB1943E52257F532C849589BEA2
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../../../..WR./..q../...G../../../..q../..q../..q../...q../...q../...q>./...q../..Rich./..........................PE..d...)R.^.........." .....(...................................................0............`.........................................`...........d...............<............ .. ...................................0................@...............................text...s&.......(.................. ..`.rdata..v....@.......,..............@..@.data...............................@....pdata..<...........................@..@.gfids..............................@..@.rsrc...............................@..@.reloc.. .... ......................@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Crypto\Hash\is-BF829.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	22016
Entropy (8bit):	5.6246149737924
Encrypted:	false
SSDEEP:	384:1slvrkYlC9vnMCapnnLKK2KWjmggj2cMmxffDKP5Go:pOCvmggYmxffDKP5
MD5:	4C16BB062911F8D38D881022DBA921DC
SHA1:	FED09BCB06FA5BB604BFB81D4AECBD012548F5F9
SHA-256:	D72174D81EF9E6C8C9C2B2C9A0392E85195A1FDE81757A8FA61E7561B8689F84
SHA-512:	2CA19B324011F1957F2182B6D57A687CFF1805E94C27118452D7B579EA4DC9BDF2F409C03CB97B71E312593C41312BD278C25D52CAC1CF0EECC72CE79BA0D08D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................(................................................!.D..........Rich....................PE..d...%R.^.........." .....2...&............................................................`..........................................X.......Y..d............p.......................R...............................R...............P.. ............................text...c1.......2.................. ..`.rdata.."....P.......6..............@..@.data........`.......F..............@....pdata.......p.......L..............@..@.gfids...............P..............@..@.rsrc................R..............@..@.reloc...............T..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Crypto\Hash\is-H8Q5K.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13824
Entropy (8bit):	4.8282939196820465
Encrypted:	false
SSDEEP:	192:p46YPn6OujEJaWH9R5zuxYUX6/+wltU/ZMr/6txffDKPNE:p4VPXJaWH9RmYUXU+w/cMExffDKPNE
MD5:	FDD4207EA3C8938D4C1150A9A15B5987
SHA1:	2F4B87A20474A825C5B4C45D0BEC15B1911F54CE
SHA-256:	F7CE5ED7D00BED3C9C9F41A75D616930BC06973A86F721AAEBE1529719C48A0F
SHA-512:	4B6D8B76EDBD4A4BB0B6E704C8EF58474975F4B2C09E7CA0364D40F154BA1E1D2511B5D4757071FBCB0B98F0A39DD182BC05EE1118DEB7FD8CE9F47428BD6FCB
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................<................................................!.P..........Rich....................PE..d...'R.^.........." ........."............................................................`..........................................6......H7..d....p.......P..@....................1...............................1...............0...............................text............................... ..`.rdata.......0......................@..@.data... ....@.......&..............@....pdata..@....P.......,..............@..@.gfids.......`.......0..............@..@.rsrc........p.......2..............@..@.reloc...............4..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Crypto\Hash\is-JT72P.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	19456
Entropy (8bit):	5.462532756593117
Encrypted:	false
SSDEEP:	384:QslJpMI3hWvPGt3+x6rYZPdHRacMmxffDKPx+2+:1LW6o1HamxffDKPx+
MD5:	ABC7D549B8974A93E441B45B118A3F8E
SHA1:	1B78C6022F03550CA48A67AA2B2EDC0ADD3A5FD7
SHA-256:	059E3B26C6816C5F2E3A3D6FDFCC0298077221CD8AE8A17FC9FE6D67EF2BFC3A
SHA-512:	8AC63714EEBBE6C4FF7DA73EBE1E03BE1AAEE194D635DF068108956BF009B872BAD1357A5C41E5780D053903784C10797D417F90F941E362F3D3774E91BBB98E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................(................................................!.D..........Rich....................PE..d...%R.^.........." ........$............................................................`..........................................G.......G..d............`..d....................A...............................A...............@.. ............................text...s)......................... ..`.rdata..r....@......................@..@.data........P.......<..............@....pdata..d....`.......B..............@..@.gfids.......p.......F..............@..@.rsrc................H..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Crypto\Hash\is-S31N4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	16896
Entropy (8bit):	5.275980187584586
Encrypted:	false
SSDEEP:	192:fAM1nQyaUvJ3PdnVX0A6g4fF+rxP7ZGeGNgdKamfdaU/ZMYE6txffDKPsP:4M1pJ3jr9AeGNRamfdacMGxffDKPsP
MD5:	7B4DB40A5AF596C7B685B1BFF8C85A63
SHA1:	BDC1CA3A817731AB89FCC0FF8F9ED540B8FE016D
SHA-256:	938AA6F71988F899C605DFE09A0882403AF0564EB1937316BF50BDA5B63659AF
SHA-512:	8D995A342EECBB4278EA02CA84B0C5D3446B06952C1CE29E3D3EB1AA95C7B31CBD88976BD6BDB2C92C4E5E25103D392AA911A5F718CCA3CB6E9E0C2D9E8695FB
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................(................................................!.D..........Rich....................PE..d...$R.^.........." ..... ...$............................................................`..........................................6.......7..d....p.......P..d....................1...............................1...............0.. ............................text............ .................. ..`.rdata..Z....0.......$..............@..@.data........@.......2..............@....pdata..d....P.......8..............@..@.gfids.......`.......<..............@..@.rsrc........p.......>..............@..@.reloc...............@..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Crypto\Hash\is-V5PJJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15872
Entropy (8bit):	5.038428810350728
Encrypted:	false
SSDEEP:	192:7KoKYPX6O+jSr3CW3yXqh/bPF1chreVyJZwxp97muRU/ZMrE6txffDKPu:7KolPpryW3ZhDUZKv7TRcM5xffDKP
MD5:	2101EB8948AD5B50FEECEB0865169D48
SHA1:	FD55A3553D0C0416CD733AE732361685C0D23C59
SHA-256:	962A6E4BAF1FE8579B815C059ABD924563835FC2139FA16D4BA191C291D033EC
SHA-512:	122C8BA5DF3D3C2B6DDB6DE8415634C02C296285E629F780E1F9D9A4AFAF1EF3BEF0863F83748F2AD5847385E349B4D39C4C54ED7D4246F502603080C5B973E4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................... ................................................!.L..........Rich............PE..d...'R.^.........." .........$............................................................`......................................... 8.......8..d....p.......P......................p2...............................2...............0...............................text............................... ..`.rdata..n....0....... ..............@..@.data... ....@......................@....pdata.......P.......4..............@..@.gfids.......`.......8..............@..@.rsrc........p.......:..............@..@.reloc...............<..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Crypto\Protocol\is-32JQ4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13312
Entropy (8bit):	4.759561699497299
Encrypted:	false
SSDEEP:	192:jeGzn9aziJs7lD8DdTV1rkprMU/Zz/YH6txffDKPT:CGzZJsJ6FVJ0Mcz/nxffDKPT
MD5:	2C9B60C7800D640DDBFA6F2AAD83C41E
SHA1:	4778DF5386FA9E676CEC84F6A144212323EB5817
SHA-256:	A6C6E4735CC74B83BB97A94452BCBDD46E825BA485D9AB5CF2F134E7ADDAA48F
SHA-512:	38E3993A4E63ABB47FBFD266925CA8C588F553CD46799910EA337D00B29240A412BF33FC5486760C3E4D87577D836BDF1B45395CDBA8FECC3BEC4DA92B2BF8B6
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!...@..@..@..8l.@.....@...(..@..@..@.....@.....@.....@......@......@..#...@......@..Rich.@..........PE..d...+R.^.........." ........."............................................................`..........................................6..t...T7..d....p.......P..@....................1...............................1...............0.. ............................text............................... ..`.rdata.......0......................@..@.data...p....@.......$..............@....pdata..@....P.......*..............@..@.gfids.......`......................@..@.rsrc........p.......0..............@..@.reloc...............2..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Crypto\Util\is-2MB92.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	4.687259301917375
Encrypted:	false
SSDEEP:	192:hE0yFw04d1jmM0psOhgZU/ZMc76txffDKPhK:hnyFw3Cdp94cMfxffDKP
MD5:	C718722A0C7E48A91B492B604CA15125
SHA1:	6FA5B7DA8366BFD7AE575452D389D01BFA25E6B4
SHA-256:	248962DBFABFD47F79DF23F22754E6644404CCD10F152420A639DE12215A615F
SHA-512:	953AA4827746AD544E799976724F657A56337407BEBCC0C721B926CAA74FAE6BFC42ACBD194C4220F3E0E4EDC5E325674BE3F0773859F9ED40AD943A359058DD
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.E...E...E...L..G...~...G.......F...E...e...~...G...~...O...~...L.......D.......D.......D.......D...RichE...........PE..d...+R.^.........." ......................................................................`..........................................%......`&..P....`.......@...............p......p!...............................!............... ...............................text...c........................... ..`.rdata..b.... ......................@..@.data........0....... ..............@....pdata.......@.......$..............@..@.gfids.......P.......&..............@..@.rsrc........`.......(..............@..@.reloc.......p.......*..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Crypto\Util\is-73OKI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	4.727397359928835
Encrypted:	false
SSDEEP:	192:h6cyFw04d1jmM0psOfFCU/ZMc76txffDKPhS:hdyFw3Cdp94cMfxffDKPQ
MD5:	7178BF889C059DD34240C73A87D7E2C8
SHA1:	3C8A3BCD0C60C33B74719536B42323CB183BB05F
SHA-256:	04D50A58068B32790015186C55CC83D204DBFB94E245EAE131806576F2D4DA24
SHA-512:	15539B3EF516ECA7823884FFBCA61CB0CAC9143D9FF39778985D1E980DA0184F85C38EBD627935AA332C7F55E87216FF9040B21B61664F454DCE630621DD9E35
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.E...E...E...L..G...~...G.......F...E...e...~...G...~...O...~...L.......D.......D.......D.......D...RichE...........PE..d...)R.^.........." ......................................................................`..........................................%......\|&..P....`.......@...............p......p!...............................!............... ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....pdata.......@.......$..............@..@.gfids.......P.......&..............@..@.rsrc........`.......(..............@..@.reloc.......p.......*..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-0BL0M.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	34816
Entropy (8bit):	6.529813942571416
Encrypted:	false
SSDEEP:	768:jDe3TnPAnqMgS4j990th9VO5qsExffDKPk:jAPAqrS430r9GExffDKPk
MD5:	2DEE44A04A8EC984FE02A7A729F051CF
SHA1:	D390E9A5BBEB98D2EDF46882F4BAAD489C9CBC74
SHA-256:	76C410E2C4B8CCD50D97F9F5B8A82B6E39BFA0C8100029F3EE5A4D5D16DA6A11
SHA-512:	405F64DA878B7BBA60BC2F6E0A52EC397D20324CB983A045D602488389F64A051B16A01C655FF9F18510A520E11D1B989B85824F4A7DCC75695B8695B773FF5F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!...@..@..@..8`.@.....@...(..@..@..@.....@.....@.....@......@......@..#...@......@..Rich.@..........PE..d....j.^.........." .....>...L............................................................`.........................................`...........d............................... ....y...............................y...............P...............................text...#=.......>.................. ..`.rdata..\4...P...6...B..............@..@.data... ............x..............@....pdata...............~..............@..@.gfids..............................@..@.rsrc...............................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-2QAI1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	14336
Entropy (8bit):	4.825474062924337
Encrypted:	false
SSDEEP:	192:nCf3gWtFziJM87vAxEh/uLU/ZM7E6txffDKPu6+6g:nCfsJM87Yq+cMJxffDKPVl
MD5:	0CA4BF944474EF356F1EB01703095AC5
SHA1:	6DFC3E9EE4CA0A1818A487E83E8661E2581CFFEE
SHA-256:	1150830809AB8912BBD36771A5CC10E22806BB6E80BC7EBA8E2B4B55450F6BB2
SHA-512:	012094B6BE85FF54C065522B5CB3DBAE0A8F3536544F9972DA32C767F713D010B2C56AA5CDD0A1265A18213174D0CD4D7AF028CD8E80E424B30CA975D1CA8698
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!A..@/.@/.@/.8..@/....@/..(..@/.@..@/..,.@/..*.@/..+.@/...'.@/.../.@/.#...@/...-.@/.Rich.@/.........PE..d....j.^.........." .........$............................................................`.........................................@7.......8..d....p.......P..p....................1...............................1...............0..0............................text............................... ..`.rdata.......0......................@..@.data...0....@.......(..............@....pdata..p....P......................@..@.gfids.......`.......2..............@..@.rsrc........p.......4..............@..@.reloc...............6..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-46R2O.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15360
Entropy (8bit):	4.870345924651679
Encrypted:	false
SSDEEP:	384:OZ4VPJJaWHT+WoNYANCXHQTcMExffDKP:VGkdQHNCXwZExffDKP
MD5:	6081DCE6FFE61D9A356EB2AD3A005656
SHA1:	45E4F5FE6A3B6FD6AF012DD6E2F691D545274A89
SHA-256:	693A5E5BE7E71AC745504CD3A6B2BBC0B0D76F75DF8D5169C9298C3C29AE7DCB
SHA-512:	4D666E4525BBC4C2C561BB2A414FB56EC02E2D2A9A7923D60AA4EF3A248FE666F72CFE530D3F3A8CAD31771F2C002EB004318105600AF60626EA24CB75A8EF79
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................<................................................!.P..........Rich....................PE..d....j.^.........." .........$............................................................`..........................................6.......7..d....p.......P..X....................1...............................1...............0...............................text............................... ..`.rdata.......0......................@..@.data... ....@.......,..............@....pdata..X....P.......2..............@..@.gfids.......`.......6..............@..@.rsrc........p.......8..............@..@.reloc...............:..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-5051K.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	4.843432695319185
Encrypted:	false
SSDEEP:	192:7npTqUY/ziJ3t3KI66TEU/ZMrE6txffDKP:7npTqyJd3ZAcM5xffDKP
MD5:	853547B7917AD381CF76AD17D6A78C74
SHA1:	3B72E78E1FCFA957B96D3445803B5A70D8FE45E0
SHA-256:	D2534EAB37062201DFF6F286B39C2FF2F1AC26B7AAC273F570FA36F4955424E1
SHA-512:	8CB46A3908FA016A401807DAE3E35E61DFA79A37EC4D1CE71EF84CBAD1E31325D6313390A017C543F2C1477A253098F9C156B2984506D935B283C0DCCE6A385A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................... ................................................!.L..........Rich............PE..d....j.^.........." ......... ............................................................`..........................................6......H7..d....p.......P..(....................1...............................1...............0...............................text............................... ..`.rdata.......0......................@..@.data........@......."..............@....pdata..(....P.......&..............@..@.gfids.......`.......*..............@..@.rsrc........p.......,..............@..@.reloc..............................@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-7L0PM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	54272
Entropy (8bit):	3.9495226444320974
Encrypted:	false
SSDEEP:	384:YrgmoP5KxpcQFq86G4MJNv8QrZP5cMAxffDBP2PN:vjScfl+AxffDBPo
MD5:	4483117C20D95C2379A74ED97DE7B360
SHA1:	E5CE9A04A72191E16FEA2F26B311086F9EF8942F
SHA-256:	58E9CC84C8E58F3EE340F5F8B8BCC07A2F5DC122462C37D0D9E1956B1695A910
SHA-512:	6F069C70E55CCF0E628B419ABD93902C4513A3021B59B8FD98936C625194011D21D3F90A6BA04C8C27E4C13A2123E71D2F68FD3F58AE5CEA3F9D86CBF2C279CB
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../../../..WR./..q../...G../../../..q../..q../..q../...q../...q../...q>./...q../..Rich./..........................PE..d....j.^.........." .....(...................................................0............`.........................................`...........d...............<............ .. ...................................0................@...............................text...s&.......(.................. ..`.rdata..v....@.......,..............@..@.data...............................@....pdata..<...........................@..@.gfids..............................@..@.rsrc...............................@..@.reloc.. .... ......................@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-99CD4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	5.167521512758171
Encrypted:	false
SSDEEP:	192:MIMEqiq0vJwKh/hXsht0D71scieuU/ZM7E6txffDKPEYUGMG:MIME/Jwy/Sa71sEucMJxffDKPEYUG
MD5:	E65879A935DE5D5DD415AA4AA4BAA0F3
SHA1:	C338A3D7B2111840CF77827759F1EA9FB54EFB53
SHA-256:	9992FA4B4720F7557D8CF6246FB296B39ABE6E22A781B88B75D8EFF34CC4B1A7
SHA-512:	73AD2C7A2C08485A947E3382003D0AE00BD96A98E3DE44D307E116889F874CC02BB4846DF5A9040AE73BBD35286BC51392298A7391D8E846FE1E663827AC898A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................x.......................................................!.............Rich....................PE..d....j.^.........." .........$............................................................`..........................................8.......8..d....p.......P.......................1...............................1...............0..0............................text............................... ..`.rdata..\....0......."..............@..@.data........@.......0..............@....pdata.......P.......6..............@..@.gfids.......`.......:..............@..@.rsrc........p.......<..............@..@.reloc...............>..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-CJHHV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13824
Entropy (8bit):	4.658496034268565
Encrypted:	false
SSDEEP:	192:IQMl3QyKUPJvBQ4h8U/Zz/YE6txffDKPrI:JMlpJvscz/+xffDKPr
MD5:	481E98A50C05DEEDA2A1D2E44E1C510F
SHA1:	A003493C0787C8BB380E7987AFB6C003D708AF03
SHA-256:	BD62BEB7E2CE9D42908907E7B12B1BF74EA23D4E7F73AB9A695D69506A924746
SHA-512:	0D0BFA1BB9F17A7B0500B57FDB74CBF59C3EAC423593F4EEE0474149EF2A9C1CDF858DE2FA58B56E7EDB9BD0D33CB84198E0E20D63994BFB7E0B4F9CA6B009BA
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!a..@..@..@..8..@.....@...(..@..@..@.....@.....@.....@......@......@..#...@......@..Rich.@..........................PE..d....j.^.........." .........$............................................................`..........................................6.......7..d....p.......P..@....................1...............................1...............0..(............................text............................... ..`.rdata..$....0......................@..@.data........@.......&..............@....pdata..@....P.......,..............@..@.gfids.......`.......0..............@..@.rsrc........p.......2..............@..@.reloc...............4..............@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-GB4LH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	26624
Entropy (8bit):	6.396490110090226
Encrypted:	false
SSDEEP:	384:qeEylHQeQMG+2Rsxkn2hZXmrfXA+UA10ol31tuXiqXcMkxffDKP89y:MpMsVn2jXmrXA+NNxWyqdkxffDKP3
MD5:	1CF7D1AC56C8553F8EB3269F2965DF40
SHA1:	30784EFA82246928194A68096AF8F8963CF2A2F8
SHA-256:	57E8AD1345D3E36540C6A9B6395D8DC1468B882A1CEDAAAA287A8DC7A519A568
SHA-512:	0DD14F96E76ED3DF2B934204D02A10463F33188C7B7B1229E8F176386A6A1A68F7DC2751AE3E25502A20A327ADF701AB35327FE28E9A4BB562C4E97D8FE00615
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................<................................................!.P..........Rich....................PE..d....j.^.........." .....&...D............................................................`..........................................g.......h..d...............0............... ....a...............................a...............@...............................text...C$.......&.................. ..`.rdata...,...@.......*..............@..@.data........p.......X..............@....pdata..0............^..............@..@.gfids...............b..............@..@.rsrc................d..............@..@.reloc.. ............f..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-GUURJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	54272
Entropy (8bit):	3.958714453934893
Encrypted:	false
SSDEEP:	384:grgmoP5KxmIcQFq86G4cJg+rZ6ucMgxffDBP8:HjycfAgxffDBP
MD5:	4625600D8C48387339A1D9067CE8E55D
SHA1:	E3CB9D219DAB8F04861205FF24421F74C55E6D52
SHA-256:	B71BB3CA6E4927DAD4D313785B04555E5E60EA96AE93E55FA7095E4D5C167635
SHA-512:	C9FFE89788CE4D84893F6863CC973C2BDFDDEAB0CD4D874A5CB3BBD4BCA2D78920F88A1EAA44BAC97016084FF88F1D7263A6B16A2F6501BA2CAA99B8E1B08DE1
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../../../..WR./..q../...G../../../..q../..q../..q../...q../...q../...q>./...q../..Rich./..........................PE..d....j.^.........." .....(...................................................0............`.........................................p...........d...............<............ .. ...................................0................@...............................text....&.......(.................. ..`.rdata..~....@.......,..............@..@.data...............................@....pdata..<...........................@..@.gfids..............................@..@.rsrc...............................@..@.reloc.. .... ......................@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-HHNG8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15360
Entropy (8bit):	4.933726126744446
Encrypted:	false
SSDEEP:	384:SJ/gxJNTIPf8RNhNwHizcktcMmxffDKPy:H487/wCYkTmxffDKP
MD5:	67E76858404F4343DC9936C8C10B06BB
SHA1:	EF5C6AC6FBF5A5C9FA479AB608FADFF43E9EA695
SHA-256:	2F2DE0D09731BC400728A787CAA408670A20AA8D5C6D52077E6C9E8C4607403D
SHA-512:	9F69AE8FA3F8CE352D5E788FCDB23702ECEA113B1DD2385B5CD425CE5FD94D350EC664EC5690B4DB791F57398EA641F12CC220E40D69FDE59F102107E68CD7F6
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................(................................................!.D..........Rich....................PE..d....j.^.........." .........$............................................................`..........................................7.......8..d....p.......P.......................1...............................1...............0.. ............................text............................... ..`.rdata.......0......................@..@.data...@....@.......,..............@....pdata.......P.......2..............@..@.gfids.......`.......6..............@..@.rsrc........p.......8..............@..@.reloc...............:..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-NCH0D.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13312
Entropy (8bit):	4.881906041485144
Encrypted:	false
SSDEEP:	384:7XpTqyJd3I4NRI9IJrRSJrWcM5xffDKP:7DII9vSS5xffDKP
MD5:	1B1D536A9D8746B076E3E384989C3788
SHA1:	43BCDF553E12DB966C5A00EBC00B56C98A5AD945
SHA-256:	3C7116DB6FA0695F178A36D8F812DB8A3C730A829C553FE878686C4263C73B64
SHA-512:	29EEB74B88EFA3183E37729078DCBDF61F9E78037F9839E6BB2602E6DE51C02C6966C52F63962CA21B5EDD8747914D4CC28C988F080DD7E71B8AAEFACC24A727
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................... ................................................!.L..........Rich............PE..d....j.^.........." ........."............................................................`..........................................6.......7..d....p.......P..d....................1...............................1...............0...............................text............................... ..`.rdata.......0......................@..@.data........@.......&..............@....pdata..d....P.......*..............@..@.gfids.......`......................@..@.rsrc........p.......0..............@..@.reloc...............2..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-NK0ND.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	4.746003285347009
Encrypted:	false
SSDEEP:	192:hr0yFw04d1jmM0psOI4ifzaU/ZMcb6txffDKPh:hQyFw3Cdp9u+cMfxffDKP
MD5:	2070681F89E56EC025E9A3BA3C24B220
SHA1:	09A734A9D6E3A29295D44D28A989916FA3542333
SHA-256:	428462EAD40E8263BEFD401D254E527A31220753DB7A28D4A33AABD217F803D1
SHA-512:	FF4A3B38611904CDF1772F45F1E7E161FA81E28B88C98E85366DC339E745DD506F6E58FDEF25BD2AEF045F97D0927B97AACE9487E9CD8AABB274A0CA6B1877DD
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.E...E...E...L..G...~...G.......F...E...e...~...G...~...O...~...L.......D.......D.......D.......D...RichE...........PE..d....j.^.........." ......................................................................`..........................................%.......&..P....`.......@...............p......p!...............................!............... ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....pdata.......@.......$..............@..@.gfids.......P.......&..............@..@.rsrc........`.......(..............@..@.reloc.......p.......*..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-P9QA7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	19968
Entropy (8bit):	5.824269059450341
Encrypted:	false
SSDEEP:	384:7tONZ5SEKInoZGqoOWCx5pJgLa0Mp88NhvIBUcM5xffDKP:7wzdOWCxpgLa13NWBC5xffDKP
MD5:	3DBB0F0322BD115D64F4378439DEC143
SHA1:	2A130D7980BB63C4BE4E1249979B3AC1F5826E5E
SHA-256:	6B899E850FCAB1C8074D19B6FF4D08D543FBC68A668B379115263F14114F1D48
SHA-512:	3C1C998E68ADCEAE68EB97D031306F9465AA017ADC4BAABE96A80F6EDD877BA96123D313FC790E9AFB740EACF6FB2F518BC2A16F591175564C28B009F225D9A1
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................... ................................................!.L..........Rich............PE..d....j.^.........." .........4............................................................`..........................................G......PH..d............`.................. ....A...............................B...............0...............................text............................... ..`.rdata.......0....... ..............@..@.data... ....P.......>..............@....pdata.......`.......D..............@..@.gfids.......p.......H..............@..@.rsrc................J..............@..@.reloc.. ............L..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Cryptodome\Cipher\is-TSAQJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15872
Entropy (8bit):	5.444036092528839
Encrypted:	false
SSDEEP:	384:7hpTqYrd3hOG8QRbSw3XzD076rfcM5xffDKP:7dj8QRbX7R5xffDKP
MD5:	5FEF126ABE01DE3DC13EA1B45B616038
SHA1:	7DE21E487991DC9173B58E68803C47E9F0D07E59
SHA-256:	F2EF59179615D08C7D29ABEC6F5C289D339621F2BD3969FDD5F8130A63A83136
SHA-512:	9C0C1BA66A4B0CC2850A749331CBAC1D012F619A8701F84DA32BE92916774D0E1A4D38BF7FE8347574B53564EB2A3FC2FDDD8D927C67C5CCAE77DA6F3D5EFDBC
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................... ................................................!.L..........Rich............PE..d....j.^.........." ........."............................................................`.........................................p8.......9..d....p.......P.......................2...............................2...............0...............................text............................... ..`.rdata.......0......."..............@..@.data........@.......0..............@....pdata.......P.......4..............@..@.gfids.......`.......8..............@..@.rsrc........p.......:..............@..@.reloc...............<..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Cryptodome\Hash\is-138AA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	16896
Entropy (8bit):	5.277310484431663
Encrypted:	false
SSDEEP:	192:fvM1nQyaUvJ3PdnVX0A6g4fF+rxP7ZGeGNpdKjmfdaU/ZMYE6txffDKPsP:XM1pJ3jr9AeGNujmfdacMGxffDKPsP
MD5:	F15B47D73B858114B3EECEDB6F8E033C
SHA1:	77ECEA423D71FF3E687C8804C3257983DAB87276
SHA-256:	7F37847AF968EAA2266C5A65FEB92508B1F2CF4CE6BC5D5380E4C046E9409795
SHA-512:	DB063A0756A3E53DD489BF60766467A95424E9E2EAFAC7B5FAFED23BE850508C20CC7C2D795B1FB6A3317668533AE5F065C82A24E929D20BFB2AA610711E55D9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................(................................................!.D..........Rich....................PE..d....j.^.........." ..... ...$............................................................`..........................................6.......7..d....p.......P..d....................1...............................1...............0.. ............................text............ .................. ..`.rdata..Z....0.......$..............@..@.data........@.......2..............@....pdata..d....P.......8..............@..@.gfids.......`.......<..............@..@.rsrc........p.......>..............@..@.reloc...............@..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Cryptodome\Hash\is-3UH3H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	22016
Entropy (8bit):	5.625142174427415
Encrypted:	false
SSDEEP:	384:IslvrkYlC9vnMCapnnLKK2KWjmgjG2cMmxffDKP5Go:GOCvmgjxmxffDKP5
MD5:	49E7A1884B2BCD44348309434975FA22
SHA1:	9B8FAE57DD897C89D4B2B02D9877012CC8323BE4
SHA-256:	8B26F5AEFF94FA14D889DD5F4BFF4769147670D3D40993E7F6F4D939B9D6877D
SHA-512:	E1F7AEF775D62DFC89313CDC0854AD7814A6713E6844F1D9B9FE866595E073BA75DDE4D001D939464B4476B0491C515318034B29F34ACD2CB8CD81E32F9D6928
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................(................................................!.D..........Rich....................PE..d....j.^.........." .....2...&............................................................`..........................................X.......Y..d............p.......................R...............................R...............P.. ............................text...c1.......2.................. ..`.rdata.."....P.......6..............@..@.data........`.......F..............@....pdata.......p.......L..............@..@.gfids...............P..............@..@.rsrc................R..............@..@.reloc...............T..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Cryptodome\Hash\is-D4VOI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13824
Entropy (8bit):	4.82889992935088
Encrypted:	false
SSDEEP:	192:g46YPn6OujEJaWH9R5zuxYUX6/+JlcU/ZMr/6txffDKPNE:g4VPXJaWH9RmYUXU+JacMExffDKPNE
MD5:	5B710142D48D722093B4606839101C09
SHA1:	0BC9479764A42BEBA5E5C17BDD9B90DAF9FA55F1
SHA-256:	BF7DBA6921E7A701888E048E292611EB2373B2F824DD21486523F52E400DD3D9
SHA-512:	82F87CE3031FC218AEDCC5BD7F2B2086FCF0E34EAD08A5BFF771EF7260D36EE726D2004490942A7718B727C28FBEBC389CF2B44D77711C98A0317CEBD7F67628
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................<................................................!.P..........Rich....................PE..d....j.^.........." ........."............................................................`..........................................6......H7..d....p.......P..@....................1...............................1...............0...............................text............................... ..`.rdata.......0......................@..@.data... ....@.......&..............@....pdata..@....P.......,..............@..@.gfids.......`.......0..............@..@.rsrc........p.......2..............@..@.reloc...............4..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Cryptodome\Hash\is-K3D9A.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	19456
Entropy (8bit):	5.463601696298073
Encrypted:	false
SSDEEP:	384:dslJpMI3hWvPGt3+x6rYZPuHPacMmxffDKPx+2+:cLW6oWHwmxffDKPx+
MD5:	065A2C1AED8862511CAD7D8CFADBF2AA
SHA1:	57FF41C4D590B795F10A3E15CD9B57C29B91A6E6
SHA-256:	54BE53D0406A8E7CF8813FD2E18E5255BB81D71C4BE3E93EAC9CCF5A8F347C44
SHA-512:	E7749F79841BA0FB3F3AF43117ED855D272F54EBD0555B192AF61ACA1F2E660EA1B1CA57A2766B1D3611C9CCBABF3F4EA29EE22B69D9BCDCDBABDEE7F770070C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................(................................................!.D..........Rich....................PE..d....j.^.........." ........$............................................................`..........................................G.......G..d............`..d....................A...............................A...............@.. ............................text...s)......................... ..`.rdata..r....@......................@..@.data........P.......<..............@....pdata..d....`.......B..............@..@.gfids.......p.......F..............@..@.rsrc................H..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Cryptodome\Hash\is-MJCRM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15872
Entropy (8bit):	5.038997702046557
Encrypted:	false
SSDEEP:	192:7boKYPX6O+jSr3CW3yXqh/bPF1chreVyJZbxp97luRU/ZMrE6txffDKPu:7bolPpryW3ZhDUZFv7QRcM5xffDKP
MD5:	64B2B0AE155702D6C55F0531AB399778
SHA1:	840C660E61127199A093559A3964A1A6D46195F0
SHA-256:	16F1C31B2E6DEACFD40D329E2A81DC29015A5C8DD66E748B8EDF3CD272150966
SHA-512:	C1AAD6A7E1E89A3E6D29D915AA838F8EEE9BC5EEFD4CED7BD74A20A78C594C748D53D8DBD06C546C489E319C71F6858AF6A12FAD01C4F3905C05B35B592C87E9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................... ................................................!.L..........Rich............PE..d....j.^.........." .........$............................................................`......................................... 8.......8..d....p.......P......................p2...............................2...............0...............................text............................... ..`.rdata..n....0....... ..............@..@.data... ....@......................@....pdata.......P.......4..............@..@.gfids.......`.......8..............@..@.rsrc........p.......:..............@..@.reloc...............<..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Cryptodome\Protocol\is-5H32Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13312
Entropy (8bit):	4.759873868490212
Encrypted:	false
SSDEEP:	192:j3Gzn9aziJs7lD8DdTV1r9qrMU/Zz/YH6txffDKPT:TGzZJsJ6FVJsMcz/nxffDKPT
MD5:	6CEADBE7E509BE3584CE4564D2D10E66
SHA1:	4B6BF5C8997054EBCEE27E55AECC2CA3065C8C15
SHA-256:	4F27ACE66C537D25E396E942CAE547B441EE7CBEE24C15C3AF986253F88906C4
SHA-512:	9E55B5C3447124C8AEC31C7B4EBA8658958225B8275B2F3B82E220D2E2B0D7C566E16547B60247C65A482D634B5CA4D663ADA88A565D5BD59E3997FFF3531119
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!...@..@..@..8l.@.....@...(..@..@..@.....@.....@.....@......@......@..#...@......@..Rich.@..........PE..d....j.^.........." ........."............................................................`..........................................6..t...T7..d....p.......P..@....................1...............................1...............0.. ............................text............................... ..`.rdata.......0......................@..@.data...p....@.......$..............@....pdata..@....P.......*..............@..@.gfids.......`......................@..@.rsrc........p.......0..............@..@.reloc...............2..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Cryptodome\Util\is-88VCG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	4.72863875034582
Encrypted:	false
SSDEEP:	192:hrcyFw04d1jmM0psOiFTU/ZMc76txffDKPhS:h4yFw3Cdp9QcMfxffDKPQ
MD5:	2AC15B9CD36B627FDD09D3965E976B9D
SHA1:	8465BEF36F62CAEEB5A9CC8A6AC71A4DD91B9007
SHA-256:	6A86883A374869E00FBCD8328363C0FAD60D8E0A9591D22CB9DDB84F0E35ACFF
SHA-512:	D40CEE6F007AF971FE848DE22061D48D06B1A0523CCD0DB26A8FE64BA3F458F746D95675C84A8706C77D64C8E4AFB822926645B55C9B898273DDED30C1DFAF93
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.E...E...E...L..G...~...G.......F...E...e...~...G...~...O...~...L.......D.......D.......D.......D...RichE...........PE..d....j.^.........." ......................................................................`..........................................%......\|&..P....`.......@...............p......p!...............................!............... ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....pdata.......@.......$..............@..@.gfids.......P.......&..............@..@.rsrc........`.......(..............@..@.reloc.......p.......*..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\Cryptodome\Util\is-VT0V5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	4.687943701724495
Encrypted:	false
SSDEEP:	192:hV0yFw04d1jmM0psOhpAU/ZMc76txffDKPhK:hqyFw3Cdp9IcMfxffDKP
MD5:	AF386C92A57ACED282A186788C12FA30
SHA1:	BFA4E1635474702ED21AFB962ED154D50904A73A
SHA-256:	90200573CAD056F89480C6E3DFB1F0A5600A3A79F4FD4C71C24CD99B693F0A9E
SHA-512:	0E8E680DE4E6B5095A88A27656980FA6C109AE51F8A2BD3278A399EE6ABBD3E6828448B99DA641F9857C2393890DC3AC65F52677ADFA7D3635F1A92B28ED4FE0
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.E...E...E...L..G...~...G.......F...E...e...~...G...~...O...~...L.......D.......D.......D.......D...RichE...........PE..d....j.^.........." ......................................................................`..........................................%......`&..P....`.......@...............p......p!...............................!............... ...............................text...c........................... ..`.rdata..b.... ......................@..@.data........0....... ..............@....pdata.......@.......$..............@..@.gfids.......P.......&..............@..@.rsrc........`.......(..............@..@.reloc.......p.......*..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\certifi\is-QHEDQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	282394
Entropy (8bit):	6.051428711388177
Encrypted:	false
SSDEEP:	6144:f3fLXd17U58fVZKlWm5plX0PXCRrcMBHADwYCuMslI:f3T37ZZa5LOCRrcMObm
MD5:	C760591283D5A4A987AD646B35DE3717
SHA1:	5D10CBD25AC1C7CED5BFB3D6F185FA150F6EA134
SHA-256:	1A14F6E1FD11EFFF72E1863F8645F090EEC1B616614460C210C3B7E3C13D4B5E
SHA-512:	C192AE381008EAF180782E6E40CD51834E0233E98942BD071768308E179F58F3530E6E883F245A2630C86923DBEB68B624C5EC2167040D749813FEDC37A6D1E6
Malicious:	false
Preview:	.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

C:\Users\user\AppData\Local\Namang\is-0AT7Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	188944
Entropy (8bit):	6.3095521149599385
Encrypted:	false
SSDEEP:	3072:WN8CZhFUnx2yj/ea5UvUBbzs7NS2114zQcRML43FUaJfeIz1l2m0JOSrnV1UlYkQ:CFUnxVj/fUvUNsNSqe0L4zfeQl+V1wFQ
MD5:	3F6334BE027572127E0D7C638086B2EC
SHA1:	6FB1B2128AFE3CDE0D18F2A3D74FDAA5E767BEFC
SHA-256:	6933F641AF5665686888B76161950BB5CEBFD268538CAF2B2B963F582A215641
SHA-512:	56972EA95FB9E06F40F6218EAD19F283A920C27E7E20169150ABDD364FBC3923A1126C72066655FB1A54F3D828269C9F75412E49B8DEAD234E69B322E02E4541
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........JXf;+65;+65;+652S.51+65.[749+65.[340+65.[243+65.[548+65.Z749+65`C748+65;+75K+65.Z;4?+65.Z64:+65.Z.5:+65.Z44:+65Rich;+65................PE..d....ok_.........." .................................................................#....`.............................................P...P........................................%..T............................&..0............................................text...c........................... ..`.rdata..v...........................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-0ULDI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	132608
Entropy (8bit):	5.879911590206213
Encrypted:	false
SSDEEP:	3072:oHk/6S24/Hrl/GOElWRLUr2ZAlqQyQNsl6Fl+rmrXsk0k8:N6SV/HR/GnqQyksl6FErcT0k8
MD5:	511367F74DD035502F2DC895B6A752E7
SHA1:	40E319F0ACE8CF7C6D7C1FB3041C7D3D9F9787EB
SHA-256:	202DD28E5D0451F2C672A4537116C70929CA6BBC5EDD9115ED8A99F734F430FF
SHA-512:	7EE506C35C8B3A54F6CC1CF40ABE6672A86780ADA82024C519498C1D30A1A045FF79BD5A34116258503241880722DA87A361F4DFEA2729AF7F812BC54D723D20
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9\|T.X...X...X... ...X.......X.......X.......X.......X...>...X.......X.......X...X...Y.......X.......X.......X..Rich.X..................PE..d...G..^.........." .........................................................P............`.................................................$...................(............@..........T............................................ ..........@....................text............................... ..`.rdata....... ......................@..@.data...."......."..................@....pdata..(...........................@..@.gfids..4....0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-1FDLC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	267792
Entropy (8bit):	6.511577028180732
Encrypted:	false
SSDEEP:	6144:1XCH9TRNgZG4l+G/GzwaW+jQJUkgn9C9qWMa3pLW1A0poOG4dCz:iTRNIGCSDkiCNJz
MD5:	3E9395DC60B342FA529C2C805369977D
SHA1:	174286C9C838D1983F13047E0BFA7D611259DAA9
SHA-256:	9EBBF65D4F40D392B70631B6B5BF4C6384FA40BA7647C618F2832C874B7E7516
SHA-512:	4768F06E00F0DF59168D776DDE837156CB030E0635D10067AA83171F91C93D158D72084AF1E2E914ED75B1D885B752290582980DA468A4D3CF07EBCB1A02E4C1
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\di..............}.......u.......u.......u.......u.......t......Cm...............t.......t.......t.......t.......t......Rich............................PE..d....ok_.........." .........H......D........................................0.......G....`.............................................P...P....................+........... ..\.......T...........................0...0...............(............................text............................... ..`.rdata..<...........................@..@.data...H*.......$..................@....pdata...+.......,..................@..@.rsrc...............................@..@.reloc..\.... ......................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-2J1FT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13976
Entropy (8bit):	6.658699106568923
Encrypted:	false
SSDEEP:	192:Pt/PGnWlC0i5C9WphWeWSawTyihVWQ4WWEC2D8KN3qnajV2MVorrKI:JunWm5C9WphWDwGyOt2lxnorrN
MD5:	F6C3B0CD6C578F544E94D75D9C9FFAEC
SHA1:	1B4B1BABDA538E23CBF2BC458303D7AE70741347
SHA-256:	6E65F088E4ECB0CF8306766C59190CE3EFBC8A190FCBB53572CC61E35D2787F1
SHA-512:	0DFCFE028970DD70653B3DFECAC4AC5672A3B5C6AAE0252CA54A1226E19C4CD2BAD5B32EB6FF75765CF82CD82AD986D95AEF6D12E3A4A291BAF6615CB6E96356
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...M%I..........." .........................................................0.......A....`.........................................0................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-2R8KL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12744
Entropy (8bit):	6.588958260637645
Encrypted:	false
SSDEEP:	192:Cnqjd71WphWoWSawTyihVWQ4eW8CCuXqnajZKTqgY:Cn8WphWZwGyslNYb
MD5:	0AD8330A78941C63F4FED28440163005
SHA1:	47A73D254ECD71273F71BFB67CA43DBD974D3791
SHA-256:	0DBE94BDFB49BA93CCD7DB40323B824B4F1941CD340916D73BA2241A7D34FC1E
SHA-512:	BDFA386B2A5C3B31F29592E6C76E6E36A4489AEB2EDB8D713D6DEC99FBD3BB6CD97195FE81AB30BDFB2E26BBB57102C25961739734035C482227F40BAD585A1F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....k............" .........................................................0......U7....`.........................................0...x............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-2UDQE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11720
Entropy (8bit):	6.6141290476685475
Encrypted:	false
SSDEEP:	192:6FIeWphWLWSawTyihVWQ4eWu0kwqnaj0:6F9WphWEwGy4lI
MD5:	1417705C75240630943AAEDD35A4B406
SHA1:	74047910E023F6AB2AC5242C47147C1CB47A7D48
SHA-256:	76748B18C61FAC93FE1C0587711E3EC0B306B2C92198F0B8B4F6BAD8C6D9BA8F
SHA-512:	918987AA8E72B6875D0C1C53CC3521757EDA25C746AE477FEA545428BE5DA692FAE60AAC665DC15C3AF89BAD43E491A72D00302BEB349F45E35E7C89217DEEA0
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...D............." .........................................................0......5.....`.........................................`...<............ ...................!..............T............................................................................rdata..\...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-367FV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	141312
Entropy (8bit):	5.997700043284669
Encrypted:	false
SSDEEP:	3072:wGwpeSn2jyGYrrC0Hyj0BScQjjI6f2fQ:wdpea22GYrrC00gQjjNf2f
MD5:	306E8A0CA8C383A27AE00649CB1E5080
SHA1:	25A4188ED099D45F092598C6ED119A41EF446672
SHA-256:	74565D7B4E01807EB146BF26CFEB7AA27029CACA58FEE7C394111CBD5FA95E2E
SHA-512:	3A61B826556C6CBBE56397CEF9F0429BF366D453D6894327DCD6AEEAFFB625B5FC82559A108B74612727100C5FFF156FFA048D45FCA149FE4437270E6293A763
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9...}..}..}..t.V.q.........i..\|.....\|......l......u...6..\|..i......6..v..}.........p.....\|.....\|..Rich}..........PE..d......^.........." .........@......t.........z...........................................`......................................... ...aG...................@...............p.......l..T........................... m..................h............................text............................... ..`.rdata..............................@..@.data....1.......0..................@....pdata.......@......................@..@.gfids..4....`......."..............@..@.reloc.......p.......$..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-3BH1D.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	78864
Entropy (8bit):	6.066137618869659
Encrypted:	false
SSDEEP:	1536:d9N5QuDVbJYBs2PGOA+P9/s+7+pFxdxRjDwclI8VwMyhc:rN5Q4Vl2A+P9/se+p1xRPdlI8Vwxc
MD5:	EB974AEDA30D7478BB800BB4C5FBC0A2
SHA1:	C5B7BC326BD003D42BCF620D657CAC3F46F9D566
SHA-256:	1DB7B4F6AE31C4D35EF874EB328F735C96A2457677A3119E9544EE2A79BC1016
SHA-512:	F9EEA3636371BA508D563CF21541A21879CE50A5666E419ECFD74255C8DECC3AE5E2CEB4A8F066AE519101DD71A116335A359E3343E8B2FF3884812099AE9B1B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........o....................N.......N.......N.......N..............................................................Rich....................PE..d....pk_.........." .....x..........(........................................`......R]....`.........................................0...P............@.......0.. ............P..........T...........................`...0............................................text...hv.......x.................. ..`.rdata...v.......x...\|..............@..@.data...............................@....pdata.. ....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-3EHDU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11928
Entropy (8bit):	6.742169492173527
Encrypted:	false
SSDEEP:	192:aVPlWphWkWSawTyihVWQ4WWINt9jJqnajjqP6G8rgWD:aVdWphW9wGyp3jJlvCz8rgWD
MD5:	EB4C279C8386D4F30AAB6D76FEEC3E5A
SHA1:	0C611E8F56591F64841B846DF7D5C07FD75B55A4
SHA-256:	56BC7D3DD48D9CB209195F71BE67D0A90CA929A8D4E6AE5A481F3AB0345DA294
SHA-512:	1869B0C843DF05BA849E79AA15B25855AA5C2C2E5A932C0DE650B83C8ABE2371585731B0213061B8F4D781A87B352AD3A09BF8555FCF0F9422A0BCC1A9062781
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....j............" .........................................................0......#.....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-3F7C6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11928
Entropy (8bit):	6.617404906984193
Encrypted:	false
SSDEEP:	192:Yn3WphWPWSawTyihVWQ4WWomRGGw4ZLqnajVxo+twG1r:YWphWAwGy6RGGw6lx2+tJr
MD5:	5F1E568D0CDCF0D5D4F52FD2E8690B4A
SHA1:	D582714273B6254249CF0BFC8EC41272ECA2BC29
SHA-256:	ED94F413F576835ACF4DADE22EAD7E764DD2F0242581090E3A2424452B49B9FE
SHA-512:	D283D739210AB29802C9DF8588A5E0188DD3FD3A3061ED0AA5B5B3633E686A66AC9AA0C6FD7BFA696AF7FF16DA1F870B775A3A44C3A015F33A3DD83A56CFC42D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d......P.........." .........................................................0......".....`.........................................`................ ..................."..............T............................................................................rdata..4...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-3NDN2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	32792
Entropy (8bit):	6.3566777719925565
Encrypted:	false
SSDEEP:	384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
MD5:	EEF7981412BE8EA459064D3090F4B3AA
SHA1:	C60DA4830CE27AFC234B3C3014C583F7F0A5A925
SHA-256:	F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
SHA-512:	DC9FF4202F74A13CA9949A123DFF4C0223DA969F49E9348FEAF93DA4470F7BE82CFA1D392566EAAA836D77DDE7193FED15A8395509F72A0E9F97C66C0A096016
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....F...$.......I....................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-3OV7I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1698816
Entropy (8bit):	6.539614523690977
Encrypted:	false
SSDEEP:	24576:tCAzp6I6kfR2qr3BrWqeVIzNzcBkLoUAdZ6oJjwj0EvnBnrko1IVWbDN:Btp2wxOVIzNzGdJzMxz15bx
MD5:	B7055D26E2F703642AE720D1F5B9A9CB
SHA1:	99D2AEA05D32F4D3D52038BD7E7A329155942E5A
SHA-256:	D23A8552BCC02ABA8B09236E1E86381F4BA93E1BCBD3C66E44149F08733FAFD5
SHA-512:	5A164C6B51BC31B4028785EC966ED6914937284E0781521D04BAE97146D4F2AE296DC1A4CB73A929603173AC314CB536D20DC393A89D3ECFB2CB70258C10D0B8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p/D.4NN4NN4NNo&/O5NN=6.N.NNo&.O&NNo&)O7NN4N+NNONo&+O=NNo&O5NNo&$O7ONo&.N5NNo&(O5NNRich4N*N................PE..d...BN............" .....0...........U.......................................0.......\|....`A.........................................V...P.....l...............................$.......T...........................P...................h...4V..`....................text...P/.......0.................. ..`.rdata.......@.......4..............@..@.data...............................@....pdata..............................@..@.didat.. ...........................@....rsrc...............................@..@.reloc..$........ ..................@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-3VUD8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11720
Entropy (8bit):	6.684087200964433
Encrypted:	false
SSDEEP:	192:uyMvqWphWkWSawTyihVWQ4eWjfGCNxXeRqnajRKre:uyMvqWphW9wGyD4JeRlFKa
MD5:	6FC55F288E6124935BEEFDB24F98E4D6
SHA1:	E9CFF87BA41B04EAAC6F7BBBDFDCB671857A2EB3
SHA-256:	6BF3E8A6CDB3CCAA52F05FA336BBE80E70351A3EB0C8A98EF599B596D11AAEE5
SHA-512:	A675D0F195774EBE7E118D12932AF97F15EBB982F7981552216AEFC18B918934C863DD9CC35A67761FFB0DAB6791F0363808256B2E708D2F93A5800C42475DD2
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....(..........." .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-44UBE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	14488
Entropy (8bit):	6.552427550571419
Encrypted:	false
SSDEEP:	192:My5NDSWphWyWSawTyihVWQ4WWfgSGw4ZLqnajVxo+tw0Ur:MUEWphWvwGy3SGw6lx2+tE
MD5:	C492EE40814B7586F554EC0223B14430
SHA1:	B8A929929C8936CBE387000D7D0CEF5BA04ABFAF
SHA-256:	2B7FED76BA52606E442D5069F42077F0CF304E49326DDDCF3695A06530C4B5C1
SHA-512:	2B7873EBDB1873E718754477FEE55FDE7B9DE752B23648554198FF6B69042565C47CC8DDF25FA75E1FB9B9F6F8AC2B7D972594B8C038D3AC65A0C9DBDB26F882
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....y.?.........." .........................................................0......$.....`.........................................0................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-4ICTU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1468064
Entropy (8bit):	6.165850680457804
Encrypted:	false
SSDEEP:	24576:J7+Vm6O8hbcrckTNrkhaJVQhWnmb7u/DSe9qT03ZjLmFMoERDY5TUT/tXzddGyIK:JCQ69cYY9JVQWx/DSe9qTqJLUMPsJUT/
MD5:	FDC8A5D96F9576BD70AA1CADC2F21748
SHA1:	BAE145525A18CE7E5BC69C5F43C6044DE7B6E004
SHA-256:	1A6D0871BE2FA7153DE22BE008A20A5257B721657E6D4B24DA8B1F940345D0D5
SHA-512:	816ADA61C1FD941D10E6BB4350BAA77F520E2476058249B269802BE826BAB294A9C18EDC5D590F5ED6F8DAFED502AB7FFB29DB2F44292CB5BEDF2F5FA609F49C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........................................B................R..................Rich..................PE..d......\.........." .........J......@........................................p.......f....`.............................................@@..P>..\|........{......,....L.......0...?..`................................................ ..P............................text...c........................... ..`.rdata...?... ...@..................@..@.data........`.......N..............@....pdata..,...........................@..@.rsrc....{.......\|..................@..@.reloc...?...0...@..................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-4LBF9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	26640
Entropy (8bit):	6.103391333142684
Encrypted:	false
SSDEEP:	768:M2KMlOZwhPIHqSOgqtmZNylI8qGdWDG4yl:M1MlOmhAKS0tmZclI8qGIyl
MD5:	08B499AE297C5579BA05EA87C31AFF5B
SHA1:	4A1A9F1BF41C284E9C5A822F7D018F8EDC461422
SHA-256:	940FB90FD78B5BE4D72279DCF9C24A8B1FCF73999F39909980B12565A7921281
SHA-512:	AB26F4F80449AA9CC24E68344FC89AEB25D5BA5AAE15AEED59A804216825818EDFE31C7FDA837A93A6DB4068CCFB1CC7E99173A80BD9DDA33BFB2D3B5937D7E9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^K..?%..?%..?%..G...?%.ZO$..?%.ZO ..?%.ZO!..?%.ZO&..?%..N$..?%..W$..?%..?$..?%..N(..?%..N%..?%..N...?%..N'..?%.Rich.?%.........................PE..d....pk_.........." .........4......X................................................s....`.........................................P@..L....@..x....p.......`.......N..........8....2..T........................... 3..0............0...............................text............................... ..`.rdata.......0....... ..............@..@.data........P.......:..............@....pdata.......`.......<..............@..@.rsrc........p.......@..............@..@.reloc..8............L..............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-55GVB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1705120
Entropy (8bit):	6.496511987047776
Encrypted:	false
SSDEEP:	24576:umJTd0nVi/Md3bupZkKBhWPRIlq5YZ6a2CXH7oZgKGc+erWJUVWyubuapwQDlaTR:umJTd4iMwXH7oZgKb++BVL4B+GITgr0h
MD5:	C0B23815701DBAE2A359CB8ADB9AE730
SHA1:	5BE6736B645ED12E97B9462B77E5A43482673D90
SHA-256:	F650D6BC321BCDA3FC3AC3DEC3AC4E473FB0B7B68B6C948581BCFC54653E6768
SHA-512:	ED60384E95BE8EA5930994DB8527168F78573F8A277F8D21C089F0018CD3B9906DA764ED6FCC1BD4EFAD009557645E206FBB4E5BAEF9AB4B2E3C8BB5C3B5D725
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k)...GD..GD..GD.bFE..GD9..D..GD.bDE..GD.bBE..GD.bCE..GD.r.D..GD.jAE..GD.jFE..GD..FD..GD.bOE..GD.bGE..GD.b.D..GD.bEE..GDRich..GD........PE..d......\.........." .....d..........0h.......................................@.......b....`..........................................p..._......T.......0.... ............... .......<...............................=...............................................text....b.......d.................. ..`.rdata...k.......l...h..............@..@.data...."..........................@....pdata....... ......................@..@.rsrc...0...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-5GU2L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	17864
Entropy (8bit):	6.393478590306202
Encrypted:	false
SSDEEP:	192:dpPLNPjFuWYFxEpah7WphWJWSawTyihVWQ4eWyel26ArNc4qnajr7vAdd:d19OFVh7WphWuwGygx4lrvwd
MD5:	71A78CA51C03C4B0B464FB33F146B111
SHA1:	5C2A992DD6349D728D993E5074273939896806B5
SHA-256:	550EA9556BA9197B25B7EB9D12CA9DD9AD0E820E4DBA91F94DD54B57A2E6934F
SHA-512:	7A8907C9C364B9436BC20A70084410100AC7B95EB028571046F2C1854CD6431BAC560D0F28F47CD93B7E096C4AAB9349DA186F4ABD503D768AF9651A93FAAB41
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...&8............" ......... ...............................................@.......g....`.........................................0...a............0...............$...!..............T............................................................................rdata..............................@..@.rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-5L8LG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	21168
Entropy (8bit):	6.221932952236112
Encrypted:	false
SSDEEP:	384:JJI2M4Oe59Ckb1hgmLZWphWKwGy2X7sl9nkjiz:Ji2Mq59Bb1jEJhXGz
MD5:	5F6C4318712EF0C644D39C088B660EBD
SHA1:	44B166918CB8208BEC51FF46DDBAA49CF023FBD1
SHA-256:	E4244F90307AB003CB5CC9BCD729EF897ABCF26785DF9277CBE389E328E0FE0B
SHA-512:	AD272ECE4C4FD3F8362D8FF91D3C3E738E2DF8281C319744D7D72792F203AC40CD0C4082550815690036320756B57ED8E51C9EFB01ED4C2FE01138B98F9DEBA1
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." .........,...............................................P......w.....`.........................................0....%...........@...............0..."..............T............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-719E9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	86032
Entropy (8bit):	6.389278256209014
Encrypted:	false
SSDEEP:	1536:+FClf2mtArn2ZRp7iEzUzO0oYl2sl8PhXPpZA5I84VAy/HMvU:OagiV7VQO0oYl2sKPhXPpZA5I84VTb
MD5:	B89B6C064CD8241AE12ADDB7F376CAB2
SHA1:	29E86A1DF404C442E14344042D39A98DD15425F7
SHA-256:	0563DF6E938B836F817C49E0CF9828CC251B2092A84273152EA5A7C537C03BEB
SHA-512:	F87B1C6D90CFB01316A17AD37F27287D5EF4FF3A0F7FD25303203EA7C7FA1ED12C1AEF486DC9BBB8B4D527F37E771B950FA5142B2BAC01F52AFBFDBF7A77111D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y.8.8.k.8.k.8.k.@ k.8.k.H.j.8.km.tk.8.k.H.j.8.k.H.j.8.k.H.j.8.kDI.j.8.k.P.j.8.k.8.k.8.kDI.j.8.kDI.j.8.kDILk.8.kDI.j.8.kRich.8.k................PE..d....pk_.........." .........h...............................................p.......j....`.........................................0...H...x........P.......@..4....6.......`..........T...............................0...............H............................text............................... ..`.rdata..rB.......D..................@..@.data........0......................@....pdata..4....@......................@..@.rsrc........P.......(..............@..@.reloc.......`.......4..............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-719IV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	689184
Entropy (8bit):	5.526574117413294
Encrypted:	false
SSDEEP:	12288:1SurcFFRd4l6NCNH98PikxqceDotbA/nJspatQM5eJpAJfeMw4o8s6U2lvz:1KWZH98PiRLsAtf8AmMHogU2lvz
MD5:	BC778F33480148EFA5D62B2EC85AAA7D
SHA1:	B1EC87CBD8BC4398C6EBB26549961C8AAB53D855
SHA-256:	9D4CF1C03629F92662FC8D7E3F1094A7FC93CB41634994464B853DF8036AF843
SHA-512:	80C1DD9D0179E6CC5F33EB62D05576A350AF78B5170BFDF2ECDA16F1D8C3C2D0E991A5534A113361AE62079FB165FFF2344EFD1B43031F1A7BFDA696552EE173
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E......T...T...T...T...TS.U...TZ.U...TS.U...TS.U...TS.U...T..U...T...T.T..U-..T..U...T..uT...T..U...TRich...T........PE..d......^.........." .....(...H.......%..............................................H.....`..............................................N..85..........s........K...j.. .......L.......8............................................ ..8............................text....&.......(.................. ..`.rdata...%...@...&...,..............@..@.data...!M...p...D...R..............@....pdata..TT.......V..................@..@.idata...V... ...X..................@..@.00cfg...............D..............@..@.rsrc...s............F..............@..@.reloc..5............N..............@..B................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-7ED9R.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11720
Entropy (8bit):	6.669401219687995
Encrypted:	false
SSDEEP:	96:ZEWphWwFGicDEs3T4DHDsqawT1gegmvBoFDD0ADEs3TDL2L4m2grMWaLNNDEs3i7:6WphWCWSawTyihVWQ4eWEvSwkwqnaj0
MD5:	47E43806D67D182AB20E77FD2B705CDC
SHA1:	BF7F4FFCAAC83535146D372767DB6F36BAD3BB61
SHA-256:	52DF3C5DED71786CF0F4F7545D59F5E6E168E6A499862C59B5985F6071F201AB
SHA-512:	28EA9B227B42E86EA7E16EABDE3F6B01A86DA21CA50119B173E98E736E4997A81F9EE20F7C11E5FDFE3C62255345C078BD9D9E51BD6B45911B14F90B0ED7B76D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d..............." .........................................................0.......$....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-7NL24.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	46096
Entropy (8bit):	5.948638744670222
Encrypted:	false
SSDEEP:	768:kVywpEheDa/XyFY/sxcLT2HqooZGZhYvhievglByoRI8sIePWDG4yf:kVJahiMWcGHq3ahuhfvJoRI8sIeayf
MD5:	496CDE3C381C8E33186354631DFAD0F1
SHA1:	CBDB280ECB54469FD1987B9EFF666D519E20249F
SHA-256:	F9548E3B71764AC99EFB988E4DAAC249E300EB629C58D2A341B753299180C679
SHA-512:	F7245EB24F2B6D8BC22F876D6ABB90E77DB46BF0E5AB367F2E02E4CA936C898A5A14D843235ADC5502F6D74715DA0B93D86222E8DEC592AE41AB59D56432BF4F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4...4...4...=.E.0......6......?......<......7.....6...o...6.....7...4...E.....5.....5...).5.....5...Rich4...........PE..d....pk_.........." .....@...\.......1....................................................`..........................................v..P....v......................................4X..T............................X..0............P...............................text....>.......@.................. ..`.rdata..D4...P...6...D..............@..@.data...h............z..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-7OJ3D.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.685796313851468
Encrypted:	false
SSDEEP:	192:0iWphWtpWSawTyihVWQ4eWcQV8muXqnajZzw:jWphW4wGyLtBlN
MD5:	DD5FC38ED969FF4B3ACA435C70EB2132
SHA1:	BECB1D7B94D4D99222CDD4C4C7472F0448C3A65C
SHA-256:	69E5F222DC622555C88E3BC4CFEF42F64237728BD02D00C9281203E512CA77B2
SHA-512:	4680D5FF8D40BF58B6E1BD3A8BCEF7CAF9F0B652993FAA22958D0315E259ACF2177FE8E3E579065641BDDD4BFC8EEA34F47ACA63AC8B07A56DE7C952ADEAFD5D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....u.).........." .........................................................0......k.....`.........................................0...e............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-7Q1BP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11208
Entropy (8bit):	6.765953602531154
Encrypted:	false
SSDEEP:	192:hG+WphWYWSawTyihVWQ4eW8E7uXqnajZvL:h/WphWpwGyMKlNT
MD5:	C06F8F8EED1581FFEE9EFD5FDBC44F5A
SHA1:	B44AA8D6AB3A713C07BB68CBC153C78C634AEBE8
SHA-256:	8B36BCE1B7A881F85529EAE56E5B75E32763EB14B6683F2203A957EC31336CE1
SHA-512:	13D369D61A953F92CB1A5935D8E69EC050D7291F8C83FFD09752112BFEBCCE8B8AE99FC168E969B00141816A1C6C3A981340CFACA319D4F7B188E3A20A43F950
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." .........................................................0......$s....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-8CIKO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	161808
Entropy (8bit):	6.773094570512468
Encrypted:	false
SSDEEP:	3072:inVulmQqrf6c+T7SrxLZhZG79RM4Y8yrQznfD9mNoDrPwYIAuN25I8H1d:inVulmQqL6c4SrlZcySrYODHI78B
MD5:	6E396653552D446C8114E98E5E195D09
SHA1:	C1F760617F7F640D6F84074D6D5218D5A338A6EC
SHA-256:	5DDBA137DB772B61D4765C45B6156B2EE33A1771DDD52DD55B0EF592535785CF
SHA-512:	C4BF2C4C51350B9142DA3FAEADF72F94994E614F9E43E3C2A1675AA128C6E7F1212FD388A71124971648488BB718CA9B66452E5D0D0B840A0979DF7146ED7AE5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................../....v......v......v......v......9..................9......9......9.C....9......Rich...........PE..d....pk_.........." .....z...........3.............................................._*....`..........................................6..L....6..x............`.......^..........0.......T...........................p...0...............0............................text....y.......z.................. ..`.rdata..............~..............@..@.data........P.......2..............@....pdata.......`.......:..............@..@.rsrc................P..............@..@.reloc..0............\..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-8GUQE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12744
Entropy (8bit):	6.565800633367126
Encrypted:	false
SSDEEP:	192:NaY17aFBRQWphWn+uWSawTyihVWQ4eWRJkwqnaj0q:NVWphWywGyilI
MD5:	6D8959DA747B68298F6D8F81CF23C077
SHA1:	E7C7B64EF5E5FAA0DA00430A81DD85765661649C
SHA-256:	1BC96D86E373FCB77E3D2E48440F0EAFB7E42A88A5A82E0ACE01967ACF236D3B
SHA-512:	0838C8ADCEA9127BB1F39A70D07AC7BDE0EA23C4FD8F418517AEF72F590C3F644E9FD7A1A571231E7D47311E66CCA1F71187337E634C1E3FDBF8E0D0016B112B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...+..<.........." .........................................................0.......?....`.........................................0................ ...................!..............T............................................................................rdata..F...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-8SGSD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11920
Entropy (8bit):	6.744796606383434
Encrypted:	false
SSDEEP:	192:jWphWD2WSawTyihVWQ4SWm01usUDR0qnajVXj9k1QT5W:jWphWvwGyW1uQlxzGaTk
MD5:	EAD87C06066422461368FA5DC07BE9C0
SHA1:	3009D09B9727DF50E586217E98EDCDA9F46A7B30
SHA-256:	B39D21F236D903C34770D50DA02C14E8D226E695138F3F6ACE4EAE11B6D6796D
SHA-512:	4F1EABC514B18B5704F90F87A7D0231CE47E9125C7F490570699519D5EE70CDFBBA067AB67C6D9878A86129181367E55FADA55A377EFC6873AFCCC40763459EA
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d......D.........." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-92ISP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.705263463368433
Encrypted:	false
SSDEEP:	192:oPtZ39hcWphWOWSawTyihVWQ4eWEZj6ArNc4qnajr7v0J:2tZ39hcWphWTwGyI4lrv
MD5:	2D7DB8919CEB847377E4C40C1EC7B842
SHA1:	27371E9E311C7B8EDC56084E41C25E7A87C7C265
SHA-256:	D3E6256C2DD7150CFF8FFCA9C9CC6EF477C1DA72C0D32972D1022381927B8295
SHA-512:	B634C27CD0F50748C66F256E316D6AACE23D358CBD9AEDBAB2A0BBA9B1A77587422D77C6D161D129A57CA34DFB11507486E1CFBCB6D4AC9779C7A2989F3A29C9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...;.?A.........." .........................................................0............`.........................................`...x............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-9M215.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.592927043251726
Encrypted:	false
SSDEEP:	192:MGeV6WphWyWSawTyihVWQ4eWcsYuXqnajZCf:MGeV6WphWvwGy+lN
MD5:	1F79F843211CDBF6F109BC2E1ECA522F
SHA1:	B4A7A607E3EB04FB616D885768EC729273EC33EA
SHA-256:	5208000A52363B1DE665D5D46CD6F4DA45F0C19C74876918E165E23EFED26E92
SHA-512:	4AC7797B2E84D2FADE089BD6F4B44103EECD1369E47440F1ABAD3F06CFC2EA5408B8692AF63B81769703898CEF87068A1E8998EFB91B13E60A93325E72DBDC39
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-9M87S.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	74468528
Entropy (8bit):	6.11889115193257
Encrypted:	false
SSDEEP:	196608:mzJHOWC5FSNVHa+CGiK4ipc46xut1Om9CxZWriLY/oT6XUzP3PDETl2xEaIoEZqP:mzJIa36B/Kh6yiMgegCCIoHkwFz
MD5:	55CDDB0D895741E9E0CF8ACE2619015D
SHA1:	383B8FD40B2EAF3C88261AB15B2BCB845818A321
SHA-256:	F4C3436693107F1DAA6F1B840E49A636B47AEE43752F98C58C57F48D0DC0D721
SHA-512:	B41F0474042701F423CDF3429327F051F20C0446FC4776FE277A4C275ADCD8E6E1389599BA0BD5C5CB7094FB38E01ADE5A4C5D32D01CE509C357E8273BF5DBF1
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...*..`........../......~...2p...............@.......................................p....... ..............................................P..`:...........P.......6p......................................6..(....................\..(............................text...X\|.......~..................`.P`.data...............................@.`..rdata..`...........................@.`@.pdata.......P.......8..............@.0@.xdata.......`.......B..............@.0@.bss.........@........................`..idata..`:...P...<..................@.@..CRT....h............Z..............@.@..tls.................\..............@.@..rsrc................^..............@.0.................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-A86EC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.680886817449457
Encrypted:	false
SSDEEP:	192:NI6fHQduHWphWm4WSawTyihVWQ4eWtEyRpQkwqnaj0:ffxWphWuwGydy/alI
MD5:	294E2CAF335A8A68B64D5623D0CB5FD3
SHA1:	93888112A512AFA6107CA303A343DDEA70271C77
SHA-256:	47AA51AD00153EDD4F3DD42BF89DA2325F9E0106E9772396C066666182B22D07
SHA-512:	D2FC964A6523D15A5D471B1409D65E2278AE8B97279705C37A3E00AFCF6D8D7671BFD174D59A7F36AACE21C0CAEF9C01645E919FF2FA26CC32ABC774C769CD2E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." .........................................................0......?-....`.........................................0...^............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-AFHFV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13768
Entropy (8bit):	6.572285030200128
Encrypted:	false
SSDEEP:	384:S/dv3V0dfpkXc0vVaTWphWXpwGy64JeRlFGp:0dv3VqpkXc0vVaCGWP
MD5:	9C69B176FDB21F68FBB36AEDF237A18F
SHA1:	AA25E9565D6FA887135318AB8C384180B575D916
SHA-256:	B48B10BFEDA8C32E538B03A9DB05864866F8A44D04824F63032F2DC33E39FA1B
SHA-512:	F34C0FE7B29F7C475D663E12DFF71A9A93D76914072C69ABCA54E6780A81894E35D9650E855FD4BE5485747DC4A24ED10CB658688432900A0FFE6489D622C1F3
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....u!..........." .........................................................0............`.........................................`...X............ ...................!..............T............................................................................rdata..\|...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-AIQ09.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	14488
Entropy (8bit):	6.677288278552557
Encrypted:	false
SSDEEP:	384:sOMw3zdp3bwjGfue9/0jCRrndbpWphWywGyc1Mt2lxnorj:sOMwBprwjGfue9/0jCRrndbUVGv
MD5:	A94626CBC9C0E1B62619A8CF49504FF8
SHA1:	047E2B1F21F1258242238043143F1D892538BBC3
SHA-256:	A36792281C0AAAB929635BB1F40EE3627225E7E35E6A199C188F3F782C7E6C27
SHA-512:	B208602F33F02C92DF718E4C009E6E8055E538C9451EF6F9682CE21DB5258D799C09F689AAE2879470A934B60B4F3D44EA82704933FA40F2FF408CF42BD1C534
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...C............." .........................................................0.......+....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-AR55O.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5654688
Entropy (8bit):	6.659289657256088
Encrypted:	false
SSDEEP:	98304:UJz1u/yzd7F3wlJFLOAkGkzdnEVomFHKnPF:UJwyzd7FAlJFLOyomFHKnPF
MD5:	5E0548B18DAAA378E30FA562826E9070
SHA1:	66F7CDA5E8F2B80F776992751D457A86C48F02C4
SHA-256:	B576336FD2D0688C1DAD0B508FBDBC2081846E43B0CCC6BE4E3A71E498E1DC40
SHA-512:	914D92E142EF4CCA05E94CFF407B094424C53DBE1CE8D74A10D22E4DF75ED1CF5B23892656DCB1766E5635171B171AF563667D1504BE7E6C042D90DC66EC67B4
Malicious:	false
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........#.UB..UB..UB...N.TB...Q.TB...P.WB...O.@B..\:..AB..;...WB..;...GB..;...YB.....VB...J.FB..UB..UF..;...PB..;....C..;...TB..;.~.TB..;...TB..RichUB..........PE..d....M<V.........." .........+.....,.).......................................V......#W...`.........................................0.:......;.......?......`=..B....V..>...pU.Pp...>4.8...................H>4.(....,+...............+.P.....:......................text............................. ..`.rdata..J.....+....................@..@.data....n....;.......;.............@....pdata...B...`=..D....<.............@..@.gfids........?.......>.............@..@.tls..........?.......>.............@....rsrc.........?.......?.............@..@.reloc..Pp...pU..r....T.............@..B................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-B0O35.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	38928
Entropy (8bit):	5.872661864111929
Encrypted:	false
SSDEEP:	768:YmuXam332e0arquE7n7KVW4q6CwxoUAIZdeoLuM5QU5I84GlWDG4yHu:CKivZE77KVW4q6CmQU5I84GAyHu
MD5:	099CF66C48FB6EB1625AF172A8E2DD01
SHA1:	3562DDD967AED62AE28BFEA3AEBBCA50C38DDBF5
SHA-256:	5BA219D782499C60AD7E3534F3EE4CC5007ED0789BB9542862156753580BB2A6
SHA-512:	67047DD484A0043CE49BC26D6EEC179FAC99AA02E45299B7C0F9A02A93D1C058992B0AA60A0C5AE594DEF134F98227B3AB0618374A33E054C494772A9C9BD937
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..zi..)i..)i..)`.4)c..)...(k..)...(b..)...(a..)...(j..)...(k..)2.(b..)i..)...)...(h..)...(h..)..X)h..)...(h..)Richi..)................PE..d....ok_.........." .....2...N......h0..............................................\a....`..........................................k..H....k.......................~...............b..T...........................`b..0............P...............................text...X1.......2.................. ..`.rdata...(...P...(...6..............@..@.data................^..............@....pdata...............j..............@..@.rsrc................p..............@..@.reloc...............\|..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-BBQV4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11952
Entropy (8bit):	6.682485653961111
Encrypted:	false
SSDEEP:	192:HmxD3TzWphWfWSawTyihVWQ4CWXpaEpbdiqnajBCI7:HczWphWwwGyDEpsl9n7
MD5:	1CA45137E611548C8D090EBAA178D462
SHA1:	EE84CB3D6AD1E6180A6825D9D293E7C9418C7153
SHA-256:	3C186AFD5CF0E4314D0E15BD55832E976368D162331D5CB065FE890B88C9CFBD
SHA-512:	139349C90590D17A73D0DCA3BCB72FEBAEA1A8CF2A4DA24716DCFBAACDF6C85260C5E792BB04F923975E918163A46524EBEED1F2F02494D9F271D73F8B558BB8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...}............" .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-BD08H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	45584
Entropy (8bit):	6.029332140856522
Encrypted:	false
SSDEEP:	768:A8JLmLpLwI+8UYShBIhoYWEatu0vnIAV0L9I8JtG0WDG4yO6D:A8JCLUYSL9tu0vnIXL9I8JtGhy3
MD5:	724C5F1347A77318BDFA4942A71FFDFD
SHA1:	A284EECA1D336E9148DE2A69D3728971B6CFA43E
SHA-256:	03EF0F32653E78901649B3207340C914786E0455369412CA160D76F553F81FAA
SHA-512:	21463A489524EAE93C4B734A56E07096A5620E48946D6C459E0AC5E451BF397130F022E4C5D8E26A5A9880D250A5D7EE0E4F508D66A174EFB08D870C62A2D497
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P.................l.........................................O.......O...........`...................................Rich............................PE..d....ok_.........." .....@...Z......h.....................................................`..........................................w..X...hw......................................`W..T............................W..0............P...............................text....?.......@.................. ..`.rdata...4...P...6...D..............@..@.data...`............z..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-BIFT9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15512
Entropy (8bit):	6.570723113745359
Encrypted:	false
SSDEEP:	192:YEAuVYPvVX8rFTsRWphWzWSawTyihVWQ4SWYIS42D8KN3qnajV2MVorkTQ:wBPvVX7WphW8wGyd4t2lxnorj
MD5:	EB5E7AFFE24AB532089733F8B708A1FF
SHA1:	F3B1F20D29D8B38D8C47CF66C75D650C5B855738
SHA-256:	17AD72ADBEF247080DD456BB54F11BC782801381FC2AA2ABE005CCA9DB6254C0
SHA-512:	69C148749F9B1729187C3D39D2D00BA952D22163AE393716B2096A869A97EAD4CFED8EDDE303CC65C13CB30D6E44FCB2E4CB896B03DC14AAC7CB49958A23E699
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...V4E@.........." .........................................................@......3.....`.........................................`................0..................."..............T............................................................................rdata..(...........................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-BOJ1H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	29200
Entropy (8bit):	5.977323521819293
Encrypted:	false
SSDEEP:	384:WQNRlRJiIqTKz3MeY54JP7gR0472ahI8kBLHXFnYPLxDG4y8GEo:Wk351AUJDuEahI8ktHVWDG4yV
MD5:	FF89379AF2476DF84439CA80CA57D703
SHA1:	CC684C4599A0AD8F6AF5957CF92D1D976D3E6D1D
SHA-256:	307BD91486B07AD315792CDE26FE6BD8D70D3EC7CB4BAEBE1D24F4B741F7FC5C
SHA-512:	FD97FAC721912B3BB2D501B16E6C5873F950F3CF7BAFCDD8B77E9F61BCDF7F27F84CC1C4A39BE0B62B84E1EDD505F9C77878CCF5DE533877E1C43669FCB3ABD7
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......4:J.p[$.p[$.p[$.y#..r[$..+%.r[$..+!.{[$..+ .x[$..+'.s[$..%.r[$.+3%.u[$.p[%.%[$..).r[$..$.q[$....q[$..&.q[$.Richp[$.........PE..d....ok_.........." ..... ...:......X....................................................`..........................................@..`....A..x....p.. ....`.......X...............3..T........................... 4..0............0...............................text............ .................. ..`.rdata..T....0.......$..............@..@.data...h....P.......@..............@....pdata.......`.......F..............@..@.rsrc... ....p.......J..............@..@.reloc...............V..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-C9I3L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	87568
Entropy (8bit):	5.897786544791193
Encrypted:	false
SSDEEP:	1536:5mRPu3+uAG0RoiAiSdi+Mh0Q80/f7qNz8r/Xo4Fz8vbBttt7LRI8sQ8PyTB:5mRuO9G0RVAVqh80/fgz8r/XdQBXt7Ld
MD5:	7F184284E7786226D3B1DE5F02338A48
SHA1:	B5B8D1A23780DABE32E994A6A7B348FC56F97C43
SHA-256:	17FB342ECDACB63160576DEC824C9F627ED06A6BA58236110620AFAEACB45BB5
SHA-512:	C3794F8E0EACAA98C756BC6F0AB7EE39CCDC228691298C9B5D14ED834EC06F408D86031BCD62CFFB02E349706FEE8763CA24D39B13CF7A8FEEFACC25AAB9ED46
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J...+~[.+~[.+~[.S.[.+~[.[.Z.+~[x..[.+~[.[{Z.+~[.[zZ.+~[.[}Z.+~[QZ.Z.+~[.C.Z.+~[.+.[.+~[QZsZ.+~[QZ~Z.+~[QZ.[.+~[QZ\|Z.+~[Rich.+~[........................PE..d....pk_.........." .................y.......................................p...........`.............................................P... ........P.......@.......<.......`..d.......T........................... ...0...............H............................text............................... ..`.rdata...c.......d..................@..@.data........ ......................@....pdata.......@......................@..@.rsrc........P.......,..............@..@.reloc..d....`.......8..............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-CT016.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12744
Entropy (8bit):	6.597236047094104
Encrypted:	false
SSDEEP:	192:cVqWphWncWSawTyihVWQ4eWhBm/CNxXeRqnajR:cVqWphWnlwGy9/4JeRlF
MD5:	585C47A83CB7B3A69D23B840DC56EE6E
SHA1:	B75739A142D1CDEAE815404E10D7EF28230451DB
SHA-256:	3FA37C4D72451E968217C20EC64A01F5D4F1A5AF7B44A107607CAD3D3618AEE1
SHA-512:	EF76ACE5B820FABFA142AB67F6AD2C68EF29FD95ED1B8D0D0D31759B18B3B218675AE5D7A45B533A4784629ADC8C394FB6B0D2689E926700E7BF04F833673F45
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...w............." .........................................................0......F.....`.........................................`...H............ ...................!..............T............................................................................rdata..x...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-D2DA5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	20120
Entropy (8bit):	6.207205209338854
Encrypted:	false
SSDEEP:	384:CUSrxLPmIHJI6/CpG3t2G3t4odXLZWphWpwGyroJlvCz8rgVD:DiPmIHJI6iitrgB
MD5:	4B189D01EDDD9C21D2E56CABA7B6CF50
SHA1:	05DC00B2C5E8C85D9F4F339D4C83F0DBEBAC060F
SHA-256:	996B63255E2F1E366F520A6D09352D2829E92F6B34F2D98448C4FD33AE4C06D1
SHA-512:	70506B16C25A710DEFA47548C60A0AC4E6978EA8BC24472E0726D98C5754B8293FD60622D7798639BCDB878B035D468B799A2C9EB03D8B87828E7C8C08832731
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....m............" .........(...............................................P.......o....`.........................................0.... ...........@...............,..."..............T............................................................................rdata..$".......$..................@..@.rsrc........@.......(..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-DC86T.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	18576
Entropy (8bit):	6.287134486810637
Encrypted:	false
SSDEEP:	384:mOFvU4x0C5yguNvZ5VQgx3SbwA7yMVIkFGl3WphW6wGyZM1uQlxzA:D5yguNvZ5VQgx3SbwA71IkFxFXup
MD5:	CFE9E3331815616F392CE1DB58E01ADC
SHA1:	2F4EA14189FF21ADB507FB09F3CBCF92C7ECDE63
SHA-256:	341F489491F992BECE2879FEA3B660FF2DCD04A59BDB5F3998D58E5AC8CE3341
SHA-512:	33C6C3BABFDC5B01118F411070983579B01711B3F67F9CBCDDB861EC655C3989AB670B62422AABAC382A4F953887F4CF5549A23FEB0683D4C6EEE8965BF030A5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...W.>4.........." ........."...............................................@......Z.....`.........................................0................0...............&..."..............T............................................................................rdata..............................@..@.rsrc........0......."..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-DHM82.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12952
Entropy (8bit):	6.637988686654711
Encrypted:	false
SSDEEP:	192:hEWphWbWSawTyihVWQ4WWi9KqnajH2oWb5lP0k9:hEWphW0wGybKlNqb0m
MD5:	184A6A9DF3526464A3A5F2DC1C21E55B
SHA1:	33101ECE94C15D733D985FC71DDB13BA4B70B9C7
SHA-256:	25BBDABC7B8D8EDF5CD05B5591EDCA13236724CAD1011393E010DF3C58FD6F7E
SHA-512:	2C2162DBD2E36D81054FEB064EA6850547DAB270B95FAA3DC878A11E47A9C0558AE2039CBB3BB3D1974C1582117D0F3022512A340241DA5DBACFD5F94F713F75
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....(C~.........." .........................................................0......._....`.........................................0................ ..................."..............T............................................................................rdata.. ...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-DK7A8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	153616
Entropy (8bit):	5.896409456338409
Encrypted:	false
SSDEEP:	3072:Q1UR9GkVbM2mDt0b/fD5bFAVG/vyKiWROazHdWXxoyp6jRKSt5I847w8:igxg2mDOb/fVZzyKCazHRKStT8
MD5:	FEFBB91866778278460E16E44CFB8151
SHA1:	53890F03A999078B70B921B104DF198F2F481A7C
SHA-256:	8A10B301294A35BC3A96A59CA434A628753A13D26DE7C7CB51D37CF96C3BDBB5
SHA-512:	449B5F0C089626DB1824EBE405B97A67B073EA7CE22CEE72AA3B2490136B3B6218E9F15D71DA6FD32FBA090255D3A0BA0E77A36C1F8B8BEA45F6BE95A91E388D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d..m.J.b.....f.....h.....l.....g....f.....`..?..c..d.......f....e...&.e....e..Richd..........PE..d....pk_.........." .........................................................p......[.....`............................................d...T........P.......@.......>.......`..........T...............................0............................................text...}........................... ..`.rdata..L...........................@..@.data....k.......f..................@....pdata.......@......................@..@.rsrc........P.......$..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-E2BP1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12744
Entropy (8bit):	6.599048397636437
Encrypted:	false
SSDEEP:	192:gKIMFUXWphWxWSawTyihVWQ4eWeeF5gkwqnaj03:gBXWphWmwGySKlI
MD5:	44208A7738486BF56121C752DF083658
SHA1:	93665AF04CE345174DF47D7B39AAC68327DD13A4
SHA-256:	85B8A6D64A66556F4501AAF120D699DBA661841027D27BECC6D7240DAFB14138
SHA-512:	38680A4329DA0BA501DD78A9005B3E8B54F1DEC9FC8DBC08B969E70EBE480DC2444D3C4E66634B14E0E032573240524333E019E4B2C750D8DEC1A9DD7B7632C9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....Ak6.........." .........................................................0......@.....`.........................................`...H............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-EHAHO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4205584
Entropy (8bit):	6.41852572844258
Encrypted:	false
SSDEEP:	49152:5p0TOij0uH7nuWQBf325orYyc+i3kW+yEBBpNTVPq47yKim+RluUpxmPNjL0IIoS:SDw8Ihr8mjIiH9M5XK+
MD5:	3CD1E87AEB3D0037D52C8E51030E1084
SHA1:	49ECD5F6A55F26B0FB3AEB4929868B93CC4EC8AF
SHA-256:	13F7C38DC27777A507D4B7F0BD95D9B359925F6F5BF8D0465FE91E0976B610C8
SHA-512:	497E48A379885FDD69A770012E31CD2A62536953E317BB28E3A50FDB177E202F8869EA58FC11802909CABB0552D8C8850537E9FB4EAD7DD14A99F67283182340
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x.H`..H`..H`..A...P`.....J`......E`.....C`.....@`.....L`......C`..H`...a......`......I`......I`......I`..RichH`..........PE..d....ok_.........." ..........".....t.........................................B.......@...`.........................................@.8......q9.\|....`B......`@.8.....@......pB.Ht..\b!.T............................b!.0............. .`............................text............................... ..`.rdata........ .....................@..@.data.........9.......9.............@....pdata..8....`@.......=.............@..@.rsrc........`B.......?.............@..@.reloc..Ht...pB..v....?.............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-F4RC1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.593668731511585
Encrypted:	false
SSDEEP:	192:zKNcWphW6WSawTyihVWQ4eW19ZCNxXeRqnajRy:zKNcWphWnwGyUZ4JeRlF
MD5:	36A4F9AF7C7D93C49C973DA11475D81E
SHA1:	8167F90EE36A9C24C53CE78BAC9427B8DAFDD5D5
SHA-256:	29656B4F4F985952C5EDEE8E66AD7901E47C3C5619965DDDC9939C5CE5AB7D58
SHA-512:	92449C67DBA558B54C71C88BBFEE5A245078238642FDD5368B1D0F41439DFB62FA9292B4FE00162605DBE3D14C8847C3BDE4F14C1F06F5271D6392C81278D74A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...X.&..........." .........................................................0.......)....`.........................................0..."............ ...................!..............T............................................................................rdata..R...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-GN0N4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11928
Entropy (8bit):	6.6200656148778965
Encrypted:	false
SSDEEP:	192:WWphWOcWSawTyihVWQ4WWapDGw4ZLqnajVxo+twW:WWphW6wGy/DGw6lx2+tD
MD5:	D85B98D1E5746F36E8AFB027756547CF
SHA1:	91EF9250155D7685C5730C73C1A2DE361E9BA772
SHA-256:	143C8BCC6AB0D6AFA1DC03996B5256A6BCCB3442DC4FF3182404FDE8172DE4B6
SHA-512:	6D1B507613CE85DEDDDB5D61A0EA3B926B79443C5688FE0CE9283FFAE7FF27AF93C418EC3B086F3A84E574AFCC3A1170D0AB1D8B4D5976A71AF79BBD351D7CAA
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....m..........." .........................................................0...........`.........................................`................ ..................."..............T............................................................................rdata..@...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-IEM93.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.6491678059596415
Encrypted:	false
SSDEEP:	192:itBZa/GG3m3WphWBWSawTyihVWQ4eWvEWuXqnajZcY:Z3qWphWWwGyFRlN
MD5:	130B06C83791D63B703D54291B69C789
SHA1:	314E29B408A93343FA8E0666EB0D128E8E2F83AC
SHA-256:	BBF2556EFF6F0BC6A11D73821ACA2C14D5C8235143CEEB16B55B47EEE453F179
SHA-512:	46A513A466A43ED1581A4406795BCF79576E731FC486D0B055BE2F75CD6B9E5F6221BC76873941B8C8418EBAE4AAACD7F689C3A01B2F42D89BECA55406184837
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...G..[.........." .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-J0EJL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12440
Entropy (8bit):	6.612481819514475
Encrypted:	false
SSDEEP:	192:BYtWphWTWSawTyihVWQ4WWwueS3JqnajjqP6G8rgp:BkWphWcwGylS3JlvCz8rgp
MD5:	3B3C26D2247B0A2928F643FDA76264B1
SHA1:	06D8D10EA6B23F886C832DF4FE1122130E71BB22
SHA-256:	258AC28B71532D6F9419EDCE72961E2B9644B0F92DE5CE002801CC9C3CAF442E
SHA-512:	5B6DFC3FB97A4A2E906739531B6D3D066D9F12EAB67D5051DBB99B260A2A51E5CA19BA449B8FD901FC1034FD2402DDFA2C87FD2AC6DC3E7BDD4E929D8426A0CC
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................" .........................................................0.......m....`.........................................`...,............ ..................."..............T............................................................................rdata..P...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-J5HDU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3399200
Entropy (8bit):	6.094152840203032
Encrypted:	false
SSDEEP:	98304:R3+YyRoAK2rXHsoz5O8M1CPwDv3uFh+r:t9yWAK2zsozZM1CPwDv3uFh+r
MD5:	CC4CBF715966CDCAD95A1E6C95592B3D
SHA1:	D5873FEA9C084BCC753D1C93B2D0716257BEA7C3
SHA-256:	594303E2CE6A4A02439054C84592791BF4AB0B7C12E9BBDB4B040E27251521F1
SHA-512:	3B5AF9FBBC915D172648C2B0B513B5D2151F940CCF54C23148CD303E6660395F180981B148202BEF76F5209ACC53B8953B1CB067546F90389A6AA300C1FBE477
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............K..K..K..;K..K...J..K...J..K...J..K...J..K...J..K..Kb.Kd..J..Kd..J..Kd..J..Kd.WK..Kd..J..KRich..K........................PE..d......^.........." .....R$..........r.......................................`4......~4...`.........................................`...hg...3.@.....3.\|.....1.......3. .....3..O...m,.8............................m,...............3..............................text...GQ$......R$................. ..`.rdata.......p$......V$.............@..@.data....z...P1..,...41.............@....pdata..P.....1......`1.............@..@.idata...#....3..$....3.............@..@.00cfg........3......@3.............@..@.rsrc...\|.....3......B3.............@..@.reloc..fx....3..z...J3.............@..B................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-JS94H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15808
Entropy (8bit):	6.4263227098634825
Encrypted:	false
SSDEEP:	192:989M0wd8dc9cy1WphWhWSawTyihVWQ4yWMNpVwyqnajlAWF3:9t0wd8xy1WphW2wGyfvlmWF3
MD5:	DAD955BBD1A073F1920BDACC7E9D4B32
SHA1:	1CE733A4450D5426A78EF2BD1CDBE5D5FF958FD0
SHA-256:	FE368E5EDF476436AFEA571FAACF80D5D12A4B064D5736EE482B972EEE82A64C
SHA-512:	294E838DC41F97AFEECB90B58DF5FD5449FF1582CB80185D7EFE7CADF354EF9F0A1E374C50BCA5F72F1859D88A832330CAAA9D7A25E1DA49195530F0EC26A06E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...b.&..........." .........................................................@......K ....`.........................................0................0...................!..............T............................................................................rdata..............................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-KQ45L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1096720
Entropy (8bit):	5.341209009962621
Encrypted:	false
SSDEEP:	12288:OueQqQOZ60191SnFRFotduNIBjCmN/XlyCAx9++bBlhJk93cgewrxEeBsd+:OueQGF4oVhCc/+9nbDhG2wrxsd+
MD5:	84FB421643CAB316CE623AA84395A950
SHA1:	4FBA083864B3811B8A09644D559186ECB347C387
SHA-256:	5578C3054F8846BE86E686FB73B62B1F931D3ED1A7859B87925A96774371DBA4
SHA-512:	A2132F93B0E4292DC9C32DA2A6478769EC4F58BE5C36EE2701E2A66154EA1DC2C0684FC7698E7C3AC04F5C1D366CB9633A9366E5A38B7FF7A964FF25EA266F9F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............,..,..,..l,..,...-..,...-..,...-..,...-..,Y..-..,...-..,..,...,Y..-..,Y..-..,Y..,..,Y..-..,Rich..,........PE..d....ok_.........." .....J...Z.......)....................................................`......................................... ...X...x...................$...................`)..T............................)..0............`...............................text...6I.......J.................. ..`.rdata..2....`...0...N..............@..@.data................~..............@....pdata..$...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-L89JI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.702051473319232
Encrypted:	false
SSDEEP:	192:fSWphWuWSawTyihVWQ4eWKzUe5CNxXeRqnajRp+F:fSWphWzwGyf154JeRlFp+F
MD5:	F0F891D08E0E358327B323B38F3FFCA2
SHA1:	EB20F147C53F86C59603F5EDBF60F936F768FB1B
SHA-256:	9C8461929B61E0FD269CE735D699E7E3B6C0159D3E2659F60D681290ABF9EAC5
SHA-512:	94E13C4D09FF35C2DED7FD2649B3542AADE1414F05772E2034AF7723F2622E662E8C0BB67E1EB288E230F8AE183D8F1296C2A134B7AE061A452FA3F7423D7694
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....8..........." .........................................................0......I.....`.........................................`...P............ ...................!..............T............................................................................rdata..t...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-MK6ED.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	14280
Entropy (8bit):	6.520616618522882
Encrypted:	false
SSDEEP:	192:MqGJC8k1Jzb9cKcIvVWphWVWSawTyihVWQ4eWTnuXqnajZEl:MqGJC8k1JzBcKcIvVWphWSwGynlN
MD5:	E345E6656AEAC37C80A404F032BA550B
SHA1:	371EAEEB74227DD2E7B1BCF36E7AA2CDE446A0AA
SHA-256:	31FD144DC063F7FAC651147F0C3826FB0B33CA8028BD4F70A78D63CFB53D81A8
SHA-512:	6AF30635D25BA9552498E78EF3332B60E03D070D6E503903145C8AE30930EFEDA75B687082CF46C0C25590D6459463F8D873F3E5176BAFC9194156D8AAEAA045
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....5............" .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata.. ...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-MNIHA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1439744
Entropy (8bit):	5.3150356865033
Encrypted:	false
SSDEEP:	12288:jD7LL9jN/VMswLI7YuJ/Tt2XicBSI4pFrjkJH6NV4u8FrJdS:jD7LRB/VrwKISI6rg9R
MD5:	473CA8209CA6DEDAC757C43143F1C5F5
SHA1:	602655F59C1BDC512032B53DEF3F1F4D1512A6BD
SHA-256:	BE3EB6E02039199042929C1C97707D0EE80068F25504117CCC6750FC45142AF3
SHA-512:	DF7CB1FC2D1B5D6F11DF49390F6194F190F0BFD0224A0B1045B852AE90D284A121646EF93330F47AF514C8A3B7FFD0A9A89D70F2C332CDBC7DD537991E9207C9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o]aw+<.$+<.$+<.$"D.$'<.$.g.%)<.$.e.%)<.$...$%<.$Eg.%(<.$Eg.% <.$Eg.%;<.$Eg.%/<.$?Z.%(<.$+<.$.9.$.g.%.<.$.g.%<.$.g.$<.$.g.%*<.$Rich+<.$................PE..d...5..^.........." ..........................(...........................................`..............................................S..@...h....@.......p...............`..L]..p...T...................h...(......................X0...........................text...P........................... ..`.rdata.............................@..@.data...."...@.......$..............@....pdata.......p......................@..@.tls......... .......\|..............@....gfids..$....0.......~..............@..@.rsrc........@......................@..@.reloc..L]...`...^..................@..B........................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-NDJQP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12440
Entropy (8bit):	6.674743691695309
Encrypted:	false
SSDEEP:	192:VtGDfIeSHWphWjWSawTyihVWQ4WWuAdVsJqnajjqP6G8rgn3E:VtGDfIeSHWphWMwGyWDsJlvCz8rg3E
MD5:	B16E6798AD40000698A09276961FC2C3
SHA1:	B5184D9BDB1F5E7CFE17B2EC305C8554362067DE
SHA-256:	F8B7122CA5E1D473818940FEA4D1155AF429463038BA61953908FBBBB7A8D613
SHA-512:	A4737A2236EB35E1B4935A5E333C7F1C51588852A8DAF654FD2E7CA6E945E40DF9D001394C2F3E3A9D023B8D4E34E9753F6472ED58DF245B104623D7DBDE7423
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...k............." .........................................................0.......`....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-NJLQ8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1536
Entropy (8bit):	4.0999780944495585
Encrypted:	false
SSDEEP:	24:eH1GS61EhGgPdcdcG+sF9XvYXG3DgvUgq/7oUGtxmSuFg:yqEhGgVQr+sF1SGzgsgq/7oUj7
MD5:	87841BCBAA07361D507756E5492E1C02
SHA1:	9C148D71514035263EFA92B66B9988D2BD0D7BCA
SHA-256:	AD0DCDD5781B2AD557E159F18E54252D802C808C17550DDF1EB41A813A045260
SHA-512:	F313127E74DD7473D91BEBA7BF176242ACCF41F5603CE300727A25BBA45FF13EC901CE6D6067A418AF47F1F69E58C2497A6A84BD5D3AA88A3F5CCAC3E98A0697
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............g...g...g...g...g...n...g...e...g.Rich..g.........PE..d....B............" ......................................................... ............`A........................................`...D...............................................T............................................................................rdata..D...........................@..@.............................B..........@................B..........<................B..........$... ... ....................B......................................>...i...................2...Y...........1...T...................%...H...s.......................forwarder.dll.EventActivityIdControl.advapi32.EventActivityIdControl.EventEnabled.advapi32.EventEnabled.EventProviderEnabled.advapi32.EventProviderEnabled.EventRegister.advapi32.EventRegister.EventSetInformation.advapi32.EventSetInformation.EventUnregi

C:\Users\user\AppData\Local\Namang\is-OVAMO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	571904
Entropy (8bit):	6.063712356735004
Encrypted:	false
SSDEEP:	6144:OqG6D2JYqUoEWAVv3hg15GwtnCQ2SolTe0dVgq3pdNXdzC2:Oqx+YxoEWAlHwtnCR3lKq3pdNN
MD5:	4F8818B15E4F1237748EAA870D7A3E38
SHA1:	1BAECA046A4BB9031E30BE99D2333D93562C3BD9
SHA-256:	063D249851F457C8D5684943BEE1C81D1C7810CE7E06469FAEF19898C556C8B5
SHA-512:	C9A6E3A03B2124E22FD179B5DC50D6D09AB51AC6D41390845C48508C7175AD4CD08599EE6E564158BE3A375C40D88088DBA50CA9CBCF8DBA1C2480612F0F4539
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........J.\|...\|...\|.......\|...'...\|...'...\|...'...\|...'...\|...'...\|....s..\|.......\|....v..\|...\|...}...'...\|...'...\|...'...\|..Rich.\|..................PE..d....4.^.........." .....F..........D4........ ...........................................`..........................................G..9c.......................q...................%..T........................... &...............`...............................text....D.......F.................. ..`.rdata...u...`...v...J..............@..@.data............h..................@....pdata...q.......r...(..............@..@.gfids..4....p......................@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-P9703.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11712
Entropy (8bit):	6.632071635532418
Encrypted:	false
SSDEEP:	192:4WphWYmWSawTyihVWQ4uWYyCNxXeRqnajR/yD:4WphWY7wGy+4JeRlF/i
MD5:	CEF770449597EE64EED064E5EDF3F76B
SHA1:	F759143F09F539E032A680B376F7362610215FE3
SHA-256:	2B52BF5A8C0BC2E93CEBCCE597C6693A118667E9F16836E65D8B166D33D33F49
SHA-512:	F899E00AE697C44C8B127DAB548C25181E2772A9CB80E6887ED2435BE7A03A51D2E77820456E984921B0252D77F0FECB7B1C5B08615B49E3C08D531A09C67279
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....]............" .........................................................0............`.........................................`...`............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-PAM29.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	63504
Entropy (8bit):	5.880463890261539
Encrypted:	false
SSDEEP:	1536:wB5I7FqPkQ+P9F3vpqP/07KcRI8sn2DyD:coFqPj+P/3v+/0OcRI8sn9
MD5:	8CF9A316051BFC50F6DC343128B9C4E0
SHA1:	3659BA74D2BC5B7D7EE806B95AF71EC4DEC76C13
SHA-256:	F934719BEA056A98446E786DE88CDA8F76AFE9A29E67121950B17CAAFC2799C8
SHA-512:	AD0E1FBF6744AE6D58768301E5DDC93EB2BF24F33BC49588097A03AF915D51B296D815A36D9EEFD671701289802075B1C850E8A5F4F453A81F0D53B28E65D6AE
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................x.....2.......2.......2.......2.......}..................H...}.......}.......}.......}.......Rich....................PE..d....ok_.........." .....\................................................... ......&a....`.........................................@...P.......d...............................\|....v..T............................v..0............p..0............................text...hZ.......\.................. ..`.rdata..xI...p...J...`..............@..@.data...( ..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..\|...........................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-PR6D6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.579785493145054
Encrypted:	false
SSDEEP:	192:kZlBVWphW6WSawTyihVWQ4eWa+jrRuXqnajZ8U:KljWphWnwGyQIlNj
MD5:	2143036C7D2BA3CC75ECBC66F60D5259
SHA1:	DD9192D9B4C7E90290796431DB0EF8CC06210C73
SHA-256:	C8ADF90A32936EAF678ED9A091D422E091E6B80D0431EC120E60FEBE1F617AC3
SHA-512:	94E4618B574924AE48386DFD520DE6FAF2BA1A3347FA56DED559BCF24F0E14BF1A7F442BDFA68244AF5294FD83E8E334D7CC4959C14434665D731C9D5BEADEB3
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....<..........." .........................................................0......e.....`.........................................`................ ...................!..............T............................................................................rdata..(...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-QG91C.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12952
Entropy (8bit):	6.609470638355565
Encrypted:	false
SSDEEP:	192:fvuBL3B5LGWphWLWSawTyihVWQ4WW1VgKqnajH2oWb5lP0kyY:fvuBL3BsWphWEwGyTKlNqb0a
MD5:	7672F7AF6DF502BDA30F98005487E24C
SHA1:	D49003F56BD5D19FF265DAB88FCF9D1BBD145A31
SHA-256:	52A11CA57D562EE1CFBB7D6C26253CBD67A39B55BF1A56CD0F9332136986E8CC
SHA-512:	0EE52BF600F70E16006AB159D4B3EA50241941FE9DC8031A78C8F0797374F6AE221ECB4BE9789AE0B29FC1B8313951A79886B44B51CB6387E79059ACC2E1E3C0
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...{!H..........." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..D...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-QJ8JF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	64016
Entropy (8bit):	6.032207270052518
Encrypted:	false
SSDEEP:	1536:9wRscONdGaTwcNr/J89x36hcTqeVRI8sSeyp:9wKcODlMcNLJ8j3FTqeVRI8sS/
MD5:	1C6AFD9052929F700806E2C6407B47D5
SHA1:	3A53CC3C1C8A5F08D502B471CC2B43904A1A99BB
SHA-256:	C7A385B97218DFAFE81B5ECD249A5F7031C258A4F36A5C9EFF7CF1E6203D148E
SHA-512:	72AA844F3020FA4B0874A5A2F995B83523F44451DB817AFB25132F2FC02414152C9F78236CB8E30C203CF50EA0F5C760A66D8E8B2019244944E0D3F53B69D517
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E./...AG..AG..AG...G..AG..@F..AG..DF..AG..EF..AG..BF..AG..@F..AGZ.@F..AGm.@F..AG..@G..AG..LF..AG..AF..AG...G..AG..CF..AGRich..AG........................PE..d....pk_.........." .....v...l............................................... ............`.............................................P...................................... .......T...........................`...0............................................text....u.......v.................. ..`.rdata...B.......D...z..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-QN546.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1035720
Entropy (8bit):	6.627165721762628
Encrypted:	false
SSDEEP:	24576:kQqGcVofavjyMI0gTV3FHJ9oPbDcnEdEtmxvSZX0ypea7C:JqGuFyMJgTV3JA/dEOa
MD5:	7E39D82ADF5DA0B51A968C764E0E15C1
SHA1:	79E75CCDE95798F21A34E5650B29DBEBE79C1B43
SHA-256:	D67926328A72816D2944D7C88DF6FF4BFCCD41A9CE39AF0309A0639829D0E7FB
SHA-512:	1C58D53C40535F80F482A5F406EF5BF9C2F963B9DB5969C37EF47B0C59522A1A9BDE3F3589538A7AE7D99D567A43170B384761E572C740010FEB86894CE7322A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........of...5...5...5..5...5...5&..5...5...5...4...5...4...5...4...5...4...5...4..5...5...5...4...5Rich...5........PE..d...d%............" .....:...........Z..............................................*.....`A................................................ ................ ...........!.......... ...T........................... f..............................................text....9.......:.................. ..`.rdata.......P.......>..............@..@.data....&..........................@....pdata....... ......................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-RDR1K.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	177168
Entropy (8bit):	6.329511373202548
Encrypted:	false
SSDEEP:	3072:98DAXYjxZTyZrdDi/hsWZ3aVl+HiZPpzfgppM0t3x5B9Lv0y191UJI8Afa:e9ypDi/hQ+Hux7if7hL91Ub
MD5:	7E0CB089E82FBBBEA649839C8DE6D939
SHA1:	C3AF306C3427FDEDE4099682D12442055F68952E
SHA-256:	B65E87BCEF572B2B980FCC5D2E385D8632B274358E2CA28B2B1B65704E36765D
SHA-512:	0966B775A0E87675EB8D740949AFAA8BB8D5C46A61D5823F02492FB76FF423E37B28200863C03CC4B98BB6FF7E4FA1F55CA052D7883E0B787CD3B9C6B946A7EE
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........MA...A...A...H.D.M.......C.......J.......I.......B.......C.......B...A..........E.......@.....(.@.......@...RichA...........................PE..d....ok_.........." ......................................................................`..........................................V..X...(W..................`...............d.......T...............................0...............H............................text...W........................... ..`.rdata...z.......\|..................@..@.data........p.......`..............@....pdata..`............r..............@..@.rsrc...............................@..@.reloc..d...........................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-S4QUJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	125968
Entropy (8bit):	5.90596134783906
Encrypted:	false
SSDEEP:	3072:CbxuDJ2cMz3A2lxZNfHaxUlXQEpBfeTAJrT1Ep/uX8tlI8VPT:C9AlIZNCxsvfeTercW8tD
MD5:	4D13A7B3ECC8C7DC96A0424C465D7251
SHA1:	0C72F7259AC9108D956AEDE40B6FCDF3A3943CB5
SHA-256:	2995EF03E784C68649FA7898979CBB2C1737F691348FAE15F325D9FC524DF8ED
SHA-512:	68FF7C421007D63A970269089AFB39C949D6CF9F4D56AFF7E4E0B88D3C43CFAA352364C5326523386C00727CC36E64274A51B5DBB3A343B16201CF5FC264FEC8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9...W...W...W......W...V...W...R...W...S...W...T...W.A.V...W...S...W...V...W.l.V...W...V...W.A.Z...W.A.W...W.A.....W.A.U...W.Rich..W.........PE..d....ok_.........." .................]....................................................`..........................................r......ts..................p...................l-..T............................-..0............ ..p............................text...M........................... ..`.rdata...n... ...p..................@..@.data....>.......:...v..............@....pdata..p...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-SB5O9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	101672
Entropy (8bit):	6.566355945650465
Encrypted:	false
SSDEEP:	1536:7y6+2mUD0uBFRXqYue/o+18iBH5T7heunxr98nZXR9xecbSQ2bIB0TO:7lXfRXqQw+PHLrCZh9xecbSt
MD5:	8697C106593E93C11ADC34FAA483C4A0
SHA1:	CD080C51A97AA288CE6394D6C029C06CCB783790
SHA-256:	FF43E813785EE948A937B642B03050BB4B1C6A5E23049646B891A66F65D4C833
SHA-512:	724BBED7CE6F7506E5D0B43399FB3861DDA6457A2AD2FAFE734F8921C9A4393B480CDD8A435DBDBD188B90236CB98583D5D005E24FA80B5A0622A6322E6F3987
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!/.NeNl.eNl.eNl....gNl.l6..nNl.eNm.INl..>o.hNl..>h.uNl..>i.zNl..>l.dNl..>..dNl..>n.dNl.RicheNl.................PE..d...M8.^.........." .........^...... .....................................................`A........................................`1..4....9.......p.......P.......L..(A..........H...T...............................0............................................text...b........................... ..`.rdata...?.......@..................@..@.data...0....@.......4..............@....pdata.......P.......8..............@..@_RDATA.......`.......D..............@..@.rsrc........p.......F..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-SQD7U.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	673080
Entropy (8bit):	6.308718108249972
Encrypted:	false
SSDEEP:	12288:1+eOYMGhYjGXossv2mXo171zUtCvD6Y+L75ie+CUKhQor7MG4fwIQ:1+eOMXo9euo171ogDP+hie+QCw7
MD5:	1358B1A6613A9D6DDB2C5A8F67234355
SHA1:	02A0AFA31243B7D305ED714BF407B747475237F6
SHA-256:	A162C3F2FD67E4CA35525F14DD67A1AE7AEDD02456556A89CC21C93DB9901761
SHA-512:	B52FE3A434A4CC44FF2C9D6D6F1983B496C9CC593CD53A3A40683FE46D8AB9AAC8721D5D03C9A9E2BA871D4A858D6D83DDF6A14CBDF4EEF629565A7C79FB856F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I...'.'.'...&.'.&...'...$.'...#...'...".'...'.'.....'.....'...%.'.Rich..'.........................PE..d...>............." ................................................................._....`A........................................`... .......x............@...D...$..8!..........0u..T............................5...............6...............................text............................... ..`.rdata..$....0......................@..@.data... 8..........................@....pdata...D...@...F..................@..@.rsrc................<..............@..@.reloc............... ..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-T9BI3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1474064
Entropy (8bit):	6.571081648971449
Encrypted:	false
SSDEEP:	24576:eWYb0YUuLzFexUe7/he8azk5XmzrGHvNXpz3pdj2OmCCvACvW4Rj59lik1pI:eDwYtLzFexUe7dmk52XGH1x/j7vCLs
MD5:	CE480E119718E4ECE416C7216AEF7620
SHA1:	F5EF2E1C2BC7F25221CC84461975B536B165FEC2
SHA-256:	9C903BEEE9B402A167A0E1E66FCD80790840EFC4D55753DCF06F1E742777E374
SHA-512:	2D57D162D8E9A0B35F21E06E0D62378C1C567540618C2635583D5F86CC99E1583924D0EE136C034631C3736E0FA3D8B7FCC3522757134758A3A647D36592D2E4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i..l-.?-.?-.?$.>?!.?..>/.?..>!.?..>%.?..>).?v..>..?-.?\.?...>,.?...>,.?..R?,.?...>,.?Rich-.?........PE..d....pk_.........." ................T................................................q....`.......................................... ... ...A.......................d..............`...T...............................0............................................text............................... ..`.rdata.............................@..@.data....3...P...*...B..............@....pdata...............l..............@..@.rsrc................N..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-TTJH7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2675093
Entropy (8bit):	6.340981961881701
Encrypted:	false
SSDEEP:	49152:xR/KpmZubPf2S8W2ILeWl+C1p9jWy5Snd0eigXNJm:f/jtYLP1Sy5E0gm
MD5:	F1291362AA28BD4CBE958DB101FACD4A
SHA1:	490043BCAF1EE5451261E5E2FF0EF00C2D9F3362
SHA-256:	29EA911FC06EA9EE7D618E983AEC5046B2D327AED81CD193A33138FEE246DE23
SHA-512:	4CBA9ED8FE65127FC854F0DEA14B467B73811DC516AC8A5C59687F32FDA545ADCB1AAD6DA1A209A902719B39362B6683360DDAF16E701A4AFAA1BBFB79068218
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......^..................%...........%.......%...@..........................`)...........@......@....................'.......&..5...0'..&................................................... '.....................L.&.H.....&......................text.....%.......%................. ..`.itext...&....%..(....%............. ..`.data...dZ....%..\....%.............@....bss.....x...0&..........................idata...5....&..6....&.............@....didata.......&......@&.............@....edata........'......J&.............@..@.tls....D.....'..........................rdata..].... '......L&.............@..@.rsrc....&...0'..(...N&.............@..@............. (......<'.............@..@........................................................

C:\Users\user\AppData\Local\Namang\is-UFBAQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	4.971871688889933
Encrypted:	false
SSDEEP:	192:wcZT73JD7JWXr0LQmJBy0PfffGR93X+5uy36KG:wc57ZVJBy0k3GT
MD5:	9D5AB1022F291222D4E8EEC7DD946915
SHA1:	62704C28BEE69394BAB4C250FDDEEB54895C2E75
SHA-256:	65385AA62B0F1BF9D59B3FB5E601A74BBD170EEBF4ED7BE15159589DBB21614F
SHA-512:	6F3EADC34C1D1570DBFB48BFB7226DD597BD2964C905C327B2F8390AEA30A007E76EF8E73E7E188FF14E02E6552DBC3A09744B5EAEAE88499A7B8DA3F7D094A2
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H...&...&...&......&...'...&..&...&...%...&...#...&..."...&..'...&...'...&...#...&...&...&...$...&.Rich..&.........PE..d...C..^.........." ..........................;...........................................`..........................................7..]...P8..d............P...............p..0...P2..T............................2...............0..H............................text...c........................... ..`.rdata.......0......................@..@.data........@.......$..............@....pdata.......P.......&..............@..@.gfids.......`.......(..............@..@.reloc..0....p.......*..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-UMDPE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	16328
Entropy (8bit):	6.445861289779398
Encrypted:	false
SSDEEP:	192:TaajPrpJhhf4AN5/KipWphWLWSawTyihVWQ4eW1Mkwqnaj0Qc:Tlbr7fWphWEwGyJlIQ
MD5:	36CBAFA7D455A21362AF5153FF1C1367
SHA1:	6842ED962111F40463D5B672D13542BCA1909608
SHA-256:	48655A29504BCDB1A7F5C2B316F9CD71AB35CA521D2659DF105F49C40B0F92F0
SHA-512:	E9DEB4BA721524C633302028FB8EA0DD962E7E546016E0F145769648D3AFD7F1A637EA47B520EAE19AF1F1D6AB11F11399D4C05C8206B8011140341C3FF3E488
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...J.E..........." .........................................................@......s4....`.........................................0...4............0...................!..............T............................................................................rdata..d...........................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-USANP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	28176
Entropy (8bit):	6.042656674077241
Encrypted:	false
SSDEEP:	384:XOFzatkemfd/ofS86rD9RmOnx+cEoclI8qUSnYPLxDG4y8FoWpK:XOFtfd/y6rD9Rm42lI8qUSWDG4y2K
MD5:	1707A6AEEB0278EE445E86EE4354C86C
SHA1:	50C30823B1DC995A03F5989C774D6541E5EAAEF9
SHA-256:	DD8C39FF48DE02F3F74256A61BF3D9D7E411C051DD4205CA51446B909458F0CD
SHA-512:	404B99B8C70DE1D5E6A4F747DF44F514A4B6480B6C30B468F35E9E0257FD75C1A480641BC88180F6EB50F0BD96BDCAFB65BB25364C0757A6E601090AE5989838
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................\|.....2.......2.......2.......2.......}.....................}.......}.......}.......}.......Rich............PE..d....ok_.........." .........8.......................................................o....`..........................................B..L....B..d....p.......`.......T..........x...L3..T............................3..0............0..8............................text...t........................... ..`.rdata..j....0......."..............@..@.data........P.......>..............@....pdata.......`.......B..............@..@.rsrc........p.......F..............@..@.reloc..x............R..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-VAP3B.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11928
Entropy (8bit):	6.64045283725903
Encrypted:	false
SSDEEP:	192:T+WphWu8WSawTyihVWQ4WWxQzi2D8KN3qnajV2MVorv:iWphWuFwGyXit2lxnorv
MD5:	A8B0327931FD2C863693634B3081E6A0
SHA1:	D66CD78C124E931667B6079D5BC5ADF55A644293
SHA-256:	1FA836B3704B29E7AD1EA1B0B457F62AAE4435C6A1D745707631552A2F83D5F6
SHA-512:	1B8331AC9B17D3553A5C7B4572F826BB232B339C28F6C9A31A870097C7612587CD1DBE59FE294501CE11CF5BBA973D83784108309617B6F7104F2AAE8F723961
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...b..-.........." .........................................................0......i_....`.........................................`...L............ ..................."..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\is-VQD2J.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	74468528
Entropy (8bit):	6.11889115193257
Encrypted:	false
SSDEEP:	196608:mzJHOWC5FSNVHa+CGiK4ipc46xut1Om9CxZWriLY/oT6XUzP3PDETl2xEaIoEZqP:mzJIa36B/Kh6yiMgegCCIoHkwFz
MD5:	55CDDB0D895741E9E0CF8ACE2619015D
SHA1:	383B8FD40B2EAF3C88261AB15B2BCB845818A321
SHA-256:	F4C3436693107F1DAA6F1B840E49A636B47AEE43752F98C58C57F48D0DC0D721
SHA-512:	B41F0474042701F423CDF3429327F051F20C0446FC4776FE277A4C275ADCD8E6E1389599BA0BD5C5CB7094FB38E01ADE5A4C5D32D01CE509C357E8273BF5DBF1
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...*..`........../......~...2p...............@.......................................p....... ..............................................P..`:...........P.......6p......................................6..(....................\..(............................text...X\|.......~..................`.P`.data...............................@.`..rdata..`...........................@.`@.pdata.......P.......8..............@.0@.xdata.......`.......B..............@.0@.bss.........@........................`..idata..`:...P...<..................@.@..CRT....h............Z..............@.@..tls.................\..............@.@..rsrc................^..............@.0.................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\log.txt Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	436
Entropy (8bit):	5.262532251869082
Encrypted:	false
SSDEEP:
MD5:	00E0DA479303E47A74C1BD6A335FCC42
SHA1:	D5AB8B37C8BD2BFE1C7BBEFD3EBD67C5AC49BC50
SHA-256:	C7397BCA6702347A76CC3C59F57015B33EE1366570B787320568C4FF6C4915C8
SHA-512:	FB1FB7CA33928C73C1FAE0B68212EB4CB7D20E845D6DF38CB0D029AF0AF301C1EB49985B3CFC1DCF76C7BCD895FB85D3EDC2C565D67C538C2345130D00F0706B
Malicious:	false
Preview:	2021/01/27 06:51:15 \| ('--------------------',)..2021/01/27 06:51:15 \| ('START APP',)..2021/01/27 06:51:16 \| ('__file__', 'C:\\Users\\user\\AppData\\Local\\Namang\\service_updater.py')..2021/01/27 06:51:16 \| ('C:\\Users\\user\\AppData\\Local\\Namang\\service_updater.py',)..2021/01/27 06:51:16 \| ('cwd', 'C:\\Users\\user\\AppData\\Local\\Namang')..2021/01/27 06:51:16 \| ('0xecf4bb862ded',)..2021/01/27 06:51:16 \| ('STARTUP CHECK',)..

C:\Users\user\AppData\Local\Namang\lz4\block\is-I10AM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	99840
Entropy (8bit):	6.356240728953898
Encrypted:	false
SSDEEP:
MD5:	58F4F8108A179089B04580DF4368235F
SHA1:	ECD2630C3A85800C00A1CD639FABDE2D03146827
SHA-256:	22C520BDA85F4B7EFCACE4D77686AF567410DB0F8B0A46EA2ACD4596CBAB98BE
SHA-512:	AD40067597A6BE04E8714986858AA4A3A1EA28EB572AFFB1B0EB53025CD9A66BB30260014D78C936D51BF9D8A244F824CA0F007517D5F567C1E1752B8421BC54
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........A...A...A...H...G...z..C.......C...z..B...z..K...z..K.......B...A...v......B......@.....h.@......@...RichA...................PE..d......^.........." .....P...8............................................................`..........................................w..\...,x..x...............................H....n...............................o...............`...............................text....O.......P.................. ..`.rdata.......`... ...T..............@..@.data...(............t..............@....pdata...............z..............@..@.gfids..............................@..@.rsrc...............................@..@.reloc..H...........................@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\lz4\is-1QL7M.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	4.755159063384422
Encrypted:	false
SSDEEP:
MD5:	B3F72BAA1511FDC3AF50AC193724999B
SHA1:	087AD890ACE3C5A89A459C4A5406EE801C84D99C
SHA-256:	77BE4D0A4BAF0483421398F0B625DED214F9C1765E6CA7378D90ABD62594142E
SHA-512:	A2D1039C52B629EE01F27B6060B2F40C37BB8E4A07CE146EFB9731A816F57E1D3A74F594CF57A224016AA9A3775935389B58F271061520DDFA43FE5929C4BC31
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........+._.E._.E._.E.V...[.E.d.D.].E...D.].E.d.F.].E.d.@.U.E.d.A.V.E...D.\.E._.D.y.E...M.].E...E.^.E.....^.E...G.^.E.Rich_.E.........................PE..d......^.........." ......................................................................`..........................................'..`....'..d....`.......@...............p..0... #..............................@#............... ...............................text...s........................... ..`.rdata..T.... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.gfids.......P.......&..............@..@.rsrc........`.......(..............@..@.reloc..0....p.......*..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-1HSMI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.267336792625871
Encrypted:	false
SSDEEP:
MD5:	0419DBEE405723E7A128A009DA06460D
SHA1:	660DBE4583923CBDFFF6261B1FADF4349658579C
SHA-256:	F8BD79AE5A90E5390D77DC31CB3065B0F93CB8813C9E67ACCEC72E2DB2027A08
SHA-512:	FDD9F23A1B5ABBF973BEE28642A7F28F767557FE842AF0B30B1CF97CD258892F82E547392390A51900DC7FF5D56433549A5CB463779FC131E885B00568F86A32
Malicious:	false
Preview:	# Encoding file: cp1255, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0192201E20262020202102C62030008A2039008C008D008E008F.009020182019201C201D20222013201402DC2122009A203A009C009D009E009F.00A000A100A200A320AA00A500A600A700A800A900D700AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900F700BB00BC00BD00BE00BF.05B005B105B205B305B405B505B605B705B805B9000005BB05BC05BD05BE05BF.05C005C105C205C305F005F105F205F305F40000000000000000000000000000.05D005D105D205D305D405D505D605D705D805D

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-20FMV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	80453
Entropy (8bit):	2.274731552146978
Encrypted:	false
SSDEEP:
MD5:	F35938AC582E460A14646D2C93F1A725
SHA1:	A922ACACE0C1A4A7DDC92FE5DD7A116D30A3686B
SHA-256:	118EA160EF29E11B46DEC57AF2C44405934DD8A7C49D2BC8B90C94E8BAA6138B
SHA-512:	D27CD9C9D67370C288036AACA5999314231F7070152FF7EEF1F3379E748EF9047001430D391B61C281FF69AB4F709D47F8FF5390873B5DEFD105371AB8FB8872
Malicious:	false
Preview:	# Encoding file: jis0208, double-byte.D.2129 0 77.21.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000300030013002FF0CFF0E30FBFF1AFF1BFF1FFF01309B309C00B4FF4000A8.FF3EFFE3FF3F30FD30FE309D309E30034EDD30053006300730FC20152010FF0F.FF3C301C2016FF5C2026202520182019201C201DFF08FF0930143015FF3BFF3D.FF5BFF5D30083009300A300B300C300D300E300F30103011FF0B221200B100D7.00F7FF1D2260FF1CFF1E22662267221E22342642264000B0203220332103FFE5.FF0400A200A3FF05FF03FF06FF0AFF2000A72606260525CB25CF25CE25C70000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-20TLK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.551534707521956
Encrypted:	false
SSDEEP:
MD5:	C68ADEFE02B77F6E6B5217CD83D46406
SHA1:	C95EA4ED3FBEF013D810C0BFB193B15FA8ADE7B8
SHA-256:	8BFCA34869B3F9A3B2FC71B02CBAC41512AF6D1F8AB17D2564E65320F88EDE10
SHA-512:	5CCAACD8A9795D4FE0FD2AC6D3E33C10B0BCC43B29B45DFBA66FBD180163251890BB67B8185D806E4341EB01CB1CED6EA682077577CC9ED948FC094B099A662A
Malicious:	false
Preview:	# Encoding file: cp737, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.039103920393039403950396039703980399039A039B039C039D039E039F03A0.03A103A303A403A503A603A703A803A903B103B203B303B403B503B603B703B8.03B903BA03BB03BC03BD03BE03BF03C003C103C303C203C403C503C603C703C8.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03C903AC03AD03AE03CA03AF03CC03CD03CB03CE

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-26VSJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	115
Entropy (8bit):	4.945508829557185
Encrypted:	false
SSDEEP:
MD5:	F6464F7C5E3F642BC3564D59B888C986
SHA1:	94C5F39256366ABB68CD67E3025F177F54ECD39D
SHA-256:	6AC0F1845A56A1A537B9A6D9BCB724DDDF3D3A5E61879AE925931B1C0534FBB7
SHA-512:	B9A7E0A9344D8E883D44D1A975A7C3B966499D34BA6206B15C90250F88A8FA422029CEF190023C4E4BE806791AC3BEA87FD8872B47185B0CE0F9ED9C38C41A84
Malicious:	false
Preview:	# Encoding file: iso2022-kr, escape-driven.E.name..iso2022-kr.init..\x1b$)C.final..{}.iso8859-1.\x0f.ksc5601..\x0e.

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-2SFG9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1095
Entropy (8bit):	3.353168947106635
Encrypted:	false
SSDEEP:
MD5:	F20CBBE1FF9289AC4CBAFA136A9D3FF1
SHA1:	382E34824AD8B79EF0C98FD516750649FD94B20A
SHA-256:	F703B7F74CC6F5FAA959F51C757C94623677E27013BCAE23BEFBA01A392646D9
SHA-512:	23733B711614EA99D954E92C6035DAC1237866107FE11CDD5B0CD2A780F22B9B7B879570DB38C6B9195F54DAD9DFB0D60641AB37DFF3C51CF1A11D1D36471B2D
Malicious:	false
Preview:	# Encoding file: macTurkish, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400C500C700C900D100D600DC00E100E000E200E400E300E500E700E900E8.00EA00EB00ED00EC00EE00EF00F100F300F200F400F600F500FA00F900FB00FC.202000B000A200A300A7202200B600DF00AE00A9212200B400A8226000C600D8.221E00B12264226500A500B522022211220F03C0222B00AA00BA03A900E600F8.00BF00A100AC221A01922248220600AB00BB202600A000C000C300D501520153.20132014201C201D2018201900F725CA00FF0178011E011F01300131015E015F.202100B7201A201E203000C200CA00C100C

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-2V139.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1095
Entropy (8bit):	3.342586490827578
Encrypted:	false
SSDEEP:
MD5:	C9AD5E42DA1D2C872223A14CC76F1D2B
SHA1:	E257BD16EF34FDC29D5B6C985A1B45801937354C
SHA-256:	71AE80ADFB437B7BC88F3C76FD37074449B3526E7AA5776D2B9FD5A43C066FA8
SHA-512:	74588523D35A562AD4B1AF2B570596194D8C5018D5B44C8BA2B1F6BAD422D06E90172B0E65BB975663F3A3C246BCF2F598E9778BA86D1C5A51F5C0A38A2670EC
Malicious:	false
Preview:	# Encoding file: macRomania, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400C500C700C900D100D600DC00E100E000E200E400E300E500E700E900E8.00EA00EB00ED00EC00EE00EF00F100F300F200F400F600F500FA00F900FB00FC.202000B000A200A300A7202200B600DF00AE00A9212200B400A822600102015E.221E00B12264226500A500B522022211220F03C0222B00AA00BA21260103015F.00BF00A100AC221A01922248220600AB00BB202600A000C000C300D501520153.20132014201C201D2018201900F725CA00FF0178204400A42039203A01620163.202100B7201A201E203000C200CA00C100C

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-32MUO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.450081751310228
Encrypted:	false
SSDEEP:
MD5:	A2C4062EB4F37C02A45B13BD08EC1120
SHA1:	7F6ED89BD0D415C64D0B8A037F08A47FEADD14C4
SHA-256:	13B5CB481E0216A8FC28BFA9D0F6B060CDF5C457B3E12435CA826EB2EF52B068
SHA-512:	95EFDA8CBC5D52E178640A145859E95A780A8A25D2AF88F98E8FFFA035016CABAE2259D22B3D6A95316F64138B578934FAF4C3403E35C4B7D42E0369B5D88C9B
Malicious:	false
Preview:	# Encoding file: cp863, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200C200E000B600E700EA00EB00E800EF00EE201700C000A7.00C900C800CA00F400CB00CF00FB00F900A400D400DC00A200A300D900DB0192.00A600B400F300FA00A800B800B300AF00CE231000AC00BD00BC00BE00AB00BB.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-37OPC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1095
Entropy (8bit):	3.296489289648924
Encrypted:	false
SSDEEP:
MD5:	3BE4986264587BEC738CC46EBB43D698
SHA1:	62C253AA7A868CE32589868FAB37336542457A96
SHA-256:	8D737283289BAF8C08EF1DD7E47A6C775DACE480419C5E2A92D6C0E85BB5B381
SHA-512:	CB9079265E47EF9672EAACFCE474E4D6771C6F61394F29CC59C9BBE7C99AE89A0EACD73F2BCDD8374C4E03BE9B1685F463F029E35C4070DF9D1B143B02CAD573
Malicious:	false
Preview:	# Encoding file: iso8859-14, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A01E021E0300A3010A010B1E0A00A71E8000A91E821E0B1EF200AD00AE0178.1E1E1E1F012001211E401E4100B61E561E811E571E831E601EF31E841E851E61.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.017400D100D200D300D400D500D61E6A00D800D900DA00DB00DC00DD017600DF.00E000E100E200E300E400E500E600E700E

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-3MTFD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1092
Entropy (8bit):	3.539905812302991
Encrypted:	false
SSDEEP:
MD5:	163729C7C2B1F5A5DE1FB7866C93B102
SHA1:	633D190B5E281CFC0178F6C11DD721C6A266F643
SHA-256:	CEAD5EB2B0B44EF4003FBCB2E49CA0503992BA1D6540D11ACBBB84FDBBD6E79A
SHA-512:	2093E3B59622E61F29276886911FAA50BA3AA9D903CAF8CB778A1D3FDB3D1F7DA43071AFC3672C27BE175E7EEBBC542B655A85533F41EA39F32E80663CAF3B44
Malicious:	false
Preview:	# Encoding file: macThai, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00AB00BB2026F88CF88FF892F895F898F88BF88EF891F894F897201C201DF899.FFFD2022F884F889F885F886F887F888F88AF88DF890F893F89620182019FFFD.00A00E010E020E030E040E050E060E070E080E090E0A0E0B0E0C0E0D0E0E0E0F.0E100E110E120E130E140E150E160E170E180E190E1A0E1B0E1C0E1D0E1E0E1F.0E200E210E220E230E240E250E260E270E280E290E2A0E2B0E2C0E2D0E2E0E2F.0E300E310E320E330E340E350E360E370E380E390E3AFEFF200B201320140E3F.0E400E410E420E430E440E450E460E470E480E

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-4NME4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	48207
Entropy (8bit):	3.450462303370557
Encrypted:	false
SSDEEP:
MD5:	AA4398630883066C127AA902832C82E4
SHA1:	D0B3DEB0EE6539CE5F28A51464BFBB3AA03F28E5
SHA-256:	9D33DF6E1CFDD2CF2553F5E2758F457D710CAFF5F8C69968F2665ACCD6E9A6FD
SHA-512:	77794E74B0E6B5855773EE9E1F3B1DA9DB7661D66485DAE6F61CA69F6DA9FD308A55B3A76C9B887135949C60FC3888E6F9A45C6BC481418737AA452A0D9CAE64
Malicious:	false
Preview:	# Encoding file: cp932, multi-byte.M.003F 0 46.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080000000000000000000850086000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000FF61FF62FF63FF64FF65FF66FF67FF68FF69FF6AFF6BFF6CFF6DFF6EFF6F.FF70FF71FF72FF73FF74FF75FF76FF77FF78FF79FF7AFF7BFF7CFF7DFF7EFF7F.FF80FF81FF82FF83FF84FF85FF86FF87FF88FF89FF8AFF8BFF8CFF8DFF8EFF8F.FF90FF91FF92FF93FF94FF95FF96FF97FF98FF99FF9AFF9BFF9CFF9DFF9EFF9F.0000000000000000000000000000000000000000

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-5OL8G.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	132509
Entropy (8bit):	3.458586416034501
Encrypted:	false
SSDEEP:
MD5:	27280A39A06496DE6035203A6DAE5365
SHA1:	3B1D07B02AE7E3B40784871E17F36332834268E6
SHA-256:	619330192984A80F93AC6F2E4E5EAA463FD3DDDC75C1F65F3975F33E0DD7A0BB
SHA-512:	EA05CC8F9D6908EE2241E2A72374DAAD55797B5A487394B4C2384847C808AF091F980951941003039745372022DE88807F93EEF6CDB3898FBB300A48A09B66E8
Malicious:	false
Preview:	# Encoding file: cp936, multi-byte.M.003F 0 127.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-5SBA3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	85574
Entropy (8bit):	2.3109636068522357
Encrypted:	false
SSDEEP:
MD5:	9A60E5D1AB841DB3324D584F1B84F619
SHA1:	BCCC899015B688D5C426BC791C2FCDE3A03A3EB5
SHA-256:	546392237F47D71CEE1DAA1AAE287D94D93216A1FABD648B50F59DDCE7E8AE35
SHA-512:	E9F42B65A8DFB157D1D3336A94A83D372227BAA10A82EB0C6B6FB5601AA352A576FA3CDFD71EDF74A2285ABCA3B1D3172BB4B393C05B3B4AB141AAF04B10F426
Malicious:	false
Preview:	# Encoding file: euc-cn, multi-byte.M.003F 0 82.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-5VH5L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	92873
Entropy (8bit):	3.255311357682213
Encrypted:	false
SSDEEP:
MD5:	9E67816F304FA1A8E20D2270B3A53364
SHA1:	9E35EBF3D5380E34B92FE2744124F9324B901DD3
SHA-256:	465AE2D4880B8006B1476CD60FACF676875438244C1D93A7DBE4CDE1035E745F
SHA-512:	EE529DA3511EB8D73465EB585561D54833C46B8C31062299B46F5B9EE7EB5BE473E630AA264F45B2806FC1B480C8ED39A173FF1756CB6401B363568E951F0637
Malicious:	false
Preview:	# Encoding file: big5, multi-byte.M.003F 0 89.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.00000000000000000000000000000000000000000

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-62L78.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	92877
Entropy (8bit):	2.32911747373862
Encrypted:	false
SSDEEP:
MD5:	599CEA614F5C5D01CDFA433B184AA904
SHA1:	C2FFA427457B4931E5A92326F251CD3D671059B0
SHA-256:	0F8B530AD0DECBF8DD81DA8291B8B0F976C643B5A292DB84680B31ECFBE5D00A
SHA-512:	43D24B719843A21E3E1EDDFC3607B1B198542306C2EC8D621188CD39BA913D23678D39D12D8370CC1CE12828661AF0A5F14AD2B2BF99F62387C5E3E365BA1E75
Malicious:	false
Preview:	# Encoding file: ksc5601, double-byte.D.233F 0 89.21.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000030003001300200B72025202600A8300300AD20152225FF3C223C20182019.201C201D3014301530083009300A300B300C300D300E300F3010301100B100D7.00F7226022642265221E223400B0203220332103212BFFE0FFE1FFE526422640.222022A52312220222072261225200A7203B2606260525CB25CF25CE25C725C6.25A125A025B325B225BD25BC219221902191219321943013226A226B221A223D.221D2235222B222C2208220B2286228722822283222A222922272228FFE20000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-6GA00.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1096
Entropy (8bit):	3.8086748658227827
Encrypted:	false
SSDEEP:
MD5:	EBD121A4E93488A48FC0A06ADE9FD158
SHA1:	A40E6DB97D6DB2893A072B2275DC22E2A4D60737
SHA-256:	8FBCC63CB289AFAAE15B438752C1746F413F3B79BA5845C2EF52BA1104F8BDA6
SHA-512:	26879ABE4854908296F32B2BB97AEC1F693C56EC29A7DB9B63B2DA62282F2D2EDAE9D50738595D1530731DF5B1812719A74F50ADF521F80DD5067F3DF6A3517C
Malicious:	false
Preview:	# Encoding file: macDingbats, single-byte.S.003F 1 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.00202701270227032704260E2706270727082709261B261E270C270D270E270F.2710271127122713271427152716271727182719271A271B271C271D271E271F.2720272127222723272427252726272726052729272A272B272C272D272E272F.2730273127322733273427352736273727382739273A273B273C273D273E273F.2740274127422743274427452746274727482749274A274B25CF274D25A0274F.27502751275225B225BC25C6275625D727582759275A275B275C275D275E007F.F8D7F8D8F8D9F8DAF8DBF8DCF8DDF8DEF8DFF8E0F8E1F8E2F8E3F8E4008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000276127622763276427652766276726632666266526602460246124622463.2464246524662467246824692776277727782779277A277B277C277D277E277F.2780278127822783278427852786278727882789278A278B278C278D278E278F.2790279127922793279421922194219527982799279A279B279C279D279E279F.27A027A127A227A327A427A527A627A727

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-6M7F4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.6558830653506647
Encrypted:	false
SSDEEP:
MD5:	3C88BF83DBA99F7B682120FBEEC57336
SHA1:	E0CA400BAE0F66EEBE4DFE147C5A18DD3B00B78C
SHA-256:	E87EC076F950FCD58189E362E1505DD55B0C8F4FA7DD1A9331C5C111D2CE569F
SHA-512:	6BD65D0A05F57333DA0078759DB2FC629B56C47DAB24E231DE41AD0DF3D07BF7A2A55D1946A7BA38BE228D415FB2BDB606BF1EF243974ED7DFD204548B2A43BA
Malicious:	false
Preview:	# Encoding file: cp864, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.00200021002200230024066A0026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00B000B72219221A259225002502253C2524252C251C25342510250C25142518.03B2221E03C600B100BD00BC224800AB00BBFEF7FEF8009B009CFEFBFEFC009F.00A000ADFE8200A300A4FE8400000000FE8EFE8FFE95FE99060CFE9DFEA1FEA5.0660066106620663066406650666066706680669FED1061BFEB1FEB5FEB9061F.00A2FE80FE81FE83FE85FECAFE8BFE8DFE91FE93FE97FE9BFE9FFEA3FEA7FEA9.FEABFEADFEAFFEB3FEB7FEBBFEBFFEC1FEC5FECBFECF00A600AC00F700D7FEC9.0640FED3FED7FEDBFEDFFEE3FEE7FEEBFEEDFEEF

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-79MHT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.2734430397929604
Encrypted:	false
SSDEEP:
MD5:	A1CCD70248FEA44C0EBB51FB71D45F92
SHA1:	CC103C53B3BA1764714587EAEBD92CD1BC75194D
SHA-256:	4151434A714FC82228677C39B07908C4E19952FC058E26E7C3EBAB7724CE0C77
SHA-512:	74E4A13D65FAB11F205DB1E6D826B06DE421282F7461B273196FD7EECEE123EA0BD32711640B15B482C728966CC0C70FFC67AEDAD91566CA87CD623738E34726
Malicious:	false
Preview:	# Encoding file: cp1257, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0083201E20262020202100882030008A2039008C00A802C700B8.009020182019201C201D20222013201400982122009A203A009C00AF02DB009F.00A0000000A200A300A4000000A600A700D800A9015600AB00AC00AD00AE00C6.00B000B100B200B300B400B500B600B700F800B9015700BB00BC00BD00BE00E6.0104012E0100010600C400C501180112010C00C90179011601220136012A013B.01600143014500D3014C00D500D600D701720141015A016A00DC017B017D00DF.0105012F0101010700E400E501190113010D00E

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-7DS64.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.458262128093304
Encrypted:	false
SSDEEP:
MD5:	51B18570775BCA6465BD338012C9099C
SHA1:	E8149F333B1809DCCDE51CF8B6332103DDE7FC30
SHA-256:	27F16E3DD02B2212C4980EA09BDC068CF01584A1B8BB91456C03FCABABE0931E
SHA-512:	EB285F0E5A9333FFF0E3A6E9C7CAC9D44956EDF180A46D623989A93683BC70EE362256B58EB9AED3BFC6B5C8F5DB4E42540DFC681D51D22A97398CD18F76A1E1
Malicious:	false
Preview:	# Encoding file: cp869, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850386008700B700AC00A620182019038820150389.038A03AA038C00930094038E03AB00A9038F00B200B303AC00A303AD03AE03AF.03CA039003CC03CD039103920393039403950396039700BD0398039900AB00BB.25912592259325022524039A039B039C039D256325512557255D039E039F2510.25142534252C251C2500253C03A003A1255A25542569256625602550256C03A3.03A403A503A603A703A803A903B103B203B32518250C2588258403B403B52580.03B603B703B803B903BA03BB03BC03BD03BE03BF

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-889H0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	2.9763240350841884
Encrypted:	false
SSDEEP:
MD5:	7273E998972C9EFB2CEB2D5CD553DE49
SHA1:	4AA47E6DF964366FA3C29A0313C0DAE0FA63A78F
SHA-256:	330517F72738834ECBF4B6FA579F725B4B33AD9F4669975E727B40DF185751FF
SHA-512:	56BF15C123083D3F04FE0C506EE8ECE4C08C17754F0CAAD3566F1469728CFD2F0A487023DCB26432240EB09F064944D3EF08175979F5D1D2BF734E7C7C609055
Malicious:	false
Preview:	# Encoding file: tis-620, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E0000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.00000E010E020E030E040E050E060E070E080E090E0A0E0B0E0C0E0D0E0E0E0F.0E100E110E120E130E140E150E160E170E180E190E1A0E1B0E1C0E1D0E1E0E1F.0E200E210E220E230E240E250E260E270E280E290E2A0E2B0E2C0E2D0E2E0E2F.0E300E310E320E330E340E350E360E370E380E390E3A00000000000000000E3F.0E400E410E420E430E440E450E460E470E480E

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-8BVDD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.4494568686644276
Encrypted:	false
SSDEEP:
MD5:	45F0D888DBCB56703E8951C06CFAED51
SHA1:	53529772EA6322B7949DB73EEBAED91E5A5BA3DA
SHA-256:	A43A5B58BFC57BD723B12BBDEA9F6E1A921360B36D2D52C420F37299788442D3
SHA-512:	61D0C361E1C7D67193409EC327568867D1FD0FE448D11F16A08638D3EE31BE95AD37B8A2E67B8FB448D09489AA3F5D65AD9AC18E9BDC690A049F0C015BA806F1
Malicious:	false
Preview:	# Encoding file: cp861, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E400E000E500E700EA00EB00E800D000F000DE00C400C5.00C900E600C600F400F600FE00FB00DD00FD00D600DC00F800A300D820A70192.00E100ED00F300FA00C100CD00D300DA00BF231000AC00BD00BC00A100AB00BB.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-8EDSK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1094
Entropy (8bit):	3.2703067063488724
Encrypted:	false
SSDEEP:
MD5:	07576E85AFDB2816BBCFFF80E2A12747
SHA1:	CC1C2E6C35B005C17EB7B1A3D744983A86A75736
SHA-256:	17745BDD299779E91D41DB0CEE26CDC7132DA3666907A94210B591CED5A55ADB
SHA-512:	309EEF25EE991E3321A57D2CEE139C9C3E7C8B3D9408664AAFE9BA34E28EF5FB8167481F3C5CAD0557AE55249E47016CA3A6AC19857D76EFB58D0CDAC428F600
Malicious:	false
Preview:	# Encoding file: iso8859-4, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A001040138015600A40128013B00A700A8016001120122016600AD017D00AF.00B0010502DB015700B40129013C02C700B80161011301230167014A017E014B.010000C100C200C300C400C500C6012E010C00C9011800CB011600CD00CE012A.01100145014C013600D400D500D600D700D8017200DA00DB00DC0168016A00DF.010100E100E200E300E400E500E6012F010D

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-8QQT3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	192
Entropy (8bit):	4.915818681498601
Encrypted:	false
SSDEEP:
MD5:	224219C864280FA5FB313ADBC654E37D
SHA1:	39E20B41CFA8B269377AFA06F9C4D66EDD946ACB
SHA-256:	E12928E8B5754D49D0D3E799135DE2B480BA84B5DBAA0E350D9846FA67F943EC
SHA-512:	6E390D83B67E2FD5BCAC1BA603A9C6F8BE071FA64021612CE5F8EE33FD8E3840A8C31A7B00134A0039E46BDC66BEF7EB6EA1F8663BA72816B86AF792EF7BDC56
Malicious:	false
Preview:	# Encoding file: iso2022-jp, escape-driven.E.name..iso2022-jp.init..{}.final..{}.ascii..\x1b(B.jis0201..\x1b(J.jis0208..\x1b$B.jis0208..\x1b$@.jis0212..\x1b$(D.gb2312..\x1b$A.ksc5601..\x1b$(C.

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-9038P.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1094
Entropy (8bit):	3.178020305301999
Encrypted:	false
SSDEEP:
MD5:	5685992A24D85E93BD8EA62755E327BA
SHA1:	B0BEBEDEC53FFB894D9FB0D57F25AB2A459B6DD5
SHA-256:	73342C27CF55F625D3DB90C5FC8E7340FFDF85A51872DBFB1D0A8CB1E43EC5DA
SHA-512:	E88ED02435026CA9B8A23073F61031F3A75C4B2CD8D2FC2B598F924ADF34B268AB16909120F1D96B794BDBC484C764FDE83B63C9FB122279AC5242D57030AF3A
Malicious:	false
Preview:	# Encoding file: iso8859-3, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0012602D800A300A40000012400A700A80130015E011E013400AD0000017B.00B0012700B200B300B400B5012500B700B80131015F011F013500BD0000017C.00C000C100C2000000C4010A010800C700C800C900CA00CB00CC00CD00CE00CF.000000D100D200D300D4012000D600D7011C00D900DA00DB00DC016C015C00DF.00E000E100E2000000E4010B010900E700E8

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-9AJKJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1095
Entropy (8bit):	3.2483197762497458
Encrypted:	false
SSDEEP:
MD5:	162E76BD187CB54A5C9F0B72A082C668
SHA1:	CEC787C4DE78F9DBB97B9C44070CF2C12A2468F7
SHA-256:	79F6470D9BEBD30832B3A9CA59CD1FDCA28C5BE6373BD01D949EEE1BA51AA7A8
SHA-512:	ADDBCA6E296286220FFF449D3E34E5267528627AFFF1FCBD2B9AC050A068D116452D70308049D88208FB7CB2C2F7582FCF1703CF22CFC125F2E6FA89B8A653FE
Malicious:	false
Preview:	# Encoding file: iso8859-10, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0010401120122012A0128013600A7013B011001600166017D00AD016A014A.00B0010501130123012B0129013700B7013C011101610167017E2015016B014B.010000C100C200C300C400C500C6012E010C00C9011800CB011600CD00CE00CF.00D00145014C00D300D400D500D6016800D8017200DA00DB00DC00DD00DE00DF.010100E100E200E300E400E500E6012F010

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-9MKFK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1094
Entropy (8bit):	3.1865263857127375
Encrypted:	false
SSDEEP:
MD5:	675C89ECD212C8524B1875095D78A5AF
SHA1:	F585C70A5589DE39558DAC016743FF85E0C5F032
SHA-256:	1CDCF510C38464E5284EDCFAEC334E3FC516236C1CA3B9AB91CA878C23866914
SHA-512:	E620657C5F521A101B6FF7B5FD9A7F0DDD560166BA109D20E91F2E828F81697F897DFA136533C0D6F24A9861E92F34C0CC0FA590F344713C089157F8AC3ECFE2
Malicious:	false
Preview:	# Encoding file: iso8859-9, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A000A100A200A300A400A500A600A700A800A900AA00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900BA00BB00BC00BD00BE00BF.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.011E00D100D200D300D400D500D600D700D800D900DA00DB00DC0130015E00DF.00E000E100E200E300E400E500E600E700E8

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-A7QOI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.675943323650254
Encrypted:	false
SSDEEP:
MD5:	1B612907F31C11858983AF8C009976D6
SHA1:	F0C014B6D67FC0DC1D1BBC5F052F0C8B1C63D8BF
SHA-256:	73FD2B5E14309D8C036D334F137B9EDF1F7B32DBD45491CF93184818582D0671
SHA-512:	82D4A8F9C63F50E5D77DAD979D3A59729CD2A504E7159AE3A908B7D66DC02090DABD79B6A6DC7B998C32C383F804AACABC564A5617085E02204ADF0B13B13E5B
Malicious:	false
Preview:	# Encoding file: symbol, single-byte.S.003F 1 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002122000023220300250026220D002800292217002B002C2212002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.22450391039203A70394039503A603930397039903D1039A039B039C039D039F.03A0039803A103A303A403A503C203A9039E03A80396005B2234005D22A5005F.F8E503B103B203C703B403B503C603B303B703B903D503BA03BB03BC03BD03BF.03C003B803C103C303C403C503D603C903BE03C803B6007B007C007D223C007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.000003D2203222642044221E0192266326662665266021942190219121922193.00B000B12033226500D7221D2202202200F72260226122482026F8E6F8E721B5.21352111211C21182297229522052229222A2283228722842282228622082209.2220220700AE00A92122220F221A22C500AC2227222821D421D021D121D221D3.22C42329F8E8F8E9F8EA2211F8EBF8ECF8EDF8E

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-ABJ9J.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.3530146237761445
Encrypted:	false
SSDEEP:
MD5:	2E5F553D214B534EBA29A9FCEEC36F76
SHA1:	8FF9A526A545D293829A679A2ECDD33AA6F9A90E
SHA-256:	2174D94E1C1D5AD93717B9E8C20569ED95A8AF51B2D3AB2BCE99F1A887049C0E
SHA-512:	44AB13C0D322171D5EE62946086058CF54963F91EC3F899F3A10D051F9828AC66D7E9F8055026E938DDD1B97A30D5D450B89D72F9113DEE2DBBB62DDBBBE456C
Malicious:	false
Preview:	# Encoding file: cp1253, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0192201E20262020202100882030008A2039008C008D008E008F.009020182019201C201D20222013201400982122009A203A009C009D009E009F.00A00385038600A300A400A500A600A700A800A9000000AB00AC00AD00AE2015.00B000B100B200B3038400B500B600B703880389038A00BB038C00BD038E038F.0390039103920393039403950396039703980399039A039B039C039D039E039F.03A003A1000003A303A403A503A603A703A803A903AA03AB03AC03AD03AE03AF.03B003B103B203B303B403B503B603B703B803B

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-AQ9UM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.2209074629945476
Encrypted:	false
SSDEEP:
MD5:	5900F51FD8B5FF75E65594EB7DD50533
SHA1:	2E21300E0BC8A847D0423671B08D3C65761EE172
SHA-256:	14DF3AE30E81E7620BE6BBB7A9E42083AF1AE04D94CF1203565F8A3C0542ACE0
SHA-512:	EA0455FF4CD5C0D4AFB5E79B671565C2AEDE2857D534E1371F0C10C299C74CB4AD113D56025F58B8AE9E88E2862F0864A4836FED236F5730360B2223FDE479DC
Malicious:	false
Preview:	# Encoding file: cp1252, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0192201E20262020202102C62030016020390152008D017D008F.009020182019201C201D20222013201402DC21220161203A0153009D017E0178.00A000A100A200A300A400A500A600A700A800A900AA00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900BA00BB00BC00BD00BE00BF.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.00D000D100D200D300D400D500D600D700D800D900DA00DB00DC00DD00DE00DF.00E000E100E200E300E400E500E600E700E800E

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-B87SL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	130423
Entropy (8bit):	3.0309641114333425
Encrypted:	false
SSDEEP:
MD5:	6788B104D2297CBD8D010E2776AF6EBA
SHA1:	904A8B7846D34521634C8C09013DBB1D31AF47CA
SHA-256:	26BCB620472433962717712D04597A63264C8E444459432565C4C113DE0A240B
SHA-512:	0DF73561B76159D0A94D16A2DAB22F2B3D88C67146A840CB74D19E70D50A4C7E4DDF1952B5B805471985A896CA9F1B69C3FC4E6D8D17454566D7D39377BA1394
Malicious:	false
Preview:	# Encoding file: cp949, multi-byte.M.003F 0 125.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-BBT5A.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1092
Entropy (8bit):	3.1984111069807395
Encrypted:	false
SSDEEP:
MD5:	0DCB64ACBB4B518CC20F4E196E04692C
SHA1:	7AEB708C89C178FB4D5611C245EA1A7CF66ADF3A
SHA-256:	480F61D0E1A75DEE59BF9A66DE0BB78FAAE4E87FD6317F93480412123277D442
SHA-512:	4AFA210763DE9742626886D7D281AC15169CDC7A31D185F48D105190CA247AA014FB8F281AFCB4A0C31D2D55EE7D907B6A8E51FC4BEEDB9DB8C484E88CAA78A9
Malicious:	false
Preview:	# Encoding file: jis0201, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D203E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000FF61FF62FF63FF64FF65FF66FF67FF68FF69FF6AFF6BFF6CFF6DFF6EFF6F.FF70FF71FF72FF73FF74FF75FF76FF77FF78FF79FF7AFF7BFF7CFF7DFF7EFF7F.FF80FF81FF82FF83FF84FF85FF86FF87FF88FF89FF8AFF8BFF8CFF8DFF8EFF8F.FF90FF91FF92FF93FF94FF95FF96FF97FF98FF99FF9AFF9BFF9CFF9DFF9EFF9F.00000000000000000000000000000000000000

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-BG69V.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.463428231669408
Encrypted:	false
SSDEEP:
MD5:	E66D42CB71669CA0FFBCDC75F6292832
SHA1:	366C137C02E069B1A93FBB5D64B9120EA6E9AD1F
SHA-256:	7142B1120B993D6091197574090FE04BE3EA64FFC3AD5A167A4B5E0B42C9F062
SHA-512:	6FBF7AF0302B4AA7EF925EFED7235E946EDA8B628AA204A8BBB0A3D1CB8C79DD37D9DD92A276AD14B55776FEBB3B55CF5881AC4013F95ED4E618E3B49771E8A5
Malicious:	false
Preview:	# Encoding file: koi8-r, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.25002502250C251025142518251C2524252C2534253C258025842588258C2590.259125922593232025A02219221A22482264226500A0232100B000B200B700F7.25502551255204512553255425552556255725582559255A255B255C255D255E.255F25602561040125622563256425652566256725682569256A256B256C00A9.044E0430043104460434043504440433044504380439043A043B043C043D043E.043F044F044004410442044304360432044C044B04370448044D04490447044A.042E04100411042604140415042404130425041

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-BMEBL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1094
Entropy (8bit):	3.269412550127009
Encrypted:	false
SSDEEP:
MD5:	69FCA2E8F0FD9B39CDD908348BD2985E
SHA1:	FF62EB5710FDE11074A87DAEE9229BCF7F66D7A0
SHA-256:	0E0732480338A229CC3AD4CDDE09021A0A81902DC6EDFB5F12203E2AFF44668F
SHA-512:	46A7899D17810D2E0FF812078D91F29BF2BB8770F09A02367CF8361229F424FC9B06EAC8E3756491612972917463B6F27DB3D897AFAE8DB5F159D45975D9CBD8
Malicious:	false
Preview:	# Encoding file: iso8859-2, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0010402D8014100A4013D015A00A700A80160015E0164017900AD017D017B.00B0010502DB014200B4013E015B02C700B80161015F0165017A02DD017E017C.015400C100C2010200C40139010600C7010C00C9011800CB011A00CD00CE010E.01100143014700D300D4015000D600D70158016E00DA017000DC00DD016200DF.015500E100E2010300E4013A010700E7010D

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-CLUBP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1094
Entropy (8bit):	2.9147595181616284
Encrypted:	false
SSDEEP:
MD5:	49DEC951C7A7041314DF23FE26C9B300
SHA1:	B810426354D857718CC841D424DA070EFB9F144F
SHA-256:	F502E07AE3F19CCDC31E434049CFC733DD5DF85487C0160B0331E40241AD0274
SHA-512:	CB5D8C5E807A72F35AD4E7DA80882F348D70052169A7ED5BB585152C2BF628177A2138BD0A982A398A8DF373E1D3E145AD1F6C52485DE57ECBE5A7ED33E13776
Malicious:	false
Preview:	# Encoding file: iso8859-6, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A000000000000000A40000000000000000000000000000060C00AD00000000.00000000000000000000000000000000000000000000061B000000000000061F.0000062106220623062406250626062706280629062A062B062C062D062E062F.0630063106320633063406350636063706380639063A00000000000000000000.064006410642064306440645064606470648

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-DBE20.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.226508038800896
Encrypted:	false
SSDEEP:
MD5:	BB010BFF4DD16B05EEB6E33E5624767A
SHA1:	6294E42ED22D75679FF1464FF41D43DB3B1824C2
SHA-256:	0CDB59E255CCD7DCF4AF847C9B020AEAEE78CE7FCF5F214EBCF123328ACF9F24
SHA-512:	2CD34F75DC61DC1495B0419059783A5579932F43DB9B125CADCB3838A142E0C1CD7B42DB71EF103E268206E31099D6BB0670E84D5658C0E18D0905057FF87182
Malicious:	false
Preview:	# Encoding file: cp1258, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0192201E20262020202102C62030008A20390152008D008E008F.009020182019201C201D20222013201402DC2122009A203A0153009D009E0178.00A000A100A200A300A400A500A600A700A800A900AA00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900BA00BB00BC00BD00BE00BF.00C000C100C2010200C400C500C600C700C800C900CA00CB030000CD00CE00CF.011000D1030900D300D401A000D600D700D800D900DA00DB00DC01AF030300DF.00E000E100E2010300E400E500E600E700E800E

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-DN5U5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.288070862623515
Encrypted:	false
SSDEEP:
MD5:	55FB20FB09C610DB38C22CF8ADD4F7B8
SHA1:	604396D81FD2D90F5734FE6C3F283F8F19AABB64
SHA-256:	2D1BED2422E131A140087FAF1B12B8A46F7DE3B6413BAE8BC395C06F0D70B9B0
SHA-512:	07C6640BB40407C384BCF646CC436229AEC77C6398D57659B739DC4E180C81A1524F55A5A8F7B3F671A53320052AD888736383486CC01DFC317029079B17172E
Malicious:	false
Preview:	# Encoding file: cp1251, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.04020403201A0453201E20262020202120AC203004092039040A040C040B040F.045220182019201C201D202220132014009821220459203A045A045C045B045F.00A0040E045E040800A4049000A600A7040100A9040400AB00AC00AD00AE0407.00B000B104060456049100B500B600B704512116045400BB0458040504550457.0410041104120413041404150416041704180419041A041B041C041D041E041F.0420042104220423042404250426042704280429042A042B042C042D042E042F.043004310432043304340435043604370438043

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-E3MES.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1096
Entropy (8bit):	3.3293096097500965
Encrypted:	false
SSDEEP:
MD5:	F13D479550D4967A0BC76A60C89F1461
SHA1:	63F44E818284384DE07AB0D8B0CD6F7EBFE09AB9
SHA-256:	8D0B6A882B742C5CCE938241328606C111DDA0CB83334EBEDCDA17605F3641AE
SHA-512:	80AB9DCAAC1A496FD2CA6BE9959FE2DE201F504D8A58D114F2FF5D1F6AAD507F052B87D29D3EBA69093C3D965CC4C113C9EA6DB8EEBB67BD620ADF860CA2CC35
Malicious:	false
Preview:	# Encoding file: macCroatian, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400C500C700C900D100D600DC00E100E000E200E400E300E500E700E900E8.00EA00EB00ED00EC00EE00EF00F100F300F200F400F600F500FA00F900FB00FC.202000B000A200A300A7202200B600DF00AE0160212200B400A82260017D00D8.221E00B122642265220600B522022211220F0161222B00AA00BA03A9017E00F8.00BF00A100AC221A01922248010600AB010C202600A000C000C300D501520153.01102014201C201D2018201900F725CAF8FF00A9204420AC2039203A00C600BB.201300B7201A201E203000C2010700C101

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-E6NK5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	84532
Entropy (8bit):	2.3130049332819502
Encrypted:	false
SSDEEP:
MD5:	BF74C90D28E52DD99A01377A96F462E3
SHA1:	DBA09C670F24D47B95D12D4BB9704391B81DDA9A
SHA-256:	EC11BFD49C715CD89FB9D387A07CF54261E0F4A1CCEC1A810E02C7B38AD2F285
SHA-512:	8F5A86BB57256ED2412F6454AF06C52FB44C83EB7B820C642CA9216E9DB31D6EC22965BF5CB9E8AE4492C77C1F48EB2387B1CBDC80F6CDA33FA57C57EC9FF9CD
Malicious:	false
Preview:	# Encoding file: gb2312, double-byte.D.233F 0 81.21.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000030003001300230FB02C902C700A8300330052015FF5E2225202620182019.201C201D3014301530083009300A300B300C300D300E300F3016301730103011.00B100D700F72236222722282211220F222A222922082237221A22A522252220.23122299222B222E2261224C2248223D221D2260226E226F22642265221E2235.22342642264000B0203220332103FF0400A4FFE0FFE1203000A7211626062605.25CB25CF25CE25C725C625A125A025B325B2203B219221902191219330130000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.00000000000000000000000000000000000000

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-EF4NG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1096
Entropy (8bit):	3.3482225358368565
Encrypted:	false
SSDEEP:
MD5:	60FFC8E390A31157D8646AEAC54E58AE
SHA1:	3DE17B2A5866272602FB8E9C54930A4CD1F3B06C
SHA-256:	EB135A89519F2E004282DED21B11C3AF7CCB2320C9772F2DF7D1A4A1B674E491
SHA-512:	3644429A9BD42ADC356E1BD6FCFABEE120E851348B538A4FE4903B72A533174D7448A6C2DA71219E4CD5D0443C0475417D54C8E113005DF2CA20C608DE5E3306
Malicious:	false
Preview:	# Encoding file: macCyrillic, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0410041104120413041404150416041704180419041A041B041C041D041E041F.0420042104220423042404250426042704280429042A042B042C042D042E042F.202000B0049000A300A7202200B6040600AE00A9212204020452226004030453.221E00B122642265045600B504910408040404540407045704090459040A045A.0458040500AC221A01922248220600AB00BB202600A0040B045B040C045C0455.20132014201C201D2018201900F7201E040E045E040F045F211604010451044F.0430043104320433043404350436043704

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-EMLB4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1094
Entropy (8bit):	3.2716690950473573
Encrypted:	false
SSDEEP:
MD5:	67577E6720013EEF73923D3F050FBFA1
SHA1:	F9F64BB6014068E2C0737186C694B8101DD9575E
SHA-256:	BC5ED164D15321404BBDCAD0D647C322FFAB1659462182DBD3945439D9ECBAE7
SHA-512:	B584DB1BD5BE97CCFCA2F71E765DEC66CF2ABE18356C911894C988B2238E14074748C71074E0633C7CA50733E189D937160A35438C720DB2243CBC3566F52629
Malicious:	false
Preview:	# Encoding file: iso8859-5, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0040104020403040404050406040704080409040A040B040C00AD040E040F.0410041104120413041404150416041704180419041A041B041C041D041E041F.0420042104220423042404250426042704280429042A042B042C042D042E042F.0430043104320433043404350436043704380439043A043B043C043D043E043F.044004410442044304440445044604470448

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-ESA1M.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	2.009389929214244
Encrypted:	false
SSDEEP:
MD5:	68D69C53B4A9F0AABD60646CA7E06DAE
SHA1:	DD83333DC1C838BEB9102F063971CCC20CC4FD80
SHA-256:	294C97175FD0894093B866E73548AE660AEED0C3CC1E73867EB66E52D34C0DD2
SHA-512:	48960E838D30401173EA0DF8597BB5D9BC3A09ED2CFFCB774BA50CB0B2ACCF47AAD3BA2782B3D4A92BEF572CBD98A3F4109FC4344DB82EB207BFDE4F61094D72
Malicious:	false
Preview:	# Encoding file: ascii, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E0000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-F2H4I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1095
Entropy (8bit):	3.1878838020538374
Encrypted:	false
SSDEEP:
MD5:	6AE49F4E916B02EB7EDB160F88B5A27F
SHA1:	49F7A42889FB8A0D78C80067BDE18094DBE956EE
SHA-256:	C7B0377F30E42048492E4710FE5A0A54FA9865395B8A6748F7DAC53B901284F9
SHA-512:	397E636F4B95522FD3909B4546A1B7E31E92388DAE4F9F6B638875449E3498B49320F4C4A47168C7ADD43C78EF5680CAAEE40661DDC8205687532D994133EA3B
Malicious:	false
Preview:	# Encoding file: iso8859-15, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A000A100A200A320AC00A5016000A7016100A900AA00AB00AC00AD00AE00AF.00B000B100B200B3017D00B500B600B7017E00B900BA00BB01520153017800BF.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.00D000D100D200D300D400D500D600D700D800D900DA00DB00DC00DD00DE00DF.00E000E100E200E300E400E500E600E700E

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-FQK9C.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.2357714075228494
Encrypted:	false
SSDEEP:
MD5:	35AD7A8FC0B80353D1C471F6792D3FD8
SHA1:	484705A69596C9D813EA361625C3A45C6BB31228
SHA-256:	BC4CBE4C99FD65ABEA45FBDAF28CC1D5C42119280125FBBD5C2C11892AE460B2
SHA-512:	CCA3C6A4B826E0D86AC10E45FFC6E5001942AA1CF45B9E0229D56E06F2600DDA0139764F1222C56CF7A9C14E6E6C387F9AB265CB9B936E803FECD8285871C70F
Malicious:	false
Preview:	# Encoding file: cp1254, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0192201E20262020202102C62030016020390152008D008E008F.009020182019201C201D20222013201402DC21220161203A0153009D009E0178.00A000A100A200A300A400A500A600A700A800A900AA00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900BA00BB00BC00BD00BE00BF.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.011E00D100D200D300D400D500D600D700D800D900DA00DB00DC0130015E00DF.00E000E100E200E300E400E500E600E700E800E

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-G093M.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	48028
Entropy (8bit):	3.3111639331656635
Encrypted:	false
SSDEEP:
MD5:	105B49F855C77AE0D3DED6C7130F93C2
SHA1:	BA187C52FAE9792DA5BFFBEAA781FD4E0716E0F6
SHA-256:	2A6856298EC629A16BDD924711DFE3F3B1E3A882DDF04B7310785D83EC0D566C
SHA-512:	5B5FBE69D3B67AF863759D92D4A68481EC2211FF84ED9F0B3BD6129857966DE32B42A42432C44B9246C9D0D9C4C546CD3C6D13FF49BD338192C24AD053C0602E
Malicious:	false
Preview:	# Encoding file: macJapan, multi-byte.M.003F 0 46.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.00A0FF61FF62FF63FF64FF65FF66FF67FF68FF69FF6AFF6BFF6CFF6DFF6EFF6F.FF70FF71FF72FF73FF74FF75FF76FF77FF78FF79FF7AFF7BFF7CFF7DFF7EFF7F.FF80FF81FF82FF83FF84FF85FF86FF87FF88FF89FF8AFF8BFF8CFF8DFF8EFF8F.FF90FF91FF92FF93FF94FF95FF96FF97FF98FF99FF9AFF9BFF9CFF9DFF9EFF9F.0000000000000000000000000000000000000

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-G4RLO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1094
Entropy (8bit):	2.9730608214144323
Encrypted:	false
SSDEEP:
MD5:	45E35EFF7ED2B2DF0B5694A2B639FE1E
SHA1:	4EA5EC5331541EDE65A9CF601F5418FD4B6CFCBC
SHA-256:	E1D207917AA3483D9110E24A0CC0CD1E0E5843C8BFC901CFEE7A6D872DD945A9
SHA-512:	527283C9EFF2C1B21FAE716F5DFB938D8294B22938C76A73D88135312FA01B5C3DF288461CCE8B692928B334A28A7D29319F9F48733174C898F41BD1BEB8E862
Malicious:	false
Preview:	# Encoding file: iso8859-8, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0000000A200A300A400A500A600A700A800A900D700AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900F700BB00BC00BD00BE0000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000002017.05D005D105D205D305D405D505D605D705D8

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-GDAIC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.3818286672990854
Encrypted:	false
SSDEEP:
MD5:	DE1282E2925870A277AF9DE4C52FA457
SHA1:	F4301A1340A160E1F282B5F98BF9FACBFA93B119
SHA-256:	44FB04B5C72B584B6283A99B34789690C627B5083C5DF6E8B5B7AB2C68903C06
SHA-512:	08173FC4E5FC9AA9BD1E296F299036E49C0333A876EA0BDF40BEC9F46120329A530B6AA57B32BC83C7AA5E6BD20DE9F616F4B17532EE54634B6799C31D8F668F
Malicious:	false
Preview:	# Encoding file: cp775, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.010600FC00E9010100E4012300E501070142011301560157012B017900C400C5.00C900E600C6014D00F6012200A2015A015B00D600DC00F800A300D800D700A4.0100012A00F3017B017C017A201D00A600A900AE00AC00BD00BC014100AB00BB.259125922593250225240104010C01180116256325512557255D012E01602510.25142534252C251C2500253C0172016A255A25542569256625602550256C017D.0105010D01190117012F01610173016B017E2518250C25882584258C25902580.00D300DF014C014300F500D500B5014401360137

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-HQ3RV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.439504497428066
Encrypted:	false
SSDEEP:
MD5:	D722EFEA128BE671A8FDA45ED7ADC586
SHA1:	DA9E67F64EC4F6A74C60CB650D5A12C4430DCFF7
SHA-256:	BBB729B906F5FC3B7EE6694B208B206D19A9D4DC571E235B9C94DCDD4A323A2A
SHA-512:	FDF183C1A0D9109E21F7EEBC5996318AEDED3F87319A980C4E96BFE1D43593BDB693D181744C5C7E391A849783E3594234060A9F76116DE56F9592EF95979E63
Malicious:	false
Preview:	# Encoding file: koi8-u, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.25002502250C251025142518251C2524252C2534253C258025842588258C2590.259125922593232025A02219221A22482264226500A0232100B000B200B700F7.25502551255204510454255404560457255725582559255A255B0491255D255E.255F25602561040104032563040604072566256725682569256A0490256C00A9.044E0430043104460434043504440433044504380439043A043B043C043D043E.043F044F044004410442044304360432044C044B04370448044D04490447044A.042E04100411042604140415042404130425041

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-IQAFD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	226
Entropy (8bit):	4.925633473589168
Encrypted:	false
SSDEEP:
MD5:	745464FF8692E3C3D8EBBA38D23538C8
SHA1:	9D6F077598A5A86E6EB6A4EEC14810BF525FBD89
SHA-256:	753DDA518A7E9F6DC0309721B1FAAE58C9661F545801DA9F04728391F70BE2D0
SHA-512:	E919677CC96DEF4C75126A173AF6C229428731AB091CDDBB2A6CE4EB82BCD8191CE64A33B418057A15E094A48E846BEE7820619E414E7D90EDA6E2B66923DDA5
Malicious:	false
Preview:	# Encoding file: iso2022, escape-driven.E.name..iso2022.init..{}.final..{}.iso8859-1.\x1b(B.jis0201..\x1b(J.gb1988..\x1b(T.jis0208..\x1b$B.jis0208..\x1b$@.jis0212..\x1b$(D.gb2312..\x1b$A.ksc5601..\x1b$(C.jis0208..\x1b&@\x1b$B.

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-ISG3B.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.301196372002172
Encrypted:	false
SSDEEP:
MD5:	FF3D96C0954843C7A78299FED6986D9E
SHA1:	5EAD37788D124D4EE49EC4B8AA1CF6AAA9C2849C
SHA-256:	55AA2D13B789B3125F5C9D0DC5B6E3A90D79426D3B7825DCD604F56D4C6E36A2
SHA-512:	B76CD82F3204E17D54FB679615120564C53BBE27CC474101EE073EFA6572B50DB2E9C258B09C0F7EAE8AC445D469461364C81838C07D41B43E353107C06C247E
Malicious:	false
Preview:	# Encoding file: cp850, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E400E000E500E700EA00EB00E800EF00EE00EC00C400C5.00C900E600C600F400F600F200FB00F900FF00D600DC00F800A300D800D70192.00E100ED00F300FA00F100D100AA00BA00BF00AE00AC00BD00BC00A100AB00BB.2591259225932502252400C100C200C000A9256325512557255D00A200A52510.25142534252C251C2500253C00E300C3255A25542569256625602550256C00A4.00F000D000CA00CB00C8013100CD00CE00CF2518250C2588258400A600CC2580.00D300DF00D400D200F500D500B500FE00DE00DA

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-JTU4E.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	85574
Entropy (8bit):	2.3109636068522357
Encrypted:	false
SSDEEP:
MD5:	9A60E5D1AB841DB3324D584F1B84F619
SHA1:	BCCC899015B688D5C426BC791C2FCDE3A03A3EB5
SHA-256:	546392237F47D71CEE1DAA1AAE287D94D93216A1FABD648B50F59DDCE7E8AE35
SHA-512:	E9F42B65A8DFB157D1D3336A94A83D372227BAA10A82EB0C6B6FB5601AA352A576FA3CDFD71EDF74A2285ABCA3B1D3172BB4B393C05B3B4AB141AAF04B10F426
Malicious:	false
Preview:	# Encoding file: euc-cn, multi-byte.M.003F 0 82.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-KB69Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1095
Entropy (8bit):	3.3460856516901947
Encrypted:	false
SSDEEP:
MD5:	92716A59D631BA3A352DE0872A5CF351
SHA1:	A487946CB2EFD75FD748503D75E495720B53E5BC
SHA-256:	4C94E7FBE183379805056D960AB624D78879E43278262E4D6B98AB78E5FEFEA8
SHA-512:	863A667B6404ED02FE994089320EB0ECC34DC431D591D661277FB54A2055334DBEBCAAE1CA06FB8D190727EBA23A47B47991323BE35E74C182F83E5DEAA0D83B
Malicious:	false
Preview:	# Encoding file: macUkraine, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0410041104120413041404150416041704180419041A041B041C041D041E041F.0420042104220423042404250426042704280429042A042B042C042D042E042F.202000B0049000A300A7202200B6040600AE00A9212204020452226004030453.221E00B122642265045600B504910408040404540407045704090459040A045A.0458040500AC221A01922248220600AB00BB202600A0040B045B040C045C0455.20132014201C201D2018201900F7201E040E045E040F045F211604010451044F.04300431043204330434043504360437043

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-KRSGD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	86619
Entropy (8bit):	2.2972446758995697
Encrypted:	false
SSDEEP:
MD5:	12DBEEF45546A01E041332427FEC7A51
SHA1:	5C8E691AE3C13308820F4CF69206D765CFD5094B
SHA-256:	0C0DF17BFECE897A1DA7765C822453B09866573028CECCED13E2EFEE02BCCCC4
SHA-512:	FC8A250EE17D5E94A765AFCD9464ECAE74A4E2FF594A8632CEAEC5C84A3C4D26599642DA42E507B7873C37849D3E784CFB0792DE5B4B4262428619D7473FF611
Malicious:	false
Preview:	# Encoding file: gb12345, double-byte.D.233F 0 83.21.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000030003001300230FB02C902C700A8300330052015FF5E2225202620182019.201C201D3014301530083009300A300B300C300D300E300F3016301730103011.00B100D700F72236222722282211220F222A222922082237221A22A522252220.23122299222B222E2261224C2248223D221D2260226E226F22642265221E2235.22342642264000B0203220332103FF0400A4FFE0FFE1203000A7211626062605.25CB25CF25CE25C725C625A125A025B325B2203B219221902191219330130000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-L0M45.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.438607583601603
Encrypted:	false
SSDEEP:
MD5:	8CA7C4737A18D5326E9A437D5ADC4A1A
SHA1:	C6B1E9320EEF46FC9A23437C255E4085EA2980DB
SHA-256:	6DB59139627D29ABD36F38ED2E0DE2A6B234A7D7E681C7DBAF8B888F1CAC49A5
SHA-512:	2D2427E7A3FF18445321263A42C6DA560E0250691ACBE5113BDE363B36B5E9929003F3C91769A02FF720AB8261429CBFA9D9580C1065FFE77400327B1A5539A6
Malicious:	false
Preview:	# Encoding file: cp860, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E300E000C100E700EA00CA00E800CD00D400EC00C300C2.00C900C000C800F400F500F200DA00F900CC00D500DC00A200A300D920A700D3.00E100ED00F300FA00F100D100AA00BA00BF00D200AC00BD00BC00A100AB00BB.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-L47IO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	91831
Entropy (8bit):	3.253346615914323
Encrypted:	false
SSDEEP:
MD5:	A0F8C115D46D02A5CE2B8C56AFF53235
SHA1:	6605FCCB235A08F9032BB45231B1A6331764664B
SHA-256:	1FB9A3D52D432EA2D6CD43927CEBF9F58F309A236E1B11D20FE8D5A5FB944E6E
SHA-512:	124EA2134CF59585DB2C399B13DE67089A6BB5412D2B210DF484FA38B77555AAF0605D04F441BDC2B0BE0F180FA17C145731D7826DA7556A573D357CC00A968F
Malicious:	false
Preview:	# Encoding file: cp950, multi-byte.M.003F 0 88.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-LP7M0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1096
Entropy (8bit):	3.3601842107710365
Encrypted:	false
SSDEEP:
MD5:	CADFBF5A4C7CAD984294284D643E9CA3
SHA1:	16B51D017001688A32CB7B15DE6E7A49F28B76FD
SHA-256:	8F3089F4B2CA47B7AC4CB78375B2BFAC01268113A7C67D020F8B5B7F2C25BBDA
SHA-512:	3941ACA62CF59BF6857BA9C300B4236F18690DE1213BB7FCFA0EC87DCD71152849F1DEAFB470CA4BC2ACC2C0C13D7FD57661BFC053960ADD7570DE365AE7E63C
Malicious:	false
Preview:	# Encoding file: macCentEuro, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C40100010100C9010400D600DC00E10105010C00E4010D0106010700E90179.017A010E00ED010F01120113011600F3011700F400F600F500FA011A011B00FC.202000B0011800A300A7202200B600DF00AE00A92122011900A822600123012E.012F012A22642265012B0136220222110142013B013C013D013E0139013A0145.0146014300AC221A01440147220600AB00BB202600A00148015000D50151014C.20132014201C201D2018201900F725CA014D0154015501582039203A01590156.01570160201A201E0161015A015B00C101

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-MFQNC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1093
Entropy (8bit):	3.7149721845090347
Encrypted:	false
SSDEEP:
MD5:	7715CC78774FEA9EB588397D8221FA5B
SHA1:	6A21D57B44A0856ABCDE61B1C16CB93F4E4C3D74
SHA-256:	3BDE9AE7EAF9BE799C84B2AA4E80D78BE8ACBACA1E486F10B9BDD42E3AEDDCB2
SHA-512:	C7500B9DD36F7C92C1A92B8F7BC507F6215B12C26C8CB4564A8A87299859C29C05DEFD3212DE8F2DB76B7DFAB527D6C7B10D1E9A9F6B682F1B5BC4911CFAD26C
Malicious:	false
Preview:	# Encoding file: dingbats, single-byte.S.003F 1 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.00202701270227032704260E2706270727082709261B261E270C270D270E270F.2710271127122713271427152716271727182719271A271B271C271D271E271F.2720272127222723272427252726272726052729272A272B272C272D272E272F.2730273127322733273427352736273727382739273A273B273C273D273E273F.2740274127422743274427452746274727482749274A274B25CF274D25A0274F.27502751275225B225BC25C6275625D727582759275A275B275C275D275E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000276127622763276427652766276726632666266526602460246124622463.2464246524662467246824692776277727782779277A277B277C277D277E277F.2780278127822783278427852786278727882789278A278B278C278D278E278F.2790279127922793279421922194219527982799279A279B279C279D279E279F.27A027A127A227A327A427A527A627A727A82

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-OSSMM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.286986942547087
Encrypted:	false
SSDEEP:
MD5:	79ACD9BD261A252D93C9D8DDC42B8DF6
SHA1:	FA2271030DB9005D71FAAD60B44767955D5432DD
SHA-256:	1B42DF7E7D6B0FEB17CB0BC8D97E6CE6899492306DD880C48A39D1A2F0279004
SHA-512:	607F21A84AE569B19DF42463A56712D232CA192E1827E53F3ACB46D373EF4165A38FFBF116E28D4EAAEF49B08F6162C7A1C517CCE2DFACA71DA07193FEFFFF06
Malicious:	false
Preview:	# Encoding file: cp1250, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0083201E2026202020210088203001602039015A0164017D0179.009020182019201C201D202220132014009821220161203A015B0165017E017A.00A002C702D8014100A4010400A600A700A800A9015E00AB00AC00AD00AE017B.00B000B102DB014200B400B500B600B700B80105015F00BB013D02DD013E017C.015400C100C2010200C40139010600C7010C00C9011800CB011A00CD00CE010E.01100143014700D300D4015000D600D70158016E00DA017000DC00DD016200DF.015500E100E2010300E4013A010700E7010D00E

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-OTG2O.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.2936796452153128
Encrypted:	false
SSDEEP:
MD5:	58C52199269A3BB52C3E4C20B5CE6093
SHA1:	888499D9DFDF75C60C2770386A4500F35753CE70
SHA-256:	E39985C6A238086B54427475519C9E0285750707DB521D1820E639723C01C36F
SHA-512:	754667464C4675E8C8F2F88A9211411B3648068085A898D693B33BF3E1FAECC9676805FD2D1A4B19FAAB30E286236DCFB2FC0D498BF9ABD9A5E772B340CEE768
Malicious:	false
Preview:	# Encoding file: cp857, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E400E000E500E700EA00EB00E800EF00EE013100C400C5.00C900E600C600F400F600F200FB00F9013000D600DC00F800A300D8015E015F.00E100ED00F300FA00F100D1011E011F00BF00AE00AC00BD00BC00A100AB00BB.2591259225932502252400C100C200C000A9256325512557255D00A200A52510.25142534252C251C2500253C00E300C3255A25542569256625602550256C00A4.00BA00AA00CA00CB00C8000000CD00CE00CF2518250C2588258400A600CC2580.00D300DF00D400D200F500D500B5000000D700DA

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-P00VC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.451408971174579
Encrypted:	false
SSDEEP:
MD5:	6F290E2C3B8A8EE38642C23674B18C71
SHA1:	0EB40FEEB8A382530B69748E08BF513124232403
SHA-256:	407FC0FE06D2A057E9BA0109EA9356CAB38F27756D135EF3B06A85705B616F50
SHA-512:	A975F69360A28484A8A3B4C93590606B8F372A27EC612ECC2355C9B48E042DCE132E64411CF0B107AA5566CAF6954F6937BEBFE17A2AE79EFF25B67FA0F88B7D
Malicious:	false
Preview:	# Encoding file: cp865, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E400E000E500E700EA00EB00E800EF00EE00EC00C400C5.00C900E600C600F400F600F200FB00F900FF00D600DC00F800A300D820A70192.00E100ED00F300FA00F100D100AA00BA00BF231000AC00BD00BC00A100AB00A4.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-P7F56.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1095
Entropy (8bit):	3.267798724121087
Encrypted:	false
SSDEEP:
MD5:	BF3993877A45AC7091CFC81CFD4A4D43
SHA1:	D462934A074EE13F2C810463FD061084953F77BC
SHA-256:	33C6072A006BA4E9513D7B7FD3D08B1C745CA1079B6D796C36B2A5AE8E4AE02B
SHA-512:	17489E6AD6A898628239EA1B43B4BE81ECC33608F0FD3F7F0E19CF74F7FC4752813C3C21F1DC73E9CC8765E23C63ED932799905381431DAF4E10A88EC29EBF6E
Malicious:	false
Preview:	# Encoding file: iso8859-13, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0201D00A200A300A4201E00A600A700D800A9015600AB00AC00AD00AE00C6.00B000B100B200B3201C00B500B600B700F800B9015700BB00BC00BD00BE00E6.0104012E0100010600C400C501180112010C00C90179011601220136012A013B.01600143014500D3014C00D500D600D701720141015A016A00DC017B017D00DF.0105012F0101010700E400E501190113010

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-P8VNN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1094
Entropy (8bit):	3.163043970763833
Encrypted:	false
SSDEEP:
MD5:	E3BAE26F5D3D9A4ADCF5AE7D30F4EC38
SHA1:	A71B6380EA3D23DC0DE11D3B8CEA86A4C8063D47
SHA-256:	754EF6BF3A564228AB0B56DDE391521DCC1A6C83CFB95D4B761141E71D2E8E87
SHA-512:	AFED8F5FE02A9A30987736F08B47F1C19339B5410D6020CC7EA37EA0D717A70AF6CDDC775F53CE261FCF215B579206E56458D61AB4CEB44E060BD6B3AC2F4C41
Malicious:	false
Preview:	# Encoding file: iso8859-1, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A000A100A200A300A400A500A600A700A800A900AA00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900BA00BB00BC00BD00BE00BF.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.00D000D100D200D300D400D500D600D700D800D900DA00DB00DC00DD00DE00DF.00E000E100E200E300E400E500E600E700E8

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-PRL73.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1095
Entropy (8bit):	3.3292041026777457
Encrypted:	false
SSDEEP:
MD5:	6D52A84C06970CD3B2B7D8D1B4185CE6
SHA1:	C434257D76A9FDF81CCCD8CC14242C8E3940FD89
SHA-256:	633F5E3E75BF1590C94AB9CBF3538D0F0A7A319DB9016993908452D903D9C4FD
SHA-512:	711F4DC86DD609823BF1BC5505DEE9FA3875A8AA7BCA31DC1B5277720C5ABE65B62E8A592FC55D99D1C7CA181FDDC2606551C43A9D12489B9FECFF152E9A3DCF
Malicious:	false
Preview:	# Encoding file: macIceland, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400C500C700C900D100D600DC00E100E000E200E400E300E500E700E900E8.00EA00EB00ED00EC00EE00EF00F100F300F200F400F600F500FA00F900FB00FC.00DD00B000A200A300A7202200B600DF00AE00A9212200B400A8226000C600D8.221E00B12264226500A500B522022211220F03C0222B00AA00BA03A900E600F8.00BF00A100AC221A01922248220600AB00BB202600A000C000C300D501520153.20132014201C201D2018201900F725CA00FF0178204420AC00D000F000DE00FE.00FD00B7201A201E203000C200CA00C100C

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-R7O9J.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	70974
Entropy (8bit):	2.2631380488363284
Encrypted:	false
SSDEEP:
MD5:	F518436AC485F5DC723518D7872038E0
SHA1:	15013478760463A0BCE3577B4D646ECDB07632B5
SHA-256:	24A9D379FDA39F2BCC0580CA3E0BD2E99AE279AF5E2841C9E7DBE7F931D19CC0
SHA-512:	2325705D4772A10CD81082A035BEAC85E6C64C7CCFA5981955F0B85CAF9A95D8A0820092957822A05C2E8E773F2089035ED5E76BF3FAF19B0E7E6AED7B4214D8
Malicious:	false
Preview:	# Encoding file: jis0212, double-byte.D.2244 0 68.22.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.00000000000000000000000000000000000000000000000000000000000002D8.02C700B802D902DD00AF02DB02DA007E03840385000000000000000000000000.0000000000A100A600BF00000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000BA00AA00A900AE2122.00A4211600000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-R9D33.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.2660589395582478
Encrypted:	false
SSDEEP:
MD5:	7884C95618EF4E9BAA1DED2707F48467
SHA1:	DA057E1F93F75521A51CC725D47130F41E509E70
SHA-256:	3E067363FC07662EBE52BA617C2AAD364920F2AF395B3416297400859ACD78BB
SHA-512:	374AA659A8DB86C023187D02BD7993516CE0EC5B4C6743AD4956AA2DDB86D2B4A57B797253913E08E40485BF3263FBD1C74DDE2C00E6F228201811ED89A6DFF0
Malicious:	false
Preview:	# Encoding file: cp874, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC008100820083008420260086008700880089008A008B008C008D008E008F.009020182019201C201D20222013201400980099009A009B009C009D009E009F.00A00E010E020E030E040E050E060E070E080E090E0A0E0B0E0C0E0D0E0E0E0F.0E100E110E120E130E140E150E160E170E180E190E1A0E1B0E1C0E1D0E1E0E1F.0E200E210E220E230E240E250E260E270E280E290E2A0E2B0E2C0E2D0E2E0E2F.0E300E310E320E330E340E350E360E370E380E390E3A00000000000000000E3F.0E400E410E420E430E440E450E460E470E480E49

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-S168D.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1094
Entropy (8bit):	3.2933089629252037
Encrypted:	false
SSDEEP:
MD5:	0AF65F8F07F623FA38E2D732400D95CF
SHA1:	D2903B32FEA225F3FB9239E622390A078C8A8FA6
SHA-256:	8FEC7631A69FCF018569EBADB05771D892678790A08E63C05E0007C9910D58A8
SHA-512:	EF03237A030C54E0E20DBA7ED724580C513490B9B3B043C1E885638E7BCE21415CE56C3902EA39689365B12E44194C6BF868C4D9BCBCA8FDC334BE77DA46E24D
Malicious:	false
Preview:	# Encoding file: iso8859-7, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A02018201900A30000000000A600A700A800A9000000AB00AC00AD00002015.00B000B100B200B303840385038600B703880389038A00BB038C00BD038E038F.0390039103920393039403950396039703980399039A039B039C039D039E039F.03A003A1000003A303A403A503A603A703A803A903AA03AB03AC03AD03AE03AF.03B003B103B203B303B403B503B603B703B8

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-S69TP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1054
Entropy (8bit):	2.92745681322567
Encrypted:	false
SSDEEP:
MD5:	67212AAC036FE54C8D4CDCB2D03467A6
SHA1:	465509C726C49680B02372501AF7A52F09AB7D55
SHA-256:	17A7D45F3B82F2A42E1D36B13DB5CED077945A3E82700947CD1F803DD2A60DBF
SHA-512:	9500685760800F5A31A755D582FCEDD8BB5692C27FEEEC2709D982C0B8FCB5238AFB310DCB817F9FE140086A8889B7C60D5D1017764CEB03CB388DD22C8E0B3E
Malicious:	false
Preview:	S.006F 0 1.00.0000000100020003008500090086007F0087008D008E000B000C000D000E000F.0010001100120013008F000A0008009700180019009C009D001C001D001E001F.0080008100820083008400920017001B00880089008A008B008C000500060007.0090009100160093009400950096000400980099009A009B00140015009E001A.002000A000E200E400E000E100E300E500E700F10060002E003C0028002B007C.002600E900EA00EB00E800ED00EE00EF00EC00DF00210024002A0029003B009F.002D002F00C200C400C000C100C300C500C700D1005E002C0025005F003E003F.00F800C900CA00CB00C800CD00CE00CF00CC00A8003A002300400027003D0022.00D800610062006300640065006600670068006900AB00BB00F000FD00FE00B1.00B0006A006B006C006D006E006F00700071007200AA00BA00E600B800C600A4.00B500AF0073007400750076007700780079007A00A100BF00D000DD00DE00AE.00A200A300A500B700A900A700B600BC00BD00BE00AC005B005C005D00B400D7.00F900410042004300440045004600470048004900AD00F400F600F200F300F5.00A6004A004B004C004D004E004F00500051005200B900FB00FC00DB00FA00FF.00D900F70053005400550056005700580059005A00B200D400D600D200D300D5.00300031003

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-S7UQ5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.1978221748141253
Encrypted:	false
SSDEEP:
MD5:	06645FE6C135D2EDE313629D24782F98
SHA1:	49C663AC26C1FE4F0FD1428C9EF27058AEE6CA95
SHA-256:	A2717AE09E0CF2D566C245DC5C5889D326661B40DB0D5D9A6D95B8E6B0F0E753
SHA-512:	DB544CFE58753B2CF8A5D65321A2B41155FE2430DB6783DD2F20E1244657482072633D16C8AC99765C113B60E99C8718263C483763A34C5E4BB04B4FFBA41976
Malicious:	false
Preview:	# Encoding file: gb1988, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.002000210022002300A500250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D203E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000FF61FF62FF63FF64FF65FF66FF67FF68FF69FF6AFF6BFF6CFF6DFF6EFF6F.FF70FF71FF72FF73FF74FF75FF76FF77FF78FF79FF7AFF7BFF7CFF7DFF7EFF7F.FF80FF81FF82FF83FF84FF85FF86FF87FF88FF89FF8AFF8BFF8CFF8DFF8EFF8F.FF90FF91FF92FF93FF94FF95FF96FF97FF98FF99FF9AFF9BFF9CFF9DFF9EFF9F.000000000000000000000000000000000000000

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-SND6T.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.4900477558394694
Encrypted:	false
SSDEEP:
MD5:	E417DCE52E8438BBE9AF8AD51A09F9E3
SHA1:	EF273671D46815F22996EA632D22CC27EB8CA44B
SHA-256:	AEA716D490C35439621A8F00CA7E4397EF1C70428E206C5036B7AF25F1C3D82F
SHA-512:	97D65E05008D75BC56E162D51AB76888E1FA0591D9642D7C0D09A5CE823904B5D6C14214828577940EDBE7F0265ABACDD67E4E12FACFDF5C7CD35FA80B90EC02
Malicious:	false
Preview:	# Encoding file: cp862, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.05D005D105D205D305D405D505D605D705D805D905DA05DB05DC05DD05DE05DF.05E005E105E205E305E405E505E605E705E805E905EA00A200A300A520A70192.00E100ED00F300FA00F100D100AA00BA00BF231000AC00BD00BC00A100AB00BB.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-T31SK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1093
Entropy (8bit):	3.4271472017271556
Encrypted:	false
SSDEEP:
MD5:	14AD68855168E3E741FE179888EA7482
SHA1:	9C2AD53D69F5077853A05F0933330B5D6F88A51C
SHA-256:	F7BFF98228DED981EC9A4D1D0DA62247A8D23F158926E3ACBEC3CCE379C998C2
SHA-512:	FB13F32197D3582BC20EEA604A0B0FD7923AE541CCEB3AF1CDE36B0404B8DB6312FB5270B40CBC8BA4C91B9505B57FB357EB875E8AFB3DB76DFB498CE17851ED
Malicious:	false
Preview:	# Encoding file: macGreek, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400B900B200C900B300D600DC038500E000E200E4038400A800E700E900E8.00EA00EB00A3212200EE00EF202200BD203000F400F600A600AD00F900FB00FC.2020039303940398039B039E03A000DF00AE00A903A303AA00A7226000B000B7.039100B12264226500A503920395039603970399039A039C03A603AB03A803A9.03AC039D00AC039F03A1224803A400AB00BB202600A003A503A7038603880153.20132015201C201D2018201900F70389038A038C038E03AD03AE03AF03CC038F.03CD03B103B203C803B403B503C603B303B70

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-T7B54.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.3580450853378596
Encrypted:	false
SSDEEP:
MD5:	0220F1955F01B676D2595C30DEFB6064
SHA1:	F8BD4BF6D95F672CB61B8ECAB580A765BEBDAEA5
SHA-256:	E3F071C63AC43AF66061506EF2C574C35F7BF48553FB5158AE41D9230C1A10DF
SHA-512:	F7BFF7D6534C9BFDBF0FB0147E31E948F60E933E6DA6A39E8DC62CC55FEBDD6901240460D7B3C0991844CDEE7EB8ED26E5FDBBC12BDC9B8173884D8FCA123B69
Malicious:	false
Preview:	# Encoding file: cp855, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0452040204530403045104010454040404550405045604060457040704580408.04590409045A040A045B040B045C040C045E040E045F040F044E042E044A042A.0430041004310411044604260434041404350415044404240433041300AB00BB.259125922593250225240445042504380418256325512557255D043904192510.25142534252C251C2500253C043A041A255A25542569256625602550256C00A4.043B041B043C041C043D041D043E041E043F2518250C25882584041F044F2580.042F044004200441042104420422044304230436

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-TGFJN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	41862
Entropy (8bit):	3.4936148161949747
Encrypted:	false
SSDEEP:
MD5:	8FBCB1BBC4B59D6854A8FCBF25853E0D
SHA1:	2D56965B24125D999D1020C7C347B813A972647C
SHA-256:	7502587D52E7810228F2ECB45AC4319EA0F5C008B7AC91053B920010DC6DDF94
SHA-512:	128E66F384F9EA8F3E7FBEAD0D3AA1D45570EB3669172269A89AE3B522ED44E4572C6A5C9281B7E219579041D14FF0E76777A36E3902BFA1B58DC3DA729FA075
Malicious:	false
Preview:	# Encoding file: shiftjis, multi-byte.M.003F 0 40.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080000000000000000000850086008700000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000FF61FF62FF63FF64FF65FF66FF67FF68FF69FF6AFF6BFF6CFF6DFF6EFF6F.FF70FF71FF72FF73FF74FF75FF76FF77FF78FF79FF7AFF7BFF7CFF7DFF7EFF7F.FF80FF81FF82FF83FF84FF85FF86FF87FF88FF89FF8AFF8BFF8CFF8DFF8EFF8F.FF90FF91FF92FF93FF94FF95FF96FF97FF98FF99FF9AFF9BFF9CFF9DFF9EFF9F.0000000000000000000000000000000000000

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-TKRRM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1095
Entropy (8bit):	3.2349228762697972
Encrypted:	false
SSDEEP:
MD5:	D30094CAEFA5C4A332159829C6CB7FEC
SHA1:	50FDA6C70A133CB64CF38AA4B2F313B54D2FD955
SHA-256:	C40CA014B88F97AE62AE1A816C5963B1ED432A77D84D89C3A764BA15C8A23708
SHA-512:	6EDD6912053D810D1E2B0698494D26E119EF1BF3FABC2FBFBA44551792800FA0CF163773E4F37F908C2DE41F05D6F17153656623A6D4681BE74EB253D9163422
Malicious:	false
Preview:	# Encoding file: iso8859-16, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A001040105014120AC201E016000A7016100A9021800AB017900AD017A017B.00B000B1010C0142017D201D00B600B7017E010D021900BB015201530178017C.00C000C100C2010200C4010600C600C700C800C900CA00CB00CC00CD00CE00CF.0110014300D200D300D4015000D6015A017000D900DA00DB00DC0118021A00DF.00E000E100E2010300E4010700E600E700E

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-TNKRT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1093
Entropy (8bit):	3.3361385497578406
Encrypted:	false
SSDEEP:
MD5:	30BECAE9EFD678B6FD1E08FB952A7DBE
SHA1:	E4D8EA6A0E70BB793304CA21EB1337A7A2C26A31
SHA-256:	68F22BAD30DAA81B215925416C1CC83360B3BB87EFC342058929731AC678FF37
SHA-512:	E87105F7A5A983ACEAC55E93FA802C985B2B19F51CB3C222B4C13DDCF17C32D08DF323C829FB4CA33770B668485B7D14B7F6B0CF2287B0D76091DE2A675E88BD
Malicious:	false
Preview:	# Encoding file: macRoman, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400C500C700C900D100D600DC00E100E000E200E400E300E500E700E900E8.00EA00EB00ED00EC00EE00EF00F100F300F200F400F600F500FA00F900FB00FC.202000B000A200A300A7202200B600DF00AE00A9212200B400A8226000C600D8.221E00B12264226500A500B522022211220F03C0222B00AA00BA03A900E600F8.00BF00A100AC221A01922248220600AB00BB202600A000C000C300D501520153.20132014201C201D2018201900F725CA00FF0178204420AC2039203AFB01FB02.202100B7201A201E203000C200CA00C100CB0

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-TOCSO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.447501009231115
Encrypted:	false
SSDEEP:
MD5:	8645C2DFCC4D5DAD2BCD53A180D83A2F
SHA1:	3F725245C66050D39D9234BAACE9D047A3842944
SHA-256:	D707A1F03514806E714F01CBFCB7C9F9973ACDC80C2D67BBD4E6F85223A50952
SHA-512:	208717D7B1CBDD8A0B8B3BE1B6F85353B5A094BDC370E6B8396158453DD7DC400EE6C4D60490AD1A1F4C943E733298FC971AE30606D6BAB14FB1290B886C76D0
Malicious:	false
Preview:	# Encoding file: cp437, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E400E000E500E700EA00EB00E800EF00EE00EC00C400C5.00C900E600C600F400F600F200FB00F900FF00D600DC00A200A300A520A70192.00E100ED00F300FA00F100D100AA00BA00BF231000AC00BD00BC00A100AB00BB.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-TR54R.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	82537
Entropy (8bit):	2.267779266005065
Encrypted:	false
SSDEEP:
MD5:	453626980EB36062E32D98ACECCCBD6E
SHA1:	F8FCA3985009A2CDD397CB3BAE308AF05B0D7CAC
SHA-256:	3BFB42C4D36D1763693AEFCE87F6277A11AD5A756D691DEDA804D9D0EDCB3093
SHA-512:	0F026E1EF3AE1B08BBC7050DB0B181B349511F2A526D2121A6100C426674C0FB1AD6904A5CC11AA924B7F03E33F6971599BAF85C94528428F2E22DCB7D6FE443
Malicious:	false
Preview:	# Encoding file: euc-jp, multi-byte.M.003F 0 79.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D0000008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-U7CUE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.3816687566591797
Encrypted:	false
SSDEEP:
MD5:	25A59EA83B8E9F3322A54B138861E274
SHA1:	904B357C30603DFBCF8A10A054D9399608B131DF
SHA-256:	5266B6F18C3144CFADBCB7B1D27F0A7EAA1C641FD3B33905E42E4549FD373770
SHA-512:	F7E41357849599E7BA1D47B9B2E615C3C2EF4D432978251418EBF9314AAEB0E1B0A56ED14ED9BA3BE46D3DABE5DD80E0CA6592AE88FB1923E7C3D90D7F846709
Malicious:	false
Preview:	# Encoding file: cp852, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E4016F010700E7014200EB0150015100EE017900C40106.00C90139013A00F400F6013D013E015A015B00D600DC01640165014100D7010D.00E100ED00F300FA01040105017D017E0118011900AC017A010C015F00AB00BB.2591259225932502252400C100C2011A015E256325512557255D017B017C2510.25142534252C251C2500253C01020103255A25542569256625602550256C00A4.01110110010E00CB010F014700CD00CE011B2518250C258825840162016E2580.00D300DF00D401430144014801600161015400DA

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-V0B7P.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.435639928335435
Encrypted:	false
SSDEEP:
MD5:	C612610A7B63519BB7FEFEE26904DBB5
SHA1:	431270939D3E479BF9B9A663D9E67FCEBA79416F
SHA-256:	82633643CD326543915ACC5D28A634B5795274CD39974D3955E51D7330BA9338
SHA-512:	A3B84402AB66B1332C150E9B931E75B401378DDB4378D993DD460C81909DB72F2D136F0BE7B014F0A907D9EF9BE541C8E0B42CAB01667C6EF17E1DE1E0A3D0AE
Malicious:	false
Preview:	# Encoding file: cp866, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0410041104120413041404150416041704180419041A041B041C041D041E041F.0420042104220423042404250426042704280429042A042B042C042D042E042F.0430043104320433043404350436043704380439043A043B043C043D043E043F.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.0440044104420443044404450446044704480449

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-VDCST.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	93918
Entropy (8bit):	2.3267174168729032
Encrypted:	false
SSDEEP:
MD5:	93FEADA4D8A974E90E77F6EB8A9F24AB
SHA1:	89CDA4FE6515C9C03551E4E1972FD478AF3A419C
SHA-256:	1F1AD4C4079B33B706E948A735A8C3042F40CC68065C48C220D0F56FD048C33B
SHA-512:	7FC43C273F8C2A34E7AD29375A36B6CAC539AC4C1CDCECFAF0B366DCFE605B5D924D09DAD23B2EE589B1A8A63EE0F7A0CE32CE74AC873369DE8555C9E27A5EDF
Malicious:	false
Preview:	# Encoding file: euc-kr, multi-byte.M.003F 0 90.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000

C:\Users\user\AppData\Local\Namang\tcl\encoding\is-VOVVO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.3332869352420795
Encrypted:	false
SSDEEP:
MD5:	0FFA293AA50AD2795EAB7A063C4CCAE5
SHA1:	38FEE39F44E14C3A219978F8B6E4DA548152CFD6
SHA-256:	BBACEA81D4F7A3A7F3C036273A4534D31DBF8B6B5CCA2BCC4C00CB1593CF03D8
SHA-512:	AB4A6176C8C477463A6CABD603528CEB98EF4A7FB9AA6A8659E1AA6FE3F88529DB9635D41649FBAD779AEB4413F9D8581E6CA078393A3042B468E8CAE0FA0780
Malicious:	false
Preview:	# Encoding file: cp1256, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC067E201A0192201E20262020202102C62030067920390152068606980688.06AF20182019201C201D20222013201406A921220691203A0153200C200D06BA.00A0060C00A200A300A400A500A600A700A800A906BE00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B9061B00BB00BC00BD00BE061F.06C1062106220623062406250626062706280629062A062B062C062D062E062F.063006310632063306340635063600D7063706380639063A0640064106420643.00E0064400E2064506460647064800E700E800E

C:\Users\user\AppData\Local\Namang\tcl\http1.0\is-EULRL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	735
Entropy (8bit):	4.669068874824871
Encrypted:	false
SSDEEP:
MD5:	10EC7CD64CA949099C818646B6FAE31C
SHA1:	6001A58A0701DFF225E2510A4AAEE6489A537657
SHA-256:	420C4B3088C9DACD21BC348011CAC61D7CB283B9BEE78AE72EED764AB094651C
SHA-512:	34A0ACB689E430ED2903D8A903D531A3D734CB37733EF13C5D243CB9F59C020A3856AAD98726E10AD7F4D67619A3AF1018F6C3E53A6E073E39BD31D088EFD4AF
Malicious:	false
Preview:	# Tcl package index file, version 1.0.# This file is generated by the "pkg_mkIndex" command.# and sourced either when an application starts up or.# by a "package unknown" script. It invokes the.# "package ifneeded" command to set up package-related.# information so that packages will be loaded automatically.# in response to "package require" commands. When this.# script is sourced, the variable $dir must contain the.# full path name of this file's directory...package ifneeded http 1.0 [list tclPkgSetup $dir http 1.0 {{http.tcl source {httpCopyDone httpCopyStart httpEof httpEvent httpFinish httpMapReply httpProxyRequired http_code http_config http_data http_formatQuery http_get http_reset http_size http_status http_wait}}}].

C:\Users\user\AppData\Local\Namang\tcl\http1.0\is-HDECD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9689
Entropy (8bit):	4.754346192989986
Encrypted:	false
SSDEEP:
MD5:	1DA12C32E7E4C040BD9AB2BCBAC5445B
SHA1:	8E8659BEF065AF9430509BBDD5FB4CFE0EF14153
SHA-256:	ACBFF9B5EF75790920B95023156FAD80B18AFF8CAFC4A6DC03893F9388E053A2
SHA-512:	A269C76C1684EC1A2E2AA611ABB459AA3BE2973FD456737BC8C8D2E5C8BC53A26BBC1488062281CA87E38D548281166C4D775C50C695AEC9741FE911BB431EAD
Malicious:	false
Preview:	# http.tcl.# Client-side HTTP for GET, POST, and HEAD commands..# These routines can be used in untrusted code that uses the Safesock.# security policy..# These procedures use a callback interface to avoid using vwait,.# which is not defined in the safe base..#.# See the http.n man page for documentation..package provide http 1.0..array set http {. -accept /. -proxyhost {}. -proxyport {}. -useragent {Tcl http client package 1.0}. -proxyfilter httpProxyRequired.}.proc http_config {args} {. global http. set options [lsort [array names http -*]]. set usage [join $options ", "]. if {[llength $args] == 0} {..set result {}..foreach name $options {.. lappend result $name $http($name)..}..return $result. }. regsub -all -- - $options {} options. set pat ^-([join $options \|])$. if {[llength $args] == 1} {..set flag [lindex $args 0]..if {[regexp -- $pat $flag]} {.. return $http($flag)..} else {.. return -code error "Unknown option $flag, must be:

C:\Users\user\AppData\Local\Namang\tcl\is-5RSIS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	21148
Entropy (8bit):	4.7268785966563405
Encrypted:	false
SSDEEP:
MD5:	5E9B3E874F8FBEAADEF3A004A1B291B5
SHA1:	B356286005EFB4A3A46A1FDD53E4FCDC406569D0
SHA-256:	F385515658832FEB75EE4DCE5BD53F7F67F2629077B7D049B86A730A49BD0840
SHA-512:	482C555A0DA2E635FA6838A40377EEF547746B2907F53D77E9FFCE8063C1A24322D8FAA3421FC8D12FDCAFF831B517A65DAFB1CEA6F5EA010BDC18A441B38790
Malicious:	false
Preview:	# auto.tcl --.#.# utility procs formerly in init.tcl dealing with auto execution of commands.# and can be auto loaded themselves..#.# Copyright (c) 1991-1993 The Regents of the University of California..# Copyright (c) 1994-1998 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution of.# this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# auto_reset --.#.# Destroy all cached information for auto-loading and auto-execution, so that.# the information gets recomputed the next time it's needed. Also delete any.# commands that are listed in the auto-load index..#.# Arguments:.# None...proc auto_reset {} {. global auto_execs auto_index auto_path. if {[array exists auto_index]} {..foreach cmdName [array names auto_index] {.. set fqcn [namespace which $cmdName].. if {$fqcn eq ""} {...continue.. }.. rename $fqcn {}..}. }. unset -nocomplain auto_execs auto_index ::tcl::auto_oldpath. if {[catch {llength $auto_path}]} {..

C:\Users\user\AppData\Local\Namang\tcl\is-8EVC1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	33439
Entropy (8bit):	4.750571844372246
Encrypted:	false
SSDEEP:
MD5:	325A573F30C9EA70FD891E85664E662C
SHA1:	6EC3F21EBCFD269847C43891DAD96189FACF20E4
SHA-256:	89B74D2417EB27FEEA32B8666B08D28BC1FFE5DCF1652DBD8799F7555D79C71F
SHA-512:	149FE725A3234A2F8C3EE1B03119440E3CB16586F04451B6E62CED0097B1AD227C97B55F5A66631033A888E860AB61CAF7DDD014696276BC9226D87F15164E2F
Malicious:	false
Preview:	# safe.tcl --.#.# This file provide a safe loading/sourcing mechanism for safe interpreters..# It implements a virtual path mecanism to hide the real pathnames from the.# slave. It runs in a master interpreter and sets up data structure and.# aliases that will be invoked when used from a slave interpreter..#.# See the safe.n man page for details..#.# Copyright (c) 1996-1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution of.# this file, and for a DISCLAIMER OF ALL WARRANTIES...#.# The implementation is based on namespaces. These naming conventions are.# followed:.# Private procs starts with uppercase..# Public procs are exported and starts with lowercase.#..# Needed utilities package.package require opt 0.4.1..# Create the safe namespace.namespace eval ::safe {. # Exported API:. namespace export interpCreate interpInit interpConfigure interpDelete \..interpAddToAccessPath interpFindInAccessPath setLogCmd.}..# Helper function to

C:\Users\user\AppData\Local\Namang\tcl\is-9B9Q0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	128934
Entropy (8bit):	5.001022641779315
Encrypted:	false
SSDEEP:
MD5:	F1E825244CC9741595F47F4979E971A5
SHA1:	7159DD873C567E10CADAF8638D986FFE11182A27
SHA-256:	F0CF27CB4B5D9E3B5D7C84B008981C8957A0FF94671A52CC6355131E55DD59FB
SHA-512:	468C881EB7CE92C91F28CAE2471507A76EF44091C1586DCD716309E3252ED00CCB847EC3296C1954CA6F965161664F7BB73F21A24B9FF5A86F625C0B67C74F67
Malicious:	false
Preview:	#----------------------------------------------------------------------.#.# clock.tcl --.#.#.This file implements the portions of the [clock] ensemble that are.#.coded in Tcl. Refer to the users' manual to see the description of.#.the [clock] command and its subcommands..#.#.#----------------------------------------------------------------------.#.# Copyright (c) 2004,2005,2006,2007 by Kevin B. Kenny.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#.#----------------------------------------------------------------------..# We must have message catalogs that support the root locale, and we need.# access to the Registry on Windows systems...uplevel \#0 {. package require msgcat 1.6. if { $::tcl_platform(platform) eq {windows} } {..if { [catch { package require registry 1.1 }] } {.. namespace eval ::tcl::clock [list variable NoRegistry {}]..}. }.}..# Put the library directory into the namespace

C:\Users\user\AppData\Local\Namang\tcl\is-CCJFU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	24432
Entropy (8bit):	4.824619671192163
Encrypted:	false
SSDEEP:
MD5:	B900811A252BE90C693E5E7AE365869D
SHA1:	345752C46F7E8E67DADEF7F6FD514BED4B708FC5
SHA-256:	BC492B19308BC011CFCD321F1E6E65E6239D4EEB620CC02F7E9BF89002511D4A
SHA-512:	36B8CDBA61B9222F65B055C0C513801F3278A3851912215658BCF0CE10F80197C1F12A5CA3054D8604DA005CE08DA8DCD303B8544706B642140A49C4377DD6CE
Malicious:	false
Preview:	# init.tcl --.#.# Default system startup file for Tcl-based applications. Defines.# "unknown" procedure and auto-load facilities..#.# Copyright (c) 1991-1993 The Regents of the University of California..# Copyright (c) 1994-1996 Sun Microsystems, Inc..# Copyright (c) 1998-1999 Scriptics Corporation..# Copyright (c) 2004 by Kevin B. Kenny. All rights reserved..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# This test intentionally written in pre-7.5 Tcl.if {[info commands package] == ""} {. error "version mismatch: library\nscripts expect Tcl version 7.5b1 or later but the loaded version is\nonly [info patchlevel]".}.package require -exact Tcl 8.6.9..# Compute the auto path to use in this interpreter..# The values on the path come from several locations:.#.# The environment variable TCLLIBPATH.#.# tcl_library, which is the directory containing this init.tcl script..# [tclInit] (Tcl_Init()) sea

C:\Users\user\AppData\Local\Namang\tcl\is-H0G9O.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4860
Entropy (8bit):	4.7851008522116585
Encrypted:	false
SSDEEP:
MD5:	C5DA264DC0CE5669F81702170B2CDC59
SHA1:	FED571B893EE2DC93DAF8907195503885FFACBB6
SHA-256:	A5311E3640E42F7EFF5CC1A0D8AD6956F738F093B037155674D46B634542FE5F
SHA-512:	1F1993F1F19455F87EC9952BF7CEA00A5082BD2F2E1A417FBC4F239835F3CED6C8D5E09CDA6D1A4CD9F8A24AF174F9AB1DC7BD5E94C7A6DEE2DD9F8FE7F690FF
Malicious:	false
Preview:	# word.tcl --.#.# This file defines various procedures for computing word boundaries in.# strings. This file is primarily needed so Tk text and entry widgets behave.# properly for different platforms..#.# Copyright (c) 1996 by Sun Microsystems, Inc..# Copyright (c) 1998 by Scritpics Corporation..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES...# The following variables are used to determine which characters are.# interpreted as white space...if {$::tcl_platform(platform) eq "windows"} {. # Windows style - any but a unicode space char. if {![info exists ::tcl_wordchars]} {..set ::tcl_wordchars {\S}. }. if {![info exists ::tcl_nonwordchars]} {..set ::tcl_nonwordchars {\s}. }.} else {. # Motif style - any unicode word char (number, letter, or underscore). if {![info exists ::tcl_wordchars]} {..set ::tcl_wordchars {\w}. }. if {![info exists ::tcl_nonwordchars]} {..set ::tcl_nonwo

C:\Users\user\AppData\Local\Namang\tcl\is-IB3S6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	22959
Entropy (8bit):	4.836555290409911
Encrypted:	false
SSDEEP:
MD5:	55E2DB5DCF8D49F8CD5B7D64FEA640C7
SHA1:	8FDC28822B0CC08FA3569A14A8C96EDCA03BFBBD
SHA-256:	47B6AF117199B1511F6103EC966A58E2FD41F0ABA775C44692B2069F6ED10BAD
SHA-512:	824C210106DE7EAE57A480E3F6E3A5C8FB8AC4BBF0A0A386D576D3EB2A3AC849BDFE638428184056DA9E81767E2B63EFF8E18068A1CF5149C9F8A018F817D3E5
Malicious:	false
Preview:	# package.tcl --.#.# utility procs formerly in init.tcl which can be loaded on demand.# for package management..#.# Copyright (c) 1991-1993 The Regents of the University of California..# Copyright (c) 1994-1998 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..namespace eval tcl::Pkg {}..# ::tcl::Pkg::CompareExtension --.#.# Used internally by pkg_mkIndex to compare the extension of a file to a given.# extension. On Windows, it uses a case-insensitive comparison because the.# file system can be file insensitive..#.# Arguments:.# fileName.name of a file whose extension is compared.# ext..(optional) The extension to compare against; you must.#..provide the starting dot..#..Defaults to [info sharedlibextension].#.# Results:.# Returns 1 if the extension matches, 0 otherwise..proc tcl::Pkg::CompareExtension {fileName {ext {}}} {. global tcl_platform. if {$ext eq ""} {set ext

C:\Users\user\AppData\Local\Namang\tcl\is-OI0R7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11633
Entropy (8bit):	4.706526847377957
Encrypted:	false
SSDEEP:
MD5:	F9ED2096EEA0F998C6701DB8309F95A6
SHA1:	BCDB4F7E3DB3E2D78D25ED4E9231297465B45DB8
SHA-256:	6437BD7040206D3F2DB734FA482B6E79C68BCC950FBA80C544C7F390BA158F9B
SHA-512:	E4FB8F28DC72EA913F79CEDF5776788A0310608236D6607ADC441E7F3036D589FD2B31C446C187EF5827FD37DCAA26D9E94D802513E3BF3300E94DD939695B30
Malicious:	false
Preview:	# -- tcl --.#.# Searching for Tcl Modules. Defines a procedure, declares it as the primary.# command for finding packages, however also uses the former 'package unknown'.# command as a fallback..#.# Locates all possible packages in a directory via a less restricted glob. The.# targeted directory is derived from the name of the requested package, i.e..# the TM scan will look only at directories which can contain the requested.# package. It will register all packages it found in the directory so that.# future requests have a higher chance of being fulfilled by the ifneeded.# database without having to come to us again..#.# We do not remember where we have been and simply rescan targeted directories.# when invoked again. The reasoning is this:.#.# - The only way we get back to the same directory is if someone is trying to.# [package require] something that wasn't there on the first scan..#.# Either.# 1) It is there now: If we rescan, you get it; if not you don't..#.# This co

C:\Users\user\AppData\Local\Namang\tcl\is-PGJJK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	816
Entropy (8bit):	4.833285375693491
Encrypted:	false
SSDEEP:
MD5:	FCDAF75995F2CCE0A5D5943E9585590D
SHA1:	A0B1BD4E68DCE1768D3C5E0D3C7B31E28021D3BA
SHA-256:	EBE5A2B4CBBCD7FD3F7A6F76D68D7856301DB01B350C040942A7B806A46E0014
SHA-512:	A632D0169EE3B6E6B7EF73F5FBA4B7897F9491BDB389D78165E297252424546EFB43895D3DD530864B9FCF2ECF5BCE7DA8E55BA5B4F20E23E1E45ADDAF941C11
Malicious:	false
Preview:	# parray:.# Print the contents of a global array on stdout..#.# Copyright (c) 1991-1993 The Regents of the University of California..# Copyright (c) 1994 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..proc parray {a {pattern }} {. upvar 1 $a array. if {![array exists array]} {..return -code error "\"$a\" isn't an array". }. set maxl 0. set names [lsort [array names array $pattern]]. foreach name $names {..if {[string length $name] > $maxl} {.. set maxl [string length $name]..}. }. set maxl [expr {$maxl + [string length $a] + 2}]. foreach name $names {..set nameString [format %s(%s) $a $name]..puts stdout [format "%-s = %s" $maxl $nameString $array($name)]. }.}.

C:\Users\user\AppData\Local\Namang\tcl\is-UBJKU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7900
Entropy (8bit):	4.806010360595623
Encrypted:	false
SSDEEP:
MD5:	E8FD468CCD2EE620544FE204BDE2A59D
SHA1:	2E26B7977D900EAA7D4908D5113803DF6F34FC59
SHA-256:	9B6E400EB85440EC64AB66B4AC111546585740C9CA61FD156400D7153CBAD9F4
SHA-512:	13A40A4BDE32F163CB789C69BD260ABF41C6771E7AC50FB122C727B9F39BE5D73E4D8BAE040DDDD94C5F2B901AB7C32D9C6BB62310121CA8DB4ADE25CB9AA4B0
Malicious:	false
Preview:	# history.tcl --.#.# Implementation of the history command..#.# Copyright (c) 1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution of.# this file, and for a DISCLAIMER OF ALL WARRANTIES..#...# The tcl::history array holds the history list and some additional.# bookkeeping variables..#.# nextid.the index used for the next history list item..# keep..the max size of the history list.# oldest.the index of the oldest item in the history...namespace eval ::tcl {. variable history. if {![info exists history]} {..array set history {.. nextid.0.. keep.20.. oldest.-20..}. }.. namespace ensemble create -command ::tcl::history -map {..add.::tcl::HistAdd..change.::tcl::HistChange..clear.::tcl::HistClear..event.::tcl::HistEvent..info.::tcl::HistInfo..keep.::tcl::HistKeep..nextid.::tcl::HistNextID..redo.::tcl::HistRedo. }.}...# history --.#.#.This is the main history command. See the man page for its interface..#.This does s

C:\Users\user\AppData\Local\Namang\tcl\is-V0JMB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5415
Entropy (8bit):	4.701682771925196
Encrypted:	false
SSDEEP:
MD5:	E127196E9174B429CC09C040158F6AAB
SHA1:	FF850F5D1BD8EFC1A8CB765FE8221330F0C6C699
SHA-256:	ABF7D9D1E86DE931096C21820BFA4FD70DB1F55005D2DB4AA674D86200867806
SHA-512:	C4B98EBC65E25DF41E6B9A93E16E608CF309FA0AE712578EE4974D84F7F33BCF2A6ED7626E88A343350E13DA0C5C1A88E24A87FCBD44F7DA5983BB3EF036A162
Malicious:	false
Preview:	# Tcl autoload index file, version 2.0.# -- tcl --.# This file is generated by the "auto_mkindex" command.# and sourced to set up indexing information for one or.# more commands. Typically each line is a command that.# sets an element in the auto_index array, where the.# element name is the name of a command and the value is.# a script that loads the command...set auto_index(auto_reset) [list source [file join $dir auto.tcl]].set auto_index(tcl_findLibrary) [list source [file join $dir auto.tcl]].set auto_index(auto_mkindex) [list source [file join $dir auto.tcl]].set auto_index(auto_mkindex_old) [list source [file join $dir auto.tcl]].set auto_index(::auto_mkindex_parser::init) [list source [file join $dir auto.tcl]].set auto_index(::auto_mkindex_parser::cleanup) [list source [file join $dir auto.tcl]].set auto_index(::auto_mkindex_parser::mkindex) [list source [file join $dir auto.tcl]].set auto_index(::auto_mkindex_parser::hook) [list source [file join $dir auto.tcl]].set auto_in

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-0MN84.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	300
Entropy (8bit):	4.849761581276844
Encrypted:	false
SSDEEP:
MD5:	F8AE50E60590CC1FF7CCC43F55B5B8A8
SHA1:	52892EDDFA74DD4C8040F9CDD19A9536BFF72B6E
SHA-256:	B85C9A373FF0F036151432652DD55C182B0704BD0625EA84BED1727EC0DE3DD8
SHA-512:	8E15C9CA9A7D2862FDBA330F59BB177B06E5E3154CF3EA948B8E4C0282D66E75E18C225F28F6A203B4643E8BCAA0B5BDB59578A4C20D094F8B923650796E2E72
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_AU DATE_FORMAT "%e/%m/%Y". ::msgcat::mcset en_AU TIME_FORMAT "%H:%M:%S". ::msgcat::mcset en_AU TIME_FORMAT_12 "%I:%M:%S %P %z". ::msgcat::mcset en_AU DATE_TIME_FORMAT "%e/%m/%Y %H:%M:%S %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-0OOT9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.882638228899482
Encrypted:	false
SSDEEP:
MD5:	F3A789CBC6B9DD4F5BA5182C421A9F78
SHA1:	7C2AF280C90B0104AB49B2A527602374254274CE
SHA-256:	64F796C5E3E300448A1F309A0DA7D43548CC40511036FF3A3E0C917E32147D62
SHA-512:	822C0D27D2A72C9D5336C1BCEDC13B564F0FB12146CF8D30FBE77B9C4728C4B3BF456AC62DACD2962A6B5B84761354B31CD505105EDB060BF202BA0B0A830772
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_VE DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_VE TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_VE DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-0S5JU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2102
Entropy (8bit):	4.034298184367717
Encrypted:	false
SSDEEP:
MD5:	0B9B124076C52A503A906059F7446077
SHA1:	F43A0F6CCBDDBDD5EA140C7FA55E9A82AB910A03
SHA-256:	42C34D02A6079C4D0D683750B3809F345637BC6D814652C3FB0B344B66B70C79
SHA-512:	234B9ACA1823D1D6B82583727B4EA68C014D59916B410CB9B158FA1954B6FC3767A261BD0B9F592AF0663906ADF11C2C9A3CC0A325CB1FF58F42A884AF7CB015
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset te DAYS_OF_WEEK_ABBREV [list \. "\u0c06\u0c26\u0c3f"\. "\u0c38\u0c4b\u0c2e"\. "\u0c2e\u0c02\u0c17\u0c33"\. "\u0c2c\u0c41\u0c27"\. "\u0c17\u0c41\u0c30\u0c41"\. "\u0c36\u0c41\u0c15\u0c4d\u0c30"\. "\u0c36\u0c28\u0c3f"]. ::msgcat::mcset te DAYS_OF_WEEK_FULL [list \. "\u0c06\u0c26\u0c3f\u0c35\u0c3e\u0c30\u0c02"\. "\u0c38\u0c4b\u0c2e\u0c35\u0c3e\u0c30\u0c02"\. "\u0c2e\u0c02\u0c17\u0c33\u0c35\u0c3e\u0c30\u0c02"\. "\u0c2c\u0c41\u0c27\u0c35\u0c3e\u0c30\u0c02"\. "\u0c17\u0c41\u0c30\u0c41\u0c35\u0c3e\u0c30\u0c02"\. "\u0c36\u0c41\u0c15\u0c4d\u0c30\u0c35\u0c3e\u0c30\u0c02"\. "\u0c36\u0c28\u0c3f\u0c35\u0c3e\u0c30\u0c02"]. ::msgcat::mcset te MONTHS_ABBREV [list \. "\u0c1c\u0c28\u0c35\u0c30\u0c3f"\. "\u0c2b\u0c3f\u0c2c\u0c4d\u0c30\u0c35\u0c30\u0c3f"\. "\u0c2e\u0c3e\u0c30\u0c4d\u0c1a\u

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-10KJF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	910
Entropy (8bit):	3.9292866027924838
Encrypted:	false
SSDEEP:
MD5:	441CC737D383D8213F64B62A5DBEEC3E
SHA1:	34FBE99FB25A0DCA2FDA2C008AC8127BA2BC273B
SHA-256:	831F611EE851A64BF1BA5F9A5441EC1D50722FA9F15B4227707FE1927F754DE4
SHA-512:	0474B2127890F63814CD9E77D156B5E4FC45EB3C17A57719B672AC9E3A6EEA9934F0BE158F76808B34A11DA844AB900652C18E512830278DFED2666CD005FBE5
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ms DAYS_OF_WEEK_ABBREV [list \. "Aha"\. "Isn"\. "Sei"\. "Rab"\. "Kha"\. "Jum"\. "Sab"]. ::msgcat::mcset ms DAYS_OF_WEEK_FULL [list \. "Ahad"\. "Isnin"\. "Selasa"\. "Rahu"\. "Khamis"\. "Jumaat"\. "Sabtu"]. ::msgcat::mcset ms MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mac"\. "Apr"\. "Mei"\. "Jun"\. "Jul"\. "Ogos"\. "Sep"\. "Okt"\. "Nov"\. "Dis"\. ""]. ::msgcat::mcset ms MONTHS_FULL [list \. "Januari"\. "Februari"\. "Mac"\. "April"\. "Mei"\. "Jun"\. "Julai"\. "Ogos"\. "September"\. "Oktober"\. "November"\. "Disember"\. ""].}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-13LQG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	346
Entropy (8bit):	5.08314435797197
Encrypted:	false
SSDEEP:
MD5:	9CD17E7F28186E0E71932CC241D1CBB1
SHA1:	AF1EE536AABB8198BA88D3474ED49F76A37E89FF
SHA-256:	D582406C51A3DB1EADF6507C50A1F85740FDA7DA8E27FC1438FEB6242900CB12
SHA-512:	4712DD6A27A09EA339615FC3D17BC8E4CD64FF12B2B8012E01FD4D3E7789263899FA05EDDB77044DC7B7D32B3DC55A52B8320D93499DF9A6799A8E4D07174525
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset zh_TW BCE "\u6c11\u570b\u524d". ::msgcat::mcset zh_TW CE "\u6c11\u570b". ::msgcat::mcset zh_TW DATE_FORMAT "%Y/%m/%e". ::msgcat::mcset zh_TW TIME_FORMAT_12 "%P %I:%M:%S". ::msgcat::mcset zh_TW DATE_TIME_FORMAT "%Y/%m/%e %P %I:%M:%S %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-1C5V4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1206
Entropy (8bit):	4.321464868793769
Encrypted:	false
SSDEEP:
MD5:	3B4BEE5DD7441A63A31F89D6DFA059BA
SHA1:	BEE39E45FA3A76B631B4C2D0F937FF6041E09332
SHA-256:	CCC2B4738DB16FAFB48BFC77C9E2F8BE17BC19E4140E48B61F3EF1CE7C9F3A8C
SHA-512:	AEC24C75CB00A506A46CC631A2A804C59FBE4F8EBCB86CBA0F4EE5DF7B7C12ED7D25845150599837B364E40BBFDB68244991ED5AF59C9F7792F8362A1E728883
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset et DAYS_OF_WEEK_ABBREV [list \. "P"\. "E"\. "T"\. "K"\. "N"\. "R"\. "L"]. ::msgcat::mcset et DAYS_OF_WEEK_FULL [list \. "p\u00fchap\u00e4ev"\. "esmasp\u00e4ev"\. "teisip\u00e4ev"\. "kolmap\u00e4ev"\. "neljap\u00e4ev"\. "reede"\. "laup\u00e4ev"]. ::msgcat::mcset et MONTHS_ABBREV [list \. "Jaan"\. "Veebr"\. "M\u00e4rts"\. "Apr"\. "Mai"\. "Juuni"\. "Juuli"\. "Aug"\. "Sept"\. "Okt"\. "Nov"\. "Dets"\. ""]. ::msgcat::mcset et MONTHS_FULL [list \. "Jaanuar"\. "Veebruar"\. "M\u00e4rts"\. "Aprill"\. "Mai"\. "Juuni"\. "Juuli"\. "August"\. "September"\. "Oktoober"\. "November"\. "Detsember"\. ""]. ::msgcat::mcset et

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-1GQVE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	279
Entropy (8bit):	4.83493357349932
Encrypted:	false
SSDEEP:
MD5:	4B8E5B6EB7C27A02DBC0C766479B068D
SHA1:	E97A948FFE6C8DE99F91987155DF0A81A630950E
SHA-256:	F99DA45138A8AEBFD92747FC28992F0C315C6C4AD97710EAF9427263BFFA139C
SHA-512:	D726494A6F4E1FB8C71B8B56E9B735C1837D8D22828D006EF386E41AD15CD1E4CF14DAC01966B9AFE41F7B6A44916EFC730CF038B4EC393043AE9021D11DACF2
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kl_GL DATE_FORMAT "%d %b %Y". ::msgcat::mcset kl_GL TIME_FORMAT "%T". ::msgcat::mcset kl_GL TIME_FORMAT_12 "%T". ::msgcat::mcset kl_GL DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-1JKCB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.857986813915644
Encrypted:	false
SSDEEP:
MD5:	A285817AAABD5203706D5F2A34158C03
SHA1:	18FD0178051581C9F019604499BF91B16712CC91
SHA-256:	DB81643BA1FD115E9D547943A889A56DFC0C81B63F21B1EDC1955C6884C1B2F5
SHA-512:	0B6C684F2E5122681309A6212980C95C14172723F12D4864AF8A8A913DC7081BC42AC39CF087D29770B4A1F0B3B1F712856CBF05D1975FFFC008C16A91081A00
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset id_ID DATE_FORMAT "%d %B %Y". ::msgcat::mcset id_ID TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset id_ID DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-1MOGN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	321
Entropy (8bit):	4.775448167269054
Encrypted:	false
SSDEEP:
MD5:	787C83099B6E4E80AC81DD63BA519CBE
SHA1:	1971ACFAA5753D2914577DCC9EBDF43CF89C1D00
SHA-256:	BE107F5FAE1E303EA766075C52EF2146EF149EDA37662776E18E93685B176CDC
SHA-512:	527A36D64B4B5C909F69AA8609CFFEBBA19A378CEA618E1BB07EC2AED89E456E2292080C43917DF51B08534A1D0B35F2069008324C99A7688BBEDE49049CD8A2
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_PH AM "AM". ::msgcat::mcset en_PH PM "PM". ::msgcat::mcset en_PH DATE_FORMAT "%B %e, %Y". ::msgcat::mcset en_PH TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset en_PH DATE_TIME_FORMAT "%B %e, %Y %l:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-1QQ0V.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1172
Entropy (8bit):	4.279005910896047
Encrypted:	false
SSDEEP:
MD5:	0F5C8A7022DB1203442241ABEB5901FF
SHA1:	C54C8BF05E8E6C2C0901D3C88C89DDCF35A26924
SHA-256:	D2E14BE188350D343927D5380EB5672039FE9A37E9A9957921B40E4619B36027
SHA-512:	13ACF499FA803D4446D8EC67119BC8257B1F093084B83D854643CEA918049F96C8FA08DC5F896EECA80A5FD552D90E5079937B1A3894D89A589E468172856163
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ro DAYS_OF_WEEK_ABBREV [list \. "D"\. "L"\. "Ma"\. "Mi"\. "J"\. "V"\. "S"]. ::msgcat::mcset ro DAYS_OF_WEEK_FULL [list \. "duminic\u0103"\. "luni"\. "mar\u0163i"\. "miercuri"\. "joi"\. "vineri"\. "s\u00eemb\u0103t\u0103"]. ::msgcat::mcset ro MONTHS_ABBREV [list \. "Ian"\. "Feb"\. "Mar"\. "Apr"\. "Mai"\. "Iun"\. "Iul"\. "Aug"\. "Sep"\. "Oct"\. "Nov"\. "Dec"\. ""]. ::msgcat::mcset ro MONTHS_FULL [list \. "ianuarie"\. "februarie"\. "martie"\. "aprilie"\. "mai"\. "iunie"\. "iulie"\. "august"\. "septembrie"\. "octombrie"\. "noiembrie"\. "decembrie"\. ""]. ::msgcat::mcset ro BCE "d.C.". ::msgcat::mcset ro CE

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-27RK1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1957
Entropy (8bit):	4.433104256056609
Encrypted:	false
SSDEEP:
MD5:	E6DBD1544A69BFC653865B723395E79C
SHA1:	5E4178E7282807476BD0D6E1F2E320E42FA0DE77
SHA-256:	6360CE0F31EE593E311B275F3C1F1ED427E237F31010A4280EF2C58AA6F2633A
SHA-512:	8D77DCB4333F043502CED7277AEEB0453A2C019E1A46826A0FE90F0C480A530F5646A4F76ECC1C15825601FC8B646ED7C78E53996E2908B341BA4ED1392B95F0
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fa_IN DAYS_OF_WEEK_ABBREV [list \. "\u06cc\u2214"\. "\u062f\u2214"\. "\u0633\u2214"\. "\u0686\u2214"\. "\u067e\u2214"\. "\u062c\u2214"\. "\u0634\u2214"]. ::msgcat::mcset fa_IN DAYS_OF_WEEK_FULL [list \. "\u06cc\u06cc\u200c\u0634\u0646\u0628\u0647"\. "\u062f\u0648\u0634\u0646\u0628\u0647"\. "\u0633\u0647\u200c\u0634\u0646\u0628\u0647"\. "\u0686\u0647\u0627\u0631\u0634\u0646\u0628\u0647"\. "\u067e\u0646\u062c\u200c\u0634\u0646\u0628\u0647"\. "\u062c\u0645\u0639\u0647"\. "\u0634\u0646\u0628\u0647"]. ::msgcat::mcset fa_IN MONTHS_ABBREV [list \. "\u0698\u0627\u0646"\. "\u0641\u0648\u0631"\. "\u0645\u0627\u0631"\. "\u0622\u0648\u0631"\. "\u0645\u0640\u0647"\. "\u0698\u0648\u0646"\. "\u0698\u0648\u06cc"\. "\u0627\u0648\u062a"\. "\u063

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-2FJ77.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	991
Entropy (8bit):	4.024338627988864
Encrypted:	false
SSDEEP:
MD5:	4DB24BA796D86ADF0441D2E75DE0C07E
SHA1:	9935B36FF2B1C6DFDE3EC375BC471A0E93D1F7E3
SHA-256:	6B5AB8AE265DB436B15D32263A8870EC55C7C0C07415B3F9BAAC37F73BC704E5
SHA-512:	BE7ED0559A73D01537A1E51941ED19F0FEC3F14F9527715CB119E89C97BD31CC6102934B0349D8D0554F5EDD9E3A02978F7DE4919C000A77BD353F7033A4A95B
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sw DAYS_OF_WEEK_ABBREV [list \. "Jpi"\. "Jtt"\. "Jnn"\. "Jtn"\. "Alh"\. "Iju"\. "Jmo"]. ::msgcat::mcset sw DAYS_OF_WEEK_FULL [list \. "Jumapili"\. "Jumatatu"\. "Jumanne"\. "Jumatano"\. "Alhamisi"\. "Ijumaa"\. "Jumamosi"]. ::msgcat::mcset sw MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mar"\. "Apr"\. "Mei"\. "Jun"\. "Jul"\. "Ago"\. "Sep"\. "Okt"\. "Nov"\. "Des"\. ""]. ::msgcat::mcset sw MONTHS_FULL [list \. "Januari"\. "Februari"\. "Machi"\. "Aprili"\. "Mei"\. "Juni"\. "Julai"\. "Agosti"\. "Septemba"\. "Oktoba"\. "Novemba"\. "Desemba"\. ""]. ::msgcat::mcset sw BCE "KK". ::msgcat::mcset sw CE "BK".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-2PEOH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	242
Entropy (8bit):	4.830874390627383
Encrypted:	false
SSDEEP:
MD5:	C806EF01079E6B6B7EAE5D717DA2AAB3
SHA1:	3C553536241A5D2E95A3BA9024AAB46BB87FBAD9
SHA-256:	AF530ACD69676678C95B803A29A44642ED2D2F2D077CF0F47B53FF24BAC03B2E
SHA-512:	619905C2FB5F8D2BC2CBB9F8F0EA117C0AEFBDDE5E4F826FF962D7DC069D16D5DE12E27E898471DC6C039866FB64BBF62ED54DBC031E03C7D24FC2EA38DE5699
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_AR DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_AR TIME_FORMAT "%H:%M:%S". ::msgcat::mcset es_AR DATE_TIME_FORMAT "%d/%m/%Y %H:%M:%S %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-31IDG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2286
Entropy (8bit):	4.04505151160981
Encrypted:	false
SSDEEP:
MD5:	B387D4A2AB661112F2ABF57CEDAA24A5
SHA1:	80DB233687A9314600317AD39C01466C642F3C4C
SHA-256:	297D4D7CAE6E99DB3CA6EE793519512BFF65013CF261CF90DED4D28D3D4F826F
SHA-512:	450BB56198AAAB2EEFCD4E24C29DD79D71D2EF7E8D066F3B58F9C5D831F960AFB78C46ECE2DB32EF81454BCCC80C730E36A610DC9BAF06757E0757B421BACB19
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset bn DAYS_OF_WEEK_ABBREV [list \. "\u09b0\u09ac\u09bf"\. "\u09b8\u09cb\u09ae"\. "\u09ae\u0999\u0997\u09b2"\. "\u09ac\u09c1\u09a7"\. "\u09ac\u09c3\u09b9\u09b8\u09cd\u09aa\u09a4\u09bf"\. "\u09b6\u09c1\u0995\u09cd\u09b0"\. "\u09b6\u09a8\u09bf"]. ::msgcat::mcset bn DAYS_OF_WEEK_FULL [list \. "\u09b0\u09ac\u09bf\u09ac\u09be\u09b0"\. "\u09b8\u09cb\u09ae\u09ac\u09be\u09b0"\. "\u09ae\u0999\u0997\u09b2\u09ac\u09be\u09b0"\. "\u09ac\u09c1\u09a7\u09ac\u09be\u09b0"\. "\u09ac\u09c3\u09b9\u09b8\u09cd\u09aa\u09a4\u09bf\u09ac\u09be\u09b0"\. "\u09b6\u09c1\u0995\u09cd\u09b0\u09ac\u09be\u09b0"\. "\u09b6\u09a8\u09bf\u09ac\u09be\u09b0"]. ::msgcat::mcset bn MONTHS_ABBREV [list \. "\u099c\u09be\u09a8\u09c1\u09df\u09be\u09b0\u09c0"\. "\u09ab\u09c7\u09ac\u09cd\u09b0\u09c1\u09df\u09be\u09b0\u09c0"\.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-40L63.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1102
Entropy (8bit):	4.213250101046006
Encrypted:	false
SSDEEP:
MD5:	9378A5AD135137759D46A7CC4E4270E0
SHA1:	8D2D53DA208BB670A335C752DFC4B4FF4509A799
SHA-256:	14FF564FAB584571E954BE20D61C2FACB096FE2B3EF369CC5ECB7C25C2D92D5A
SHA-512:	EF784D0D982BA0B0CB37F1DA15F8AF3BE5321F59E586DBED1EDD0B3A38213D3CEA1CDFC983A025418403400CCE6039B786EE35694A5DFCE1F22CB2D315F5FCF8
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ca DAYS_OF_WEEK_ABBREV [list \. "dg."\. "dl."\. "dt."\. "dc."\. "dj."\. "dv."\. "ds."]. ::msgcat::mcset ca DAYS_OF_WEEK_FULL [list \. "diumenge"\. "dilluns"\. "dimarts"\. "dimecres"\. "dijous"\. "divendres"\. "dissabte"]. ::msgcat::mcset ca MONTHS_ABBREV [list \. "gen."\. "feb."\. "mar\u00e7"\. "abr."\. "maig"\. "juny"\. "jul."\. "ag."\. "set."\. "oct."\. "nov."\. "des."\. ""]. ::msgcat::mcset ca MONTHS_FULL [list \. "gener"\. "febrer"\. "mar\u00e7"\. "abril"\. "maig"\. "juny"\. "juliol"\. "agost"\. "setembre"\. "octubre"\. "novembre"\. "desembre"\. ""]. ::msgcat::mcset ca DATE_FORMAT "%d/%m/%Y". ::msg

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-4488I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	242
Entropy (8bit):	4.8961185447535
Encrypted:	false
SSDEEP:
MD5:	E719F47462123A8E7DABADD2D362B4D8
SHA1:	332E4CC96E7A01DA7FB399EA14770A5C5185B9F2
SHA-256:	AE5D3DF23F019455F3EDFC3262AAC2B00098881F09B9A934C0D26C0AB896700C
SHA-512:	93C19D51B633A118AB0D172C5A0991E5084BD54B2E61469D800F80B251A57BD1392BA66FD627586E75B1B075A7C9C2C667654F5783C423819FBDEA640A210BFA
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ru_UA DATE_FORMAT "%d.%m.%Y". ::msgcat::mcset ru_UA TIME_FORMAT "%k:%M:%S". ::msgcat::mcset ru_UA DATE_TIME_FORMAT "%d.%m.%Y %k:%M:%S %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-499EJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1835
Entropy (8bit):	4.018233695396
Encrypted:	false
SSDEEP:
MD5:	2D9C969318D1740049D28EBBD4F62C1D
SHA1:	121665081AFC33DDBCF679D7479BF0BC47FEF716
SHA-256:	30A142A48E57F194ECC3AA9243930F3E6E1B4E8B331A8CDD2705EC9C280DCCBB
SHA-512:	7C32907C39BFB89F558692535041B2A7FA18A64E072F5CF9AB95273F3AC5A7C480B4F953B13484A07AA4DA822613E27E78CC7B02ACE7A61E58FDB5507D7579C3
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ta DAYS_OF_WEEK_FULL [list \. "\u0b9e\u0bbe\u0baf\u0bbf\u0bb1\u0bc1"\. "\u0ba4\u0bbf\u0b99\u0bcd\u0b95\u0bb3\u0bcd"\. "\u0b9a\u0bc6\u0bb5\u0bcd\u0bb5\u0bbe\u0baf\u0bcd"\. "\u0baa\u0bc1\u0ba4\u0ba9\u0bcd"\. "\u0bb5\u0bbf\u0baf\u0bbe\u0bb4\u0ba9\u0bcd"\. "\u0bb5\u0bc6\u0bb3\u0bcd\u0bb3\u0bbf"\. "\u0b9a\u0ba9\u0bbf"]. ::msgcat::mcset ta MONTHS_ABBREV [list \. "\u0b9c\u0ba9\u0bb5\u0bb0\u0bbf"\. "\u0baa\u0bc6\u0baa\u0bcd\u0bb0\u0bb5\u0bb0\u0bbf"\. "\u0bae\u0bbe\u0bb0\u0bcd\u0b9a\u0bcd"\. "\u0b8f\u0baa\u0bcd\u0bb0\u0bb2\u0bcd"\. "\u0bae\u0bc7"\. "\u0b9c\u0bc2\u0ba9\u0bcd"\. "\u0b9c\u0bc2\u0bb2\u0bc8"\. "\u0b86\u0b95\u0bb8\u0bcd\u0b9f\u0bcd"\. "\u0b9a\u0bc6\u0baa\u0bcd\u0b9f\u0bae\u0bcd\u0baa\u0bb0\u0bcd"\. "\u0b85\u0b95\u0bcd\u0b9f\u0bcb\u0baa\u0bb0\u0bcd"\. "\u0ba8\u0bb

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-4JRCF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1819
Entropy (8bit):	4.363233187157474
Encrypted:	false
SSDEEP:
MD5:	11FA3BA30A0EE6A7B2B9D67B439C240D
SHA1:	EC5557A16A0293ABF4AA8E5FD50940B60A8A36A6
SHA-256:	E737D8DC724AA3B9EC07165C13E8628C6A8AC1E80345E10DC77E1FC62A6D86F1
SHA-512:	B776E7C98FB819436C61665206EE0A2644AA4952D739FF7CC58EAFBD549BD1D26028DE8E11B8533814102B31FC3884F95890971F547804BCAA4530E35BDD5CFD
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset bg DAYS_OF_WEEK_ABBREV [list \. "\u041d\u0434"\. "\u041f\u043d"\. "\u0412\u0442"\. "\u0421\u0440"\. "\u0427\u0442"\. "\u041f\u0442"\. "\u0421\u0431"]. ::msgcat::mcset bg DAYS_OF_WEEK_FULL [list \. "\u041d\u0435\u0434\u0435\u043b\u044f"\. "\u041f\u043e\u043d\u0435\u0434\u0435\u043b\u043d\u0438\u043a"\. "\u0412\u0442\u043e\u0440\u043d\u0438\u043a"\. "\u0421\u0440\u044f\u0434\u0430"\. "\u0427\u0435\u0442\u0432\u044a\u0440\u0442\u044a\u043a"\. "\u041f\u0435\u0442\u044a\u043a"\. "\u0421\u044a\u0431\u043e\u0442\u0430"]. ::msgcat::mcset bg MONTHS_ABBREV [list \. "I"\. "II"\. "III"\. "IV"\. "V"\. "VI"\. "VII"\. "VIII"\. "IX"\. "X"\. "XI"\. "XII"\. ""]. ::msgcat::mcset bg MONTHS_FULL [list \. "\u042

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-5EF2E.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1807
Entropy (8bit):	4.160320823510059
Encrypted:	false
SSDEEP:
MD5:	791408BAE710B77A27AD664EC3325E1C
SHA1:	E760B143A854838E18FFB66500F4D312DD80634E
SHA-256:	EB2E2B7A41854AF68CEF5881CF1FBF4D38E70D2FAB2C3F3CE5901AA5CC56FC15
SHA-512:	FE91EF67AB9313909FE0C29D5FBE2298EE35969A26A63D94A406BFDA7BCF932F2211F94C0E3C1D718DBC2D1145283C768C23487EEB253249ACFE76E8D1F1D1E5
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset mr DAYS_OF_WEEK_FULL [list \. "\u0930\u0935\u093f\u0935\u093e\u0930"\. "\u0938\u094b\u092e\u0935\u093e\u0930"\. "\u092e\u0902\u0917\u0933\u0935\u093e\u0930"\. "\u092e\u0902\u0917\u0933\u0935\u093e\u0930"\. "\u0917\u0941\u0930\u0941\u0935\u093e\u0930"\. "\u0936\u0941\u0915\u094d\u0930\u0935\u093e\u0930"\. "\u0936\u0928\u093f\u0935\u093e\u0930"]. ::msgcat::mcset mr MONTHS_ABBREV [list \. "\u091c\u093e\u0928\u0947\u0935\u093e\u0930\u0940"\. "\u092b\u0947\u092c\u0943\u0935\u093e\u0930\u0940"\. "\u092e\u093e\u0930\u094d\u091a"\. "\u090f\u092a\u094d\u0930\u093f\u0932"\. "\u092e\u0947"\. "\u091c\u0942\u0928"\. "\u091c\u0941\u0932\u0948"\. "\u0913\u0917\u0938\u094d\u091f"\. "\u0938\u0947\u092a\u094d\u091f\u0947\u0902\u092c\u0930"\. "\u0913\u0915\u094d\u091f\u094b\u092c\u0930"\.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-5IPTJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.879621059534584
Encrypted:	false
SSDEEP:
MD5:	27C356DF1BED4B22DFA55835115BE082
SHA1:	677394DF81CDBAF3D3E735F4977153BB5C81B1A6
SHA-256:	3C2F5F631ED3603EF0D5BCB31C51B2353C5C27839C806A036F3B7007AF7F3DE8
SHA-512:	EE88348C103382F91F684A09F594177119960F87E58C5E4FC718C698AD436E332B74B8ED18DF8563F736515A3A6442C608EBCBE6D1BD13B3E3664E1AA3851076
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset af_ZA DATE_FORMAT "%d %B %Y". ::msgcat::mcset af_ZA TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset af_ZA DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-6035I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.8632965835916195
Encrypted:	false
SSDEEP:
MD5:	74F014096C233B4D1D38A9DFB15B01BB
SHA1:	75C28321AFED3D9CDA3EBF3FD059CDEA597BB13A
SHA-256:	CC826C93682EF19D29AB6304657E07802C70CF18B1E5EA99C3480DF6D2383983
SHA-512:	24E7C3914BF095B55DE7F01CB537E20112E10CF741333FD0185FEF0B0E3A1CD9651C2B2EDC470BCF18F51ADB352CA7550CFBF4F79342DCA33F7E0841AEDEBA8D
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_PE DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_PE TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_PE DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-6AFHV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.8668686830029335
Encrypted:	false
SSDEEP:
MD5:	44F2EE567A3E9A021A3C16062CEAE220
SHA1:	180E938584F0A57AC0C3F85E6574BC48291D820E
SHA-256:	847C14C297DBE4D8517DEBAA8ED555F3DAEDF843D6BAD1F411598631A0BD3507
SHA-512:	BEB005D006E432963F9C1EF474A1E3669C8B7AF0681681E74DDA8FE9C8EE04D307EF85CF0257DA72663026138D38807A6ABA1255337CF8CC724ED1993039B40C
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_DO DATE_FORMAT "%m/%d/%Y". ::msgcat::mcset es_DO TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_DO DATE_TIME_FORMAT "%m/%d/%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-6G4LQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	978
Entropy (8bit):	4.013253613061898
Encrypted:	false
SSDEEP:
MD5:	AE55E001BBE3272CE13369C836139EF3
SHA1:	D912A0AEBA08BC97D80E9B7A55CE146956C90BCC
SHA-256:	1B00229DF5A979A040339BBC72D448F39968FEE5CC24F07241C9F6129A9B53DD
SHA-512:	E53E8DB56AD367E832A121D637CA4755E6C8768C063E4BE43E6193C5F71ED7AA10F7223AC85750C0CAD543CF4A0BFE578CBA2877F176A5E58DCA2BAA2F7177FB
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kl DAYS_OF_WEEK_ABBREV [list \. "sab"\. "ata"\. "mar"\. "pin"\. "sis"\. "tal"\. "arf"]. ::msgcat::mcset kl DAYS_OF_WEEK_FULL [list \. "sabaat"\. "ataasinngorneq"\. "marlunngorneq"\. "pingasunngorneq"\. "sisamanngorneq"\. "tallimanngorneq"\. "arfininngorneq"]. ::msgcat::mcset kl MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "maj"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset kl MONTHS_FULL [list \. "januari"\. "februari"\. "martsi"\. "aprili"\. "maji"\. "juni"\. "juli"\. "augustusi"\. "septemberi"\. "oktoberi"\. "novemberi"\. "decemberi"\. ""].}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-6KLNR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	244
Entropy (8bit):	4.851375233848049
Encrypted:	false
SSDEEP:
MD5:	8666E24230AED4DC76DB93BE1EA07FF6
SHA1:	7C688C8693C76AEE07FB32637CD58E47A85760F3
SHA-256:	2EE356FFA2491A5A60BDF7D7FEBFAC426824904738615A0C1D07AEF6BDA3B76F
SHA-512:	BCCE87FB94B28B369B9EE48D792A399DB8250D0D3D73FC05D053276A7475229EF1555D5E516D780092496F0E5F229A9912A45FB5A88C024FCEBF08E654D37B07
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset it_CH DATE_FORMAT "%e. %B %Y". ::msgcat::mcset it_CH TIME_FORMAT "%H:%M:%S". ::msgcat::mcset it_CH DATE_TIME_FORMAT "%e. %B %Y %H:%M:%S %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-6PIQE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1964
Entropy (8bit):	4.417722751563065
Encrypted:	false
SSDEEP:
MD5:	0A88A6BFF15A6DABAAE48A78D01CFAF1
SHA1:	90834BCBDA9B9317B92786EC89E20DCF1F2DBD22
SHA-256:	BF984EC7CF619E700FE7E00381FF58ABE9BD2F4B3DD622EB2EDACCC5E6681050
SHA-512:	85CB96321BB6FB3119D69540B9E76916F0C5F534BA01382E73F8F9A0EE67A7F1BFC39947335688F2C8F3DB9B51D969D8EA7C7104A035C0E949E8E009D4656288
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ar DAYS_OF_WEEK_ABBREV [list \. "\u062d"\. "\u0646"\. "\u062b"\. "\u0631"\. "\u062e"\. "\u062c"\. "\u0633"]. ::msgcat::mcset ar DAYS_OF_WEEK_FULL [list \. "\u0627\u0644\u0623\u062d\u062f"\. "\u0627\u0644\u0627\u062b\u0646\u064a\u0646"\. "\u0627\u0644\u062b\u0644\u0627\u062b\u0627\u0621"\. "\u0627\u0644\u0623\u0631\u0628\u0639\u0627\u0621"\. "\u0627\u0644\u062e\u0645\u064a\u0633"\. "\u0627\u0644\u062c\u0645\u0639\u0629"\. "\u0627\u0644\u0633\u0628\u062a"]. ::msgcat::mcset ar MONTHS_ABBREV [list \. "\u064a\u0646\u0627"\. "\u0641\u0628\u0631"\. "\u0645\u0627\u0631"\. "\u0623\u0628\u0631"\. "\u0645\u0627\u064a"\. "\u064a\u0648\u0646"\. "\u064a\u0648\u0644"\. "\u0623\u063a\u0633"\. "\u0633\u0628\u062a"\. "\u0623\u0643\u062a"\

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-71S98.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1958
Entropy (8bit):	4.1451019501109965
Encrypted:	false
SSDEEP:
MD5:	E7938CB3AF53D42B4142CB104AB04B3B
SHA1:	6205BD2336857F368CABF89647F54D94E093A77B
SHA-256:	D236D5B27184B1E813E686D901418117F22D67024E6944018FC4B633DF9FF744
SHA-512:	CE77CE2EC773F3A1A3CD68589C26F7089E8133ADE601CE899EEB0B13648051344A94E69AEC2C8C58349456E52B11EB7545C8926E3F08DB643EE551C641FF38DB
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kok DAYS_OF_WEEK_FULL [list \. "\u0906\u0926\u093f\u0924\u094d\u092f\u0935\u093e\u0930"\. "\u0938\u094b\u092e\u0935\u093e\u0930"\. "\u092e\u0902\u0917\u0933\u093e\u0930"\. "\u092c\u0941\u0927\u0935\u093e\u0930"\. "\u0917\u0941\u0930\u0941\u0935\u093e\u0930"\. "\u0936\u0941\u0915\u094d\u0930\u0935\u093e\u0930"\. "\u0936\u0928\u093f\u0935\u093e\u0930"]. ::msgcat::mcset kok MONTHS_ABBREV [list \. "\u091c\u093e\u0928\u0947\u0935\u093e\u0930\u0940"\. "\u092b\u0947\u092c\u0943\u0935\u093e\u0930\u0940"\. "\u092e\u093e\u0930\u094d\u091a"\. "\u090f\u092a\u094d\u0930\u093f\u0932"\. "\u092e\u0947"\. "\u091c\u0942\u0928"\. "\u091c\u0941\u0932\u0948"\. "\u0913\u0917\u0938\u094d\u091f"\. "\u0938\u0947\u092a\u094d\u091f\u0947\u0902\u092c\u0930"\. "\u0913\u0915\u094d\u091f\u094b\u092c\u0

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-7CDH7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	300
Entropy (8bit):	4.89415873600679
Encrypted:	false
SSDEEP:
MD5:	DB734349F7A1A83E1CB18814DB6572E8
SHA1:	3386B2599C7C170A03E4EED68C39EAC7ADD01708
SHA-256:	812DB204E4CB8266207A4E948FBA3DD1EFE4D071BBB793F9743A4320A1CEEBE3
SHA-512:	EF09006552C624A2F1C62155251A18BDA9EE85C9FC81ABBEDE8416179B1F82AD0D88E42AB0A10B4871EF4B7DB670E4A824392339976C3C95FB31F588CDE5840D
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_NZ DATE_FORMAT "%e/%m/%Y". ::msgcat::mcset en_NZ TIME_FORMAT "%H:%M:%S". ::msgcat::mcset en_NZ TIME_FORMAT_12 "%I:%M:%S %P %z". ::msgcat::mcset en_NZ DATE_TIME_FORMAT "%e/%m/%Y %H:%M:%S %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-7HGST.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	281
Entropy (8bit):	4.866549204705568
Encrypted:	false
SSDEEP:
MD5:	8B27EFF0D45F536852E7A819500B7F93
SHA1:	CAED7D4334BAD8BE586A1AEEE270FB6913A03512
SHA-256:	AB160BFDEB5C3ADF071E01C78312A81EE4223BBF5470AB880972BBF5965291F3
SHA-512:	52DD94F524C1D9AB13F5933265691E8C44B2946F507DE30D789FDCFEA7839A4076CB55A01CEB49194134D7BC84E4F490341AAB9DFB75BB960B03829D6550872B
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fr_CH DATE_FORMAT "%d. %m. %y". ::msgcat::mcset fr_CH TIME_FORMAT "%T". ::msgcat::mcset fr_CH TIME_FORMAT_12 "%T". ::msgcat::mcset fr_CH DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-82H5P.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.863953145489551
Encrypted:	false
SSDEEP:
MD5:	F60290CF48AA4EDCA938E496F43135FD
SHA1:	0EE5A36277EA4E7A1F4C6D1D9EE32D90918DA25C
SHA-256:	D0FAA9D7997D5696BFF92384144E0B9DFB2E4C38375817613F81A89C06EC6383
SHA-512:	380DFCD951D15E53FCB1DEF4B892C8FD65CEFBF0857D5A7347FF3ED34F69ADD53AEEF895EDCFC6D2F24A65AB8F67CF813AEA2045EDBF3BF182BD0635B5ACB1A4
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_MX DATE_FORMAT "%e/%m/%Y". ::msgcat::mcset es_MX TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_MX DATE_TIME_FORMAT "%e/%m/%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-83IQD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	752
Entropy (8bit):	4.660158381384211
Encrypted:	false
SSDEEP:
MD5:	D8C6BFBFCE44B6A8A038BA44CB3DB550
SHA1:	FBD609576E65B56EDA67FD8A1801A27B43DB5486
SHA-256:	D123E0B4C2614F680808B58CCA0C140BA187494B2C8BCF8C604C7EB739C70882
SHA-512:	3455145CF5C77FC847909AB1A283452D0C877158616C8AA7BDFFC141B86B2E66F9FF45C3BB6A4A9D758D2F8FFCB1FE919477C4553EFE527C0EDC912EBBCAABCD
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset zh_HK DAYS_OF_WEEK_ABBREV [list \. "\u65e5"\. "\u4e00"\. "\u4e8c"\. "\u4e09"\. "\u56db"\. "\u4e94"\. "\u516d"]. ::msgcat::mcset zh_HK MONTHS_ABBREV [list \. "1\u6708"\. "2\u6708"\. "3\u6708"\. "4\u6708"\. "5\u6708"\. "6\u6708"\. "7\u6708"\. "8\u6708"\. "9\u6708"\. "10\u6708"\. "11\u6708"\. "12\u6708"\. ""]. ::msgcat::mcset zh_HK DATE_FORMAT "%Y\u5e74%m\u6708%e\u65e5". ::msgcat::mcset zh_HK TIME_FORMAT_12 "%P%I:%M:%S". ::msgcat::mcset zh_HK DATE_TIME_FORMAT "%Y\u5e74%m\u6708%e\u65e5 %P%I:%M:%S %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-88I54.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.882853646266983
Encrypted:	false
SSDEEP:
MD5:	BC86C58492BCB8828489B871D2A727F0
SHA1:	22EEC74FC011063071A40C3860AE8EF38D898582
SHA-256:	29C7CA358FFFCAF94753C7CC2F63B58386234B75552FA3272C2E36F253770C3F
SHA-512:	ABFE093952144A285F7A86800F5933F7242CB224D917B4BAA4FD2CA48792BEFCBEE9AB7073472510B53D31083719EC68A77DD896410B3DC3C6E2CCD60C2E92F9
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset hi_IN DATE_FORMAT "%d %M %Y". ::msgcat::mcset hi_IN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset hi_IN DATE_TIME_FORMAT "%d %M %Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-89E70.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1219
Entropy (8bit):	4.39393801727056
Encrypted:	false
SSDEEP:
MD5:	D5DEB8EFFE6298858F9D1B9FAD0EA525
SHA1:	973DF40D0464BCE10EB5991806D9990B65AB0F82
SHA-256:	FD95B38A3BEBD59468BDC2890BAC59DF31C352E17F2E77C82471E1CA89469802
SHA-512:	F024E3D6D30E8E5C3316364A905C8CCAC87427BFC2EC10E72065F1DD114A112A61FDECDF1C4EC9C3D8BB9A54D18ED4AE9D57B07DA4AFFE480DE12F3D54BED928
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset lv DAYS_OF_WEEK_ABBREV [list \. "Sv"\. "P"\. "O"\. "T"\. "C"\. "Pk"\. "S"]. ::msgcat::mcset lv DAYS_OF_WEEK_FULL [list \. "sv\u0113tdiena"\. "pirmdiena"\. "otrdiena"\. "tre\u0161diena"\. "ceturdien"\. "piektdiena"\. "sestdiena"]. ::msgcat::mcset lv MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mar"\. "Apr"\. "Maijs"\. "J\u016bn"\. "J\u016bl"\. "Aug"\. "Sep"\. "Okt"\. "Nov"\. "Dec"\. ""]. ::msgcat::mcset lv MONTHS_FULL [list \. "janv\u0101ris"\. "febru\u0101ris"\. "marts"\. "apr\u012blis"\. "maijs"\. "j\u016bnijs"\. "j\u016blijs"\. "augusts"\. "septembris"\. "oktobris"\. "novembris"\. "decembris"\. ""]. ::msgcat

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-8DSP0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1421
Entropy (8bit):	4.382223858419589
Encrypted:	false
SSDEEP:
MD5:	3BD0AB95976D1B80A30547E4B23FD595
SHA1:	B3E5DC095973E46D8808326B2A1FC45046B5267F
SHA-256:	9C69094C0BD52D5AE8448431574EAE8EE4BE31EC2E8602366DF6C6BF4BC89A58
SHA-512:	2A68A7ADC385EDEA02E4558884A24DCC6328CC9F7D459CC03CC9F2D2F58CF6FF2103AD5B45C6D05B7E13F28408C6B05CDDF1DF60E822E5095F86A49052E19E59
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset vi DAYS_OF_WEEK_ABBREV [list \. "Th 2"\. "Th 3"\. "Th 4"\. "Th 5"\. "Th 6"\. "Th 7"\. "CN"]. ::msgcat::mcset vi DAYS_OF_WEEK_FULL [list \. "Th\u01b0\u0301 hai"\. "Th\u01b0\u0301 ba"\. "Th\u01b0\u0301 t\u01b0"\. "Th\u01b0\u0301 n\u0103m"\. "Th\u01b0\u0301 s\u00e1u"\. "Th\u01b0\u0301 ba\u0309y"\. "Chu\u0309 nh\u00e2\u0323t"]. ::msgcat::mcset vi MONTHS_ABBREV [list \. "Thg 1"\. "Thg 2"\. "Thg 3"\. "Thg 4"\. "Thg 5"\. "Thg 6"\. "Thg 7"\. "Thg 8"\. "Thg 9"\. "Thg 10"\. "Thg 11"\. "Thg 12"\. ""]. ::msgcat::mcset vi MONTHS_FULL [list \. "Th\u00e1ng m\u00f4\u0323t"\. "Th\u00e1ng hai"\. "Th\u00e1ng ba"\. "Th\u00e1ng t\u01b0"\. "Th\u00e1ng n\u0103m"\. "Th\u00e1ng s\

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-8HI27.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1938
Entropy (8bit):	4.234997703698801
Encrypted:	false
SSDEEP:
MD5:	FFD5D8007D78770EA0E7E5643F1BD20A
SHA1:	40854EB81EE670086D0D0C0C2F0F9D8406DF6B47
SHA-256:	D27ADAF74EBB18D6964882CF931260331B93AE4B283427F9A0DB147A83DE1D55
SHA-512:	EFBDADE1157C7E1CB8458CBA89913FB44DC2399AD860FCAEDA588B99230B0934EDAAF8BAB1742E03F06FA8047D3605E8D63BB23EC4B32155C256D07C46ABBFEE
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset he DAYS_OF_WEEK_ABBREV [list \. "\u05d0"\. "\u05d1"\. "\u05d2"\. "\u05d3"\. "\u05d4"\. "\u05d5"\. "\u05e9"]. ::msgcat::mcset he DAYS_OF_WEEK_FULL [list \. "\u05d9\u05d5\u05dd \u05e8\u05d0\u05e9\u05d5\u05df"\. "\u05d9\u05d5\u05dd \u05e9\u05e0\u05d9"\. "\u05d9\u05d5\u05dd \u05e9\u05dc\u05d9\u05e9\u05d9"\. "\u05d9\u05d5\u05dd \u05e8\u05d1\u05d9\u05e2\u05d9"\. "\u05d9\u05d5\u05dd \u05d7\u05de\u05d9\u05e9\u05d9"\. "\u05d9\u05d5\u05dd \u05e9\u05d9\u05e9\u05d9"\. "\u05e9\u05d1\u05ea"]. ::msgcat::mcset he MONTHS_ABBREV [list \. "\u05d9\u05e0\u05d5"\. "\u05e4\u05d1\u05e8"\. "\u05de\u05e8\u05e5"\. "\u05d0\u05e4\u05e8"\. "\u05de\u05d0\u05d9"\. "\u05d9\u05d5\u05e0"\. "\u05d9\u05d5\u05dc"\. "\u05d0\u05d5\u05d2"\. "\u05e1\u05e4\u05d8"\.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-8PHJ6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	4.26110325084843
Encrypted:	false
SSDEEP:
MD5:	2566BDE28B17C526227634F1B4FC7047
SHA1:	BE6940EC9F4C5E228F043F9D46A42234A02F4A03
SHA-256:	BD488C9D791ABEDF698B66B768E2BF24251FFEAF06F53FB3746CAB457710FF77
SHA-512:	CC684BFC82CA55240C5B542F3F63E0FF43AEF958469B3978E414261BC4FADB50A0AE3554CF2468AC88E4DDB70D2258296C0A2FBB69312223EED56C7C03FEC17C
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sl DAYS_OF_WEEK_ABBREV [list \. "Ned"\. "Pon"\. "Tor"\. "Sre"\. "\u010cet"\. "Pet"\. "Sob"]. ::msgcat::mcset sl DAYS_OF_WEEK_FULL [list \. "Nedelja"\. "Ponedeljek"\. "Torek"\. "Sreda"\. "\u010cetrtek"\. "Petek"\. "Sobota"]. ::msgcat::mcset sl MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "maj"\. "jun"\. "jul"\. "avg"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset sl MONTHS_FULL [list \. "januar"\. "februar"\. "marec"\. "april"\. "maj"\. "junij"\. "julij"\. "avgust"\. "september"\. "oktober"\. "november"\. "december"\. ""]. ::msgcat::mcset sl BCE "pr.n.\u0161.". ::msgcat::mcset sl CE "p

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-9F61I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1160
Entropy (8bit):	4.287536872407747
Encrypted:	false
SSDEEP:
MD5:	C7BBD44BD3C30C6116A15C77B15F8E79
SHA1:	37CD1477A3318838E8D5C93D596A23F99C8409F2
SHA-256:	00F119701C9F3EBA273701A6A731ADAFD7B8902F6BCCF34E61308984456E193A
SHA-512:	DAFBDA53CF6AD57A4F6A078E9EF8ED3CACF2F8809DC2AEFB812A4C3ACCD51D954C52079FA26828D670BF696E14989D3FE3C249F1E612B7C759770378919D8BBC
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sh DAYS_OF_WEEK_ABBREV [list \. "Ned"\. "Pon"\. "Uto"\. "Sre"\. "\u010cet"\. "Pet"\. "Sub"]. ::msgcat::mcset sh DAYS_OF_WEEK_FULL [list \. "Nedelja"\. "Ponedeljak"\. "Utorak"\. "Sreda"\. "\u010cetvrtak"\. "Petak"\. "Subota"]. ::msgcat::mcset sh MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mar"\. "Apr"\. "Maj"\. "Jun"\. "Jul"\. "Avg"\. "Sep"\. "Okt"\. "Nov"\. "Dec"\. ""]. ::msgcat::mcset sh MONTHS_FULL [list \. "Januar"\. "Februar"\. "Mart"\. "April"\. "Maj"\. "Juni"\. "Juli"\. "Avgust"\. "Septembar"\. "Oktobar"\. "Novembar"\. "Decembar"\. ""]. ::msgcat::mcset sh BCE "p. n. e.". ::msgcat::mcset sh CE "n. e."

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-9HI5J.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.815592015875268
Encrypted:	false
SSDEEP:
MD5:	293456B39BE945C55536A5DD894787F0
SHA1:	94DEF0056C7E3082E58266BCE436A61C045EA394
SHA-256:	AA57D5FB5CC3F59EC6A3F99D7A5184403809AA3A3BC02ED0842507D4218B683D
SHA-512:	AB763F2932F2FF48AC18C8715F661F7405607E1818B53E0D0F32184ABE67714F03A39A9D0637D0D93CE43606C3E1D702D2A3F8660C288F61DFE852747B652B59
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ta_IN DATE_FORMAT "%d %M %Y". ::msgcat::mcset ta_IN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset ta_IN DATE_TIME_FORMAT "%d %M %Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-9LE68.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	288
Entropy (8bit):	4.828989678102087
Encrypted:	false
SSDEEP:
MD5:	F9A9EE00A4A2A899EDCCA6D82B3FA02A
SHA1:	BFDBAD5C0A323A37D5F91C37EC899B923DA5B0F5
SHA-256:	C9FE2223C4949AC0A193F321FC0FD7C344A9E49A54B00F8A4C30404798658631
SHA-512:	4E5471ADE75E0B91A02A30D8A042791D63565487CBCA1825EA68DD54A3AE6F1E386D9F3B016D233406D4B0B499B05DF6295BC0FFE85E8AA9DA4B4B7CC0128AD9
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_CA DATE_FORMAT "%d/%m/%y". ::msgcat::mcset en_CA TIME_FORMAT "%r". ::msgcat::mcset en_CA TIME_FORMAT_12 "%I:%M:%S %p". ::msgcat::mcset en_CA DATE_TIME_FORMAT "%a %d %b %Y %r %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-9MPDU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2252
Entropy (8bit):	4.313031807335687
Encrypted:	false
SSDEEP:
MD5:	E152787B40C5E30699AD5E9B0C60DC07
SHA1:	4FB9DB6E784E1D28E632B55ED31FBBB4997BF575
SHA-256:	9B2F91BE34024FBCF645F6EF92460E5F944CA6A16268B79478AB904B2934D357
SHA-512:	DE59E17CAB924A35C4CC74FE8FCA4776BD49E30C224E476741A273A74BBE40CDAAEDBF6BBB5E30011CD0FEED6B2840F607FD0F1BD3E136E7FE39BAE81C7ED4DB
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset el DAYS_OF_WEEK_ABBREV [list \. "\u039a\u03c5\u03c1"\. "\u0394\u03b5\u03c5"\. "\u03a4\u03c1\u03b9"\. "\u03a4\u03b5\u03c4"\. "\u03a0\u03b5\u03bc"\. "\u03a0\u03b1\u03c1"\. "\u03a3\u03b1\u03b2"]. ::msgcat::mcset el DAYS_OF_WEEK_FULL [list \. "\u039a\u03c5\u03c1\u03b9\u03b1\u03ba\u03ae"\. "\u0394\u03b5\u03c5\u03c4\u03ad\u03c1\u03b1"\. "\u03a4\u03c1\u03af\u03c4\u03b7"\. "\u03a4\u03b5\u03c4\u03ac\u03c1\u03c4\u03b7"\. "\u03a0\u03ad\u03bc\u03c0\u03c4\u03b7"\. "\u03a0\u03b1\u03c1\u03b1\u03c3\u03ba\u03b5\u03c5\u03ae"\. "\u03a3\u03ac\u03b2\u03b2\u03b1\u03c4\u03bf"]. ::msgcat::mcset el MONTHS_ABBREV [list \. "\u0399\u03b1\u03bd"\. "\u03a6\u03b5\u03b2"\. "\u039c\u03b1\u03c1"\. "\u0391\u03c0\u03c1"\. "\u039c\u03b1\u03ca"\. "\u0399\u03bf\u03c5\u03bd"\. "\u

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-9TLOP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1222
Entropy (8bit):	4.277486792653572
Encrypted:	false
SSDEEP:
MD5:	68882CCA0886535A613ECFE528BB81FC
SHA1:	6ABF519F6E4845E6F13F272D628DE97F2D2CD481
SHA-256:	CC3672969C1DD223EADD9A226E00CAC731D8245532408B75AB9A70E9EDD28673
SHA-512:	ACD5F811A0494E04A18035D2B9171FAF3AB8C856AAB0C09AEBE755590261066ADCD2750565F1CB840B2D0111D95C98970294550A4FBD00E4346D2EDBA3A5C957
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset de DAYS_OF_WEEK_ABBREV [list \. "So"\. "Mo"\. "Di"\. "Mi"\. "Do"\. "Fr"\. "Sa"]. ::msgcat::mcset de DAYS_OF_WEEK_FULL [list \. "Sonntag"\. "Montag"\. "Dienstag"\. "Mittwoch"\. "Donnerstag"\. "Freitag"\. "Samstag"]. ::msgcat::mcset de MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mrz"\. "Apr"\. "Mai"\. "Jun"\. "Jul"\. "Aug"\. "Sep"\. "Okt"\. "Nov"\. "Dez"\. ""]. ::msgcat::mcset de MONTHS_FULL [list \. "Januar"\. "Februar"\. "M\u00e4rz"\. "April"\. "Mai"\. "Juni"\. "Juli"\. "August"\. "September"\. "Oktober"\. "November"\. "Dezember"\. ""]. ::msgcat::mcset de BCE "v. Chr.". ::msgcat::mcset de CE "n. Chr.".

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-A07DV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1148
Entropy (8bit):	4.207752506572597
Encrypted:	false
SSDEEP:
MD5:	2266607EF358B632696C7164E61358B5
SHA1:	A380863A8320DAB1D5A2D60C22ED5F7DB5C7BAF7
SHA-256:	5EE93A8C245722DEB64B68EFF50C081F24DA5DE43D999C006A10C484E1D3B4ED
SHA-512:	2A8DEF754A25736D14B958D8B0CEA0DC41C402A9EFA25C9500BA861A7E8D74C79939C1969AC694245605C17D33AD3984F6B9ACCA4BE03EFC41A878772BB5FD86
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset nn DAYS_OF_WEEK_ABBREV [list \. "su"\. "m\u00e5"\. "ty"\. "on"\. "to"\. "fr"\. "lau"]. ::msgcat::mcset nn DAYS_OF_WEEK_FULL [list \. "sundag"\. "m\u00e5ndag"\. "tysdag"\. "onsdag"\. "torsdag"\. "fredag"\. "laurdag"]. ::msgcat::mcset nn MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "mai"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "des"\. ""]. ::msgcat::mcset nn MONTHS_FULL [list \. "januar"\. "februar"\. "mars"\. "april"\. "mai"\. "juni"\. "juli"\. "august"\. "september"\. "oktober"\. "november"\. "desember"\. ""]. ::msgcat::mcset nn BCE "f.Kr.". ::msgcat::mcset nn CE "e.Kr.". ::msgca

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-A1FJJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	279
Entropy (8bit):	4.863262857917797
Encrypted:	false
SSDEEP:
MD5:	483652B6A3D8010C3CDB6CAD0AD95E72
SHA1:	8FCDB01D0729E9F1A0CAC56F79EDB79A37734AF5
SHA-256:	980E703DFB1EEDE7DE48C958F6B501ED4251F69CB0FBCE0FCA85555F5ACF134A
SHA-512:	0282B8F3884BB4406F69AF2D2F44E431FB8077FEA86D09ED5607BC0932A049853D0C5CAF0B57EF0289F42A8265F76CC4B10111A28B1E0E9BD54E9319B25D8DB6
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fr_BE DATE_FORMAT "%d/%m/%y". ::msgcat::mcset fr_BE TIME_FORMAT "%T". ::msgcat::mcset fr_BE TIME_FORMAT_12 "%T". ::msgcat::mcset fr_BE DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-AK94O.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	950
Entropy (8bit):	4.037076523160125
Encrypted:	false
SSDEEP:
MD5:	B940E67011DDBAD6192E9182C5F0CCC0
SHA1:	83A284899785956ECB015BBB871E7E04A7C36585
SHA-256:	C71A07169CDBE9962616D28F38C32D641DA277E53E67F8E3A69EB320C1E2B88C
SHA-512:	28570CB14452CA5285D97550EA77C9D8F71C57DE6C1D144ADB00B93712F588AF900DA32C10C3A81C7A2DEE11A3DC843780D24218F53920AB72E90321677CC9E8
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset gl DAYS_OF_WEEK_ABBREV [list \. "Dom"\. "Lun"\. "Mar"\. "M\u00e9r"\. "Xov"\. "Ven"\. "S\u00e1b"]. ::msgcat::mcset gl DAYS_OF_WEEK_FULL [list \. "Domingo"\. "Luns"\. "Martes"\. "M\u00e9rcores"\. "Xoves"\. "Venres"\. "S\u00e1bado"]. ::msgcat::mcset gl MONTHS_ABBREV [list \. "Xan"\. "Feb"\. "Mar"\. "Abr"\. "Mai"\. "Xu\u00f1"\. "Xul"\. "Ago"\. "Set"\. "Out"\. "Nov"\. "Dec"\. ""]. ::msgcat::mcset gl MONTHS_FULL [list \. "Xaneiro"\. "Febreiro"\. "Marzo"\. "Abril"\. "Maio"\. "Xu\u00f1o"\. "Xullo"\. "Agosto"\. "Setembro"\. "Outubro"\. "Novembro"\. "Decembro"\. ""].}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-AOF79.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	989
Entropy (8bit):	4.015702624322247
Encrypted:	false
SSDEEP:
MD5:	3A3B4D3B137E7270105DC7B359A2E5C2
SHA1:	2089B3948F11EF8CE4BD3D57167715ADE65875E9
SHA-256:	2981965BD23A93A09EB5B4A334ACB15D00645D645C596A5ECADB88BFA0B6A908
SHA-512:	044602E7228D2CB3D0A260ADFD0D3A1F7CAB7EFE5DD00C7519EAF00A395A48A46EEFDB3DE81902D420D009B137030BC98FF32AD97E9C3713F0990FE6C09887A2
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset af DAYS_OF_WEEK_ABBREV [list \. "So"\. "Ma"\. "Di"\. "Wo"\. "Do"\. "Vr"\. "Sa"]. ::msgcat::mcset af DAYS_OF_WEEK_FULL [list \. "Sondag"\. "Maandag"\. "Dinsdag"\. "Woensdag"\. "Donderdag"\. "Vrydag"\. "Saterdag"]. ::msgcat::mcset af MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mar"\. "Apr"\. "Mei"\. "Jun"\. "Jul"\. "Aug"\. "Sep"\. "Okt"\. "Nov"\. "Des"\. ""]. ::msgcat::mcset af MONTHS_FULL [list \. "Januarie"\. "Februarie"\. "Maart"\. "April"\. "Mei"\. "Junie"\. "Julie"\. "Augustus"\. "September"\. "Oktober"\. "November"\. "Desember"\. ""]. ::msgcat::mcset af AM "VM". ::msgcat::mcset af PM "NM".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-ARC8O.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1133
Entropy (8bit):	4.32041719596907
Encrypted:	false
SSDEEP:
MD5:	3AFAD9AD82A9C8B754E2FE8FC0094BAB
SHA1:	4EE3E2DF86612DB314F8D3E7214D7BE241AA1A32
SHA-256:	DF7C4BA67457CB47EEF0F5CA8E028FF466ACDD877A487697DC48ECAC7347AC47
SHA-512:	79A6738A97B7DB9CA4AE9A3BA1C3E56BE9AC67E71AE12154FD37A37D78892B6414A49E10E007DE2EB314942DC017B87FAB7C64B74EC9B889DAEBFF9B3B78E644
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset tr DAYS_OF_WEEK_ABBREV [list \. "Paz"\. "Pzt"\. "Sal"\. "\u00c7ar"\. "Per"\. "Cum"\. "Cmt"]. ::msgcat::mcset tr DAYS_OF_WEEK_FULL [list \. "Pazar"\. "Pazartesi"\. "Sal\u0131"\. "\u00c7ar\u015famba"\. "Per\u015fembe"\. "Cuma"\. "Cumartesi"]. ::msgcat::mcset tr MONTHS_ABBREV [list \. "Oca"\. "\u015eub"\. "Mar"\. "Nis"\. "May"\. "Haz"\. "Tem"\. "A\u011fu"\. "Eyl"\. "Eki"\. "Kas"\. "Ara"\. ""]. ::msgcat::mcset tr MONTHS_FULL [list \. "Ocak"\. "\u015eubat"\. "Mart"\. "Nisan"\. "May\u0131s"\. "Haziran"\. "Temmuz"\. "A\u011fustos"\. "Eyl\u00fcl"\. "Ekim"\. "Kas\u0131m"\. "Aral\u0131k"\. ""]. ::msgcat::mcset tr D

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-B5SSD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.888960668540414
Encrypted:	false
SSDEEP:
MD5:	D8878533B11C21445CAEFA324C638C7E
SHA1:	EFF82B28741FA16D2DFC93B5421F856D6F902509
SHA-256:	91088BBBF58A704185DEC13DBD421296BBD271A1AEBBCB3EF85A99CECD848FF8
SHA-512:	CBFD4FC093B3479AE9E90A5CA05EA1894F62DA9E0559ACC2BD37BBED1F0750ECFF13E6DF2078D68268192CA51A832E1BEED379E11380ADF3C91C1A01A352B20C
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_ZW DATE_FORMAT "%d %B %Y". ::msgcat::mcset en_ZW TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset en_ZW DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-BB1J5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	321
Entropy (8bit):	4.803235346516854
Encrypted:	false
SSDEEP:
MD5:	27B4185EB5B4CAAD8F38AE554231B49A
SHA1:	67122CAA8ECA829EC0759A0147C6851A6E91E867
SHA-256:	C9BE2C9AD31D516B508D01E85BCCA375AAF807D6D8CD7C658085D5007069FFFD
SHA-512:	003E5C1E2ECCCC48D14F3159DE71A5B0F1471275D4051C7AC42A3CFB80CAF651A5D04C4D8B868158211E8BC4E08554AF771993B0710E6625AA3AE912A33F5487
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_HK AM "AM". ::msgcat::mcset en_HK PM "PM". ::msgcat::mcset en_HK DATE_FORMAT "%B %e, %Y". ::msgcat::mcset en_HK TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset en_HK DATE_TIME_FORMAT "%B %e, %Y %l:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-BD02Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.869619023232552
Encrypted:	false
SSDEEP:
MD5:	ECC735522806B18738512DC678D01A09
SHA1:	EEEC3A5A3780DBA7170149C779180748EB861B86
SHA-256:	340804F73B620686AB698B2202191D69227E736B1652271C99F2CFEF03D72296
SHA-512:	F46915BD68249B5B1988503E50EBC48C13D9C0DDBDCBA9F520386E41A0BAAE640FD97A5085698AB1DF65640CE70AC63ED21FAD49AF54511A5543D1F36247C22D
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_BW DATE_FORMAT "%d %B %Y". ::msgcat::mcset en_BW TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset en_BW DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-BND1S.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1566
Entropy (8bit):	4.552910804130986
Encrypted:	false
SSDEEP:
MD5:	A4C37AF81FC4AA6003226A95539546C1
SHA1:	A18A7361783896C691BD5BE8B3A1FCCCCB015F43
SHA-256:	F6E2B0D116D2C9AC90DDA430B6892371D87A4ECFB6955318978ED6F6E9D546A6
SHA-512:	FBE6BA258C250BD90FADCC42AC18A17CC4E7B040F160B94075AF1F42ECD43EEA6FE49DA52CF9B5BBB5D965D6AB7C4CC4053A78E865241F891E13F94EB20F0472
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ko DAYS_OF_WEEK_ABBREV [list \. "\uc77c"\. "\uc6d4"\. "\ud654"\. "\uc218"\. "\ubaa9"\. "\uae08"\. "\ud1a0"]. ::msgcat::mcset ko DAYS_OF_WEEK_FULL [list \. "\uc77c\uc694\uc77c"\. "\uc6d4\uc694\uc77c"\. "\ud654\uc694\uc77c"\. "\uc218\uc694\uc77c"\. "\ubaa9\uc694\uc77c"\. "\uae08\uc694\uc77c"\. "\ud1a0\uc694\uc77c"]. ::msgcat::mcset ko MONTHS_ABBREV [list \. "1\uc6d4"\. "2\uc6d4"\. "3\uc6d4"\. "4\uc6d4"\. "5\uc6d4"\. "6\uc6d4"\. "7\uc6d4"\. "8\uc6d4"\. "9\uc6d4"\. "10\uc6d4"\. "11\uc6d4"\. "12\uc6d4"\. ""]. ::msgcat::mcset ko MONTHS_FULL [list \. "1\uc6d4"\. "2\uc6d4"\. "3\uc6d4"\. "4\uc6d4"\. "5\uc6d4"\. "6\uc6d4"\. "7\uc6d4"\. "8\uc6d4"\.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-CACFF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1205
Entropy (8bit):	4.313638548211754
Encrypted:	false
SSDEEP:
MD5:	B475F8E7D7065A67E73B1E5CDBF9EB1F
SHA1:	1B689EDC29F8BC4517936E5D77A084083F12AE31
SHA-256:	7A87E418B6D8D14D8C11D63708B38D607D28F7DDBF39606C7D8FBA22BE7892CA
SHA-512:	EA77EFF9B23A02F59526499615C08F1314A91AB41561856ED7DF45930FDD8EC11A105218890FD012045C4CC40621C226F94BDC3BEB62B83EA8FAA7AEC20516E7
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fr DAYS_OF_WEEK_ABBREV [list \. "dim."\. "lun."\. "mar."\. "mer."\. "jeu."\. "ven."\. "sam."]. ::msgcat::mcset fr DAYS_OF_WEEK_FULL [list \. "dimanche"\. "lundi"\. "mardi"\. "mercredi"\. "jeudi"\. "vendredi"\. "samedi"]. ::msgcat::mcset fr MONTHS_ABBREV [list \. "janv."\. "f\u00e9vr."\. "mars"\. "avr."\. "mai"\. "juin"\. "juil."\. "ao\u00fbt"\. "sept."\. "oct."\. "nov."\. "d\u00e9c."\. ""]. ::msgcat::mcset fr MONTHS_FULL [list \. "janvier"\. "f\u00e9vrier"\. "mars"\. "avril"\. "mai"\. "juin"\. "juillet"\. "ao\u00fbt"\. "septembre"\. "octobre"\. "novembre"\. "d\u00e9cembre"\. ""]. ::msgcat::mcset fr BCE "a

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-CJJAD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.847742455062573
Encrypted:	false
SSDEEP:
MD5:	899E845D33CAAFB6AD3B1F24B3F92843
SHA1:	FC17A6742BF87E81BBD4D5CB7B4DCED0D4DD657B
SHA-256:	F75A29BB323DB4354B0C759CB1C8C5A4FFC376DFFD74274CA60A36994816A75C
SHA-512:	99D05FCE8A9C9BE06FDA8B54D4DE5497141F6373F470B2AB24C2D00B9C56031350F5DCDA2283A0E6F5B09FF21218FC3C7E2A6AB8ECC5BB020546FD62BDC8FF99
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset mr_IN DATE_FORMAT "%d %M %Y". ::msgcat::mcset mr_IN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset mr_IN DATE_TIME_FORMAT "%d %M %Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-CPG9E.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	279
Entropy (8bit):	4.843031408533295
Encrypted:	false
SSDEEP:
MD5:	017D816D73DAB852546169F3EC2D16F2
SHA1:	3145BB54D9E1E4D9166186D5B43F411CE0250594
SHA-256:	F16E212D5D1F6E83A9FC4E56874E4C7B8F1947EE882610A73199480319EFA529
SHA-512:	4D4EF395B15F750F16EC64162BE8AB4B082C6CD1877CA63D5EA4A5E940A7F98E46D792115FD105B293DC43714E8662BC4411E14E93F09769A064622E52EDE258
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fr_CA DATE_FORMAT "%Y-%m-%d". ::msgcat::mcset fr_CA TIME_FORMAT "%T". ::msgcat::mcset fr_CA TIME_FORMAT_12 "%T". ::msgcat::mcset fr_CA DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-CQVIR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1240
Entropy (8bit):	4.207511774275323
Encrypted:	false
SSDEEP:
MD5:	8E205D032206D794A681E2A994532FA6
SHA1:	47098672D339624474E8854EB0512D54A0CA49E7
SHA-256:	C7D84001855586A0BAB236A6A5878922D9C4A2EA1799BF18544869359750C0DF
SHA-512:	139219DBD014CCA15922C45C7A0468F62E864F18CC16C7B8506258D1ECD766E1EFF6EAE4DFDAF72898B9AF1A5E6CE8D7BB0F1A93A6604D2539F2645C9ED8D146
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset it DAYS_OF_WEEK_ABBREV [list \. "dom"\. "lun"\. "mar"\. "mer"\. "gio"\. "ven"\. "sab"]. ::msgcat::mcset it DAYS_OF_WEEK_FULL [list \. "domenica"\. "luned\u00ec"\. "marted\u00ec"\. "mercoled\u00ec"\. "gioved\u00ec"\. "venerd\u00ec"\. "sabato"]. ::msgcat::mcset it MONTHS_ABBREV [list \. "gen"\. "feb"\. "mar"\. "apr"\. "mag"\. "giu"\. "lug"\. "ago"\. "set"\. "ott"\. "nov"\. "dic"\. ""]. ::msgcat::mcset it MONTHS_FULL [list \. "gennaio"\. "febbraio"\. "marzo"\. "aprile"\. "maggio"\. "giugno"\. "luglio"\. "agosto"\. "settembre"\. "ottobre"\. "novembre"\. "dicembre"\. ""]. ::msgcat::mcset it BCE "aC". ::msgc

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-D3018.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	346
Entropy (8bit):	5.015790750376121
Encrypted:	false
SSDEEP:
MD5:	9C7E97A55A957AB1D1B5E988AA514724
SHA1:	592F8FF9FABBC7BF48539AF748DCFC9241AED82D
SHA-256:	31A4B74F51C584354907251C55FE5CE894D2C9618156A1DC6F5A979BC350DB17
SHA-512:	9D04DF2A87AFE24C339E1A0F6358FE995CBCAF8C7B08A1A7953675E2C2C1EDBCAF297B23C2B9BEC398DFEE6D1D75CE32E31389A7199466A38BC83C8DBBA67C77
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ko_KR BCE "\uae30\uc6d0\uc804". ::msgcat::mcset ko_KR CE "\uc11c\uae30". ::msgcat::mcset ko_KR DATE_FORMAT "%Y.%m.%d". ::msgcat::mcset ko_KR TIME_FORMAT_12 "%P %l:%M:%S". ::msgcat::mcset ko_KR DATE_TIME_FORMAT "%Y.%m.%d %P %l:%M:%S %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-D4FGT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.873281593259653
Encrypted:	false
SSDEEP:
MD5:	F08EF3582AF2F88B71C599FBEA38BFD9
SHA1:	456C90C09C2A8919DC948E86170F523062F135DB
SHA-256:	7AC5FC35BC422A5445603E0430236E62CCA3558787811DE22305F72D439EB4BB
SHA-512:	7187FC4CE0533F14BBA073039A0B86D610618573BA9A936CBE7682ED2939384C6BB9E0A407C016A42702E83627CCE394618ACB58419EA36908AA37F59165E371
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_CR DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_CR TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_CR DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-DJMEN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	279
Entropy (8bit):	4.816022066048386
Encrypted:	false
SSDEEP:
MD5:	A76D09A4FA15A2C985CA6BDD22989D6A
SHA1:	E6105EBCDC547FE2E2FE9EDDC9C573BBDAD85AD0
SHA-256:	7145B57AC5C074BCA968580B337C04A71BBD6EFB93AFAF291C1361FD700DC791
SHA-512:	D16542A1CCDC3F5C2A20300B7E38F43F94F7753E0E99F08EB7240D4F286B263815AD481B29F4E96F268E24BA17C5E135E356448685E1BF65B2B63CE6146AA54C
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fo_FO DATE_FORMAT "%d/%m-%Y". ::msgcat::mcset fo_FO TIME_FORMAT "%T". ::msgcat::mcset fo_FO TIME_FORMAT_12 "%T". ::msgcat::mcset fo_FO DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-DLL7A.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.859298425911738
Encrypted:	false
SSDEEP:
MD5:	AEB569C12A50B8C4A57C8034F666C1B3
SHA1:	24D8B096DD8F1CFA101D6F36606D003D4FCC7B4D
SHA-256:	19563225CE7875696C6AA2C156E6438292DE436B58F8D7C23253E3132069F9A2
SHA-512:	B5432D7A80028C3AD3A7819A5766B07EDB56CEE493C0903EDFA72ACEE0C2FFAA955A8850AA48393782471905FFF72469F508B19BE83CC626478072FFF6B60B5D
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_PR DATE_FORMAT "%m-%d-%Y". ::msgcat::mcset es_PR TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_PR DATE_TIME_FORMAT "%m-%d-%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-DOO3J.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	279
Entropy (8bit):	4.817188474504631
Encrypted:	false
SSDEEP:
MD5:	B08E30850CA849068D06A99B4E216892
SHA1:	11B5E95FF4D822E76A1B9C28EEC2BC5E95E5E362
SHA-256:	9CD54EC24CBDBEC5E4FE543DDA8CA95390678D432D33201FA1C32B61F8FE225A
SHA-512:	9AF147C2F22B11115E32E0BFD0126FE7668328E7C67B349A781F42B0022A334E53DDF3FCCC2C34C91BFBB45602A002D0D7B569B5E1FE9F0EE6C4570400CB0B0C
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset nl_BE DATE_FORMAT "%d-%m-%y". ::msgcat::mcset nl_BE TIME_FORMAT "%T". ::msgcat::mcset nl_BE TIME_FORMAT_12 "%T". ::msgcat::mcset nl_BE DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-E11DM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	312
Entropy (8bit):	5.1281364096481665
Encrypted:	false
SSDEEP:
MD5:	EB94B41551EAAFFA5DF4F406C7ACA3A4
SHA1:	B0553108BDE43AA7ED362E2BFFAF1ABCA1567491
SHA-256:	85F91CF6E316774AA5D0C1ECA85C88E591FD537165BB79929C5E6A1CA99E56C8
SHA-512:	A0980A6F1AD9236647E4F18CC104999DB2C523153E8716FD0CFE57320E906DF80378A5C0CDE132F2C53F160F5304EAF34910D7D1BB5753987D74AFBC0B6F75F3
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset zh_CN DATE_FORMAT "%Y-%m-%e". ::msgcat::mcset zh_CN TIME_FORMAT "%k:%M:%S". ::msgcat::mcset zh_CN TIME_FORMAT_12 "%P%I\u65f6%M\u5206%S\u79d2". ::msgcat::mcset zh_CN DATE_TIME_FORMAT "%Y-%m-%e %k:%M:%S %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-EBHIK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1145
Entropy (8bit):	4.249302428029841
Encrypted:	false
SSDEEP:
MD5:	34FE8E2D987FE534BD88291046F6820B
SHA1:	B173700C176336BD1B123C2A055A685F73B60C07
SHA-256:	BE0D2DCE08E6CD786BC3B07A1FB1ADC5B2CF12053C99EACDDAACDDB8802DFB9C
SHA-512:	4AC513F092D2405FEF6E30C828AE94EDBB4B0B0E1C68C1168EB2498C186DB054EBF697D6B55B49F865A2284F75B7D5490AFE7A80F887AE8312E6F9A5EFE16390
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fi DAYS_OF_WEEK_ABBREV [list \. "su"\. "ma"\. "ti"\. "ke"\. "to"\. "pe"\. "la"]. ::msgcat::mcset fi DAYS_OF_WEEK_FULL [list \. "sunnuntai"\. "maanantai"\. "tiistai"\. "keskiviikko"\. "torstai"\. "perjantai"\. "lauantai"]. ::msgcat::mcset fi MONTHS_ABBREV [list \. "tammi"\. "helmi"\. "maalis"\. "huhti"\. "touko"\. "kes\u00e4"\. "hein\u00e4"\. "elo"\. "syys"\. "loka"\. "marras"\. "joulu"\. ""]. ::msgcat::mcset fi MONTHS_FULL [list \. "tammikuu"\. "helmikuu"\. "maaliskuu"\. "huhtikuu"\. "toukokuu"\. "kes\u00e4kuu"\. "hein\u00e4kuu"\. "elokuu"\. "syyskuu"\. "lokakuu"\. "marraskuu"\. "joulukuu"\. ""]. ::msgcat

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-ED1CV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	310
Entropy (8bit):	4.756550208645364
Encrypted:	false
SSDEEP:
MD5:	1423A9CF5507A198580D84660D829133
SHA1:	70362593A2B04CF965213F318B10E92E280F338D
SHA-256:	71E5367FE839AFC4338C50D450F111728E097538ECACCC1B17B10238001B0BB1
SHA-512:	C4F1AD41D44A2473531247036BEEF8402F7C77A21A33690480F169F35E78030942FD31C9331A82B8377D094E22D506C785D0311DBB9F1C2B4AD3575B3F0E76E3
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_IN AM "AM". ::msgcat::mcset en_IN PM "PM". ::msgcat::mcset en_IN DATE_FORMAT "%d %B %Y". ::msgcat::mcset en_IN TIME_FORMAT "%H:%M:%S". ::msgcat::mcset en_IN DATE_TIME_FORMAT "%d %B %Y %H:%M:%S %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-EHO0M.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	279
Entropy (8bit):	4.84511182583436
Encrypted:	false
SSDEEP:
MD5:	07C16C81F1B59444508D0F475C2DB175
SHA1:	DEDBDB2C9ACA932C373C315FB6C5691DBEDEB346
SHA-256:	AE38AD5452314B0946C5CB9D3C89CDFC2AD214E146EB683B8D0CE3FE84070FE1
SHA-512:	F13333C975E6A0AD06E57C5C1908ED23C4A96008A895848D1E2FE7985001B2E5B9B05C4824C74EDA94E0CC70EC7CABCB103B97E54E957F986D8F277EEC3325B7
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_GB DATE_FORMAT "%d/%m/%y". ::msgcat::mcset en_GB TIME_FORMAT "%T". ::msgcat::mcset en_GB TIME_FORMAT_12 "%T". ::msgcat::mcset en_GB DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-ELN3P.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1231
Entropy (8bit):	4.282246801138565
Encrypted:	false
SSDEEP:
MD5:	FE2F92E5C0AB19CDC7119E70187479F6
SHA1:	A14B9AA999C0BBD9B21E6A2B44A934D685897430
SHA-256:	50DF3E0E669502ED08DD778D0AFEDF0F71993BE388B0FCAA1065D1C91BD22D83
SHA-512:	72B4975DC2CAB725BD6557CAED41B9C9146E0DE167EE0A0723C3C90D7CF49FB1D749977042FFECBCD7D8F21509307AAB3CE80E3C51023D22072FB5B415801EA9
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset eo DAYS_OF_WEEK_ABBREV [list \. "di"\. "lu"\. "ma"\. "me"\. "\u0135a"\. "ve"\. "sa"]. ::msgcat::mcset eo DAYS_OF_WEEK_FULL [list \. "diman\u0109o"\. "lundo"\. "mardo"\. "merkredo"\. "\u0135a\u016ddo"\. "vendredo"\. "sabato"]. ::msgcat::mcset eo MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "maj"\. "jun"\. "jul"\. "a\u016dg"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset eo MONTHS_FULL [list \. "januaro"\. "februaro"\. "marto"\. "aprilo"\. "majo"\. "junio"\. "julio"\. "a\u016dgusto"\. "septembro"\. "oktobro"\. "novembro"\. "decembro"\. ""]. ::msgcat::mcset eo BCE "aK". ::msgcat::mcset e

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-F56LO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1037
Entropy (8bit):	4.13549698574103
Encrypted:	false
SSDEEP:
MD5:	3350E1228CF7157ECE68762F967F2F32
SHA1:	2D0411DA2F6E0441B1A8683687178E9EB552B835
SHA-256:	75AA686FF901C9E66E51D36E8E78E5154B57EE9045784568F6A8798EA9689207
SHA-512:	1D0B44F00A5E6D7B8CECB67EAF060C6053045610CF7246208C8E63E7271C7780587A184D38ECFDFDCFB976F9433FEFDA0BAF8981FCD197554D0874ED1E6B6428
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset gv DAYS_OF_WEEK_ABBREV [list \. "Jed"\. "Jel"\. "Jem"\. "Jerc"\. "Jerd"\. "Jeh"\. "Jes"]. ::msgcat::mcset gv DAYS_OF_WEEK_FULL [list \. "Jedoonee"\. "Jelhein"\. "Jemayrt"\. "Jercean"\. "Jerdein"\. "Jeheiney"\. "Jesarn"]. ::msgcat::mcset gv MONTHS_ABBREV [list \. "J-guer"\. "T-arree"\. "Mayrnt"\. "Avrril"\. "Boaldyn"\. "M-souree"\. "J-souree"\. "Luanistyn"\. "M-fouyir"\. "J-fouyir"\. "M.Houney"\. "M.Nollick"\. ""]. ::msgcat::mcset gv MONTHS_FULL [list \. "Jerrey-geuree"\. "Toshiaght-arree"\. "Mayrnt"\. "Averil"\. "Boaldyn"\. "Mean-souree"\. "Jerrey-souree"\. "Luanistyn"\. "Mean-fouyir"\. "Jerrey-fouyir"\. "Mee Houney"\.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-F6BLF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.86970949384834
Encrypted:	false
SSDEEP:
MD5:	CCB036C33BA7C8E488D37E754075C6CF
SHA1:	336548C8D361B1CAA8BDF698E148A88E47FB27A6
SHA-256:	2086EE8D7398D5E60E5C3048843B388437BD6F2507D2293CA218936E3BF61E59
SHA-512:	05058262E222653CF3A4C105319B74E07322AEE726CC11AEB2B562F01FF2476E3169EA829BF8B66E1B76617CB58E45423480E5A6CB3B3D4B33AA4DDDFA52D111
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_EC DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_EC TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_EC DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-F9D2F.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1664
Entropy (8bit):	4.1508548760580295
Encrypted:	false
SSDEEP:
MD5:	7E74DE42FBDA63663B58B2E58CF30549
SHA1:	CB210740F56208E8E621A45D545D7DEFCAE8BCAF
SHA-256:	F9CA4819E8C8B044D7D68C97FC67E0F4CCD6245E30024161DAB24D0F7C3A9683
SHA-512:	A03688894BD44B6AB87DC6CAB0A5EC348C9117697A2F9D00E27E850F23EFDC2ADBD53CAC6B9ED33756D3A87C9211B6EE8DF06020F6DA477B9948F52E96071F76
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fa DAYS_OF_WEEK_ABBREV [list \. "\u06cc\u2214"\. "\u062f\u2214"\. "\u0633\u2214"\. "\u0686\u2214"\. "\u067e\u2214"\. "\u062c\u2214"\. "\u0634\u2214"]. ::msgcat::mcset fa DAYS_OF_WEEK_FULL [list \. "\u06cc\u06cc\u200c\u0634\u0646\u0628\u0647"\. "\u062f\u0648\u0634\u0646\u0628\u0647"\. "\u0633\u0647\u200c\u0634\u0646\u0628\u0647"\. "\u0686\u0647\u0627\u0631\u0634\u0646\u0628\u0647"\. "\u067e\u0646\u062c\u200c\u0634\u0646\u0628\u0647"\. "\u062c\u0645\u0639\u0647"\. "\u0634\u0646\u0628\u0647"]. ::msgcat::mcset fa MONTHS_ABBREV [list \. "\u0698\u0627\u0646"\. "\u0641\u0648\u0631"\. "\u0645\u0627\u0631"\. "\u0622\u0648\u0631"\. "\u0645\u0640\u0647"\. "\u0698\u0648\u0646"\. "\u0698\u0648\u06cc"\. "\u0627\u0648\u062a"\. "\u0633\u067e\u

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-FA80M.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1327
Entropy (8bit):	4.447184847972284
Encrypted:	false
SSDEEP:
MD5:	0561E62941F6ED8965DFC4E2B424E028
SHA1:	C622B21C0DBA83F943FBD10C746E5FABE20235B2
SHA-256:	314F4180C05DE4A4860F65AF6460900FFF77F12C08EDD728F68CA0065126B9AE
SHA-512:	CAD01C963145463612BBAE4B9F5C80B83B228C0181C2500CE8CE1394E1A32CCA3587221F1406F6343029059F5AD47E8FD5514535DCEA45BBA6B2AE76993DFFBD
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset hu DAYS_OF_WEEK_ABBREV [list \. "V"\. "H"\. "K"\. "Sze"\. "Cs"\. "P"\. "Szo"]. ::msgcat::mcset hu DAYS_OF_WEEK_FULL [list \. "vas\u00e1rnap"\. "h\u00e9tf\u0151"\. "kedd"\. "szerda"\. "cs\u00fct\u00f6rt\u00f6k"\. "p\u00e9ntek"\. "szombat"]. ::msgcat::mcset hu MONTHS_ABBREV [list \. "jan."\. "febr."\. "m\u00e1rc."\. "\u00e1pr."\. "m\u00e1j."\. "j\u00fan."\. "j\u00fal."\. "aug."\. "szept."\. "okt."\. "nov."\. "dec."\. ""]. ::msgcat::mcset hu MONTHS_FULL [list \. "janu\u00e1r"\. "febru\u00e1r"\. "m\u00e1rcius"\. "\u00e1prilis"\. "m\u00e1jus"\. "j\u00fanius"\. "j\u00falius"\. "augusztus"\. "szeptember"\. "okt\u00f3ber"\. "nove

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-FF9OR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1121
Entropy (8bit):	4.291836444825864
Encrypted:	false
SSDEEP:
MD5:	46FD3DF765F366C60B91FA0C4DE147DE
SHA1:	5E006D1ACA7BBDAC9B8A65EFB26FAFC03C6E9FDE
SHA-256:	9E14D8F7F54BE953983F198C8D59F38842C5F73419A5E81BE6460B3623E7307A
SHA-512:	3AC26C55FB514D9EA46EF57582A2E0B64822E90C889F4B83A62EE255744FEBE0A012079DD764E0F6C7338B3580421C5B6C8575E0B85632015E3689CF58D9EB77
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset hr DAYS_OF_WEEK_ABBREV [list \. "ned"\. "pon"\. "uto"\. "sri"\. "\u010det"\. "pet"\. "sub"]. ::msgcat::mcset hr DAYS_OF_WEEK_FULL [list \. "nedjelja"\. "ponedjeljak"\. "utorak"\. "srijeda"\. "\u010detvrtak"\. "petak"\. "subota"]. ::msgcat::mcset hr MONTHS_ABBREV [list \. "sij"\. "vel"\. "o\u017eu"\. "tra"\. "svi"\. "lip"\. "srp"\. "kol"\. "ruj"\. "lis"\. "stu"\. "pro"\. ""]. ::msgcat::mcset hr MONTHS_FULL [list \. "sije\u010danj"\. "velja\u010da"\. "o\u017eujak"\. "travanj"\. "svibanj"\. "lipanj"\. "srpanj"\. "kolovoz"\. "rujan"\. "listopad"\. "studeni"\. "prosinac"\. ""]. ::msgcat::mcset hr DATE_FORMAT "

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-FP4QF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2035
Entropy (8bit):	4.24530896413441
Encrypted:	false
SSDEEP:
MD5:	5CA16D93718AAA813ADE746440CF5CE6
SHA1:	A142733052B87CA510B8945256399CE9F873794C
SHA-256:	313E8CDBBC0288AED922B9927A7331D0FAA2E451D4174B1F5B76C5C9FAEC8F9B
SHA-512:	4D031F9BA75D45EC89B2C74A870CCDA41587650D7F9BC91395F68B70BA3CD7A7105E70C19D139D20096533E06F5787C00EA850E27C4ADCF5A28572480D39B639
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sr DAYS_OF_WEEK_ABBREV [list \. "\u041d\u0435\u0434"\. "\u041f\u043e\u043d"\. "\u0423\u0442\u043e"\. "\u0421\u0440\u0435"\. "\u0427\u0435\u0442"\. "\u041f\u0435\u0442"\. "\u0421\u0443\u0431"]. ::msgcat::mcset sr DAYS_OF_WEEK_FULL [list \. "\u041d\u0435\u0434\u0435\u0459\u0430"\. "\u041f\u043e\u043d\u0435\u0434\u0435\u0459\u0430\u043a"\. "\u0423\u0442\u043e\u0440\u0430\u043a"\. "\u0421\u0440\u0435\u0434\u0430"\. "\u0427\u0435\u0442\u0432\u0440\u0442\u0430\u043a"\. "\u041f\u0435\u0442\u0430\u043a"\. "\u0421\u0443\u0431\u043e\u0442\u0430"]. ::msgcat::mcset sr MONTHS_ABBREV [list \. "\u0408\u0430\u043d"\. "\u0424\u0435\u0431"\. "\u041c\u0430\u0440"\. "\u0410\u043f\u0440"\. "\u041c\u0430\u0458"\. "\u0408\u0443\u043d"\. "\u0408\u0443\u043b"\.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-FU004.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1664
Entropy (8bit):	4.88149888596689
Encrypted:	false
SSDEEP:
MD5:	430DEB41034402906156D7E23971CD2C
SHA1:	0952FFBD241B5111714275F5CD8FB5545067FFEC
SHA-256:	38DCA9B656241884923C451A369B90A9F1D76F9029B2E98E04784323169C3251
SHA-512:	AE5DF1B79AE34DF4CC1EB00406FFF49541A95E2C732E3041CCE321F2F3FA6461BB45C6524A5FEB77E18577206CBD88A83FBF20B4B058BAE9B889179C93221557
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ja DAYS_OF_WEEK_ABBREV [list \. "\u65e5"\. "\u6708"\. "\u706b"\. "\u6c34"\. "\u6728"\. "\u91d1"\. "\u571f"]. ::msgcat::mcset ja DAYS_OF_WEEK_FULL [list \. "\u65e5\u66dc\u65e5"\. "\u6708\u66dc\u65e5"\. "\u706b\u66dc\u65e5"\. "\u6c34\u66dc\u65e5"\. "\u6728\u66dc\u65e5"\. "\u91d1\u66dc\u65e5"\. "\u571f\u66dc\u65e5"]. ::msgcat::mcset ja MONTHS_FULL [list \. "1\u6708"\. "2\u6708"\. "3\u6708"\. "4\u6708"\. "5\u6708"\. "6\u6708"\. "7\u6708"\. "8\u6708"\. "9\u6708"\. "10\u6708"\. "11\u6708"\. "12\u6708"]. ::msgcat::mcset ja BCE "\u7d00\u5143\u524d". ::msgcat::mcset ja CE "\u897f\u66a6". ::msgcat::mcset ja AM "\u5348\u524d". ::msgcat::mcset ja PM "\u5348\u5f8c". ::msgcat::mcset ja DATE_FORMAT "%Y/%m/%

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-FUPP7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	279
Entropy (8bit):	4.8127929329126085
Encrypted:	false
SSDEEP:
MD5:	4EE34960147173A12020A583340E92F8
SHA1:	78D91A80E2426A84BC88EE97DA28EC0E4BE8DE45
SHA-256:	E383B20484EE90C00054D52DD5AF473B2AC9DC50C14D459A579EF5F44271D256
SHA-512:	EDFF8FB9A86731FFF005AFBBBB522F69B2C6033F59ECCD5E35A8B6A9E0F9AF23C52FFDCC22D893915AD1854E8104C81DA8C5BD8C794C7E645AFB82001B4BFC24
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset pt_BR DATE_FORMAT "%d-%m-%Y". ::msgcat::mcset pt_BR TIME_FORMAT "%T". ::msgcat::mcset pt_BR TIME_FORMAT_12 "%T". ::msgcat::mcset pt_BR DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-G3PKB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1812
Entropy (8bit):	4.023830561129656
Encrypted:	false
SSDEEP:
MD5:	4338BD4F064A6CDC5BFED2D90B55D4E8
SHA1:	709717BB1F62A71E94D61056A70660C6A03B48AE
SHA-256:	78116E7E706C7D1E3E7446094709819FB39A50C2A2302F92D6A498E06ED4A31B
SHA-512:	C63A535AD19CBEF5EFC33AC5A453B1C503A59C6CE71A4CABF8083BC516DF0F3F14D3D4F309D33EDF2EC5E79DB00ED1F7D56FD21068F09F178BB2B191603BAC25
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ar_JO DAYS_OF_WEEK_ABBREV [list \. "\u0627\u0644\u0623\u062d\u062f"\. "\u0627\u0644\u0627\u062b\u0646\u064a\u0646"\. "\u0627\u0644\u062b\u0644\u0627\u062b\u0627\u0621"\. "\u0627\u0644\u0623\u0631\u0628\u0639\u0627\u0621"\. "\u0627\u0644\u062e\u0645\u064a\u0633"\. "\u0627\u0644\u062c\u0645\u0639\u0629"\. "\u0627\u0644\u0633\u0628\u062a"]. ::msgcat::mcset ar_JO MONTHS_ABBREV [list \. "\u0643\u0627\u0646\u0648\u0646 \u0627\u0644\u062b\u0627\u0646\u064a"\. "\u0634\u0628\u0627\u0637"\. "\u0622\u0630\u0627\u0631"\. "\u0646\u064a\u0633\u0627\u0646"\. "\u0646\u0648\u0627\u0631"\. "\u062d\u0632\u064a\u0631\u0627\u0646"\. "\u062a\u0645\u0648\u0632"\. "\u0622\u0628"\. "\u0623\u064a\u0644\u0648\u0644"\. "\u062a\u0634\u0631\u064a\u0646 \u0627\u0644\u0623\u0648\u0644"\. "\u062a\

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-GD3S1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2039
Entropy (8bit):	4.225775794669275
Encrypted:	false
SSDEEP:
MD5:	3A7181CE08259FF19D2C27CF8C6752B3
SHA1:	97DFFB1E224CEDB5427841C3B59F85376CD4423B
SHA-256:	C2A3A0BE5BC5A46A6A63C4DE34E317B402BAD40C22FB2936E1A4F53C1E2F625F
SHA-512:	CC9620BA4601E53B22CCFC66A0B53C26224158379DF6BA2D4704A2FE11222DFBDAE3CA9CF51576B4084B8CCA8DB13FDE81396E38F94BCD0C8EA21C5D77680394
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ru DAYS_OF_WEEK_ABBREV [list \. "\u0412\u0441"\. "\u041f\u043d"\. "\u0412\u0442"\. "\u0421\u0440"\. "\u0427\u0442"\. "\u041f\u0442"\. "\u0421\u0431"]. ::msgcat::mcset ru DAYS_OF_WEEK_FULL [list \. "\u0432\u043e\u0441\u043a\u0440\u0435\u0441\u0435\u043d\u044c\u0435"\. "\u043f\u043e\u043d\u0435\u0434\u0435\u043b\u044c\u043d\u0438\u043a"\. "\u0432\u0442\u043e\u0440\u043d\u0438\u043a"\. "\u0441\u0440\u0435\u0434\u0430"\. "\u0447\u0435\u0442\u0432\u0435\u0440\u0433"\. "\u043f\u044f\u0442\u043d\u0438\u0446\u0430"\. "\u0441\u0443\u0431\u0431\u043e\u0442\u0430"]. ::msgcat::mcset ru MONTHS_ABBREV [list \. "\u044f\u043d\u0432"\. "\u0444\u0435\u0432"\. "\u043c\u0430\u0440"\. "\u0430\u043f\u0440"\. "\u043c\u0430\u0439"\. "\u0438\u044e\u043d"\. "\u0438\u

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-GDBU9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.86395314548955
Encrypted:	false
SSDEEP:
MD5:	1E6062716A094CC3CE1F2C97853CD3CD
SHA1:	499F69E661B3B5747227B31DE4539CAF355CCAAC
SHA-256:	1BC22AF98267D635E3F07615A264A716940A2B1FAA5CAA3AFF54D4C5A4A34370
SHA-512:	7C3FB65EC76A2F35354E93A47C3A59848170AAF504998CEF66AEBAAD39D303EC67BE212C6FACC98305E35FFEBF23CCB7E34396F11987E81D76B3685E6B5E89B3
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_GT DATE_FORMAT "%e/%m/%Y". ::msgcat::mcset es_GT TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_GT DATE_TIME_FORMAT "%e/%m/%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-GQS1A.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1255
Entropy (8bit):	4.4416408590245
Encrypted:	false
SSDEEP:
MD5:	73F0A9C360A90CB75C6DA7EF87EF512F
SHA1:	582EB224C9715C8336B4D1FCE7DDEC0D89F5AD71
SHA-256:	510D8EED3040B50AFAF6A3C85BC98847F1B4D5D8A685C5EC06ACC2491B890101
SHA-512:	B5482C7448BFC44B05FCF7EB0642B0C7393F4438082A507A94C13F56F12A115A5CE7F0744518BB0B2FAF759D1AD7744B0BEDB98F563C2A4AB11BC4619D7CEA22
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset lt DAYS_OF_WEEK_ABBREV [list \. "Sk"\. "Pr"\. "An"\. "Tr"\. "Kt"\. "Pn"\. "\u0160t"]. ::msgcat::mcset lt DAYS_OF_WEEK_FULL [list \. "Sekmadienis"\. "Pirmadienis"\. "Antradienis"\. "Tre\u010diadienis"\. "Ketvirtadienis"\. "Penktadienis"\. "\u0160e\u0161tadienis"]. ::msgcat::mcset lt MONTHS_ABBREV [list \. "Sau"\. "Vas"\. "Kov"\. "Bal"\. "Geg"\. "Bir"\. "Lie"\. "Rgp"\. "Rgs"\. "Spa"\. "Lap"\. "Grd"\. ""]. ::msgcat::mcset lt MONTHS_FULL [list \. "Sausio"\. "Vasario"\. "Kovo"\. "Baland\u017eio"\. "Gegu\u017e\u0117s"\. "Bir\u017eelio"\. "Liepos"\. "Rugpj\u016b\u010dio"\. "Rugs\u0117jo"\. "Spalio"\. "Lapkri\u010dio"\. "G

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-HE0RB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1267
Entropy (8bit):	4.339253133089184
Encrypted:	false
SSDEEP:
MD5:	931A009F7E8A376972DE22AD5670EC88
SHA1:	44AEF01F568250851099BAA8A536FBBACD3DEBBB
SHA-256:	CB27007E138315B064576C17931280CFE6E6929EFC3DAFD7171713D204CFC3BF
SHA-512:	47B230271CD362990C581CD6C06B0BCEA23E10E03D927C7C28415739DB3541D69D1B87DF554E9B4F00ECCAAB0F6AC0565F9EB0DEA8B75C54A90B2D53C928D379
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sq DAYS_OF_WEEK_ABBREV [list \. "Die"\. "H\u00ebn"\. "Mar"\. "M\u00ebr"\. "Enj"\. "Pre"\. "Sht"]. ::msgcat::mcset sq DAYS_OF_WEEK_FULL [list \. "e diel"\. "e h\u00ebn\u00eb"\. "e mart\u00eb"\. "e m\u00ebrkur\u00eb"\. "e enjte"\. "e premte"\. "e shtun\u00eb"]. ::msgcat::mcset sq MONTHS_ABBREV [list \. "Jan"\. "Shk"\. "Mar"\. "Pri"\. "Maj"\. "Qer"\. "Kor"\. "Gsh"\. "Sht"\. "Tet"\. "N\u00ebn"\. "Dhj"\. ""]. ::msgcat::mcset sq MONTHS_FULL [list \. "janar"\. "shkurt"\. "mars"\. "prill"\. "maj"\. "qershor"\. "korrik"\. "gusht"\. "shtator"\. "tetor"\. "n\u00ebntor"\. "dhjetor"\. ""]. ::msgcat::mcset sq BCE "p.e.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-HEOUR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1738
Entropy (8bit):	4.1505681803025185
Encrypted:	false
SSDEEP:
MD5:	349823390798DF68270E4DB46C3CA863
SHA1:	814F9506FCD8B592C22A47023E73457C469B2F53
SHA-256:	FAFE65DB09BDCB863742FDA8705BCD1C31B59E0DD8A3B347EA6DEC2596CEE0E9
SHA-512:	4D12213EA9A3EAD6828E21D3B5B73931DC922EBE8FD2373E3A3E106DF1784E0BCE2C9D1FBEAE0D433449BE6D28A0F2F50F49AB8C208E69D413C6787ADF52915E
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset hi DAYS_OF_WEEK_FULL [list \. "\u0930\u0935\u093f\u0935\u093e\u0930"\. "\u0938\u094b\u092e\u0935\u093e\u0930"\. "\u092e\u0902\u0917\u0932\u0935\u093e\u0930"\. "\u092c\u0941\u0927\u0935\u093e\u0930"\. "\u0917\u0941\u0930\u0941\u0935\u093e\u0930"\. "\u0936\u0941\u0915\u094d\u0930\u0935\u093e\u0930"\. "\u0936\u0928\u093f\u0935\u093e\u0930"]. ::msgcat::mcset hi MONTHS_ABBREV [list \. "\u091c\u0928\u0935\u0930\u0940"\. "\u092b\u093c\u0930\u0935\u0930\u0940"\. "\u092e\u093e\u0930\u094d\u091a"\. "\u0905\u092a\u094d\u0930\u0947\u0932"\. "\u092e\u0908"\. "\u091c\u0942\u0928"\. "\u091c\u0941\u0932\u093e\u0908"\. "\u0905\u0917\u0938\u094d\u0924"\. "\u0938\u093f\u0924\u092e\u094d\u092c\u0930"\. "\u0905\u0915\u094d\u091f\u0942\u092c\u0930"\. "\u0928\u0935\u092e\u094d\u092c\u093

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-HHHGC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.839318757139709
Encrypted:	false
SSDEEP:
MD5:	3FCDF0FC39C8E34F6270A646A996F663
SHA1:	6999E82148E1D1799C389BCC6C6952D5514F4A4B
SHA-256:	BC2B0424CF27BEF67F309E2B6DFFEF4D39C46F15D91C15E83E070C7FD4E20C9C
SHA-512:	CDB9ED694A7E555EB321F559E9B0CC0998FD526ADEF33AD08C56943033351D70900CD6EC62D380E23AB9F65CCFB85F4EEEB4E17FA8CC05E56C2AC57FBEDE721E
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset gl_ES DATE_FORMAT "%d %B %Y". ::msgcat::mcset gl_ES TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset gl_ES DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-HHVLD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3330
Entropy (8bit):	4.469203967086526
Encrypted:	false
SSDEEP:
MD5:	9C33FFDD4C13D2357AB595EC3BA70F04
SHA1:	A87F20F7A331DEFC33496ECDA50D855C8396E040
SHA-256:	EF81B41EC69F67A394ECE2B3983B67B3D0C8813624C2BFA1D8A8C15B21608AC9
SHA-512:	E31EEE90660236BCD958F3C540F56B2583290BAD6086AE78198A0819A92CF2394C62DE3800FDDD466A8068F4CABDFBCA46A648D419B1D0103381BF428D721B13
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset zh DAYS_OF_WEEK_ABBREV [list \. "\u661f\u671f\u65e5"\. "\u661f\u671f\u4e00"\. "\u661f\u671f\u4e8c"\. "\u661f\u671f\u4e09"\. "\u661f\u671f\u56db"\. "\u661f\u671f\u4e94"\. "\u661f\u671f\u516d"]. ::msgcat::mcset zh DAYS_OF_WEEK_FULL [list \. "\u661f\u671f\u65e5"\. "\u661f\u671f\u4e00"\. "\u661f\u671f\u4e8c"\. "\u661f\u671f\u4e09"\. "\u661f\u671f\u56db"\. "\u661f\u671f\u4e94"\. "\u661f\u671f\u516d"]. ::msgcat::mcset zh MONTHS_ABBREV [list \. "\u4e00\u6708"\. "\u4e8c\u6708"\. "\u4e09\u6708"\. "\u56db\u6708"\. "\u4e94\u6708"\. "\u516d\u6708"\. "\u4e03\u6708"\. "\u516b\u6708"\. "\u4e5d\u6708"\. "\u5341\u6708"\. "\u5341\u4e00\u6708"\. "\u5341\u4e8c\u6708"\. ""]. ::msgcat::mcset zh MONTHS_FULL [list \.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-J5H81.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	690
Entropy (8bit):	4.48913642143724
Encrypted:	false
SSDEEP:
MD5:	CE7E67A03ED8C3297C6A5B634B55D144
SHA1:	3DA5ACC0F52518541810E7F2FE57751955E12BDA
SHA-256:	D115718818E3E3367847CE35BB5FF0361D08993D9749D438C918F8EB87AD8814
SHA-512:	3754AA7B7D27A813C6113D2AA834A951FED1B81E4DACE22C81E0583F29BBC73C014697F39A2067DEC622D98EACD70D26FD40F80CF6D09E1C949F01FADED52C74
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset mt DAYS_OF_WEEK_ABBREV [list \. "\u0126ad"\. "Tne"\. "Tli"\. "Erb"\. "\u0126am"\. "\u0120im"]. ::msgcat::mcset mt MONTHS_ABBREV [list \. "Jan"\. "Fra"\. "Mar"\. "Apr"\. "Mej"\. "\u0120un"\. "Lul"\. "Awi"\. "Set"\. "Ott"\. "Nov"]. ::msgcat::mcset mt BCE "QK". ::msgcat::mcset mt CE "". ::msgcat::mcset mt DATE_FORMAT "%A, %e ta %B, %Y". ::msgcat::mcset mt TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset mt DATE_TIME_FORMAT "%A, %e ta %B, %Y %l:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-J94AO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2113
Entropy (8bit):	4.227105489438195
Encrypted:	false
SSDEEP:
MD5:	458A38F894B296C83F85A53A92FF8520
SHA1:	CE26187875E334C712FDAB73E6B526247C6FE1CF
SHA-256:	CF2E78EF3322F0121E958098EF5F92DA008344657A73439EAC658CB6BF3D72BD
SHA-512:	3B8730C331CF29EF9DEDBC9D5A53C50D429931B8DA01EE0C20DAE25B995114966DB9BC576BE0696DEC088DB1D88B50DE2C376275AB5251F49F6544E546BBC531
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset uk DAYS_OF_WEEK_ABBREV [list \. "\u043d\u0434"\. "\u043f\u043d"\. "\u0432\u0442"\. "\u0441\u0440"\. "\u0447\u0442"\. "\u043f\u0442"\. "\u0441\u0431"]. ::msgcat::mcset uk DAYS_OF_WEEK_FULL [list \. "\u043d\u0435\u0434\u0456\u043b\u044f"\. "\u043f\u043e\u043d\u0435\u0434\u0456\u043b\u043e\u043a"\. "\u0432\u0456\u0432\u0442\u043e\u0440\u043e\u043a"\. "\u0441\u0435\u0440\u0435\u0434\u0430"\. "\u0447\u0435\u0442\u0432\u0435\u0440"\. "\u043f'\u044f\u0442\u043d\u0438\u0446\u044f"\. "\u0441\u0443\u0431\u043e\u0442\u0430"]. ::msgcat::mcset uk MONTHS_ABBREV [list \. "\u0441\u0456\u0447"\. "\u043b\u044e\u0442"\. "\u0431\u0435\u0440"\. "\u043a\u0432\u0456\u0442"\. "\u0442\u0440\u0430\u0432"\. "\u0447\u0435\u0440\u0432"\. "\u043b\u0438\u043f"\. "\

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-JDAU4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.889615718638578
Encrypted:	false
SSDEEP:
MD5:	B7E7BE63F24FC1D07F28C5F97637BA1C
SHA1:	8FE1D17696C910CF59467598233D55268BFE0D94
SHA-256:	12AD1546EB391989105D80B41A87686D3B30626D0C42A73705F33B2D711950CC
SHA-512:	FD8B83EF06B1E1111AFF186F5693B17526024CAD8CC99102818BE74FD885344D2F628A0541ABB485F38DB8DE7E29EA4EE4B28D8E5F6ECEF826BABE1013ABDFB8
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_CL DATE_FORMAT "%d-%m-%Y". ::msgcat::mcset es_CL TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_CL DATE_TIME_FORMAT "%d-%m-%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-JEJ5J.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	812
Entropy (8bit):	4.344116560816791
Encrypted:	false
SSDEEP:
MD5:	63B8EBBA990D1DE3D83D09375E19F6AC
SHA1:	B7714AF372B4662A0C15DDBC0F80D1249CB1EEBD
SHA-256:	80513A9969A12A8FB01802D6FC3015712A4EFDDA64552911A1BB3EA7A098D02C
SHA-512:	638307C9B97C74BAF38905AC88E73B57F24282E40929DA43ADB74978040B818EFCC2EE2A377DFEB3AC9050800536F2BE1C7C2A7AB9E7B8BCF8D15E5F293F24D9
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset de_AT MONTHS_ABBREV [list \. "J\u00e4n"\. "Feb"\. "M\u00e4r"\. "Apr"\. "Mai"\. "Jun"\. "Jul"\. "Aug"\. "Sep"\. "Okt"\. "Nov"\. "Dez"\. ""]. ::msgcat::mcset de_AT MONTHS_FULL [list \. "J\u00e4nner"\. "Februar"\. "M\u00e4rz"\. "April"\. "Mai"\. "Juni"\. "Juli"\. "August"\. "September"\. "Oktober"\. "November"\. "Dezember"\. ""]. ::msgcat::mcset de_AT DATE_FORMAT "%Y-%m-%d". ::msgcat::mcset de_AT TIME_FORMAT "%T". ::msgcat::mcset de_AT TIME_FORMAT_12 "%T". ::msgcat::mcset de_AT DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-JIST0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2305
Entropy (8bit):	4.324407451316591
Encrypted:	false
SSDEEP:
MD5:	D145F9DF0E339A2538662BD752F02E16
SHA1:	AFD97F8E8CC14D306DEDD78F8F395738E38A8569
SHA-256:	F9641A6EBE3845CE5D36CED473749F5909C90C52E405F074A6DA817EF6F39867
SHA-512:	E17925057560462F730CF8288856E46FA1F1D2A10B5D4D343257B7687A3855014D5C65B6C85AC55A7C77B8B355DB19F053C74B91DFA7BE7E9F933D9D4DA117F7
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset th DAYS_OF_WEEK_ABBREV [list \. "\u0e2d\u0e32."\. "\u0e08."\. "\u0e2d."\. "\u0e1e."\. "\u0e1e\u0e24."\. "\u0e28."\. "\u0e2a."]. ::msgcat::mcset th DAYS_OF_WEEK_FULL [list \. "\u0e27\u0e31\u0e19\u0e2d\u0e32\u0e17\u0e34\u0e15\u0e22\u0e4c"\. "\u0e27\u0e31\u0e19\u0e08\u0e31\u0e19\u0e17\u0e23\u0e4c"\. "\u0e27\u0e31\u0e19\u0e2d\u0e31\u0e07\u0e04\u0e32\u0e23"\. "\u0e27\u0e31\u0e19\u0e1e\u0e38\u0e18"\. "\u0e27\u0e31\u0e19\u0e1e\u0e24\u0e2b\u0e31\u0e2a\u0e1a\u0e14\u0e35"\. "\u0e27\u0e31\u0e19\u0e28\u0e38\u0e01\u0e23\u0e4c"\. "\u0e27\u0e31\u0e19\u0e40\u0e2a\u0e32\u0e23\u0e4c"]. ::msgcat::mcset th MONTHS_ABBREV [list \. "\u0e21.\u0e04."\. "\u0e01.\u0e1e."\. "\u0e21\u0e35.\u0e04."\. "\u0e40\u0e21.\u0e22."\. "\u0e1e.\u0e04."\. "\u0e21\u0e34.\u0e22."\. "\

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-K18SF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	279
Entropy (8bit):	4.7755422576113595
Encrypted:	false
SSDEEP:
MD5:	04452D43DA05A94414973F45CDD12869
SHA1:	AEEDCC2177B592A0025A1DBCFFC0EF3634DBF562
SHA-256:	2072E48C98B480DB5677188836485B4605D5A9D99870AC73B5BFE9DCC6DB46F4
SHA-512:	5A01156FD5AB662EE9D626518B4398A161BAF934E3A618B3A18839A944AEEAEE6FE1A5279D7750511B126DB3AD2CC992CDA067573205ACBC211C34C8A099305F
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ga_IE DATE_FORMAT "%d.%m.%y". ::msgcat::mcset ga_IE TIME_FORMAT "%T". ::msgcat::mcset ga_IE TIME_FORMAT_12 "%T". ::msgcat::mcset ga_IE DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-KJH7S.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1180
Entropy (8bit):	4.216657382642579
Encrypted:	false
SSDEEP:
MD5:	022CBA4FF73CF18D63D1B0C11D058B5D
SHA1:	8B2D0BE1BE354D639EC3373FE20A0F255E312EF6
SHA-256:	FFF2F08A5BE202C81E469E16D4DE1F8A0C1CFE556CDA063DA071279F29314837
SHA-512:	5142AD14C614E6BA5067B371102F7E81B14EB7AF3E40D05C674CFF1052DA4D172768636D34FF1DEE2499E43B2FEB4771CB1B67EDA10B887DE50E15DCD58A5283
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es DAYS_OF_WEEK_ABBREV [list \. "dom"\. "lun"\. "mar"\. "mi\u00e9"\. "jue"\. "vie"\. "s\u00e1b"]. ::msgcat::mcset es DAYS_OF_WEEK_FULL [list \. "domingo"\. "lunes"\. "martes"\. "mi\u00e9rcoles"\. "jueves"\. "viernes"\. "s\u00e1bado"]. ::msgcat::mcset es MONTHS_ABBREV [list \. "ene"\. "feb"\. "mar"\. "abr"\. "may"\. "jun"\. "jul"\. "ago"\. "sep"\. "oct"\. "nov"\. "dic"\. ""]. ::msgcat::mcset es MONTHS_FULL [list \. "enero"\. "febrero"\. "marzo"\. "abril"\. "mayo"\. "junio"\. "julio"\. "agosto"\. "septiembre"\. "octubre"\. "noviembre"\. "diciembre"\. ""]. ::msgcat::mcset es BCE "a.C.". ::msgcat::mcset es

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-KJIHR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1812
Entropy (8bit):	4.020656526954981
Encrypted:	false
SSDEEP:
MD5:	3789E03CF926D4F12AFD30FC7229B78D
SHA1:	AEF38AAB736E5434295C72C14F38033AAFE6EF15
SHA-256:	7C970EFEB55C53758143DF42CC452A3632F805487CA69DB57E37C1F478A7571B
SHA-512:	C9172600703337EDB2E36D7470A3AED96CCC763D7163067CB19E7B097BB7877522758C3109E31D5D72F486DD50BF510DDBA50EDD248B899FA0A2EEF09FCBF903
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ar_LB DAYS_OF_WEEK_ABBREV [list \. "\u0627\u0644\u0623\u062d\u062f"\. "\u0627\u0644\u0627\u062b\u0646\u064a\u0646"\. "\u0627\u0644\u062b\u0644\u0627\u062b\u0627\u0621"\. "\u0627\u0644\u0623\u0631\u0628\u0639\u0627\u0621"\. "\u0627\u0644\u062e\u0645\u064a\u0633"\. "\u0627\u0644\u062c\u0645\u0639\u0629"\. "\u0627\u0644\u0633\u0628\u062a"]. ::msgcat::mcset ar_LB MONTHS_ABBREV [list \. "\u0643\u0627\u0646\u0648\u0646 \u0627\u0644\u062b\u0627\u0646\u064a"\. "\u0634\u0628\u0627\u0637"\. "\u0622\u0630\u0627\u0631"\. "\u0646\u064a\u0633\u0627\u0646"\. "\u0646\u0648\u0627\u0631"\. "\u062d\u0632\u064a\u0631\u0627\u0646"\. "\u062a\u0645\u0648\u0632"\. "\u0622\u0628"\. "\u0623\u064a\u0644\u0648\u0644"\. "\u062a\u0634\u0631\u064a\u0646 \u0627\u0644\u0623\u0648\u0644"\. "\u062a\

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-KVSQ7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.020358587042703
Encrypted:	false
SSDEEP:
MD5:	E0BC93B8F050D6D80B8173FF4FA4D7B7
SHA1:	231FF1B6F859D0261F15D2422DF09E756CE50CCB
SHA-256:	2683517766AF9DA0D87B7A862DE9ADEA82D9A1454FC773A9E3C1A6D92ABA947A
SHA-512:	8BA6EAC5F71167B83A58B47123ACF7939C348FE2A0CA2F092FE9F60C0CCFB901ADA0E8F2101C282C39BAE86C918390985731A8F66E481F8074732C37CD50727F
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset zh_SG AM "\u4e0a\u5348". ::msgcat::mcset zh_SG PM "\u4e2d\u5348". ::msgcat::mcset zh_SG DATE_FORMAT "%d %B %Y". ::msgcat::mcset zh_SG TIME_FORMAT_12 "%P %I:%M:%S". ::msgcat::mcset zh_SG DATE_TIME_FORMAT "%d %B %Y %P %I:%M:%S %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-KVV1H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.865159200607995
Encrypted:	false
SSDEEP:
MD5:	3045036D8F0663E26796E4E8AFF144E2
SHA1:	6C9066396C107049D861CD0A9C98DE8753782571
SHA-256:	B8D354519BD4EB1004EB7B25F4E23FD3EE7F533A5F491A46D19FD520ED34C930
SHA-512:	EBA6CD05BD596D0E8C96BBCA86379F003AD31E564D9CB90C906AF4B3A776AA797FC18EC405781F83493BBB33510DEDC0E78504AD1E6977BE0F83B2959AD25B8A
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_SG DATE_FORMAT "%d %b %Y". ::msgcat::mcset en_SG TIME_FORMAT_12 "%P %I:%M:%S". ::msgcat::mcset en_SG DATE_TIME_FORMAT "%d %b %Y %P %I:%M:%S %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-L1H8V.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.890913756172577
Encrypted:	false
SSDEEP:
MD5:	A65040748621B18B1F88072883891280
SHA1:	4D0ED6668A99BAC9B273B0FA8BC74EB6BB9DDFC8
SHA-256:	823AF00F4E44613E929D32770EDB214132B6E210E872751624824DA5F0B78448
SHA-512:	16FFD4107C3B85619629B2CD8A48AB9BC3763FA6E4FE4AE910EDF3B42209CEEB8358D4E7E531C2417875D05E5F801BB19B10130FA8BF70E44CFD8F1BA06F6B6E
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset gv_GB DATE_FORMAT "%d %B %Y". ::msgcat::mcset gv_GB TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset gv_GB DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-LBB5T.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	966
Entropy (8bit):	3.9734955453120504
Encrypted:	false
SSDEEP:
MD5:	413A264B40EEBEB28605481A3405D27D
SHA1:	9C2EFA6326C62962DCD83BA8D16D89616D2C5B77
SHA-256:	F49F4E1C7142BF7A82FC2B9FC075171AE45903FE69131478C15219D72BBAAD33
SHA-512:	CF0559DB130B8070FEC93A64F5317A2C9CDE7D5EAFD1E92E76EAAE0740C6429B7AB7A60BD833CCA4ABCC0AADEBC6A68F854FF654E0707091023D275404172427
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kw DAYS_OF_WEEK_ABBREV [list \. "Sul"\. "Lun"\. "Mth"\. "Mhr"\. "Yow"\. "Gwe"\. "Sad"]. ::msgcat::mcset kw DAYS_OF_WEEK_FULL [list \. "De Sul"\. "De Lun"\. "De Merth"\. "De Merher"\. "De Yow"\. "De Gwener"\. "De Sadorn"]. ::msgcat::mcset kw MONTHS_ABBREV [list \. "Gen"\. "Whe"\. "Mer"\. "Ebr"\. "Me"\. "Evn"\. "Gor"\. "Est"\. "Gwn"\. "Hed"\. "Du"\. "Kev"\. ""]. ::msgcat::mcset kw MONTHS_FULL [list \. "Mys Genver"\. "Mys Whevrel"\. "Mys Merth"\. "Mys Ebrel"\. "Mys Me"\. "Mys Evan"\. "Mys Gortheren"\. "Mye Est"\. "Mys Gwyngala"\. "Mys Hedra"\. "Mys Du"\. "Mys Kevardhu"\. ""].}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-LE5G1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.883202808381857
Encrypted:	false
SSDEEP:
MD5:	6A013D20A3C983639EAF89B93AB2037C
SHA1:	9ABEC22E82C1638B9C8E197760C66E370299BB93
SHA-256:	E3268C95E9B7D471F5FD2436C17318D5A796220BA39CEBEBCD39FBB0141A49CE
SHA-512:	C4FE0493A2C45DA792D0EE300EC1D30E25179209FE39ACCD74B23ACDFF0A72DEEEED1A1D12842101E0A4E57E8FEADF54F926347B6E9B987B70A52E0557919FC2
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_SV DATE_FORMAT "%m-%d-%Y". ::msgcat::mcset es_SV TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_SV DATE_TIME_FORMAT "%m-%d-%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-LNDTF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1141
Entropy (8bit):	4.24180563443443
Encrypted:	false
SSDEEP:
MD5:	88D5CB026EBC3605E8693D9A82C2D050
SHA1:	C2A613DC7C367A841D99DE15876F5E7A8027BBF8
SHA-256:	057C75C1AD70653733DCE43EA5BF151500F39314E8B0236EE80F8D5DB623627F
SHA-512:	253575BFB722CF06937BBE4E9867704B95EFE7B112B370E1430A2027A1818BD2560562A43AD2D067386787899093B25AE84ABFE813672A15A649FEF487E31F7A
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ga DAYS_OF_WEEK_ABBREV [list \. "Domh"\. "Luan"\. "M\u00e1irt"\. "C\u00e9ad"\. "D\u00e9ar"\. "Aoine"\. "Sath"]. ::msgcat::mcset ga DAYS_OF_WEEK_FULL [list \. "D\u00e9 Domhnaigh"\. "D\u00e9 Luain"\. "D\u00e9 M\u00e1irt"\. "D\u00e9 C\u00e9adaoin"\. "D\u00e9ardaoin"\. "D\u00e9 hAoine"\. "D\u00e9 Sathairn"]. ::msgcat::mcset ga MONTHS_ABBREV [list \. "Ean"\. "Feabh"\. "M\u00e1rta"\. "Aib"\. "Beal"\. "Meith"\. "I\u00fail"\. "L\u00fan"\. "MF\u00f3mh"\. "DF\u00f3mh"\. "Samh"\. "Noll"\. ""]. ::msgcat::mcset ga MONTHS_FULL [list \. "Ean\u00e1ir"\. "Feabhra"\. "M\u00e1rta"\. "Aibre\u00e1n"\. "M\u00ed na Bealtaine"\. "Meith"\. "I\u00fail"\. "L\u00fanasa"

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-LUB4E.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.914818138642697
Encrypted:	false
SSDEEP:
MD5:	D325ADCF1F81F40D7B5D9754AE0542F3
SHA1:	7A6BCD6BE5F41F84B600DF355CB00ECB9B4AE8C0
SHA-256:	7A8A539C8B990AEFFEA06188B98DC437FD2A6E89FF66483EF334994E73FD0EC9
SHA-512:	A05BBB3F80784B9C8BBA3FE618FEE154EE40D240ED4CFF7CD6EEE3D97BC4F065EFF585583123F1FFD8ABA1A194EB353229E15ED5CD43759D4D356EC5BE8DCD73
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kw_GB DATE_FORMAT "%d %B %Y". ::msgcat::mcset kw_GB TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset kw_GB DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-M25DC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.877844330421912
Encrypted:	false
SSDEEP:
MD5:	40250432AD0DC4FF168619719F91DBCA
SHA1:	D38532CA84E80FE70C69108711E3F9A7DFD5230F
SHA-256:	BA557A3C656275A0C870FB8466F2237850F5A7CF2D001919896725BB3D3EAA4B
SHA-512:	26FB4B3332E2C06628869D4C63B7BAB4F42FF73D1D4FD8603323A93067F60D9505C70D1A14D7E34A9880E2993183FC09D43013F3BEB8BC48732F08181643D05D
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_UY DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_UY TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_UY DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-MA7TC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1079
Entropy (8bit):	4.158523842311663
Encrypted:	false
SSDEEP:
MD5:	98820DFF7E1C8A9EAB8C74B0B25DEB5D
SHA1:	5357063D5699188E544D244EC4AEFDDF7606B922
SHA-256:	49128B36B88E380188059C4B593C317382F32E29D1ADC18D58D14D142459A2BB
SHA-512:	26AB945B7BA00433BEC85ACC1D90D1D3B70CE505976CABE1D75A7134E00CD591AC27463987C515EEA079969DBCF200DA9C8538CAAF178A1EE17C9B0284260C45
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset nl DAYS_OF_WEEK_ABBREV [list \. "zo"\. "ma"\. "di"\. "wo"\. "do"\. "vr"\. "za"]. ::msgcat::mcset nl DAYS_OF_WEEK_FULL [list \. "zondag"\. "maandag"\. "dinsdag"\. "woensdag"\. "donderdag"\. "vrijdag"\. "zaterdag"]. ::msgcat::mcset nl MONTHS_ABBREV [list \. "jan"\. "feb"\. "mrt"\. "apr"\. "mei"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset nl MONTHS_FULL [list \. "januari"\. "februari"\. "maart"\. "april"\. "mei"\. "juni"\. "juli"\. "augustus"\. "september"\. "oktober"\. "november"\. "december"\. ""]. ::msgcat::mcset nl DATE_FORMAT "%e %B %Y". ::msgcat::mcset nl TIME_FORM

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-MI93J.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.872124246425178
Encrypted:	false
SSDEEP:
MD5:	2C4C45C450FEA6BA0421281F1CF55A2A
SHA1:	5249E31611A670EAEEF105AB4AD2E5F14B355CAE
SHA-256:	4B28B46981BBB78CBD2B22060E2DD018C66FCFF1CEE52755425AD4900A90D6C3
SHA-512:	969A4566C7B5FAF36204865D5BC22C849FBB44F0D16B04B9A9473B05DBABF22AEB9B77F282A44BB85D7E2A56C4E5BCE59E4E4CDEB3F6DD52AF47C65C709A3690
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_NI DATE_FORMAT "%m-%d-%Y". ::msgcat::mcset es_NI TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_NI DATE_TIME_FORMAT "%m-%d-%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-MTUFS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1255
Entropy (8bit):	4.391152464169964
Encrypted:	false
SSDEEP:
MD5:	6695839F1C4D2A92552CB1647FD14DA5
SHA1:	04CB1976846A78EA9593CB3706C9D61173CE030C
SHA-256:	6767115FFF2DA05F49A28BAD78853FAC6FC716186B985474D6D30764E1727C40
SHA-512:	208766038A6A1D748F4CB2660F059AD355A5439EA6D8326F4F410B2DFBBDEECB55D4CE230C01C519B08CAB1CF5E5B3AC61E7BA86020A7BDA1AFEA624F3828521
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset is DAYS_OF_WEEK_ABBREV [list \. "sun."\. "m\u00e1n."\. "\u00feri."\. "mi\u00f0."\. "fim."\. "f\u00f6s."\. "lau."]. ::msgcat::mcset is DAYS_OF_WEEK_FULL [list \. "sunnudagur"\. "m\u00e1nudagur"\. "\u00feri\u00f0judagur"\. "mi\u00f0vikudagur"\. "fimmtudagur"\. "f\u00f6studagur"\. "laugardagur"]. ::msgcat::mcset is MONTHS_ABBREV [list \. "jan."\. "feb."\. "mar."\. "apr."\. "ma\u00ed"\. "j\u00fan."\. "j\u00fal."\. "\u00e1g\u00fa."\. "sep."\. "okt."\. "n\u00f3v."\. "des."\. ""]. ::msgcat::mcset is MONTHS_FULL [list \. "jan\u00faar"\. "febr\u00faar"\. "mars"\. "apr\u00edl"\. "ma\u00ed"\. "j\u00fan\u00ed"\. "j\u00fal\u00ed"\. "\u00e1g\u00fast"\.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-N39J3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	417
Entropy (8bit):	5.087144086729547
Encrypted:	false
SSDEEP:
MD5:	044BAAA627AD3C3585D229865A678357
SHA1:	9D64038C00253A7EEDA4921B9C5E34690E185061
SHA-256:	CF492CBD73A6C230725225D70566B6E46D5730BD3F63879781DE4433965620BE
SHA-512:	DA138F242B44111FAFE9EFE986EB987C26A64D9316EA5644AC4D3D4FEC6DF9F5D55F342FC194BC487A1B7C740F931D883A574863B48396D837D1E270B733F735
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fa_IR AM "\u0635\u0628\u062d". ::msgcat::mcset fa_IR PM "\u0639\u0635\u0631". ::msgcat::mcset fa_IR DATE_FORMAT "%d\u2044%m\u2044%Y". ::msgcat::mcset fa_IR TIME_FORMAT "%S:%M:%H". ::msgcat::mcset fa_IR TIME_FORMAT_12 "%S:%M:%l %P". ::msgcat::mcset fa_IR DATE_TIME_FORMAT "%d\u2044%m\u2044%Y %S:%M:%H %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-N7LT3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2105
Entropy (8bit):	4.215818273236158
Encrypted:	false
SSDEEP:
MD5:	1A3ABFBC61EF757B45FF841C197BB6C3
SHA1:	74D623DAB6238D05C18DDE57FC956D84974FC2D4
SHA-256:	D790E54217A4BF9A7E1DCB4F3399B5861728918E93CD3F00B63F1349BDB71C57
SHA-512:	154D053410AA0F7817197B7EE1E8AE839BA525C7660620581F228477B1F5B972FE95A4E493BB50365D0B63B0115036DDE54A98450CA4E8048AF5D0AF092BADE5
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset be DAYS_OF_WEEK_ABBREV [list \. "\u043d\u0434"\. "\u043f\u043d"\. "\u0430\u0442"\. "\u0441\u0440"\. "\u0447\u0446"\. "\u043f\u0442"\. "\u0441\u0431"]. ::msgcat::mcset be DAYS_OF_WEEK_FULL [list \. "\u043d\u044f\u0434\u0437\u0435\u043b\u044f"\. "\u043f\u0430\u043d\u044f\u0434\u0437\u0435\u043b\u0430\u043a"\. "\u0430\u045e\u0442\u043e\u0440\u0430\u043a"\. "\u0441\u0435\u0440\u0430\u0434\u0430"\. "\u0447\u0430\u0446\u0432\u0435\u0440"\. "\u043f\u044f\u0442\u043d\u0456\u0446\u0430"\. "\u0441\u0443\u0431\u043e\u0442\u0430"]. ::msgcat::mcset be MONTHS_ABBREV [list \. "\u0441\u0442\u0434"\. "\u043b\u044e\u0442"\. "\u0441\u043a\u0432"\. "\u043a\u0440\u0441"\. "\u043c\u0430\u0439"\. "\u0447\u0440\u0432"\. "\u043b\u043f\u043d"\. "\u0436\u043d\u

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-NDRKU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1223
Entropy (8bit):	4.319193323810203
Encrypted:	false
SSDEEP:
MD5:	A741CF1A27C77CFF2913076AC9EE9DDC
SHA1:	DE519D3A86DCF1E8F469490967AFE350BAEAFE01
SHA-256:	7573581DEC27E90B0C7D34057D9F4EF89727317D55F2C4E0428A47740FB1EB7A
SHA-512:	C9272793BAA1D33C32576B48756063F4A9BB97E8FFA276809CF4C3956CC457E48C577BDF359C1ECF5CF665A68135CAED17E972DC053A6AFBAAC3BA0ECBAFEB05
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset de_BE DAYS_OF_WEEK_ABBREV [list \. "Son"\. "Mon"\. "Die"\. "Mit"\. "Don"\. "Fre"\. "Sam"]. ::msgcat::mcset de_BE DAYS_OF_WEEK_FULL [list \. "Sonntag"\. "Montag"\. "Dienstag"\. "Mittwoch"\. "Donnerstag"\. "Freitag"\. "Samstag"]. ::msgcat::mcset de_BE MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "M\u00e4r"\. "Apr"\. "Mai"\. "Jun"\. "Jul"\. "Aug"\. "Sep"\. "Okt"\. "Nov"\. "Dez"\. ""]. ::msgcat::mcset de_BE MONTHS_FULL [list \. "Januar"\. "Februar"\. "M\u00e4rz"\. "April"\. "Mai"\. "Juni"\. "Juli"\. "August"\. "September"\. "Oktober"\. "November"\. "Dezember"\. ""]. ::msgcat::mcset de_BE AM "vorm". ::msgcat::mcs

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-NFGP3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.878640071219599
Encrypted:	false
SSDEEP:
MD5:	4C2B2A6FBC6B514EA09AA9EF98834F17
SHA1:	853FFCBB9A2253B7DC2B82C2BFC3B132500F7A9D
SHA-256:	24B58DE38CD4CB2ABD08D1EDA6C9454FFDE7ED1A33367B457D7702434A0A55EE
SHA-512:	3347F9C13896AF19F6BAFBEF225AF2A1F84F20F117E7F0CE3E5CAA783FDD88ABDFAF7C1286AE421BC609A39605E16627013945E4ACA1F7001B066E14CAB90BE7
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_BO DATE_FORMAT "%d-%m-%Y". ::msgcat::mcset es_BO TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_BO DATE_TIME_FORMAT "%d-%m-%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-NJJQ0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1211
Entropy (8bit):	4.392723231340452
Encrypted:	false
SSDEEP:
MD5:	31A9133E9DCA7751B4C3451D60CCFFA0
SHA1:	FB97A5830965716E77563BE6B7EB1C6A0EA6BF40
SHA-256:	C39595DDC0095EB4AE9E66DB02EE175B31AC3DA1F649EB88FA61B911F838F753
SHA-512:	329EE7FE79783C83361A0C5FFFD7766B64B8544D1AD63C57AEAA2CC6A526E01D9C4D7765C73E88F86DAE57477459EA330A0C42F39E441B50DE9B0F429D01EAE8
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset pl DAYS_OF_WEEK_ABBREV [list \. "N"\. "Pn"\. "Wt"\. "\u015ar"\. "Cz"\. "Pt"\. "So"]. ::msgcat::mcset pl DAYS_OF_WEEK_FULL [list \. "niedziela"\. "poniedzia\u0142ek"\. "wtorek"\. "\u015broda"\. "czwartek"\. "pi\u0105tek"\. "sobota"]. ::msgcat::mcset pl MONTHS_ABBREV [list \. "sty"\. "lut"\. "mar"\. "kwi"\. "maj"\. "cze"\. "lip"\. "sie"\. "wrz"\. "pa\u017a"\. "lis"\. "gru"\. ""]. ::msgcat::mcset pl MONTHS_FULL [list \. "stycze\u0144"\. "luty"\. "marzec"\. "kwiecie\u0144"\. "maj"\. "czerwiec"\. "lipiec"\. "sierpie\u0144"\. "wrzesie\u0144"\. "pa\u017adziernik"\. "listopad"\. "grudzie\u0144"\. ""]. ::msgcat::m

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-NS0TC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	305
Entropy (8bit):	4.823881517188826
Encrypted:	false
SSDEEP:
MD5:	A0BB5A5CC6C37C12CB24523198B82F1C
SHA1:	B7A6B4BFB6533CC33A0A0F5037E55A55958C4DFC
SHA-256:	596AC02204C845AA74451FC527645549F2A3318CB63051FCACB2BF948FD77351
SHA-512:	9859D8680E326C2EB39390F3B96AC0383372433000A4E828CF803323AB2AB681B2BAE87766CB6FB23F6D46DBA38D3344BC4A941AFB0027C737784063194F9AE4
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_BE DATE_FORMAT "%d %b %Y". ::msgcat::mcset en_BE TIME_FORMAT "%k:%M:%S". ::msgcat::mcset en_BE TIME_FORMAT_12 "%k h %M min %S s %z". ::msgcat::mcset en_BE DATE_TIME_FORMAT "%d %b %Y %k:%M:%S %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-NSA1Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1203
Entropy (8bit):	4.335103779497533
Encrypted:	false
SSDEEP:
MD5:	B2EF88014D274C8001B36739F5F566CE
SHA1:	1044145C1714FD44D008B13A31BC778DFBE47950
SHA-256:	043DECE6EA7C83956B3300B95F8A0E92BADAA8FC29D6C510706649D1D810679A
SHA-512:	820EB42D94BEE21FDB990FC27F7900CF676AFC59520F3EE78FB72D6D7243A17A234D4AE964E5D52AD7CBC7DD9A593F672BAD8A80EC48B25B344AA6950EF52ECF
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sk DAYS_OF_WEEK_ABBREV [list \. "Ne"\. "Po"\. "Ut"\. "St"\. "\u0160t"\. "Pa"\. "So"]. ::msgcat::mcset sk DAYS_OF_WEEK_FULL [list \. "Nede\u013ee"\. "Pondelok"\. "Utorok"\. "Streda"\. "\u0160tvrtok"\. "Piatok"\. "Sobota"]. ::msgcat::mcset sk MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "m\u00e1j"\. "j\u00fan"\. "j\u00fal"\. "aug"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset sk MONTHS_FULL [list \. "janu\u00e1r"\. "febru\u00e1r"\. "marec"\. "apr\u00edl"\. "m\u00e1j"\. "j\u00fan"\. "j\u00fal"\. "august"\. "september"\. "okt\u00f3ber"\. "november"\. "december"\. ""]. ::msgcat::mcset sk BCE

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-NSC5J.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	986
Entropy (8bit):	4.07740021579371
Encrypted:	false
SSDEEP:
MD5:	996B699F6821A055B826415446A11C8E
SHA1:	C382039ED7D2AE8D96CF2EA55FA328AE9CFD2F7D
SHA-256:	F249DD1698ED1687E13654C04D08B829193027A2FECC24222EC854B59350466A
SHA-512:	AB6F5ABC9823C7F7A67BA1E821680ACD37761F83CD1F46EC731AB2B72AA34C2E523ACE288E9DE70DB3D58E11F5CB42ECB5A5E4E39BFD7DFD284F1FF6B637E11D
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fo DAYS_OF_WEEK_ABBREV [list \. "sun"\. "m\u00e1n"\. "t\u00fds"\. "mik"\. "h\u00f3s"\. "fr\u00ed"\. "ley"]. ::msgcat::mcset fo DAYS_OF_WEEK_FULL [list \. "sunnudagur"\. "m\u00e1nadagur"\. "t\u00fdsdagur"\. "mikudagur"\. "h\u00f3sdagur"\. "fr\u00edggjadagur"\. "leygardagur"]. ::msgcat::mcset fo MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "mai"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "des"\. ""]. ::msgcat::mcset fo MONTHS_FULL [list \. "januar"\. "februar"\. "mars"\. "apr\u00edl"\. "mai"\. "juni"\. "juli"\. "august"\. "september"\. "oktober"\. "november"\. "desember"\. ""].}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-OKUGD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1300
Entropy (8bit):	4.400184537938628
Encrypted:	false
SSDEEP:
MD5:	4C5679B0880394397022A70932F02442
SHA1:	CA5C47A76CD4506D8E11AECE1EA0B4A657176019
SHA-256:	49CF452EEF0B8970BC56A7B8E040BA088215508228A77032CBA0035522412F86
SHA-512:	39FA0D3235FFD3CE2BCCFFFA6A4A8EFE2668768757DAFDE901917731E20AD15FCAC4E48CF4ACF0ADFAA38CC72768FD8F1B826464B0F71A1C784E334AE72F857C
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset cs DAYS_OF_WEEK_ABBREV [list \. "Ne"\. "Po"\. "\u00dat"\. "St"\. "\u010ct"\. "P\u00e1"\. "So"]. ::msgcat::mcset cs DAYS_OF_WEEK_FULL [list \. "Ned\u011ble"\. "Pond\u011bl\u00ed"\. "\u00dater\u00fd"\. "St\u0159eda"\. "\u010ctvrtek"\. "P\u00e1tek"\. "Sobota"]. ::msgcat::mcset cs MONTHS_ABBREV [list \. "I"\. "II"\. "III"\. "IV"\. "V"\. "VI"\. "VII"\. "VIII"\. "IX"\. "X"\. "XI"\. "XII"\. ""]. ::msgcat::mcset cs MONTHS_FULL [list \. "leden"\. "\u00fanor"\. "b\u0159ezen"\. "duben"\. "kv\u011bten"\. "\u010derven"\. "\u010dervenec"\. "srpen"\. "z\u00e1\u0159\u00ed"\. "\u0159\u00edjen"\. "listopad"\. "prosinec"\. ""]

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-OMNNS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	259
Entropy (8bit):	4.821338044395148
Encrypted:	false
SSDEEP:
MD5:	764E70363A437ECA938DEC17E615608B
SHA1:	2296073AE8CC421780E8A3BCD58312D6FB2F5BFC
SHA-256:	7D3A956663C529D07C8A9610414356DE717F3A2A2CE9B331B052367270ACEA94
SHA-512:	4C7B9082DA9DDF07C2BE16C359A1A42834B8E730AD4DD5B987866C2CC735402DDE513588A89C8DFA25A1AC6F66AF9FDDBEA8FD500F8526C4641BBA7011CD0D28
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset bn_IN DATE_FORMAT "%A %d %b %Y". ::msgcat::mcset bn_IN TIME_FORMAT_12 "%I:%M:%S %z". ::msgcat::mcset bn_IN DATE_TIME_FORMAT "%A %d %b %Y %I:%M:%S %z %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-P08CS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	259
Entropy (8bit):	4.825452591398057
Encrypted:	false
SSDEEP:
MD5:	EEB42BA91CC7EF4F89A8C1831ABE7B03
SHA1:	74D12B4CBCDF63FDF00E589D8A604A5C52C393EF
SHA-256:	29A70EAC43B1F3AA189D8AE4D92658E07783965BAE417FB66EE5F69CFCB564F3
SHA-512:	6CCB2F62986CE1CF3CE78538041A0E4AAF717496F965D73014A13E9B05093EB43185C3C14212DC052562F3F369AB6985485C8C93D1DFC60CF9B8DABEA7CDF434
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ar_IN DATE_FORMAT "%A %d %B %Y". ::msgcat::mcset ar_IN TIME_FORMAT_12 "%I:%M:%S %z". ::msgcat::mcset ar_IN DATE_TIME_FORMAT "%A %d %B %Y %I:%M:%S %z %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-P6N57.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1167
Entropy (8bit):	4.2825791311526515
Encrypted:	false
SSDEEP:
MD5:	496D9183E2907199056CA236438498E1
SHA1:	D9C3BB4AEBD9BFD942593694E796A8C2FB9217B8
SHA-256:	4F32E1518BE3270F4DB80136FAC0031C385DD3CE133FAA534F141CF459C6113A
SHA-512:	FA7FDEDDC42C36D0A60688CDBFE9A2060FE6B2644458D1EBFC817F1E5D5879EB3E3C78B5E53E9D3F42E2E4D84C93C4A7377170986A437EFF404F310D1D72F135
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sv DAYS_OF_WEEK_ABBREV [list \. "s\u00f6"\. "m\u00e5"\. "ti"\. "on"\. "to"\. "fr"\. "l\u00f6"]. ::msgcat::mcset sv DAYS_OF_WEEK_FULL [list \. "s\u00f6ndag"\. "m\u00e5ndag"\. "tisdag"\. "onsdag"\. "torsdag"\. "fredag"\. "l\u00f6rdag"]. ::msgcat::mcset sv MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "maj"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset sv MONTHS_FULL [list \. "januari"\. "februari"\. "mars"\. "april"\. "maj"\. "juni"\. "juli"\. "augusti"\. "september"\. "oktober"\. "november"\. "december"\. ""]. ::msgcat::mcset sv BCE "f.Kr.". ::msgcat::mcset sv C

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-PF5DM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2105
Entropy (8bit):	4.237536682442766
Encrypted:	false
SSDEEP:
MD5:	CD589758D4F4B522781A10003D3E1791
SHA1:	D953DD123D54B02BAF4B1AE0D36081CDFCA38444
SHA-256:	F384DD88523147CEF42AA871D323FC4CBEE338FF67CC5C95AEC7940C0E531AE3
SHA-512:	2EA1E71CD1E958F83277006343E85513D112CBB3C22CBFF29910CB1FC37F2389B3F1DCB2533EC59F9E642624869E5C61F289FDC010B55C6EECEF378F2D92DB0B
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset mk DAYS_OF_WEEK_ABBREV [list \. "\u043d\u0435\u0434."\. "\u043f\u043e\u043d."\. "\u0432\u0442."\. "\u0441\u0440\u0435."\. "\u0447\u0435\u0442."\. "\u043f\u0435\u0442."\. "\u0441\u0430\u0431."]. ::msgcat::mcset mk DAYS_OF_WEEK_FULL [list \. "\u043d\u0435\u0434\u0435\u043b\u0430"\. "\u043f\u043e\u043d\u0435\u0434\u0435\u043b\u043d\u0438\u043a"\. "\u0432\u0442\u043e\u0440\u043d\u0438\u043a"\. "\u0441\u0440\u0435\u0434\u0430"\. "\u0447\u0435\u0442\u0432\u0440\u0442\u043e\u043a"\. "\u043f\u0435\u0442\u043e\u043a"\. "\u0441\u0430\u0431\u043e\u0442\u0430"]. ::msgcat::mcset mk MONTHS_ABBREV [list \. "\u0458\u0430\u043d."\. "\u0444\u0435\u0432."\. "\u043c\u0430\u0440."\. "\u0430\u043f\u0440."\. "\u043c\u0430\u0458."\. "\u0458\u0443\u043d."\. "\u0458\

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-PJ3K9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1156
Entropy (8bit):	4.242018456508518
Encrypted:	false
SSDEEP:
MD5:	F012F45523AA0F8CFEACC44187FF1243
SHA1:	B171D1554244D2A6ED8DE17AC8000AA09D2FADE9
SHA-256:	CA58FF5BAA9681D9162E094E833470077B7555BB09EEE8E8DD41881B108008A0
SHA-512:	5BBC44471AB1B1622FABC7A12A8B8727087BE64BEAF72D2C3C9AAC1246A41D9B7CAFC5C451F24A3ACC681C310BF47BBC3384CF80EB0B4375E12646CB7BB8FFD5
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset da DAYS_OF_WEEK_ABBREV [list \. "s\u00f8"\. "ma"\. "ti"\. "on"\. "to"\. "fr"\. "l\u00f8"]. ::msgcat::mcset da DAYS_OF_WEEK_FULL [list \. "s\u00f8ndag"\. "mandag"\. "tirsdag"\. "onsdag"\. "torsdag"\. "fredag"\. "l\u00f8rdag"]. ::msgcat::mcset da MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "maj"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset da MONTHS_FULL [list \. "januar"\. "februar"\. "marts"\. "april"\. "maj"\. "juni"\. "juli"\. "august"\. "september"\. "oktober"\. "november"\. "december"\. ""]. ::msgcat::mcset da BCE "f.Kr.". ::msgcat::mcset da CE "e.Kr.".

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-POA1Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	287
Entropy (8bit):	4.8689948586471825
Encrypted:	false
SSDEEP:
MD5:	D20788793E6CC1CD07B3AFD2AA135CB6
SHA1:	3503FCB9490261BA947E89D5494998CEBB157223
SHA-256:	935164A2D2D14815906B438562889B31139519B3A8E8DB3D2AC152A77EC591DC
SHA-512:	F65E7D27BD0A99918D6F21C425238000563C2E3A4162D6806EEAC7C9DCB9798987AFFB8BE01899D577078F6297AF468DBAEBEB6375C09ABF332EB44E328F0E8B
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset eu_ES DATE_FORMAT "%a, %Yeko %bren %da". ::msgcat::mcset eu_ES TIME_FORMAT "%T". ::msgcat::mcset eu_ES TIME_FORMAT_12 "%T". ::msgcat::mcset eu_ES DATE_TIME_FORMAT "%y-%m-%d %T %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-PQOFG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1127
Entropy (8bit):	4.325163993882846
Encrypted:	false
SSDEEP:
MD5:	D827F76D1ED6CB89839CAC2B56FD7252
SHA1:	140D6BC1F6CEF5FD0A390B3842053BF54B54B4E2
SHA-256:	9F2BFFA3B4D8783B2CFB2CED9CC4319ACF06988F61829A1E5291D55B19854E88
SHA-512:	B662336699E23E371F0148EDD742F71874A7A28DFA81F0AFAE91C8C9494CEA1904FEA0C21264CF2A253E0FB1360AD35B28CFC4B74E4D7B2DBB0E453E96F7EB93
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset pt DAYS_OF_WEEK_ABBREV [list \. "Dom"\. "Seg"\. "Ter"\. "Qua"\. "Qui"\. "Sex"\. "S\u00e1b"]. ::msgcat::mcset pt DAYS_OF_WEEK_FULL [list \. "Domingo"\. "Segunda-feira"\. "Ter\u00e7a-feira"\. "Quarta-feira"\. "Quinta-feira"\. "Sexta-feira"\. "S\u00e1bado"]. ::msgcat::mcset pt MONTHS_ABBREV [list \. "Jan"\. "Fev"\. "Mar"\. "Abr"\. "Mai"\. "Jun"\. "Jul"\. "Ago"\. "Set"\. "Out"\. "Nov"\. "Dez"\. ""]. ::msgcat::mcset pt MONTHS_FULL [list \. "Janeiro"\. "Fevereiro"\. "Mar\u00e7o"\. "Abril"\. "Maio"\. "Junho"\. "Julho"\. "Agosto"\. "Setembro"\. "Outubro"\. "Novembro"\. "Dezembro"\. ""]. ::msgcat::mcset pt DATE_FO

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-QKLLP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	245
Entropy (8bit):	4.89152584889677
Encrypted:	false
SSDEEP:
MD5:	F285A8BA3216DA69B764991124F2F75A
SHA1:	A5B853A39D944DB9BB1A4C0B9D55AFDEF0515548
SHA-256:	98CE9CA4BB590BA5F922D6A196E5381E19C64E7682CDBEF914F2DCE6745A7332
SHA-512:	05695E29BA10072954BC91885A07D74EFBCB81B0DE3961261381210A51968F99CE1801339A05B810A54295E53B0A7E1D75CA5350485A8DEBFFFCBD4945234382
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_ZA DATE_FORMAT "%Y/%m/%d". ::msgcat::mcset en_ZA TIME_FORMAT_12 "%I:%M:%S". ::msgcat::mcset en_ZA DATE_TIME_FORMAT "%Y/%m/%d %I:%M:%S %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-QSG23.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	914
Entropy (8bit):	3.9322448438499125
Encrypted:	false
SSDEEP:
MD5:	CE834C7E0C3170B733122FF8BF38C28D
SHA1:	693ACC2A0972156B984106AFD07911AF14C4F19C
SHA-256:	1F1B0F5DEDE0263BD81773A78E98AF551F36361ACCB315B618C8AE70A5FE781E
SHA-512:	23BFC6E2CDB7BA75AAC3AA75869DF4A235E4526E8E83D73551B3BC2CE89F3675EBFA75BC94177F2C2BD6AC58C1B125BE65F8489BC4F85FA701415DB9768F7A80
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset id DAYS_OF_WEEK_ABBREV [list \. "Min"\. "Sen"\. "Sel"\. "Rab"\. "Kam"\. "Jum"\. "Sab"]. ::msgcat::mcset id DAYS_OF_WEEK_FULL [list \. "Minggu"\. "Senin"\. "Selasa"\. "Rabu"\. "Kamis"\. "Jumat"\. "Sabtu"]. ::msgcat::mcset id MONTHS_ABBREV [list \. "Jan"\. "Peb"\. "Mar"\. "Apr"\. "Mei"\. "Jun"\. "Jul"\. "Agu"\. "Sep"\. "Okt"\. "Nov"\. "Des"\. ""]. ::msgcat::mcset id MONTHS_FULL [list \. "Januari"\. "Pebruari"\. "Maret"\. "April"\. "Mei"\. "Juni"\. "Juli"\. "Agustus"\. "September"\. "Oktober"\. "November"\. "Desember"\. ""].}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-RBV71.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	259
Entropy (8bit):	4.770028367699931
Encrypted:	false
SSDEEP:
MD5:	8261689A45FB754158B10B044BDC4965
SHA1:	6FFC9B16A0600D9BC457322F1316BC175309C6CA
SHA-256:	D05948D75C06669ADDB9708BC5FB48E6B651D4E62EF1B327EF8A3F605FD5271C
SHA-512:	0321A5C17B3E33FDE9480AC6014B373D1663219D0069388920D277AA61341B8293883517C900030177FF82D65340E6C9E3ED051B27708DD093055E3BE64B2AF3
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ms_MY DATE_FORMAT "%A %d %b %Y". ::msgcat::mcset ms_MY TIME_FORMAT_12 "%I:%M:%S %z". ::msgcat::mcset ms_MY DATE_TIME_FORMAT "%A %d %b %Y %I:%M:%S %z %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-RQ62H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.862231219172699
Encrypted:	false
SSDEEP:
MD5:	FD946BE4D44995911E79135E5B7BD3BB
SHA1:	3BA38CB03258CA834E37DBB4E3149D4CDA9B353B
SHA-256:	1B4979874C3F025317DFCF0B06FC8CEE080A28FF3E8EFE1DE9E899F6D4F4D21E
SHA-512:	FBD8087891BA0AE58D71A6D07482EED5E0EA5C658F0C82A9EC67DFC0D826059F1FC6FF404D6A6DC9619BD9249D4E4EC30D828B177E0939302196C51FA9B2FC4B
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_CO DATE_FORMAT "%e/%m/%Y". ::msgcat::mcset es_CO TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_CO DATE_TIME_FORMAT "%e/%m/%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-RQJMO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	279
Entropy (8bit):	4.78446779523026
Encrypted:	false
SSDEEP:
MD5:	30E351D26DC3D514BC4BF4E4C1C34D6F
SHA1:	FA87650F840E691643F36D78F7326E925683D0A8
SHA-256:	E7868C80FD59D18BB15345D29F5292856F639559CFFD42EE649C16C7938BF58D
SHA-512:	5AAC8A55239A909207E73EFB4123692D027F7728157D07FAFB629AF5C6DB84B35CF11411E561851F7CDB6F25AEC174E85A1982C4B79C7586644E74512F5FBDDA
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_IE DATE_FORMAT "%d/%m/%y". ::msgcat::mcset en_IE TIME_FORMAT "%T". ::msgcat::mcset en_IE TIME_FORMAT_12 "%T". ::msgcat::mcset en_IE DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-SHP67.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.871431420165191
Encrypted:	false
SSDEEP:
MD5:	D24FF8FAEE658DD516AC298B887D508A
SHA1:	61990E6F3E399B87060E522ABCDE77A832019167
SHA-256:	94FF64201C27AB04F362617DD56B7D85B223BCCA0735124196E7669270C591F0
SHA-512:	1409E1338988BC70C19DA2F6C12A39E311CF91F6BB759575C95E125EA67949F17BBE450B2CD29E3F6FDA1421C742859CB990921949C6940B34D7A8B8545FF8F0
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_PY DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_PY TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_PY DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-T9OMC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	254
Entropy (8bit):	4.8580653411441155
Encrypted:	false
SSDEEP:
MD5:	A3B27D44ED430AEC7DF2A47C19659CC4
SHA1:	700E4B9C395B540BFCE9ABDC81E6B9B758893DC9
SHA-256:	BEE07F14C7F4FC93B62AC318F89D2ED0DD6FF30D2BF21C2874654FF0292A6C4B
SHA-512:	79E9D8B817BDB6594A7C95991B2F6D7571D1C2976E74520D28223CF9F05EAA2128A44BC83A94089F09011FFCA9DB5E2D4DD74B59DE2BADC022E1571C595FE36C
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kok_IN DATE_FORMAT "%d %M %Y". ::msgcat::mcset kok_IN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset kok_IN DATE_TIME_FORMAT "%d %M %Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-TJ93H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	985
Entropy (8bit):	3.9137059580146376
Encrypted:	false
SSDEEP:
MD5:	E27FEB15A6C300753506FC706955AC90
SHA1:	FDFAC22CC0839B29799001838765EB4A232FD279
SHA-256:	7DCC4966A5C13A52B6D1DB62BE200B9B5A1DECBACCFCAF15045DD03A2C3E3FAA
SHA-512:	C54A0F72BC0DAF6A411466565467A2783690EA19F4D401A5448908944A0A6F3F74A7976FA0F851F15B6A97C6D6A3C41FB8BBC8EA42B5D5E3C17A5C8A37436FC5
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset eu DAYS_OF_WEEK_ABBREV [list \. "igandea"\. "astelehena"\. "asteartea"\. "asteazkena"\. "osteguna"\. "ostirala"\. "larunbata"]. ::msgcat::mcset eu DAYS_OF_WEEK_FULL [list \. "igandea"\. "astelehena"\. "asteartea"\. "asteazkena"\. "osteguna"\. "ostirala"\. "larunbata"]. ::msgcat::mcset eu MONTHS_ABBREV [list \. "urt"\. "ots"\. "mar"\. "api"\. "mai"\. "eka"\. "uzt"\. "abu"\. "ira"\. "urr"\. "aza"\. "abe"\. ""]. ::msgcat::mcset eu MONTHS_FULL [list \. "urtarrila"\. "otsaila"\. "martxoa"\. "apirila"\. "maiatza"\. "ekaina"\. "uztaila"\. "abuztua"\. "iraila"\. "urria"\. "azaroa"\. "abendua"\. ""].}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-TPNUL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.902544453689719
Encrypted:	false
SSDEEP:
MD5:	AAE4A89F6AB01044D6BA3511CBE6FE66
SHA1:	639A94279453B0028995448FD2E221C1BDE23CEE
SHA-256:	A2D25880C64309552AACED082DEED1EE006482A14CAB97DB524E9983EE84ACFC
SHA-512:	E2BE94973C931B04C730129E9B9746BB76E7AC7F5AAA8D7899903B8C86B4E3D4A955E9580CF2C64DE48AFD6A2A9386337C2F8A8128A511AFBFBBA09CC032A76E
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_HN DATE_FORMAT "%m-%d-%Y". ::msgcat::mcset es_HN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_HN DATE_TIME_FORMAT "%m-%d-%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-TQM3T.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	411
Entropy (8bit):	5.01781242466238
Encrypted:	false
SSDEEP:
MD5:	443E34E2E2BC7CB64A8BA52D99D6B4B6
SHA1:	D323C03747FE68E9B73F7E5C1E10B168A40F2A2F
SHA-256:	88BDAF4B25B684B0320A2E11D3FE77DDDD25E3B17141BD7ED1D63698C480E4BA
SHA-512:	5D8B267530EC1480BF3D571AABC2DA7B4101EACD7FB03B49049709E39D665DD7ACB66FD785BA2B5203DDC54C520434219D2D9974A1E9EE74C659FFAEA6B694E0
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset te_IN AM "\u0c2a\u0c42\u0c30\u0c4d\u0c35\u0c3e\u0c39\u0c4d\u0c28". ::msgcat::mcset te_IN PM "\u0c05\u0c2a\u0c30\u0c3e\u0c39\u0c4d\u0c28". ::msgcat::mcset te_IN DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset te_IN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset te_IN DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-UH49C.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1157
Entropy (8bit):	4.24006506188001
Encrypted:	false
SSDEEP:
MD5:	D5509ABF5CBFB485C20A26FCC6B1783E
SHA1:	53A298FBBF09AE2E223B041786443A3D8688C9EB
SHA-256:	BC401889DD934C49D10D99B471441BE2B536B1722739C7B0AB7DE7629680F602
SHA-512:	BDAFBA46EF44151CFD9EF7BC1909210F6DB2BAC20C31ED21AE3BE7EAC785CD4F545C4590CF551C0D066F982E2050F5844BDDC569F32C5804DBDE657F4511A6FE
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset nb DAYS_OF_WEEK_ABBREV [list \. "s\u00f8"\. "ma"\. "ti"\. "on"\. "to"\. "fr"\. "l\u00f8"]. ::msgcat::mcset nb DAYS_OF_WEEK_FULL [list \. "s\u00f8ndag"\. "mandag"\. "tirsdag"\. "onsdag"\. "torsdag"\. "fredag"\. "l\u00f8rdag"]. ::msgcat::mcset nb MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "mai"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "des"\. ""]. ::msgcat::mcset nb MONTHS_FULL [list \. "januar"\. "februar"\. "mars"\. "april"\. "mai"\. "juni"\. "juli"\. "august"\. "september"\. "oktober"\. "november"\. "desember"\. ""]. ::msgcat::mcset nb BCE "f.Kr.". ::msgcat::mcset nb CE "e.Kr.".

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-UM9RS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.860352858208512
Encrypted:	false
SSDEEP:
MD5:	148626186A258E58851CC0A714B4CFD6
SHA1:	7F14D46F66D8A94A493702DCDE7A50C1D71774B2
SHA-256:	6832DC5AB9F610883784CF702691FCF16850651BC1C6A77A0EFA81F43BC509AC
SHA-512:	2B452D878728BFAFEA9A60030A26E1E1E44CE0BB26C7D9B8DB1D7C4F1AD3217770374BD4EDE784D0A341AB5427B08980FF4A62141FAF7024AB17296FE98427AC
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_PA DATE_FORMAT "%m/%d/%Y". ::msgcat::mcset es_PA TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_PA DATE_TIME_FORMAT "%m/%d/%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Namang\tcl\msgs\is-UP4UM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1812
Entropy (8bit):	4.02203966019266
Encrypted:	false
SSDEEP:
MD5:	EC736BFD4355D842E5BE217A7183D950
SHA1:	C6B83C02F5D4B14064D937AFD8C6A92BA9AE9EFB
SHA-256:	AEF17B94A0DB878E2F0FB49D982057C5B663289E3A8E0E2B195DCEC37E8555B1
SHA-512:	68BB7851469C24003A9D74FC7FE3599A2E95EE3803014016DDEBF4C5785F49EDBADA69CD4103F2D3B6CE91E9A32CC432DBDFEC2AED0557E5B6B13AED489A1EDA
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ar_SY DAYS_OF_WEEK_ABBREV [list \. "\u0627\u0644\u0623\u062d\u062f"\. "\u0627\u0644\u0627\u062b\u0646\u064a\u0646"\. "\u0627\u0644\u062b\u0644\u0627\u062b\u0627\u0621"\. "\u0627\u0644\u0623\u0631\u0628\u0639\u0627\u0621"\. "\u0627\u0644\u062e\u0645\u064a\u0633"\. "\u0627\u0644\u062c\u0645\u0639\u0629"\. "\u0627\u0644\u0633\u0628\u062a"]. ::msgcat::mcset ar_SY MONTHS_ABBREV [list \. "\u0643\u0627\u0646\u0648\u0646 \u0627\u0644\u062b\u0627\u0646\u064a"\. "\u0634\u0628\u0627\u0637"\. "\u0622\u0630\u0627\u0631"\. "\u0646\u064a\u0633\u0627\u0646"\. "\u0646\u0648\u0627\u0631"\. "\u062d\u0632\u064a\u0631\u0627\u0646"\. "\u062a\u0645\u0648\u0632"\. "\u0622\u0628"\. "\u0623\u064a\u0644\u0648\u0644"\. "\u062a\u0634\u0631\u064a\u0646 \u0627\u0644\u0623\u0648\u0644"\. "\u062a\

C:\Users\user\AppData\Local\Namang\tcl\opt0.4\is-KEU24.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	32718
Entropy (8bit):	4.5415166585248645
Encrypted:	false
SSDEEP:
MD5:	1A7DF33BC47D63F9CE1D4FF70A974FA3
SHA1:	513EC2215E2124D9A6F6DF2549C1442109E117C0
SHA-256:	C5D74E1C927540A3F524E6B929D0956EFBA0797FB8D55918EF69D27DF57DEDA3
SHA-512:	F671D5A46382EDFBDA49A6EDB9E6CF2D5CEBD83CE4ADD6B717A478D52748332D41DA3743182D4555B801B96A318D29DFC6AC36B32983ADB32D329C24F8A3D713
Malicious:	false
Preview:	# optparse.tcl --.#.# (private) Option parsing package.# Primarily used internally by the safe:: code..#.#.WARNING: This code will go away in a future release.#.of Tcl. It is NOT supported and you should not rely.#.on it. If your code does rely on this package you.#.may directly incorporate this code into your application...package require Tcl 8.2.# When this version number changes, update the pkgIndex.tcl file.# and the install directory in the Makefiles..package provide opt 0.4.6..namespace eval ::tcl {.. # Exported APIs. namespace export OptKeyRegister OptKeyDelete OptKeyError OptKeyParse \. OptProc OptProcArgGiven OptParse \.. Lempty Lget \. Lassign Lvarpop Lvarpop1 Lvarset Lvarincr \. SetMax SetMin...################# Example of use / 'user documentation' ###################.. proc OptCreateTestProc {} {...# Defines ::tcl::OptParseTest as a test proc with parsed arguments..# (can't be defined before the code below is

C:\Users\user\AppData\Local\Namang\tcl\opt0.4\is-SF77K.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	607
Entropy (8bit):	4.652658850873767
Encrypted:	false
SSDEEP:
MD5:	92FF1E42CFC5FECCE95068FC38D995B3
SHA1:	B2E71842F14D5422A9093115D52F19BCCA1BF881
SHA-256:	EB9925A8F0FCC7C2A1113968AB0537180E10C9187B139C8371ADF821C7B56718
SHA-512:	608D436395D055C5449A53208F3869B8793DF267B8476AD31BCDD9659A222797814832720C495D938E34BF7D253FFC3F01A73CC0399C0DFB9C85D2789C7F11C0
Malicious:	false
Preview:	# Tcl package index file, version 1.1.# This file is generated by the "pkg_mkIndex -direct" command.# and sourced either when an application starts up or.# by a "package unknown" script. It invokes the.# "package ifneeded" command to set up package-related.# information so that packages will be loaded automatically.# in response to "package require" commands. When this.# script is sourced, the variable $dir must contain the.# full path name of this file's directory...if {![package vsatisfies [package provide Tcl] 8.2]} {return}.package ifneeded opt 0.4.6 [list source [file join $dir optparse.tcl]].

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-1EE53.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	179
Entropy (8bit):	4.750118730136804
Encrypted:	false
SSDEEP:
MD5:	F8CEC826666174899C038EC9869576ED
SHA1:	4CAA32BB070F31BE919F5A03141711DB22072E2C
SHA-256:	D9C940B3BE2F9E424BC6F69D665C21FBCA7F33789E1FE1D27312C0B38B75E097
SHA-512:	DA890F5A6806AE6774CFC061DFD4AE069F78212AB063287146245692383022AABB3637DEB49C1D512DA3499DC4295541962DAC05729302B3314E7BF306E6CB41
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Asmara) $TZData(:Africa/Nairobi).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-1N4BI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	169
Entropy (8bit):	4.797400281087303
Encrypted:	false
SSDEEP:
MD5:	BA4959590575031330280A4ADC7017D1
SHA1:	34FBC2AFD2E13575D286062050D98ABC4BF7C7A6
SHA-256:	2C06A94A43AC7F0079E6FE371F0D5A06A7BF23A868AC3B10135BFC4266CD2D4E
SHA-512:	65E6161CB6AF053B53C7ABE1E4CAAD4F40E350D52BADCB95EB37138268D17CF48DDB0CA771F450ECD8E6A57C99BE2E8C2227A28B5C4AF3DE7F6D74F255118F04
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Bissau) {. {-9223372036854775808 -3740 0 LMT}. {-1830380400 -3600 0 -01}. {157770000 0 0 GMT}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-1UAIM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	184
Entropy (8bit):	4.766991307890532
Encrypted:	false
SSDEEP:
MD5:	C203A97FC500E408AC841A6A5B21E14E
SHA1:	ED4C4AA578A16EB83220F37199460BFE207D2B44
SHA-256:	3EBC66964609493524809AD0A730FFFF036C38D9AB3770412841F80DFFC717D5
SHA-512:	2F1A4500F49AFD013BCA70089B1E24748D7E45D41F2C9D3D9AFDCC1778E750FFB020D34F622B071E80F80CC0FEFF080E8ACC1E7A8ABE8AD12C0F1A1DAA937FE5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Addis_Ababa) $TZData(:Africa/Nairobi).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-240IF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	180
Entropy (8bit):	4.893308860167744
Encrypted:	false
SSDEEP:
MD5:	CD638B7929FB8C474293D5ECF1FE94D3
SHA1:	149AD0F3CF8AC1795E84B97CFF5CEB1FD26449C4
SHA-256:	41D32824F28AE235661EE0C959E0F555C44E3E78604D6D2809BBA2254FD47258
SHA-512:	D762C49B13961A01526C0DD9D7A55E202448E1B46BA64F701FB2E0ABE0F44B2C3DF743864B9E62DC07FD6CEA7197945CE246C89CDACB1FEC0F924F3ECC46B170
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Lubumbashi) $TZData(:Africa/Maputo).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-2V0P6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3720
Entropy (8bit):	3.687670811431724
Encrypted:	false
SSDEEP:
MD5:	1B38D083FC54E17D82935D400051F571
SHA1:	AE34C08176094F4C4BFEB4E1BBAE6034BCD03A11
SHA-256:	11283B69DE0D02EAB1ECF78392E3A4B32288CCFEF946F0432EC83327A51AEDDC
SHA-512:	581161079EC0F77EEB119C96879FD586AE49997BAD2C5124C360BCACF9136FF0A6AD70AE7D4C88F96BC94EEB87F628E8890E65DB9B0C96017659058D35436307
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Cairo) {. {-9223372036854775808 7509 0 LMT}. {-2185409109 7200 0 EET}. {-929844000 10800 1 EEST}. {-923108400 7200 0 EET}. {-906170400 10800 1 EEST}. {-892868400 7200 0 EET}. {-875844000 10800 1 EEST}. {-857790000 7200 0 EET}. {-844308000 10800 1 EEST}. {-825822000 7200 0 EET}. {-812685600 10800 1 EEST}. {-794199600 7200 0 EET}. {-779853600 10800 1 EEST}. {-762663600 7200 0 EET}. {-399088800 10800 1 EEST}. {-386650800 7200 0 EET}. {-368330400 10800 1 EEST}. {-355114800 7200 0 EET}. {-336790800 10800 1 EEST}. {-323654400 7200 0 EET}. {-305168400 10800 1 EEST}. {-292032000 7200 0 EET}. {-273632400 10800 1 EEST}. {-260496000 7200 0 EET}. {-242096400 10800 1 EEST}. {-228960000 7200 0 EET}. {-210560400 10800 1 EEST}. {-197424000 7200 0 EET}. {-178938000 10800 1 EEST}. {-165801600 7200 0 EET}. {-147402000 10800 1 EEST}. {-134265600 72

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-54606.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	141
Entropy (8bit):	4.965079502032549
Encrypted:	false
SSDEEP:
MD5:	51D7AC832AE95CFDE6098FFA6FA2B1C7
SHA1:	9DA61FDA03B4EFDA7ACC3F83E8AB9495706CCEF1
SHA-256:	EEDA5B96968552C12B916B39217005BF773A99CA17996893BC87BCC09966B954
SHA-512:	128C8D3A0AA7CF4DFAE326253F236058115028474BF122F14AB9461D910A03252FEEB420014CA91ACFBF94DF05FBFCADE98217FC59A86A2581BB68CDC83E88C8
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Lagos) {. {-9223372036854775808 816 0 LMT}. {-1588464816 3600 0 WAT}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-5AR5Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	181
Entropy (8bit):	4.779330261863059
Encrypted:	false
SSDEEP:
MD5:	1440C37011F8F31213AE5833A3FCD5E1
SHA1:	9EEE9D7BB3A1E29EDDE90D7DBE63ED50513A909B
SHA-256:	A4E0E775206EDBA439A454649A7AC94AE3AFEADC8717CBD47FD7B8AC41ADB06F
SHA-512:	D82FF9C46C8845A6F15DC96AF8D98866C601EF0B4F7F5F0260AD571DD46931E90443FFEB5910D5805C5A43F6CC8866116066565646AE2C96E1D260999D1641F0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Djibouti) $TZData(:Africa/Nairobi).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-5EDPA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7277
Entropy (8bit):	3.744402699283941
Encrypted:	false
SSDEEP:
MD5:	261E339A2575F28099CD783B52F0980C
SHA1:	F7EB8B3DAE9C07382D5123225B3EAA4B5BFD47D6
SHA-256:	9C7D0E75AFC5681579D1018D7259733473EEDFFAF7313016B60159CB2A4DCAB5
SHA-512:	8E622174CB6DB4D0172DBC2E408867F03EBB7D1D54AA51D99C4465945CFF369AAFAF17D1D0F9277E69CBE3AD6AAF9A0C6EE056017474DF171E94BD28BBA9C04A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Ceuta) {. {-9223372036854775808 -1276 0 LMT}. {-2177452800 0 0 WET}. {-1630112400 3600 1 WEST}. {-1616810400 0 0 WET}. {-1451692800 0 0 WET}. {-1442451600 3600 1 WEST}. {-1427673600 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364774400 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333324800 0 0 WET}. {-1316390400 3600 1 WEST}. {-1301270400 0 0 WET}. {-1293840000 0 0 WET}. {-94694400 0 0 WET}. {-81432000 3600 1 WEST}. {-71110800 0 0 WET}. {141264000 3600 1 WEST}. {147222000 0 0 WET}. {199756800 3600 1 WEST}. {207702000 0 0 WET}. {231292800 3600 1 WEST}. {244249200 0 0 WET}. {265507200 3600 1 WEST}. {271033200 0 0 WET}. {448243200 3600 0 CET}. {504918000 3600 0 CET}. {512528400 7200 1 CEST}. {528253200 3600 0 CET}. {543978000 7200 1 CEST}. {559702800 3600 0 CET}. {575427600 7200 1 CEST}. {591152400 3600 0 CET}. {606877200 7200 1 CEST}

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-5KRRI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.9616554773567083
Encrypted:	false
SSDEEP:
MD5:	A00B0C499DE60158C9990CFE9628FEA4
SHA1:	44B768C63E170331396B4B81ABF0E3EDD8B0D864
SHA-256:	FCFF440D525F3493447C0ACFE32BB1E8BCDF3F1A20ADC3E0F5D2B245E2DB10E9
SHA-512:	30BF22857AA4C26FC6178C950AB6EAB472F2AC77D2D8EB3A209DCDEF2DDC8312B0AB6DA3428936CA16225ABE652DDB8536D870DB1905027AD7BD7FF245871556
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Khartoum) {. {-9223372036854775808 7808 0 LMT}. {-1230775808 7200 0 CAT}. {10360800 10800 1 CAST}. {24786000 7200 0 CAT}. {41810400 10800 1 CAST}. {56322000 7200 0 CAT}. {73432800 10800 1 CAST}. {87944400 7200 0 CAT}. {104882400 10800 1 CAST}. {119480400 7200 0 CAT}. {136332000 10800 1 CAST}. {151016400 7200 0 CAT}. {167781600 10800 1 CAST}. {182552400 7200 0 CAT}. {199231200 10800 1 CAST}. {214174800 7200 0 CAT}. {230680800 10800 1 CAST}. {245710800 7200 0 CAT}. {262735200 10800 1 CAST}. {277246800 7200 0 CAT}. {294184800 10800 1 CAST}. {308782800 7200 0 CAT}. {325634400 10800 1 CAST}. {340405200 7200 0 CAT}. {357084000 10800 1 CAST}. {371941200 7200 0 CAT}. {388533600 10800 1 CAST}. {403477200 7200 0 CAT}. {419983200 10800 1 CAST}. {435013200 7200 0 CAT}. {452037600 10800 1 CAST}. {466635600 7200 0 CAT}. {483487200 10800 1

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-5TLPG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	181
Entropy (8bit):	4.85737401659099
Encrypted:	false
SSDEEP:
MD5:	AF295B9595965712D77952D692F02C6B
SHA1:	BC6737BD9BFD52FE538376A1441C59FB4FC1A038
SHA-256:	13A06D69AEB38D7A2D35DF3802CEE1A6E15FA1F5A6648328A9584DD55D11E58C
SHA-512:	E47C5EA2DFBC22CF9EAC865F67D01F5593D3CDDB51FDE24CDD13C8957B70F50111675D8E94CA859EC9B6FAA109B3EFA522C3985A69FE5334156FEE66B607006E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Timbuktu) $TZData(:Africa/Abidjan).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-6743B.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	181
Entropy (8bit):	4.817633094200984
Encrypted:	false
SSDEEP:
MD5:	035B36DF91F67179C8696158F58D0CE8
SHA1:	E43BFF33090324110048AC19CBA16C4ED8D8B3FE
SHA-256:	3101942D9F3B2E852C1D1EA7ED85826AB9EA0F8953B9A0E6BAC32818A2EC9EDD
SHA-512:	A7B52154C6085E5D234D6D658BA48D2C8EC093A429C3907BE7D16654F6EE9EBE8E3100187650956E5164B18340AB0C0979C1F4FA90EFE0CC423FBA5F14F45215
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Freetown) $TZData(:Africa/Abidjan).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-6NGGM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1567
Entropy (8bit):	3.593430930151928
Encrypted:	false
SSDEEP:
MD5:	9DB3A6EB1162C5D814B98265FB58D004
SHA1:	63ACAD6C18B49EF6794610ADED9865C8600A4D5C
SHA-256:	EF30CFFD1285339F4CC1B655CB4CB8C5D864C4B575D66F18919A35C084AA4E5F
SHA-512:	0581F6640BDDD8C33E82983F2186EB0952946C70A4B3F524EC78D1BE3EC1FA10BC3672A99CBA3475B28C0798D62A14F298207160F04EE0861EDDA352DA2BCCA0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Casablanca) {. {-9223372036854775808 -1820 0 LMT}. {-1773012580 0 0 +00}. {-956361600 3600 1 +00}. {-950490000 0 0 +00}. {-942019200 3600 1 +00}. {-761187600 0 0 +00}. {-617241600 3600 1 +00}. {-605149200 0 0 +00}. {-81432000 3600 1 +00}. {-71110800 0 0 +00}. {141264000 3600 1 +00}. {147222000 0 0 +00}. {199756800 3600 1 +00}. {207702000 0 0 +00}. {231292800 3600 1 +00}. {244249200 0 0 +00}. {265507200 3600 1 +00}. {271033200 0 0 +00}. {448243200 3600 0 +01}. {504918000 0 0 +00}. {1212278400 3600 1 +00}. {1220223600 0 0 +00}. {1243814400 3600 1 +00}. {1250809200 0 0 +00}. {1272758400 3600 1 +00}. {1281222000 0 0 +00}. {1301788800 3600 1 +00}. {1312066800 0 0 +00}. {1335664800 3600 1 +00}. {1342749600 0 0 +00}. {1345428000 3600 1 +00}. {1348970400 0 0 +00}. {1367114400 3600 1 +00}. {1373162400 0 0 +00}. {1376100000 3600

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-71GNC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	200
Entropy (8bit):	4.81604007062907
Encrypted:	false
SSDEEP:
MD5:	8F9D1916FF86E2F8C5C9D4ABCC405D53
SHA1:	286BFEC8F7CE6729F84FD6CFEE6A40B7277A4DFF
SHA-256:	182F2608422FF14C53DC8AC1EDFFE054AE011275C1B5C2423E286AD95910F44C
SHA-512:	7EEF6840E54313EF1127694F550986BF97BB1C8BD51DED0AB6D5842B74B5BF0406C65B293F1106E69DDFA0B01AD46756492DEDD9ECCBD077BB75FDA95A9E1912
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Monrovia) {. {-9223372036854775808 -2588 0 LMT}. {-2776979812 -2588 0 MMT}. {-1604359012 -2670 0 MMT}. {63593070 0 0 GMT}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-7CNA1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.807416212132411
Encrypted:	false
SSDEEP:
MD5:	37C13E1D11C817BA70DDC84E768F8891
SHA1:	0765A45CC37EB71F4A5D2B8D3359AEE554C647FF
SHA-256:	8F4F0E1C85A33E80BF7C04CF7E0574A1D829141CC949D2E38BDCC174337C5BAE
SHA-512:	1E31BBA68E85A8603FBDD27DA68382CBC6B0E1AB0763E86516D3EFD15CFF106DE02812756F504AEE799BF6742423DF5732352D488B3F05B889BE5E48594F558D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Malabo) $TZData(:Africa/Lagos).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-82V2J.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	195
Entropy (8bit):	4.911369740193625
Encrypted:	false
SSDEEP:
MD5:	8F4C02CE326FAEEBD926F94B693BFF9E
SHA1:	9E8ABB12E4CFE341F24F5B050C75DDE3D8D0CB53
SHA-256:	029AD8C75A779AED71FD233263643DADE6DF878530C47CF140FC8B7755DDA616
SHA-512:	4B7D2D1D8DA876ABCD1E44FD5E4C992287F2B62B7C7BC3D6FD353E6312053F6762DBD11C0F27056EF8E37C8A2AF8E5111CF09D4EB6BB32EC1FF77F4C0C37917B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Johannesburg)]} {. LoadTimeZoneFile Africa/Johannesburg.}.set TZData(:Africa/Mbabane) $TZData(:Africa/Johannesburg).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-A5TBC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	186
Entropy (8bit):	4.795449330458551
Encrypted:	false
SSDEEP:
MD5:	AF8E3E86312E3A789B82CECEDDB019CE
SHA1:	6B353BAB18E897151BF274D6ACF410CDFF6F00F0
SHA-256:	F39E4CABE33629365C2CEF6037871D698B942F0672F753212D768E865480B822
SHA-512:	9891AA26C4321DD5C4A9466F2EE84B14F18D3FFD71D6E8D2DE5CAFE4DC563D85A934B7B4E55926B30181761EF8C9B6C97746F522718BAE9DCBE4BDDE70C42B53
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Dar_es_Salaam) $TZData(:Africa/Nairobi).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-AR2LB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	3.6551425401331312
Encrypted:	false
SSDEEP:
MD5:	8E9FF3CB18879B1C69A04F45715D24BB
SHA1:	EF391BF1C3E1DEC08D8158B82B2FB0ED3E69866E
SHA-256:	A6CFC4359B7E2D650B1851D805FF5CD4562D0D1253793EA0978819B9A2FCC0E2
SHA-512:	6BFF03EE8973E2204181967987930EECDD39789DB353DB2EFC786027A8013CFF4835FAB9E3F0AF935D2A2D49CCEBE565FD481BA230EDF4D22A7848D4781C877C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/El_Aaiun) {. {-9223372036854775808 -3168 0 LMT}. {-1136070432 -3600 0 -01}. {198291600 0 0 +00}. {199756800 3600 1 +00}. {207702000 0 0 +00}. {231292800 3600 1 +00}. {244249200 0 0 +00}. {265507200 3600 1 +00}. {271033200 0 0 +00}. {1212278400 3600 1 +00}. {1220223600 0 0 +00}. {1243814400 3600 1 +00}. {1250809200 0 0 +00}. {1272758400 3600 1 +00}. {1281222000 0 0 +00}. {1301788800 3600 1 +00}. {1312066800 0 0 +00}. {1335664800 3600 1 +00}. {1342749600 0 0 +00}. {1345428000 3600 1 +00}. {1348970400 0 0 +00}. {1367114400 3600 1 +00}. {1373162400 0 0 +00}. {1376100000 3600 1 +00}. {1382839200 0 0 +00}. {1396144800 3600 1 +00}. {1403920800 0 0 +00}. {1406944800 3600 1 +00}. {1414288800 0 0 +00}. {1427594400 3600 1 +00}. {1434247200 0 0 +00}. {1437271200 3600 1 +00}. {1445738400 0 0 +00}. {1459044000 3600 1 +00}. {146509200

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-B9SM1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	200
Entropy (8bit):	4.8064239600480985
Encrypted:	false
SSDEEP:
MD5:	459DA3ECBE5C32019D1130DDEAB10BAA
SHA1:	DD1F6653A7B7B091A57EC59E271197CEC1892594
SHA-256:	F36F8581755E1B40084442C43C60CC904C908285C4D719708F2CF1EADB778E2E
SHA-512:	FF74D540157DE358E657E968C9C040B8FE5C806D22782D878575BFAC68779303E6071DC84D6773BC06D299AC971B0EB6B38CA50439161574B5A50FF6F1704046
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Ndjamena) {. {-9223372036854775808 3612 0 LMT}. {-1830387612 3600 0 WAT}. {308703600 7200 1 WAST}. {321314400 3600 0 WAT}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-BFHJ3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	177
Entropy (8bit):	4.816649832558406
Encrypted:	false
SSDEEP:
MD5:	D1387B464CFCFE6CB2E10BA82D4EEE0E
SHA1:	F672B694551AB4228D4FC938D0CC2DA635EB8878
SHA-256:	BEE63E4DF9D03D2F5E4100D0FCF4E6D555173083A4470540D4ADC848B788A2FC
SHA-512:	DEB95AAB852772253B60F83DA9CE5E24144386DFBFB1F1E9A77905511181EC84FD13B00200602D6C276820527206EE0078DDE81CC0F1B1276B8BF4360C2CDB1E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Libreville) $TZData(:Africa/Lagos).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-BGO36.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	176
Entropy (8bit):	4.835896095919456
Encrypted:	false
SSDEEP:
MD5:	59137CFDB8E4B48599FB417E0D8A4A70
SHA1:	F13F9932C0445911E395377FB51B859E4F72862A
SHA-256:	E633C6B619782DA7C21D548E06E6C46A845033936346506EA0F2D4CCCDA46028
SHA-512:	2DCEB9A9FA59512ADCDE4946F055718A8C8236A912F6D521087FC348D52FFF462B5712633FDA5505876C500F5FD472381B3AC90CF1AEDF0C96EA08E0A0D3B7BA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Harare) $TZData(:Africa/Maputo).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-BJ2KJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	178
Entropy (8bit):	4.8512443534123255
Encrypted:	false
SSDEEP:
MD5:	BA2C7443CFCB3E29DB84FEC16B3B3843
SHA1:	2BA7D68C48A79000B1C27588A20A751AA04C5779
SHA-256:	28C1453496C2604AA5C42A88A060157BDFE22F28EDD1FBC7CC63B02324ED8445
SHA-512:	B275ABAADA7352D303EFEAD66D897BE3099A33B80EA849F9F1D98D522AA9A3DC44E1D979C0ABF2D7886BACF2F86D25837C971ECE6B2AF731BE2EE0363939CBDE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Gaborone) $TZData(:Africa/Maputo).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-C2T09.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	184
Entropy (8bit):	4.872638989714255
Encrypted:	false
SSDEEP:
MD5:	7FF39BAAF47859EE3CD60F3E2C6DFC7D
SHA1:	5CFC8B14222554156985031C7E9507CE3311F371
SHA-256:	47E40BDBAC36CDB847C2E533B9D58D09FE1DBA2BED49C49BC75DD9086A63C6EB
SHA-512:	DEEA0982593AE7757E70BD2E933B20B65CD9613891DC734AA4E6EC14D12AD119D2C69BA38E6FA4AE836C6CE14E57F35AE7F53345ACA4CF70AD67680E49BC6B7C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Ouagadougou) $TZData(:Africa/Abidjan).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-CI6G3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	179
Entropy (8bit):	4.83500517532947
Encrypted:	false
SSDEEP:
MD5:	FCBE668127DFD81CB0F730C878EB2F1A
SHA1:	F27C9D96A04A12AC7423A60A756732B360D6847D
SHA-256:	6F462C2C5E190EFCA68E882CD61D5F3A8EF4890761376F22E9905B1B1B6FDE9F
SHA-512:	B0E6E4F5B46A84C2D02A0519831B98F336AA79079FF2CB9F290D782335FB4FB39A3453520424ED3761D801B9FBE39228B1D045C40EDD70B29801C26592F9805A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Bamako) $TZData(:Africa/Abidjan).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-DG8EJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.822255424633636
Encrypted:	false
SSDEEP:
MD5:	3142A6EAC3F36C872E7C32F8AF43A0F8
SHA1:	0EACF849944A55D4AB8198DDD0D3C5494D1986DA
SHA-256:	1704A1A82212E6DB71DA54E799D81EFA3279CD53A6BFA980625EE11126603B4C
SHA-512:	BB3DADC393D0CF87934629BBFAFAD3AD9149B80843FC5447670812357CC4DFBCAF71F7104EBF743C06517BB42111B0DB9028B22F401A50E17085431C9200DAB2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Niamey) $TZData(:Africa/Lagos).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-ERRJL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	183
Entropy (8bit):	4.862257004762335
Encrypted:	false
SSDEEP:
MD5:	6849FA8FFC1228286B08CE0950FEB4DD
SHA1:	7F8E8069BA31E2E549566011053DA01DEC5444E9
SHA-256:	2071F744BC880E61B653E2D84CED96D0AD2485691DDE9FFD38D3063B91E4F41F
SHA-512:	30211297C2D8255D4B5195E9781931861A4DF55C431FFC6F83FE9C00A0089ED56179C07D33B1376C5DE8C0A9ABF2CFE473EF32AD14239DFD9599EA66BC286556
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Nouakchott) $TZData(:Africa/Abidjan).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-FDF4P.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	141
Entropy (8bit):	4.951583909886815
Encrypted:	false
SSDEEP:
MD5:	6FB79707FD3A183F8A3C780CA2669D27
SHA1:	E703AB552B4231827ACD7872364C36C70988E4C0
SHA-256:	A5DC7BFB4F569361D438C8CF13A146CC2641A1A884ACF905BB51DA28FF29A900
SHA-512:	CDD3AD9AFFD246F4DFC40C1699E368FB2924E73928060B1178D298DCDB11DBD0E88BC10ED2FED265F7F7271AC5CCE14A60D65205084E9249154B8D54C2309E52
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Abidjan) {. {-9223372036854775808 -968 0 LMT}. {-1830383032 0 0 GMT}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-G8J1G.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	178
Entropy (8bit):	4.856245693637169
Encrypted:	false
SSDEEP:
MD5:	3F6E187410D0109D05410EFC727FB5E5
SHA1:	CAB54D985823218E01EDF9165CABAB7A984EE93E
SHA-256:	9B2EEB0EF36F851349E254E1745D11B65CB30A16A2EE4A87004765688A5E0452
SHA-512:	E12D6DBEA8DE9E3FB236011B962FFE1AEB95E3353B13303C343565B60AA664508D51A011C66C3CE2460C52A901495F46D0500C9B74E19399AE66231E5D6200A0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Blantyre) $TZData(:Africa/Maputo).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-GAH4Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	180
Entropy (8bit):	4.832452688412801
Encrypted:	false
SSDEEP:
MD5:	DC007D4B9C02AAD2DBD48E73624B893E
SHA1:	9BEE9D21566D6C6D4873EFF9429AE3D3F85BA4E4
SHA-256:	3BF37836C9358EC0ABD9691D8F59E69E8F6084A133A50650239890C458D4AA41
SHA-512:	45D3BC383A33F7079A6D04079112FD73DB2DDBB7F81BFF8172FABCAA949684DC31C8B156E647F77AF8BA26581D3812D510C250CDC4D7EEEC788DDB2B77CD47E8
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Conakry) $TZData(:Africa/Abidjan).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-H2UI3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	194
Entropy (8bit):	4.91873415322653
Encrypted:	false
SSDEEP:
MD5:	71A4197C8062BBFCCC62DCEFA87A25F9
SHA1:	7490FAA5A0F5F20F456E71CBF51AA6DEB1F1ACC8
SHA-256:	4B33414E2B59E07028E9742FA4AE34D28C08FD074DDC6084EDB1DD179198B3C1
SHA-512:	A71CCB957FB5102D493320F48C94ADB642CCAA5F7F28BDDE05D1BB175C29BCBAC4D19DBC481AC0C80CE48F8E3840746C126CBC9CE511CA48D4E53DE22B3D66E7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Johannesburg)]} {. LoadTimeZoneFile Africa/Johannesburg.}.set TZData(:Africa/Maseru) $TZData(:Africa/Johannesburg).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-HIP8A.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.807298951345495
Encrypted:	false
SSDEEP:
MD5:	E851465BCA70F325B0B07E782D6A759E
SHA1:	3B3E0F3FD7AF99F941A3C70A2A2564C9301C8CFB
SHA-256:	F7E1DCBAE881B199F2E2BF18754E145DDED230518C691E7CB34DAE3C922A6063
SHA-512:	5F655B45D7A16213CE911EDAD935C1FEE7A947C0F5157CE20712A00B2A12A34AE51D5C05A392D2FF3A0B2DA7787D6C614FF100DDE7788CA01AAE21F10DD1CC3A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Luanda) $TZData(:Africa/Lagos).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-IEUVH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	178
Entropy (8bit):	4.8075658510312484
Encrypted:	false
SSDEEP:
MD5:	CDA180DB8DF825268DB06298815C96F0
SHA1:	20B082082CFA0DF49C0DF4FD698EBD061280A2BB
SHA-256:	95D31A4B3D9D9977CBDDD55275492A5A954F431B1FD1442C519255FBC0DBA615
SHA-512:	2D35698DE3BF1E90AB37C84ED4E3D0B57F02555A8AEB98659717EEC1D5EED17044D446E12B5AAC12A9721A3F9667343C5CACD7AB00BF986285B8084FF9384654
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Dakar) $TZData(:Africa/Abidjan).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-LKRJS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	179
Entropy (8bit):	4.755468133981916
Encrypted:	false
SSDEEP:
MD5:	8B5DCBBDB2309381EAA8488E1551655F
SHA1:	65065868620113F759C5D37B89843A334E64D210
SHA-256:	F7C8CEE9FA2A4BF9F41ABA18010236AC4CCD914ACCA9E568C87EDA0503D54014
SHA-512:	B8E61E6D5057CD75D178B292CD19CBCED2A127099D95046A7448438BCC035DE4066FDD637E9055AC3914E4A8EAA1B0123FA0E90E4F7042B2C4551BB009F1D2E9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Asmera) $TZData(:Africa/Nairobi).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-LOBEC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1041
Entropy (8bit):	4.110061823095588
Encrypted:	false
SSDEEP:
MD5:	8221A83520B1D3DE02E886CFB1948DE3
SHA1:	0806A0898FDE6F5AE502C64515A1345D71B1F7D2
SHA-256:	5EE3B25676E813D89ED866D03B5C3388567D8307A2A60D1C4A34D938CBADF710
SHA-512:	2B8A837F7CF6DE43DF4072BF4A54226235DA8B8CA78EF55649C7BF133B2E002C614FE7C693004E3B17C25FBCECAAD5CD9B0A8CB0A5D32ADF68EA019203EE8704
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Algiers) {. {-9223372036854775808 732 0 LMT}. {-2486679072 561 0 PMT}. {-1855958961 0 0 WET}. {-1689814800 3600 1 WEST}. {-1680397200 0 0 WET}. {-1665363600 3600 1 WEST}. {-1648342800 0 0 WET}. {-1635123600 3600 1 WEST}. {-1616893200 0 0 WET}. {-1604278800 3600 1 WEST}. {-1585443600 0 0 WET}. {-1574038800 3600 1 WEST}. {-1552266000 0 0 WET}. {-1539997200 3600 1 WEST}. {-1531443600 0 0 WET}. {-956365200 3600 1 WEST}. {-950486400 0 0 WET}. {-942012000 3600 0 CET}. {-812502000 7200 1 CEST}. {-796262400 3600 0 CET}. {-781052400 7200 1 CEST}. {-766630800 3600 0 CET}. {-733280400 0 0 WET}. {-439430400 3600 0 CET}. {-212029200 0 0 WET}. {41468400 3600 1 WEST}. {54774000 0 0 WET}. {231724800 3600 1 WEST}. {246240000 3600 0 CET}. {259545600 7200 1 CEST}. {275274000 3600 0 CET}. {309740400 0 0 WET}. {325468800 3600 1 WEST}. {3418020

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-MHAOC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.834042129935993
Encrypted:	false
SSDEEP:
MD5:	7A017656AB8048BD67250207CA265717
SHA1:	F2BB86BC7B7AB886738A33ADA37C444D6873DB94
SHA-256:	E31F69E16450B91D79798C1064FEA18DE89D5FE343D2DE4A5190BCF15225E69D
SHA-512:	695FA7369341F1F4BC1B629CDAB1666BEFE2E7DB32D75E5038DC17526A3CCE293DB36AFEB0955B06F5834D43AEF140F7A66EC52598444DBE8C8B70429DBE5FC5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Bangui) $TZData(:Africa/Lagos).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-N2JVK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	177
Entropy (8bit):	4.845403930433216
Encrypted:	false
SSDEEP:
MD5:	9A4C8187E8AC86B1CF4177702A2D933A
SHA1:	6B54BBBE6D7ABC780EE11922F3AC50CDE3740A1F
SHA-256:	6292CC41FE34D465E3F38552BDE22F456E16ABCBAC0E0B813AE7566DF3725E83
SHA-512:	8008DB5E6F4F8144456021BB6B112B24ADB1194B1D544BBCB3E101E0684B63F4673F06A264C651A4BC0296CB81F7B4D73D47EAC7E1EC98468908E8B0086B2DDD
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Porto-Novo) $TZData(:Africa/Lagos).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-NDJ1V.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1591
Entropy (8bit):	3.915421470240155
Encrypted:	false
SSDEEP:
MD5:	18BD78EB14E153DAAAAE70B0A6A2510C
SHA1:	A91BA216A2AB62B138B1F0247D75FBA14A5F05C0
SHA-256:	639A57650A4EA5B866EAAA2EEC0562233DC92CF9D6955AC387AD954391B850B1
SHA-512:	88F34732F843E95F2A2AD4FAA0B5F945DD69B65FDDB4BB7DD957B95283B7AE995F52050B45A6332864C1C5CC4611390F6827D82569D343B5E1B9DDFE0AE5A633
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Windhoek) {. {-9223372036854775808 4104 0 LMT}. {-2458170504 5400 0 +0130}. {-2109288600 7200 0 SAST}. {-860976000 10800 1 SAST}. {-845254800 7200 0 SAST}. {637970400 7200 0 CAT}. {764200800 3600 1 WAT}. {778640400 7200 0 CAT}. {796780800 3600 1 WAT}. {810090000 7200 0 CAT}. {828835200 3600 1 WAT}. {841539600 7200 0 CAT}. {860284800 3600 1 WAT}. {873594000 7200 0 CAT}. {891734400 3600 1 WAT}. {905043600 7200 0 CAT}. {923184000 3600 1 WAT}. {936493200 7200 0 CAT}. {954633600 3600 1 WAT}. {967942800 7200 0 CAT}. {986083200 3600 1 WAT}. {999392400 7200 0 CAT}. {1018137600 3600 1 WAT}. {1030842000 7200 0 CAT}. {1049587200 3600 1 WAT}. {1062896400 7200 0 CAT}. {1081036800 3600 1 WAT}. {1094346000 7200 0 CAT}. {1112486400 3600 1 WAT}. {1125795600 7200 0 CAT}. {1143936000 3600 1 WAT}. {1157245200 7200 0 CAT}. {1175385600 3600 1 WAT}

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-NN9EA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1059
Entropy (8bit):	3.9545766161038602
Encrypted:	false
SSDEEP:
MD5:	79FCA072C6AABA65FB2DC83F33BFA17E
SHA1:	AC86AA9B0EAACAB1E4FDB14AECD8D884F8329A5A
SHA-256:	C084565CC6C217147C00DCA7D885AC917CFC8AF4A33CBA146F28586AD6F9832C
SHA-512:	9F19DEA8E21CE3D3DCA0AFC5588203DBB6F5A13BBE10CFDA0CEBE4A417384B85DB3BFFC48687EF7AD27268715FC154E235C106EC91875BA646C6759D285F1027
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Juba) {. {-9223372036854775808 7588 0 LMT}. {-1230775588 7200 0 CAT}. {10360800 10800 1 CAST}. {24786000 7200 0 CAT}. {41810400 10800 1 CAST}. {56322000 7200 0 CAT}. {73432800 10800 1 CAST}. {87944400 7200 0 CAT}. {104882400 10800 1 CAST}. {119480400 7200 0 CAT}. {136332000 10800 1 CAST}. {151016400 7200 0 CAT}. {167781600 10800 1 CAST}. {182552400 7200 0 CAT}. {199231200 10800 1 CAST}. {214174800 7200 0 CAT}. {230680800 10800 1 CAST}. {245710800 7200 0 CAT}. {262735200 10800 1 CAST}. {277246800 7200 0 CAT}. {294184800 10800 1 CAST}. {308782800 7200 0 CAT}. {325634400 10800 1 CAST}. {340405200 7200 0 CAT}. {357084000 10800 1 CAST}. {371941200 7200 0 CAT}. {388533600 10800 1 CAST}. {403477200 7200 0 CAT}. {419983200 10800 1 CAST}. {435013200 7200 0 CAT}. {452037600 10800 1 CAST}. {466635600 7200 0 CAT}. {483487200 10800 1 CAST

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-NQH3B.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	179
Entropy (8bit):	4.900915013374923
Encrypted:	false
SSDEEP:
MD5:	9E81B383C593422481B5066CF23B8CE1
SHA1:	8DD0408272CBE6DF1D5051CB4D9319B5A1BD770E
SHA-256:	9ADCD7CB6309049979ABF8D128C1D1BA35A02F405DB8DA8C39D474E8FA675E38
SHA-512:	9939ED703EC26350DE9CC59BF7A8C76B6B3FE3C67E47CCDDE86D87870711224ADEEC61D93AC7926905351B8333AD01FF235276A5AB766474B5884F8A0329C2CB
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Bujumbura) $TZData(:Africa/Maputo).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-OFH4C.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	920
Entropy (8bit):	4.074538534246205
Encrypted:	false
SSDEEP:
MD5:	A53F5CD6FE7C2BDD8091E38F26EEA4D1
SHA1:	90FB5EE343FCC78173F88CA59B35126CC8C07447
SHA-256:	D2FCC1AD3BFE20954795F2CDFFFE96B483E1A82640B79ADAA6062B96D143E3C7
SHA-512:	965E42972994AE79C9144323F87C904F393BA0CDF75186C346DA77CFAA1A2868C68AF8F2F1D63D5F06C5D1D4B96BA724DD4BC0DF7F5C4BD77E379AA674AE12DA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Tripoli) {. {-9223372036854775808 3164 0 LMT}. {-1577926364 3600 0 CET}. {-574902000 7200 1 CEST}. {-512175600 7200 1 CEST}. {-449888400 7200 1 CEST}. {-347158800 7200 0 EET}. {378684000 3600 0 CET}. {386463600 7200 1 CEST}. {402271200 3600 0 CET}. {417999600 7200 1 CEST}. {433807200 3600 0 CET}. {449622000 7200 1 CEST}. {465429600 3600 0 CET}. {481590000 7200 1 CEST}. {496965600 3600 0 CET}. {512953200 7200 1 CEST}. {528674400 3600 0 CET}. {544230000 7200 1 CEST}. {560037600 3600 0 CET}. {575852400 7200 1 CEST}. {591660000 3600 0 CET}. {607388400 7200 1 CEST}. {623196000 3600 0 CET}. {641775600 7200 0 EET}. {844034400 3600 0 CET}. {860108400 7200 1 CEST}. {875919600 7200 0 EET}. {1352505600 3600 0 CET}. {1364515200 7200 1 CEST}. {1382662800 7200 0 EET}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-P46UB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	182
Entropy (8bit):	4.828470940863702
Encrypted:	false
SSDEEP:
MD5:	B686E9408AB6EC58F3301D954A068C7E
SHA1:	C1259C31F93EB776F0F401920F076F162F3FFB2D
SHA-256:	79DB89294DAE09C215B9F71C61906E49AFAA5F5F27B4BC5B065992A45B2C183D
SHA-512:	CF96C687D33E68EB498A63EC262FC968858504410F670C6F492532F7C22F507BEACD41888B0A7527C30974DC545CCA9C015898E2D7C0C6D14C14C88F8BBED5C5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Mogadishu) $TZData(:Africa/Nairobi).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-PGDMR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	143
Entropy (8bit):	4.906945970372021
Encrypted:	false
SSDEEP:
MD5:	5497C01E507E7C392944946FCD984852
SHA1:	4C3FD215E931CE36FF095DD9D23165340D6EECFE
SHA-256:	C87A6E7B3B84CFFA4856C4B6C37C5C8BA5BBB339BDDCD9D2FD34CF17E5553F5D
SHA-512:	83A2AA0ED1EB22056FFD3A847FB63DD09302DA213FE3AB660C41229795012035B5EA64A3236D3871285A8E271458C2DA6FCD599E5747F2F842E742C11222671A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Maputo) {. {-9223372036854775808 7820 0 LMT}. {-2109291020 7200 0 CAT}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-PJDME.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	178
Entropy (8bit):	4.853052123353996
Encrypted:	false
SSDEEP:
MD5:	4F5159996C16A171D9B011C79FDDBF63
SHA1:	51BCA6487762E42528C845CCA33173B3ED707B3F
SHA-256:	E73ADC4283ECA7D8504ABC6CB28D98EB071ED867F77DE9FADA777181533AD1D0
SHA-512:	6E5D4DF903968395DFDB834FBD4B2A0294E945A9939D05BED8533674EA0ACE8393731DDCDFACF7F2C9A00D38DC8F5EDB173B4025CF05122B0927829D07ED203F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Brazzaville) $TZData(:Africa/Lagos).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-PRIHH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	176
Entropy (8bit):	4.857012096036922
Encrypted:	false
SSDEEP:
MD5:	3769866ADC24DA6F46996E43079C3545
SHA1:	546FA9C76A1AE5C6763B31FC7214B8A2B18C3C52
SHA-256:	5BAF390EA1CE95227F586423523377BABD141F0B5D4C31C6641E59C6E29FFAE0
SHA-512:	DEA8CAB330F6321AD9444DB9FEC58E2CBCC79404B9E5539EABB52DBC9C3AC01BA1E8A3E1EC32906F02E4E4744271D84B626A5C32A8CD8B22210C42DD0E774A9C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Lusaka) $TZData(:Africa/Maputo).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-QEDA1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	179
Entropy (8bit):	4.839691887198201
Encrypted:	false
SSDEEP:
MD5:	149DD4375235B088386A2D187ED03FFB
SHA1:	5E879B778E2AB110AC7815D3D62A607A76AAB93B
SHA-256:	1769E15721DAFF477E655FF7A8491F4954FB2F71496287C6F9ED265FE5588E00
SHA-512:	4F997EDE6F04A89240E0950D605BB43D6814DCCA433F3A75F330FA13EE8729A10D20E9A0AAD6E6912370E350ABD5A65B878B914FCC9A5CA8503E3A5485E57B3E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Banjul) $TZData(:Africa/Abidjan).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-QQEN3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1072
Entropy (8bit):	4.074604685883076
Encrypted:	false
SSDEEP:
MD5:	1899EDCB30CDDE3A13FB87C026CD5D87
SHA1:	4C7E25A36E0A62F3678BCD720FCB8911547BAC8D
SHA-256:	F0E01AA40BB39FE64A2EB2372E0E053D59AA65D64496792147FEFBAB476C4EC3
SHA-512:	FD22A2A7F9F8B66396152E27872CCBA6DA967F279BAF21BC91EF76E86B59505B3C21D198032B853427D9FFAB394FBB570F849B257D6F6821916C9AB29E7C37A1
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Tunis) {. {-9223372036854775808 2444 0 LMT}. {-2797202444 561 0 PMT}. {-1855958961 3600 0 CET}. {-969242400 7200 1 CEST}. {-950493600 3600 0 CET}. {-941940000 7200 1 CEST}. {-891136800 3600 0 CET}. {-877827600 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-842918400 3600 0 CET}. {-842223600 7200 1 CEST}. {-828230400 3600 0 CET}. {-812502000 7200 1 CEST}. {-796269600 3600 0 CET}. {-781052400 7200 1 CEST}. {-766634400 3600 0 CET}. {231202800 7200 1 CEST}. {243903600 3600 0 CET}. {262825200 7200 1 CEST}. {276044400 3600 0 CET}. {581122800 7200 1 CEST}. {591145200 3600 0 CET}. {606870000 7200 1 CEST}. {622594800 3600 0 CET}. {641516400 7200 1 CEST}. {654649200 3600 0 CET}. {1114902000 7200 1 CEST}. {1128038400 3600 0 CET}. {1143334800 7200 1 CEST}. {1162083600 3600 0 CET}. {1174784400 7200 1 CEST}. {1193533200

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-REO3D.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1393
Entropy (8bit):	3.9087586646312253
Encrypted:	false
SSDEEP:
MD5:	FFEDB06126D6DA9F3BECA614428F51E9
SHA1:	2C549D1CF8636541D42BDC56D8E534A222E4642C
SHA-256:	567A0AD3D2C9E356A2E38A76AF4D5C4B8D5B950AF7B648A027FE816ACAE455AE
SHA-512:	E057EA59A47C881C60B2196554C9B24C00CB26345CA7E311B5409F6FBB31EBEDD13C41A4C3B0B68AE8B93F4819158D94610DE795112E77209F391AC31332BA2A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Accra) {. {-9223372036854775808 -52 0 LMT}. {-1640995148 0 0 GMT}. {-1556841600 1200 1 GMT}. {-1546388400 0 0 GMT}. {-1525305600 1200 1 GMT}. {-1514852400 0 0 GMT}. {-1493769600 1200 1 GMT}. {-1483316400 0 0 GMT}. {-1462233600 1200 1 GMT}. {-1451780400 0 0 GMT}. {-1430611200 1200 1 GMT}. {-1420158000 0 0 GMT}. {-1399075200 1200 1 GMT}. {-1388622000 0 0 GMT}. {-1367539200 1200 1 GMT}. {-1357086000 0 0 GMT}. {-1336003200 1200 1 GMT}. {-1325550000 0 0 GMT}. {-1304380800 1200 1 GMT}. {-1293927600 0 0 GMT}. {-1272844800 1200 1 GMT}. {-1262391600 0 0 GMT}. {-1241308800 1200 1 GMT}. {-1230855600 0 0 GMT}. {-1209772800 1200 1 GMT}. {-1199319600 0 0 GMT}. {-1178150400 1200 1 GMT}. {-1167697200 0 0 GMT}. {-1146614400 1200 1 GMT}. {-1136161200 0 0 GMT}. {-1115078400 1200 1 GMT}. {-1104625200 0 0 GMT}. {-1083542400 1200 1 GMT}. {-1073

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-STLRP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	235
Entropy (8bit):	4.70181156382821
Encrypted:	false
SSDEEP:
MD5:	B6562D5A53E05FAAD80671C88A9E01D3
SHA1:	0014B14CFDDE47E603962935F8297C4C46533084
SHA-256:	726980DCC13E0596094E01B8377E17029A2FCCE6FE93538C61E61BA620DD0971
SHA-512:	D9C2838C89B0537C7F7A7319600D69D09AC004BD72358B452425A3B4861140246F71A94F004C2EF739620E81062F37ED9DA6D518F74956630006DD5674925A63
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Nairobi) {. {-9223372036854775808 8836 0 LMT}. {-1309746436 10800 0 EAT}. {-1262314800 9000 0 +0230}. {-946780200 9900 0 +0245}. {-315629100 10800 0 EAT}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-T5M66.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.800219030063992
Encrypted:	false
SSDEEP:
MD5:	18C0C9E9D5154E20CC9301D5012066B9
SHA1:	8395E917261467EC5C27034C980EDD05F2242F40
SHA-256:	0595C402B8499FC1B67C196BEE24BCA4DE14D3E10B8DBBD2840D2B4C88D9DF28
SHA-512:	C53540E25B76DF8EC3E2A5F27B473F1D6615BFBD043E133867F3391B057D8552350F912DF55DD11C1357765EF76D8E286BBBE839F28295D09751243DC0201BDF
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Douala) $TZData(:Africa/Lagos).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-TD62U.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	177
Entropy (8bit):	4.813464796454866
Encrypted:	false
SSDEEP:
MD5:	D2AA823E78DD8E0A0C83508B6378DE5D
SHA1:	C26E03EF84C3C0B6001F0D4471907A94154E6850
SHA-256:	345F3F9422981CC1591FBC1B5B17A96F2F00F0C191DF23582328D44158041CF0
SHA-512:	908F8D096DA6A336703E7601D03477CECBCDC8D404C2410C7F419986379A14943BB61B0D92D87160D5F1EF5B229971B2B9D122D2B3F70746CED0D4D6B10D7412
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Lome) $TZData(:Africa/Abidjan).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-TER5A.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	298
Entropy (8bit):	4.638948195674004
Encrypted:	false
SSDEEP:
MD5:	256740512DCB35B4743D05CC24C636DB
SHA1:	1FD418712B3D7191549BC0808CF180A682AF7FC1
SHA-256:	768E9B2D9BE96295C35120414522FA6DD3EDA4500FE86B6D398AD452CAF6FA4B
SHA-512:	DCFF6C02D1328297BE24E0A640F5823BFD23BDE67047671AC18EB0B1F450C717E273B27A48857F54A18D6877AB8132AAED94B2D87D2F962DA43FE473FC3DDC94
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Johannesburg) {. {-9223372036854775808 6720 0 LMT}. {-2458173120 5400 0 SAST}. {-2109288600 7200 0 SAST}. {-860976000 10800 1 SAST}. {-845254800 7200 0 SAST}. {-829526400 10800 1 SAST}. {-813805200 7200 0 SAST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-UFPE9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	176
Entropy (8bit):	4.8623059127375585
Encrypted:	false
SSDEEP:
MD5:	32AE0D7A7E7F0DF7AD0054E959A53B09
SHA1:	AE455C96401EBB1B2BDE5674A71A182D9E12D7BD
SHA-256:	7273FA039D250CABAE2ACCE926AB483B0BF16B0D77B9C2A7B499B9BDFB9E1CBB
SHA-512:	DC8E89A75D7212D398A253E6FF3D10AF72B7E14CBC07CA53C6CB01C8CE40FB12375E50AD4291C973C872566F8D875D1E1A2CF0A38F02C91355B957095004563E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Kigali) $TZData(:Africa/Maputo).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-UNUTI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	200
Entropy (8bit):	4.8463501042309645
Encrypted:	false
SSDEEP:
MD5:	D28C0D0628DE3E5D9662A3376B20D5B4
SHA1:	464351F257655F10732CA9A1E59CF6587B33F8A1
SHA-256:	B9F317EAA504A195BD658BA7EE9EE22D816BF46A1FFDB8D8DA573D311A5FF78A
SHA-512:	B056E7A16CE8E5CC420F88AF26E893348117306D66ED2DF4C6A6C2CA9F48783714E08AACF94BC646A1B4A2B3FB2080A4E53EDF4633C9AE259BBBA3F8ABE4DEE3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Sao_Tome) {. {-9223372036854775808 1616 0 LMT}. {-2713912016 -2205 0 LMT}. {-1830384000 0 0 GMT}. {1514768400 3600 0 WAT}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-V1JIF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	180
Entropy (8bit):	4.787605387034664
Encrypted:	false
SSDEEP:
MD5:	8CF1CA04CD5FC03D3D96DC49E98D42D4
SHA1:	4D326475E9216089C872D5716C54DEB94590FCDE
SHA-256:	A166E17E3A4AB7C5B2425A17F905484EBFDBA971F88A221155BCA1EC5D28EA96
SHA-512:	1301B9469ED396198A2B87CBA254C66B148036C0117D7D4A8286CB8729296AD735DF16581AEF0715CEE24213E91970F181824F3A64BCF91435FDAD85DCD78C84
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Kampala) $TZData(:Africa/Nairobi).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Africa\is-V8Q62.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	175
Entropy (8bit):	4.816805447465336
Encrypted:	false
SSDEEP:
MD5:	90EC372D6C8677249C8C2841432F0FB7
SHA1:	5D5E549496962420F56897BC01887B09EC863D78
SHA-256:	56F7CA006294049FA92704EDEAD78669C1E9EABE007C41F722E972BE2FD58A37
SHA-512:	93FD7C8F5C6527DCCFBF21043AB5EED21862A22DA1FDB3ED7635723060C9252D76541DAD3A76EBF8C581A82A6DBEF2766DD428ACE3A9D6A45954A787B686B1CA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Kinshasa) $TZData(:Africa/Lagos).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Argentina\is-144QE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2013
Entropy (8bit):	3.6516068215670687
Encrypted:	false
SSDEEP:
MD5:	767F99822C382327A318EAC0779321F3
SHA1:	1352B21F20C7F742D57CB734013143C9B58DA221
SHA-256:	B4590DF5AC1993E10F508CC5183809775F5248B565400BA05AE5F87B69D4E26B
SHA-512:	C8FF21DC573DE5CB327DDA536391071012A038B8266C4E39922EC0F0EC975000E5D7AFBBE81D1C28DB8733E8B01E1E4D6BE0968D9EFCFC50DB102CC09BDABEA6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/San_Luis) {. {-9223372036854775808 -15924 0 LMT}. {-2372096076 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Argentina\is-2MOJD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1981
Entropy (8bit):	3.6790048972731686
Encrypted:	false
SSDEEP:
MD5:	93B8CF61EDC7378C39BE33A77A4222FC
SHA1:	8A01D2B22F8FC163B0FDCED4305C3FA08336AF7D
SHA-256:	35E05545A12E213DCBC0C2F7FDCA5C79CD522E7D2684EDF959E8A0A991BEF3C8
SHA-512:	68333AB0C9348AF0994DB26FB6D34FF67ABF56AF1FBABB77F2C9EFF20E9A2DB2B59C5B81DF0C42299DE459B03DF13E07071B84576E62597920D1848F1E1FC9E3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Buenos_Aires) {. {-9223372036854775808 -14028 0 LMT}. {-2372097972 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-73378

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Argentina\is-2NRRP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1976
Entropy (8bit):	3.659938468164974
Encrypted:	false
SSDEEP:
MD5:	C6A4EED52A2829671089F9E84D986BFB
SHA1:	F5BBDD0C3347C7519282249AA48543C01DA95B7A
SHA-256:	50541A1FBACAD2C93F08CD402A609C4984AF66E27DB9FAA7F64FDA93DDC57939
SHA-512:	52EA5BB27C91C753275EAC90E082EEBE98B5997B830D8DD579174558355E3FED0AAF4AA02679B0866591951F04F358AFB113423872D57820143E75FEB4415B60
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Cordoba) {. {-9223372036854775808 -15408 0 LMT}. {-2372096592 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Argentina\is-628F6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2012
Entropy (8bit):	3.6703415662732746
Encrypted:	false
SSDEEP:
MD5:	AC8E561F7573280594BDD898324E9442
SHA1:	7DC6248ED29719700189FF3A69D06AAC7B54EB6B
SHA-256:	0833962C0DE220BC601D764EE14442E98F83CB581816B74E5867540348227250
SHA-512:	2FDD23ABA891EBEF01944F3C8F1A9E6844C182B0EB2CBEC0F942F268BAE51F0D7775370E262B500FE7151210F8849DD54BA5CEB2160AE03A5747A48A10933F05
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Rio_Gallegos) {. {-9223372036854775808 -16612 0 LMT}. {-2372095388 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-73378

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Argentina\is-80C3M.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1945
Entropy (8bit):	3.653135248071002
Encrypted:	false
SSDEEP:
MD5:	70FB90E24FEEF5211C9488C938295F02
SHA1:	5C903A669B51A1635284AD80877E0C6789D8EB26
SHA-256:	FBDACFA5D82DC23ECDD9D9F8A4EF71F7DBB579BF4A621C545062A7AE0296141D
SHA-512:	4C36B34B2203F6D4C78CC6F0E061BF35C4B98121D50096C8015EBA6DBEFA989DD2F2E32436EEE3055F1CF466BC3D4FD787A89873EEE4914CB51B273E335C90C3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Salta) {. {-9223372036854775808 -15700 0 LMT}. {-2372096300 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800 -1

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Argentina\is-9NLKB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2009
Entropy (8bit):	3.649537276151328
Encrypted:	false
SSDEEP:
MD5:	69F8A1AC33BE03C008EC5FEBD1CE4CAA
SHA1:	858362EFEA0C68C1EC9295A9FCE647B41DBF429D
SHA-256:	B02DDE8DCF8E68B2B1DBF66ADF5B247E9833FEC347DFBC487C391FADA5706AD3
SHA-512:	8373EAEEBF5EA028CC0673B10E9DFE84F4DFC2F9E9E8320D59E6CE6125643B31F5E61FC894E420A8D7E9C2FF242617DF911ABF0884AF5B32316A098C8524772D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Mendoza) {. {-9223372036854775808 -16516 0 LMT}. {-2372095484 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Argentina\is-A7MHK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2007
Entropy (8bit):	3.6562927023582197
Encrypted:	false
SSDEEP:
MD5:	EA31C60D08FFE56504DEC62A539F51D9
SHA1:	79F31368AC9C141B5F0F5804A0D903C12B75A386
SHA-256:	4E3A4539FE0D8E0401C8304E5A79F40C420333C92BF1227BCBB5DB242444ECD6
SHA-512:	EB58A3122DE8FC7887622D3716E1D9D615625FC47C30BA0BD8112894B595263F04B37D43E142C43251C48D2CD703BB6F56966B965C5475DA83F2C290B6F564E8
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Ushuaia) {. {-9223372036854775808 -16392 0 LMT}. {-2372095608 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Argentina\is-DGLSJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2036
Entropy (8bit):	3.653313944168433
Encrypted:	false
SSDEEP:
MD5:	892E23EEB82C4EF52CB830C607E3DD6D
SHA1:	9A9334DC1F9FBA0152C1B5CAA954F2FF1775B78C
SHA-256:	F3D19E51463B4D04BE1CD4F36CD9DD5E3954B6186ADD6A176B78C3C4F399CCA1
SHA-512:	4FCC3F61E261D57788756921AE21E54D387AB533ACF56182579B9082EC0791CD655D50BEDDAF996233CDBDE549F743855C191BCB581EF3D7877C4CE26B14EEC2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Tucuman) {. {-9223372036854775808 -15652 0 LMT}. {-2372096348 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Argentina\is-EPDML.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	237
Entropy (8bit):	4.672788403288451
Encrypted:	false
SSDEEP:
MD5:	42D568B6100D68F9E5698F301F4EC136
SHA1:	E0A5F43A80EB0FAAFBD45127DCAF793406A4CF3A
SHA-256:	D442E5BBB801C004A7903F6C217149FCDA521088705AC9FECB0BC3B3058981BF
SHA-512:	99580239B40247AF75FFAA44E930CDECB71F6769E3597AC85F19A8816F7D0859F6A0D5499AFAC2FA35C32BA05B75B27C77F36DE290DD0D442C0769D6F41E96DA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Catamarca)]} {. LoadTimeZoneFile America/Argentina/Catamarca.}.set TZData(:America/Argentina/ComodRivadavia) $TZData(:America/Argentina/Catamarca).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Argentina\is-ER1HE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2037
Entropy (8bit):	3.6597750686514887
Encrypted:	false
SSDEEP:
MD5:	BBB4D4B341E7FEC2E5A937267AADCD0F
SHA1:	9AB509F97DCBAAE5ACA7F67853E86429438ED8DC
SHA-256:	BAC6CC41865DD3D4F042FE6106176279F3DEB9127BE0146AF75AE1E47098AF43
SHA-512:	49E32BD5BDBA773D99C883080660B431E8D4C806164C0354C848CF3AB0042797DBE7F6226BA234634A1DF254B0464ED5F714B054454520263536B0A77D7053D9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/San_Juan) {. {-9223372036854775808 -16444 0 LMT}. {-2372095556 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Argentina\is-JHO1T.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2009
Entropy (8bit):	3.6543367491742913
Encrypted:	false
SSDEEP:
MD5:	7FCA355F863158D180B3179782A6E8C8
SHA1:	CDFBC98923F7315388009F22F9C37626B677321F
SHA-256:	C3FE34E5BE68503D78D63A2AFB5C970584D0854C63648D7FE6E2412A4E5B008F
SHA-512:	6C2F9598C714BEBA7A538AAB7FA68C1962001C426C80B21F2A9560C72BCEA87B956821E68AF30B4576C1ECDB07E33D616934BD49943DA2E45841B10D483833C5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Catamarca) {. {-9223372036854775808 -15788 0 LMT}. {-2372096212 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-73378080

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Argentina\is-KDK7H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1974
Entropy (8bit):	3.659895575974408
Encrypted:	false
SSDEEP:
MD5:	A7F2318729F0B4B04C9176CB5257691E
SHA1:	0EAD91CBDC640DB67F64A34209359674AC47062A
SHA-256:	E33962F99E6022ED1825898990B38C10F505DE6EC44DAFB00C75E3A7C1A61C8A
SHA-512:	CB80580383309CCA4837556ED0444F2B931E1B3B13582023BFB715393C94C4F1279D8EC18CACB06BB13E3D32A535495DF2D093E225DF7B6DFFD3571A3B3573B2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Jujuy) {. {-9223372036854775808 -15672 0 LMT}. {-2372096328 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800 -1

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Argentina\is-Q8DTK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2037
Entropy (8bit):	3.655968476161033
Encrypted:	false
SSDEEP:
MD5:	49BB6DAD5560E7C6EAEA6F3CF9EB1F67
SHA1:	56E0D9DD4E6B12522A75F0ABFEBB6AE019614CB5
SHA-256:	13CBECD826DD5DE4D8576285FC6C4DE39F2E9CF03F4A61F75316776CAED9F878
SHA-512:	CA7EF1A94A6635EAB644C5EAAC2B890E7401745CFA97609BDA410D031B990C87EB2F97160731A45B5A8ADE48D883EAB529AE2379406852129102F0FDF92247D8
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/La_Rioja) {. {-9223372036854775808 -16044 0 LMT}. {-2372095956 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Indiana\is-42MOA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6992
Entropy (8bit):	3.7768650637181533
Encrypted:	false
SSDEEP:
MD5:	D0F40504B578D996E93DAE6DA583116A
SHA1:	4D4D24021B826BFED2735D42A46EEC1C9EBEA8E3
SHA-256:	F4A0572288D2073D093A256984A2EFEC6DF585642EA1C4A2860B38341D376BD8
SHA-512:	BA9D994147318FF5A53D45EC432E118B5F349207D58448D568E0DB316452EF9FD620EE4623FD4EAD123BC2A6724E1BAE2809919C58223E6FD4C7A20F004155E0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Tell_City) {. {-9223372036854775808 -20823 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-733942800 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-462996000 -18000 1 CDT}. {-450291600 -21600 0 CST}. {-431539200 -18000 1 CDT}. {-418237200 -21600 0 CST}. {-400089600 -18000 1 CDT}. {-386787600 -21600 0 CST}. {-368640000 -18000 1 CDT}. {-355338000 -21600 0 CST}. {-337190400 -18000 1 CDT}. {-323888400 -21600 0 CST}. {-305740800 -18000 1 CDT}. {-289414800 -21600 0 CST}. {-273686400 -18000 1 CDT}. {-260989200 -21600 0 CST}

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Indiana\is-4POSL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8470
Entropy (8bit):	3.7546412701514034
Encrypted:	false
SSDEEP:
MD5:	E8AFD9E320A7F4310B413F8086462F31
SHA1:	7BEE624AAC096E9C280B4FC84B0671381C657F6C
SHA-256:	BE74C1765317898834A18617352DF3B2952D69DE4E294616F1554AB95824DAF0
SHA-512:	C76620999A293FA3A93CA4615AB78F19395F12CC08C242F56BFD4C4CAF8BC769DDEBF33FF10F7DA5A3EFD8ED18792362780188636075419014A8C099A897C43C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Knox) {. {-9223372036854775808 -20790 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-725824800 -21600 0 CST}. {-715795200 -18000 1 CDT}. {-702493200 -21600 0 CST}. {-684345600 -18000 1 CDT}. {-671043600 -21600 0 CST}. {-652896000 -18000 1 CDT}. {-639594000 -21600 0 CST}. {-620841600 -18000 1 CDT}. {-608144400 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-557942400 -18000 1 CDT}. {-544640400 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-463593600 -18000 1 CDT}. {-447267600 -21600 0 CST}. {-431539200 -18000 1 CDT}. {-415818000 -21600 0 CST}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Indiana\is-4Q7V2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7364
Entropy (8bit):	3.79636789874872
Encrypted:	false
SSDEEP:
MD5:	9614153F9471187A2F92B674733369A0
SHA1:	199E8D5018A374EDB9592483CE4DDB30712006E3
SHA-256:	5323EBC8D450CC1B53AED18AD209ADEB3A6EEB5A00A80D63E26DB1C85B6476ED
SHA-512:	2A1E26D711F62C51A5EE7014584FAF41C1780BD62573247D45D467500C6AB9A9EAD5A382A1986A9D768D7BB927E4D391EA1B7A4AD9A54D3B05D8AD2385156C33
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Petersburg) {. {-9223372036854775808 -20947 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-473364000 -21600 0 CST}. {-462996000 -18000 1 CDT}. {-450291600 -21600 0 CST}. {-431539200 -18000 1 CDT}. {-418237200 -21600 0 CST}. {-400089600 -18000 1 CDT}. {-386787600 -21600 0 CST}. {-368640000 -18000 1 CDT}. {-355338000 -21600 0 CST}. {-337190400 -18000 1 CDT}. {-323888400 -21600 0 CST}. {-305740800 -18000 1 CDT}. {-292438800 -21600 0 CST}. {-273686400 -18000 1 CDT}. {-257965200 -21600 0 CST}. {-242236800 -18000 1 CDT}. {-226515600 -21600 0 CST}. {-210787200 -18000 1 CDT}. {-195066000 -21600 0 CST}. {-179337600 -18000 1 CDT}. {-163616400 -21600 0 CST

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Indiana\is-CO0TP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7170
Entropy (8bit):	3.7942292979267767
Encrypted:	false
SSDEEP:
MD5:	40D8E05D8794C9D11DF018E3C8B8D7C0
SHA1:	58161F320CB46EC72B9AA6BAD9086F18B2E0141B
SHA-256:	A13D6158CCD4283FE94389FD341853AD90EA4EC505D37CE23BD7A6E7740F03F6
SHA-512:	BC45B6EFF1B879B01F517D4A4012D0AFBA0F6A9D92E862EF9A960FE07CBE216C8C929FE790044C566DC95981EC4BEAB3DCBD45A1FE597606CF601214A78AEA08
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Winamac) {. {-9223372036854775808 -20785 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-733942800 -21600 0 CST}. {-715795200 -18000 1 CDT}. {-702493200 -21600 0 CST}. {-684345600 -18000 1 CDT}. {-671043600 -21600 0 CST}. {-652896000 -18000 1 CDT}. {-639594000 -21600 0 CST}. {-620841600 -18000 1 CDT}. {-608144400 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-557942400 -18000 1 CDT}. {-544640400 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-463593600 -18000 1 CDT}. {-447267600 -21600 0 CST}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Indiana\is-D6QE3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6996
Entropy (8bit):	3.799188069575817
Encrypted:	false
SSDEEP:
MD5:	154A332C3ACF6D6F358B07D96B91EBD1
SHA1:	FC16E7CBE179B3AB4E0C2A61AB5E0E8C23E50D50
SHA-256:	C0C7964EBF9EA332B46D8B928B52FDE2ED15ED2B25EC664ACD33DA7BF3F987AE
SHA-512:	5831905E1E6C6FA9DD309104B3A2EE476941D6FF159764123A477E2690C697B0F19EDEA0AD0CD3BBBECF96D64DC4B981027439E7865FCB1632661C8539B3BD6C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Indianapolis) {. {-9223372036854775808 -20678 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-1577901600 -21600 0 CST}. {-900259200 -18000 1 CDT}. {-891795600 -21600 0 CST}. {-883591200 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-733942800 -21600 0 CST}. {-715795200 -18000 1 CDT}. {-702493200 -21600 0 CST}. {-684345600 -18000 1 CDT}. {-671043600 -21600 0 CST}. {-652896000 -18000 1 CDT}. {-639594000 -21600 0 CST}. {-620841600 -18000 1 CDT}. {-608144400 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-557942400 -18000 1 CDT}. {-544640400 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Indiana\is-D80IO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6350
Entropy (8bit):	3.782861360101505
Encrypted:	false
SSDEEP:
MD5:	35A64C161E0083DCE8CD1E8E1D6EBE85
SHA1:	9BC295C23783C07587D82DA2CC25C1A4586284B2
SHA-256:	75E89796C6FB41D75D4DDA6D94E4D27979B0572487582DC980575AF6656A7822
SHA-512:	7BAF735DA0DE899653F60EED6EEF53DD8A1ABC6F61F052B8E37B404BC9B37355E94563827BC296D8E980C4247864A57A117B7B1CB58A2C242991BBDC8FE7174E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Vevay) {. {-9223372036854775808 -20416 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-495043200 -18000 0 EST}. {-31518000 -18000 0 EST}. {-21488400 -14400 1 EDT}. {-5767200 -18000 0 EST}. {9961200 -14400 1 EDT}. {25682400 -18000 0 EST}. {41410800 -14400 1 EDT}. {57736800 -18000 0 EST}. {73465200 -14400 1 EDT}. {89186400 -18000 0 EST}. {94712400 -18000 0 EST}. {1136091600 -18000 0 EST}. {1143961200 -14400 1 EDT}. {1162101600 -18000 0 EST}. {1173596400 -14400 1 EDT}. {1194156000 -18000 0 EST}. {1205046000 -14400 1 EDT}. {1225605600 -18000 0 EST}. {1236495600 -14400 1 EDT}. {1257055200 -18000 0 EST}. {1268550000 -14400 1 EDT}. {1289109600 -18000

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Indiana\is-LLG6M.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7037
Entropy (8bit):	3.786429098558221
Encrypted:	false
SSDEEP:
MD5:	456422A0D5BE8FBF5DBD0E75D8650894
SHA1:	737AC21F019A7E89689B9C8B465C8482FF4F403E
SHA-256:	C92D86CACFF85344453E1AFBC124CE11085DE7F6DC52CB4CBE6B89B01D5FE2F3
SHA-512:	372AEBB2F13A50536C36A025881874E5EE3162F0168B71B2083965BECBBFCA3DAC726117D205D708CC2B4F7ABE65CCC2B3FE6625F1403D97001950524D545470
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Marengo) {. {-9223372036854775808 -20723 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-599594400 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-463593600 -18000 1 CDT}. {-450291600 -21600 0 CST}. {-431539200 -18000 1 CDT}. {-418237200 -21600 0 CST}. {-400089600 -18000 1 CDT}. {-386787600 -21600 0 CST}. {-368640000 -18000 1 CDT}. {-355338000 -21600 0 CST}. {-337190400 -18000 1 CDT}. {-323888400 -21600 0 CST}. {-305740800 -18000 1 CDT}. {-292438800 -21600 0 CST}. {-273686400 -18000 0 EST}. {-31518000 -18000 0 EST}. {-21488400 -14400 1 EDT}. {-5767200 -18000 0 EST}. {

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Indiana\is-RDP47.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6992
Entropy (8bit):	3.795913753683276
Encrypted:	false
SSDEEP:
MD5:	AD8B44BD0DBBEB06786B2B281736A82B
SHA1:	7480D3916F0ED66379FC534F20DC31001A3F14AF
SHA-256:	18F35F24AEF9A937CD9E91E723F611BC5D802567A03C5484FAB7AEEC1F2A0ED0
SHA-512:	7911EC3F1FD564C50DEAF074ED99A502A9B5262B63E3E0D2901E21F27E90FBD5656A53831E61B43A096BA1FF18BB4183CCCE2B903782C2189DAAFDD7A90B3083
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Vincennes) {. {-9223372036854775808 -21007 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-733942800 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-462996000 -18000 1 CDT}. {-450291600 -21600 0 CST}. {-431539200 -18000 1 CDT}. {-418237200 -21600 0 CST}. {-400089600 -18000 1 CDT}. {-386787600 -21600 0 CST}. {-368640000 -18000 1 CDT}. {-355338000 -21600 0 CST}. {-337190400 -18000 1 CDT}. {-323888400 -21600 0 CST}. {-305740800 -18000 1 CDT}. {-289414800 -21600 0 CST}. {-273686400 -18000 1 CDT}. {-260989200 -21600 0 CST}

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Kentucky\is-AOH8S.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9332
Entropy (8bit):	3.769996646995791
Encrypted:	false
SSDEEP:
MD5:	D9BC20AFD7DA8643A2091EB1A4B48CB3
SHA1:	9B567ABF6630E7AB231CAD867AD541C82D9599FF
SHA-256:	B4CC987A6582494779799A32A9FB3B4A0D0298425E71377EB80E2FB4AAAEB873
SHA-512:	0BC769A53E63B41341C25A0E2093B127064B589F86483962BD24DB4082C4466E12F4CD889B82AD0134C992E984EF0897113F28321522B57BA45A98C15FF7E172
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Kentucky/Louisville) {. {-9223372036854775808 -20582 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-1546279200 -21600 0 CST}. {-1535904000 -18000 1 CDT}. {-1525280400 -21600 0 CST}. {-905097600 -18000 1 CDT}. {-891795600 -21600 0 CST}. {-883591200 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-744224400 -21600 0 CST}. {-715795200 -18000 1 CDT}. {-684349200 -18000 1 CDT}. {-652899600 -18000 1 CDT}. {-620845200 -18000 1 CDT}. {-608144400 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-557942400 -18000 1 CDT}. {-544640400 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\Kentucky\is-EGPOG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8279
Entropy (8bit):	3.785637200740036
Encrypted:	false
SSDEEP:
MD5:	0C6F5C9D1514DF2D0F8044BE27080EE2
SHA1:	70CBA0561E4319027C60FB0DCF29C9783BFE8A75
SHA-256:	1515460FBA496FE8C09C87C51406F4DA5D77C11D1FF2A2C8351DF5030001450F
SHA-512:	17B519BCC044FE6ED2F16F2DFBCB6CCE7FA83CF17B9FC4A40FDA21DEFBA9DE7F022A50CF5A264F3090D57D51362662E01C3C60BD125430AEECA0887BB8520DB1
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Kentucky/Monticello) {. {-9223372036854775808 -20364 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-63136800 -21600 0 CST}. {-52934400 -18000 1 CDT}. {-37213200 -21600 0 CST}. {-21484800 -18000 1 CDT}. {-5763600 -21600 0 CST}. {9964800 -18000 1 CDT}. {25686000 -21600 0 CST}. {41414400 -18000 1 CDT}. {57740400 -21600 0 CST}. {73468800 -18000 1 CDT}. {89190000 -21600 0 CST}. {104918400 -18000 1 CDT}. {120639600 -21600 0 CST}. {126691200 -18000 1 CDT}. {152089200 -21600 0 CST}. {162374400 -18000 1 CDT}. {183538800 -21600 0 CST}. {199267200 -18000 1 CDT}. {215593200 -21600 0 CST}. {230716800 -18000 1 CDT}. {247042800 -21600 0 C

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\North_Dakota\is-7MS3G.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8278
Entropy (8bit):	3.7834920003907664
Encrypted:	false
SSDEEP:
MD5:	AC804124F4CE4626F5C1FDA2BC043011
SHA1:	4B3E8CC90671BA543112CEE1AB5450C6EA4615DF
SHA-256:	E90121F7D275FDCC7B8DCDEC5F8311194D432510FEF5F5F0D6F211A4AACB78EF
SHA-512:	056EF65693C16CB58EC5A223528C636346DB37B75000397D03663925545979792BBC50B20B5AA20139ECE9A9D6B73DA80C2319AA4F0609D6FC1A6D30D0567C58
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/North_Dakota/Center) {. {-9223372036854775808 -24312 0 LMT}. {-2717643600 -25200 0 MST}. {-1633273200 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1601823600 -21600 1 MDT}. {-1583683200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-52930800 -21600 1 MDT}. {-37209600 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {9968400 -21600 1 MDT}. {25689600 -25200 0 MST}. {41418000 -21600 1 MDT}. {57744000 -25200 0 MST}. {73472400 -21600 1 MDT}. {89193600 -25200 0 MST}. {104922000 -21600 1 MDT}. {120643200 -25200 0 MST}. {126694800 -21600 1 MDT}. {152092800 -25200 0 MST}. {162378000 -21600 1 MDT}. {183542400 -25200 0 MST}. {199270800 -21600 1 MDT}. {215596800 -25200 0 MST}. {230720400 -21600 1 MDT}. {247046400 -25200 0 MS

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\North_Dakota\is-A37CG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8281
Entropy (8bit):	3.795939700557522
Encrypted:	false
SSDEEP:
MD5:	E26FC508DFD73B610C5543487C763FF5
SHA1:	8FBDE67AF561037AAA2EDF93E9456C7E534F4B5A
SHA-256:	387D3C57EDE8CCAAD0655F19B35BC0D124C016D16F06B6F2498C1151E4792778
SHA-512:	8A10B7370D1521EDF18AB4D5192C930ABC68AB9AE718ADF3D175EACE9A1F5DAC690A76B02EFB4059374761962D8C2660497F8E951DFE9812FB3CFCFDF9165E45
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/North_Dakota/New_Salem) {. {-9223372036854775808 -24339 0 LMT}. {-2717643600 -25200 0 MST}. {-1633273200 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1601823600 -21600 1 MDT}. {-1583683200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-52930800 -21600 1 MDT}. {-37209600 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {9968400 -21600 1 MDT}. {25689600 -25200 0 MST}. {41418000 -21600 1 MDT}. {57744000 -25200 0 MST}. {73472400 -21600 1 MDT}. {89193600 -25200 0 MST}. {104922000 -21600 1 MDT}. {120643200 -25200 0 MST}. {126694800 -21600 1 MDT}. {152092800 -25200 0 MST}. {162378000 -21600 1 MDT}. {183542400 -25200 0 MST}. {199270800 -21600 1 MDT}. {215596800 -25200 0 MST}. {230720400 -21600 1 MDT}. {247046400 -25200 0

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\North_Dakota\is-OMTVV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8278
Entropy (8bit):	3.7975723806562063
Encrypted:	false
SSDEEP:
MD5:	15AABAE9ABE4AF7ABEADF24A510E9583
SHA1:	3DEF11310D02F0492DF09591A039F46A8A72D086
SHA-256:	B328CC893D217C4FB6C84AA998009940BFBAE240F944F40E7EB900DEF1C7A5CF
SHA-512:	7A12A25EB6D6202C47CFDD9F3CE71342406F0EDA3D1D68B842BCFE97EFF1F2E0C11AD34D4EE0A61DF7E0C7E8F400C8CCA73230BDB3C677F8D15CE5CBA44775D7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/North_Dakota/Beulah) {. {-9223372036854775808 -24427 0 LMT}. {-2717643600 -25200 0 MST}. {-1633273200 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1601823600 -21600 1 MDT}. {-1583683200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-52930800 -21600 1 MDT}. {-37209600 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {9968400 -21600 1 MDT}. {25689600 -25200 0 MST}. {41418000 -21600 1 MDT}. {57744000 -25200 0 MST}. {73472400 -21600 1 MDT}. {89193600 -25200 0 MST}. {104922000 -21600 1 MDT}. {120643200 -25200 0 MST}. {126694800 -21600 1 MDT}. {152092800 -25200 0 MST}. {162378000 -21600 1 MDT}. {183542400 -25200 0 MST}. {199270800 -21600 1 MDT}. {215596800 -25200 0 MST}. {230720400 -21600 1 MDT}. {247046400 -25200 0 MS

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-03SRO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	201
Entropy (8bit):	4.901732290886438
Encrypted:	false
SSDEEP:
MD5:	DEB77B4016D310DFB38E6587190886FB
SHA1:	B308A2D187C153D3ED821B205A4F2D0F73DA94B0
SHA-256:	A6B8CFE8B9381EC61EAB553CFA2A815F93BBB224A6C79D74C08AC54BE4B8413B
SHA-512:	04A0D598A24C0F3A1881D3412352F65C610F75281CC512B46248847A798A12AEA551E3DE9EA3FD5BB6B3687A0BB65746392F301F72746876D30697D66B3A3604
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Virgin) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-0ARGN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	204
Entropy (8bit):	4.888871207225013
Encrypted:	false
SSDEEP:
MD5:	7E272CE31D788C2556FF7421F6832314
SHA1:	A7D89A1A9AC2B61D98690126D1E4C1595E160C8F
SHA-256:	F0E10D45C929477A803085B2D4CE02EE31FD1DB24855836D02861AD246BC34D9
SHA-512:	CCDF0B1B5971B77F6FA27F25900DB1AB9A4A4C69E15DCDF4EA35E1E1FC31AAD957C2E5862B411B0155BB1E25E2DD417A89168295317B1E603DA59142D76CE80A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/St_Thomas) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-0EEC3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	223
Entropy (8bit):	4.866250035215905
Encrypted:	false
SSDEEP:
MD5:	3BAD2D8B6F2ECB3EC0BFA16DEAEBADC3
SHA1:	2E8D7A5A29733F94FF247E7E62A7D99D5073AFDC
SHA-256:	242870CE8998D1B4E756FB4CD7097FF1B41DF8AA6645E0B0F8EB64AEDC46C13C
SHA-512:	533A6A22A11C34BCE3772BD85B6A5819CCCD98BF7ECED9E751191E5D1AD3B84F34D70F30936CFE501C2FA3F6AAC7ABB9F8843B7EB742C6F9C2AD4C22D5C73740
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Kentucky/Louisville)]} {. LoadTimeZoneFile America/Kentucky/Louisville.}.set TZData(:America/Louisville) $TZData(:America/Kentucky/Louisville).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-0GERQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	214
Entropy (8bit):	4.752946571641783
Encrypted:	false
SSDEEP:
MD5:	4FC460A084DF33A73F2F87B7962B0084
SHA1:	45E70D5D68FC2DE0ACFF76B062ADA17E0021460F
SHA-256:	D1F5FFD2574A009474230E0AA764256B039B1D78D91A1CB944B21776377B5B70
SHA-512:	40045420FE88FA54DE4A656534C0A51357FBAB3EA3B9120DA15526A9DEC7EEC2C9799F4D9A72B6050474AD67490BC28540FDA0F17B7FCAF125D41CBCA96ECCDE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Cordoba)]} {. LoadTimeZoneFile America/Argentina/Cordoba.}.set TZData(:America/Rosario) $TZData(:America/Argentina/Cordoba).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-0P2MD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	240
Entropy (8bit):	4.690879495223713
Encrypted:	false
SSDEEP:
MD5:	58E0902DC63F2F584AD72E6855A68BB8
SHA1:	C8ED225C95DB512CB860D798E6AF648A321B82E7
SHA-256:	D940627FFCBE6D690E34406B62EE4A032F116DF1AB81631E27A61E16BD4051E2
SHA-512:	EF2523F2C55890BE4CE78DA2274833647587CF6F48B144C8261EB69B24BA73946B63244F03FEDF37A990FCAFECB2D88F4ECE302993F115C06323721E570EDD99
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Guayaquil) {. {-9223372036854775808 -19160 0 LMT}. {-2524502440 -18840 0 QMT}. {-1230749160 -18000 0 -05}. {722926800 -14400 1 -05}. {728884800 -18000 0 -05}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-124MI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	845
Entropy (8bit):	4.182525430299964
Encrypted:	false
SSDEEP:
MD5:	1502A6DD85B55B9619E42D1E08C09738
SHA1:	70FF58E29CCDB53ABABA7EBD449A9B34AC152AA6
SHA-256:	54E541D1F410AFF34CE898BBB6C7CC945B66DFC9D7C4E986BD9514D14560CC6F
SHA-512:	99F0EFF9F2DA4CDD6AB508BB85002F38B01BDFDE0CBA1EB2F4B5CA8EAD8AAB645A3C26BECF777DE49574111B37F847EFF9320331AC07E84C8E892B688B01D36B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Swift_Current) {. {-9223372036854775808 -25880 0 LMT}. {-2030201320 -25200 0 MST}. {-1632063600 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-747241200 -21600 0 MDT}. {-732729600 -25200 0 MST}. {-715791600 -21600 1 MDT}. {-702489600 -25200 0 MST}. {-684342000 -21600 1 MDT}. {-671040000 -25200 0 MST}. {-652892400 -21600 1 MDT}. {-639590400 -25200 0 MST}. {-631126800 -25200 0 MST}. {-400086000 -21600 1 MDT}. {-384364800 -25200 0 MST}. {-337186800 -21600 1 MDT}. {-321465600 -25200 0 MST}. {-305737200 -21600 1 MDT}. {-292435200 -25200 0 MST}. {-273682800 -21600 1 MDT}. {-260985600 -25200 0 MST}. {73472400 -21600 0 CST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-1EFD6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1159
Entropy (8bit):	3.7116873200926586
Encrypted:	false
SSDEEP:
MD5:	0858FCA5A59C9C6EE38B7E8A61307412
SHA1:	685597A5FD8BFEBF3EC558DB8ABF11903F63E05E
SHA-256:	825E89E4B35C9BA92CF53380475960C36307BF11FD87057891DF6EEBA984A88D
SHA-512:	7369EE42CD73CFD635505BF784E16A36C9BBDE0BDAAAB405CB8401EBC508F4CE0B0155206756C1905E915756F1D3CDC381C6B9C357A01EAE0ECC4C448978844A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Boa_Vista) {. {-9223372036854775808 -14560 0 LMT}. {-1767211040 -14400 0 -04}. {-1206954000 -10800 1 -04}. {-1191358800 -14400 0 -04}. {-1175371200 -10800 1 -04}. {-1159822800 -14400 0 -04}. {-633816000 -10800 1 -04}. {-622065600 -14400 0 -04}. {-602280000 -10800 1 -04}. {-591829200 -14400 0 -04}. {-570744000 -10800 1 -04}. {-560206800 -14400 0 -04}. {-539121600 -10800 1 -04}. {-531349200 -14400 0 -04}. {-191361600 -10800 1 -04}. {-184194000 -14400 0 -04}. {-155160000 -10800 1 -04}. {-150066000 -14400 0 -04}. {-128894400 -10800 1 -04}. {-121122000 -14400 0 -04}. {-99950400 -10800 1 -04}. {-89586000 -14400 0 -04}. {-68414400 -10800 1 -04}. {-57963600 -14400 0 -04}. {499752000 -10800 1 -04}. {511239600 -14400 0 -04}. {530596800 -10800 1 -04}. {540270000 -14400 0 -04}. {562132800 -10800 1 -04}. {571201200 -14400 0 -04}. {590036400 -1

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-1KKQ1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	273
Entropy (8bit):	4.728240676465187
Encrypted:	false
SSDEEP:
MD5:	2FB893819124F19A7068F802D6A59357
SHA1:	6B35C198F74FF5880714A3182407858193CE37A4
SHA-256:	F05530CFBCE7242847BE265C2D26C8B95B00D927817B050A523FFB139991B09E
SHA-512:	80739F431F6B3548EFD4F70FE3630F66F70CB29B66845B8072D26393ADD7DAB22675BE6DA5FBDC7561D4F3F214816AAD778B6CD0EE45264B4D6FFA48B3AC7C43
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Puerto_Rico) {. {-9223372036854775808 -15865 0 LMT}. {-2233035335 -14400 0 AST}. {-873057600 -10800 0 AWT}. {-769395600 -10800 1 APT}. {-765399600 -14400 0 AST}. {-757368000 -14400 0 AST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-1TODM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8470
Entropy (8bit):	3.767364707906483
Encrypted:	false
SSDEEP:
MD5:	F76D5FB5BC773872B556A6EDF660E5CC
SHA1:	3FD19FCD0FFD3308D2E7D9A3553C14B6A6C3A903
SHA-256:	170540AA3C0962AFE4267F83AC679241B2D135B1C18E8E7220C2608B94DDDE0E
SHA-512:	7FC5D2BC39EF3A3C902A56272474E28CD9C56DE37A7AE9FAEADE974993677CCF3A9E6CE64C064D69B7587BD47951BFFFD751412D97F4066656CBB42AD9B619DF
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Tijuana) {. {-9223372036854775808 -28084 0 LMT}. {-1514736000 -25200 0 MST}. {-1451667600 -28800 0 PST}. {-1343062800 -25200 0 MST}. {-1234803600 -28800 0 PST}. {-1222963200 -25200 1 PDT}. {-1207242000 -28800 0 PST}. {-873820800 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-761677200 -28800 0 PST}. {-686073600 -25200 1 PDT}. {-661539600 -28800 0 PST}. {-504892800 -28800 0 PST}. {-495039600 -25200 1 PDT}. {-481734000 -28800 0 PST}. {-463590000 -25200 1 PDT}. {-450284400 -28800 0 PST}. {-431535600 -25200 1 PDT}. {-418230000 -28800 0 PST}. {-400086000 -25200 1 PDT}. {-386780400 -28800 0 PST}. {-368636400 -25200 1 PDT}. {-355330800 -28800 0 PST}. {-337186800 -25200 1 PDT}. {-323881200 -28800 0 PST}. {-305737200 -25200 1 PDT}. {-292431600 -28800 0 PST}. {-283968000 -28800 0 PST}. {189331200 -28800 0 PST}. {199274400 -25200 1 PDT}. {21560

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-1UQT7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8444
Entropy (8bit):	3.7372403334059547
Encrypted:	false
SSDEEP:
MD5:	C436FDCDBA98987601FEFC2DBFD5947B
SHA1:	A04CF2A5C9468C634AED324CB79F9EE3544514B7
SHA-256:	32F8B4D03E4ACB466353D72DAA2AA9E1E42D454DBBA001D0B880667E6346B8A1
SHA-512:	56C25003685582AF2B8BA4E32EFF03EF10F4360D1A12E0F1294355000161ADDF7024CBD047D1830AB884BE2C385FD8ABE8DA5C30E9A0671C22E84EE3BF957D85
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Havana) {. {-9223372036854775808 -19768 0 LMT}. {-2524501832 -19776 0 HMT}. {-1402813824 -18000 0 CST}. {-1311534000 -14400 1 CDT}. {-1300996800 -18000 0 CST}. {-933534000 -14400 1 CDT}. {-925675200 -18000 0 CST}. {-902084400 -14400 1 CDT}. {-893620800 -18000 0 CST}. {-870030000 -14400 1 CDT}. {-862171200 -18000 0 CST}. {-775681200 -14400 1 CDT}. {-767822400 -18000 0 CST}. {-744231600 -14400 1 CDT}. {-736372800 -18000 0 CST}. {-144702000 -14400 1 CDT}. {-134251200 -18000 0 CST}. {-113425200 -14400 1 CDT}. {-102542400 -18000 0 CST}. {-86295600 -14400 1 CDT}. {-72907200 -18000 0 CST}. {-54154800 -14400 1 CDT}. {-41457600 -18000 0 CST}. {-21495600 -14400 1 CDT}. {-5774400 -18000 0 CST}. {9954000 -14400 1 CDT}. {25675200 -18000 0 CST}. {41403600 -14400 1 CDT}. {57729600 -18000 0 CST}. {73458000 -14400 1 CDT}. {87364800 -18000 0 CST}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-3FLO7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	203
Entropy (8bit):	4.9101657646476164
Encrypted:	false
SSDEEP:
MD5:	F7D915076ABE4FF032E13F8769D38433
SHA1:	F930A8943E87105EE8523F640EA6F65BD4C9CE78
SHA-256:	9D368458140F29D95CAB9B5D0259DE27B52B1F2E987B4FA1C12F287082F4FE56
SHA-512:	63C99FFA65F749B7637D0DF5A73A21AC34DFEAD364479DE992E215258A82B9C15AB0D45AAF29BD2F259766346FDB901412413DD44C5D45BB8DF6B582C34F48B3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Anguilla) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-4FSPK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4427
Entropy (8bit):	3.8109873978594053
Encrypted:	false
SSDEEP:
MD5:	90BBD338049233FAC5596CC63AA0D5B6
SHA1:	D96282F5B57CBF823D5A1C1FDDE7907B74DAD770
SHA-256:	DD21597BA97FD6591750E83CC00773864D658F32653017C4B52285670FFE52E3
SHA-512:	3B0F5801E55EBBB7B4C0F74DDBD3469B8F4C2BFC1B44CC80B0D36DA2152C837C8176695945F61FA75664C04F1266BCA0564815307A2C27E783CD3348C4451E4A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Fort_Nelson) {. {-9223372036854775808 -29447 0 LMT}. {-2713880953 -28800 0 PST}. {-1632060000 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-757353600 -28800 0 PST}. {-725817600 -28800 0 PST}. {-715788000 -25200 1 PDT}. {-702486000 -28800 0 PST}. {-684338400 -25200 1 PDT}. {-671036400 -28800 0 PST}. {-652888800 -25200 1 PDT}. {-639586800 -28800 0 PST}. {-620834400 -25200 1 PDT}. {-608137200 -28800 0 PST}. {-589384800 -25200 1 PDT}. {-576082800 -28800 0 PST}. {-557935200 -25200 1 PDT}. {-544633200 -28800 0 PST}. {-526485600 -25200 1 PDT}. {-513183600 -28800 0 PST}. {-495036000 -25200 1 PDT}. {-481734000 -28800 0 PST}. {-463586400 -25200 1 PDT}. {-450284400 -28800 0 PST}. {-431532000 -25200 1 PDT}. {-418230000 -28800 0 PST}. {-400082400 -25200 1 PDT}. {-3

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-4GGCM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1722
Entropy (8bit):	3.6435096006301833
Encrypted:	false
SSDEEP:
MD5:	6349567E3ED0FD11DD97056D2CFF11EE
SHA1:	404F1B311D7072A6372351366BA15BB94F3AC7D2
SHA-256:	41C816E9C0217A01D9288014013CD1D315B2CEB719F8BB310670D02B664A4462
SHA-512:	782910DFA0FF8FEDB94D622271FA0FF983BC50A4FEE95FFC8EC3E89FB123B82C26701D81A994A8248F1C1CA0B1EF49C2752C4D7B498A0A623D79E2B6753DA432
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Araguaina) {. {-9223372036854775808 -11568 0 LMT}. {-1767214032 -10800 0 -03}. {-1206957600 -7200 1 -03}. {-1191362400 -10800 0 -03}. {-1175374800 -7200 1 -03}. {-1159826400 -10800 0 -03}. {-633819600 -7200 1 -03}. {-622069200 -10800 0 -03}. {-602283600 -7200 1 -03}. {-591832800 -10800 0 -03}. {-570747600 -7200 1 -03}. {-560210400 -10800 0 -03}. {-539125200 -7200 1 -03}. {-531352800 -10800 0 -03}. {-191365200 -7200 1 -03}. {-184197600 -10800 0 -03}. {-155163600 -7200 1 -03}. {-150069600 -10800 0 -03}. {-128898000 -7200 1 -03}. {-121125600 -10800 0 -03}. {-99954000 -7200 1 -03}. {-89589600 -10800 0 -03}. {-68418000 -7200 1 -03}. {-57967200 -10800 0 -03}. {499748400 -7200 1 -03}. {511236000 -10800 0 -03}. {530593200 -7200 1 -03}. {540266400 -10800 0 -03}. {562129200 -7200 1 -03}. {571197600 -10800 0 -03}. {592974000 -7200 1 -03}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-4INA5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	332
Entropy (8bit):	4.582750266902939
Encrypted:	false
SSDEEP:
MD5:	66777BB05E04E030FABBC70649290851
SHA1:	97118A1C4561FC1CC9B7D18EE2C7D805778970B8
SHA-256:	2C6BBDE21C77163CD32465D773F6EBBA3332CA1EAEEF88BB95F1C98CBCA1562D
SHA-512:	B00F01A72A5306C71C30B1F0742E14E23202E03924887B2418CA6F5513AE59E12BC45F62B614716BBE50A7BEA8D62310E1B67BB39B84F7B1B40C5D2D19086B7C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Atikokan) {. {-9223372036854775808 -21988 0 LMT}. {-2366733212 -21600 0 CST}. {-1632067200 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-923248800 -18000 1 CDT}. {-880214400 -18000 0 CWT}. {-769395600 -18000 1 CPT}. {-765388800 -18000 0 EST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-4KS5K.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11004
Entropy (8bit):	3.725417189649631
Encrypted:	false
SSDEEP:
MD5:	C9D78AB6CF796A9D504BE2903F00B49C
SHA1:	A6C0E4135986A1A6F36B62276BFAB396DA1A4A9B
SHA-256:	1AB6E47D96BC34F57D56B936233F58B5C748B65E06AFF6449C3E3C317E411EFE
SHA-512:	6D20B13F337734CB58198396477B7C0E9CB89ED4D7AB328C22A4A528CAF187D10F42540DBB4514A0C139E6F4AE9A1A71AED02E3735D1D4F12C5314014C0C1EB6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/New_York) {. {-9223372036854775808 -17762 0 LMT}. {-2717650800 -18000 0 EST}. {-1633280400 -14400 1 EDT}. {-1615140000 -18000 0 EST}. {-1601830800 -14400 1 EDT}. {-1583690400 -18000 0 EST}. {-1577905200 -18000 0 EST}. {-1570381200 -14400 1 EDT}. {-1551636000 -18000 0 EST}. {-1536512400 -14400 1 EDT}. {-1523210400 -18000 0 EST}. {-1504458000 -14400 1 EDT}. {-1491760800 -18000 0 EST}. {-1473008400 -14400 1 EDT}. {-1459706400 -18000 0 EST}. {-1441558800 -14400 1 EDT}. {-1428256800 -18000 0 EST}. {-1410109200 -14400 1 EDT}. {-1396807200 -18000 0 EST}. {-1378659600 -14400 1 EDT}. {-1365357600 -18000 0 EST}. {-1347210000 -14400 1 EDT}. {-1333908000 -18000 0 EST}. {-1315155600 -14400 1 EDT}. {-1301853600 -18000 0 EST}. {-1283706000 -14400 1 EDT}. {-1270404000 -18000 0 EST}. {-1252256400 -14400 1 EDT}. {-1238954400 -18000 0 EST}. {-122080680

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-4OEOR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	595
Entropy (8bit):	4.2614212422453726
Encrypted:	false
SSDEEP:
MD5:	04F2A2C789E041270354376C3FD90D2D
SHA1:	D0B89262D559021FAC035A519C96D2A2FA417F9C
SHA-256:	42EF317EA851A781B041DC1951EA5A3EA1E924149C4B868ECD75F24672B28FA8
SHA-512:	F8D072527ED38C2FF1C9E08219104213352B2EFA1171C0D1E02B6B1542B4929D0C4640B441326791CC86F23206621CD4E0D3247CBAB1F99B63E65DB667F3DFED
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Santo_Domingo) {. {-9223372036854775808 -16776 0 LMT}. {-2524504824 -16800 0 SDMT}. {-1159773600 -18000 0 EST}. {-100119600 -14400 1 EDT}. {-89668800 -18000 0 EST}. {-5770800 -16200 1 -0430}. {4422600 -18000 0 EST}. {25678800 -16200 1 -0430}. {33193800 -18000 0 EST}. {57733200 -16200 1 -0430}. {64816200 -18000 0 EST}. {89182800 -16200 1 -0430}. {96438600 -18000 0 EST}. {120632400 -16200 1 -0430}. {127974600 -18000 0 EST}. {152082000 -14400 0 AST}. {975823200 -14400 0 AST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-4Q5QS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	202
Entropy (8bit):	4.877543794488217
Encrypted:	false
SSDEEP:
MD5:	C62E81B423F5BA10709D331FEBAB1839
SHA1:	F7BC5E7055E472DE33DED5077045F680843B1AA7
SHA-256:	0806C0E907DB13687BBAD2D22CEF5974D37A407D00E0A97847EC12AF972BCFF3
SHA-512:	7D7090C3A6FEBE67203EB18E06717B39EC62830757BAD5A40E0A7F97572ABB81E81CAB614AA4CD3089C3787DAA6293D6FED0137BB57EF3AE358A92FCDDCF52A8
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Grenada) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-5020D.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	208
Entropy (8bit):	4.687194013851928
Encrypted:	false
SSDEEP:
MD5:	CF5AD3AFBD735A42E3F7D85064C16AFC
SHA1:	B8160F8D5E677836051643622262F13E3AE1B0BE
SHA-256:	AF2EC2151402DF377E011618512BBC25A5A6AC64165E2C42212E2C2EC182E8F1
SHA-512:	F69F10822AB115D25C0B5F705D294332FAAA66EB0BA2D98A6610A35E1FA5ED05F02B3DDBB4E37B9B4A77946C05E28C98113DBF11EDF8DB2661A2D8ED40711182
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Guyana) {. {-9223372036854775808 -13960 0 LMT}. {-1730578040 -13500 0 -0345}. {176010300 -10800 0 -03}. {662698800 -14400 0 -04}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-50NK0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1127
Entropy (8bit):	3.6965365214193797
Encrypted:	false
SSDEEP:
MD5:	BFCC0D7639AE2D973CDBD504E99A58B8
SHA1:	E8C43C5B026891D3E9B291446ABC050E7A100C71
SHA-256:	1237FF765AA4C5530E5250F928DFAB5BB687C72C990A37B87E9DB8135C5D9CBD
SHA-512:	DAD87E612161A136606E50944C50401AFD4C11D51A016704BDD070E52ED3BAC56E0E7BCFD83E7DA392FC8D2278E5F9EF6C0C466372F58AFA1005C4156CDA189D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Manaus) {. {-9223372036854775808 -14404 0 LMT}. {-1767211196 -14400 0 -04}. {-1206954000 -10800 1 -04}. {-1191358800 -14400 0 -04}. {-1175371200 -10800 1 -04}. {-1159822800 -14400 0 -04}. {-633816000 -10800 1 -04}. {-622065600 -14400 0 -04}. {-602280000 -10800 1 -04}. {-591829200 -14400 0 -04}. {-570744000 -10800 1 -04}. {-560206800 -14400 0 -04}. {-539121600 -10800 1 -04}. {-531349200 -14400 0 -04}. {-191361600 -10800 1 -04}. {-184194000 -14400 0 -04}. {-155160000 -10800 1 -04}. {-150066000 -14400 0 -04}. {-128894400 -10800 1 -04}. {-121122000 -14400 0 -04}. {-99950400 -10800 1 -04}. {-89586000 -14400 0 -04}. {-68414400 -10800 1 -04}. {-57963600 -14400 0 -04}. {499752000 -10800 1 -04}. {511239600 -14400 0 -04}. {530596800 -10800 1 -04}. {540270000 -14400 0 -04}. {562132800 -10800 1 -04}. {571201200 -14400 0 -04}. {590036400 -1440

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-55EOJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	193
Entropy (8bit):	4.822360211437507
Encrypted:	false
SSDEEP:
MD5:	2541EC94D1EA371AB1361118EEC98CC6
SHA1:	950E460C1BB680B591BA3ADA0CAA73EF07C229FE
SHA-256:	50E6EE06C0218FF19D5679D539983CEB2349E5D25F67FD05E142921431DC63D6
SHA-512:	2E6B66815565A9422015CAB8E972314055DC4141B5C21B302ABD671F30D0FBAE1A206F3474409826B65C30EDBEDD46E92A99251AB6316D59B09FC5A8095E7562
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Atikokan)]} {. LoadTimeZoneFile America/Atikokan.}.set TZData(:America/Coral_Harbour) $TZData(:America/Atikokan).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-5F91G.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9379
Entropy (8bit):	3.7354364023000937
Encrypted:	false
SSDEEP:
MD5:	F6B8A2DA74DC3429EC1FAF7A38CB0361
SHA1:	1651AD179DB98C9755CDF17FBFC29EF35DE7F588
SHA-256:	FEAA62063316C8F4AD5FABBF5F2A7DD21812B6658FEC40893657E909DE605317
SHA-512:	46C61EFF429075A77C01AF1C02FD6136529237B30B7F06795BCEE26CDB75DDAB2D418283CD95C9A0140D1510E02F393F0A7E9414C99D1B31301AE213BAF50681
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Winnipeg) {. {-9223372036854775808 -23316 0 LMT}. {-2602258284 -21600 0 CST}. {-1694368800 -18000 1 CDT}. {-1681671600 -21600 0 CST}. {-1632067200 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1029686400 -18000 1 CDT}. {-1018198800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-746035200 -18000 1 CDT}. {-732733200 -21600 0 CST}. {-715795200 -18000 1 CDT}. {-702493200 -21600 0 CST}. {-684345600 -18000 1 CDT}. {-671043600 -21600 0 CST}. {-652896000 -18000 1 CDT}. {-639594000 -21600 0 CST}. {-620755200 -18000 1 CDT}. {-607626000 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-557942400 -18000 1 CDT}. {-544640400 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-463593600 -18000 1 CDT}. {-

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-5I1BS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	155
Entropy (8bit):	5.077805073731929
Encrypted:	false
SSDEEP:
MD5:	8169D55899164E2168EF50E219115727
SHA1:	42848A510C120D4E834BE61FC76A1C539BA88C8A
SHA-256:	6C8718C65F99AB43377609705E773C93F7993FBB3B425E1989E8231308C475AF
SHA-512:	1590D42E88DD92542CADC022391C286842C156DA4795877EA67FEF045E0A831615C3935E08098DD71CF29C972EDC79084FFCC9AFAB7813AE74EEE14D6CFEFB9D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Port_of_Spain) {. {-9223372036854775808 -14764 0 LMT}. {-1825098836 -14400 0 AST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-5KFTA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8099
Entropy (8bit):	3.737123408653655
Encrypted:	false
SSDEEP:
MD5:	3A839112950BFDFD3B5FBD440A2981E4
SHA1:	FFDF034F7E26647D1C18C1F6C49C776AD5BA93ED
SHA-256:	3D0325012AB7076FB31A68E33EE0EABC8556DFA78FBA16A3E41F986D523858FF
SHA-512:	1E06F4F607252C235D2D69E027D7E0510027D8DB0EE49CF291C39D6FD010868EF6899437057DA489DD30981949243DDFA6599FD07CE80E05A1994147B78A76CE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Glace_Bay) {. {-9223372036854775808 -14388 0 LMT}. {-2131646412 -14400 0 AST}. {-1632074400 -10800 1 ADT}. {-1615143600 -14400 0 AST}. {-880221600 -10800 1 AWT}. {-769395600 -10800 1 APT}. {-765399600 -14400 0 AST}. {-536443200 -14400 0 AST}. {-526500000 -10800 1 ADT}. {-513198000 -14400 0 AST}. {-504907200 -14400 0 AST}. {63086400 -14400 0 AST}. {73461600 -10800 1 ADT}. {89182800 -14400 0 AST}. {104911200 -10800 1 ADT}. {120632400 -14400 0 AST}. {126244800 -14400 0 AST}. {136360800 -10800 1 ADT}. {152082000 -14400 0 AST}. {167810400 -10800 1 ADT}. {183531600 -14400 0 AST}. {199260000 -10800 1 ADT}. {215586000 -14400 0 AST}. {230709600 -10800 1 ADT}. {247035600 -14400 0 AST}. {262764000 -10800 1 ADT}. {278485200 -14400 0 AST}. {294213600 -10800 1 ADT}. {309934800 -14400 0 AST}. {325663200 -10800 1 ADT}. {341384400 -14400 0 AST}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-5LCM3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	205
Entropy (8bit):	4.914669229343752
Encrypted:	false
SSDEEP:
MD5:	026A098D231C9BE8557A7F4A673C1BE2
SHA1:	192EECA778E1E713053D37353AF6D3C168D2BFF5
SHA-256:	FFE0E204D43000121944C57D2B2A846E792DDC73405C02FC5E8017136CD55BCB
SHA-512:	B49BD0FC12CC8D475E7E5116B8BDEA1584912BFA433734451F4338E42B5E042F3EC259E81C009E85798030E21F658158FA9F4EFC60078972351F706F852425E3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Guadeloupe) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-6E2HK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8407
Entropy (8bit):	3.8776961667057868
Encrypted:	false
SSDEEP:
MD5:	9C0E781669E3E5549F82ED378EE3423B
SHA1:	32184EA198156731C58616A0D88F169441C8CC7F
SHA-256:	FE1C632FE9AF7E54A8CC9ED839818FAE98F14928921FD78C92A8D8E22F07A415
SHA-512:	D1CDAB3DBAFFB4C30F6EEBDD413D748980C156437FBE99E7DF0C1E17AFA4CC33876AF2BB44C90E1FE5347071E64E83823EED47AE9BE39863C12989CB3EA44BDA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Yakutat) {. {-9223372036854775808 52865 0 LMT}. {-3225223727 -33535 0 LMT}. {-2188953665 -32400 0 YST}. {-883580400 -32400 0 YST}. {-880203600 -28800 1 YWT}. {-769395600 -28800 1 YPT}. {-765381600 -32400 0 YST}. {-757350000 -32400 0 YST}. {-31503600 -32400 0 YST}. {-21474000 -28800 1 YDT}. {-5752800 -32400 0 YST}. {9975600 -28800 1 YDT}. {25696800 -32400 0 YST}. {41425200 -28800 1 YDT}. {57751200 -32400 0 YST}. {73479600 -28800 1 YDT}. {89200800 -32400 0 YST}. {104929200 -28800 1 YDT}. {120650400 -32400 0 YST}. {126702000 -28800 1 YDT}. {152100000 -32400 0 YST}. {162385200 -28800 1 YDT}. {183549600 -32400 0 YST}. {199278000 -28800 1 YDT}. {215604000 -32400 0 YST}. {230727600 -28800 1 YDT}. {247053600 -32400 0 YST}. {262782000 -28800 1 YDT}. {278503200 -32400 0 YST}. {294231600 -28800 1 YDT}. {309952800 -32400 0 YST}. {325681200

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-6S729.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	206
Entropy (8bit):	4.89710274358395
Encrypted:	false
SSDEEP:
MD5:	320C83EFE59FD60EB9F5D4CF0845B948
SHA1:	5A71DFAE7DF9E3D8724DFA533A37744B9A34FFEC
SHA-256:	67740B2D5427CFCA70FB53ABD2356B62E01B782A51A805A324C4DFAD9ACA0CFA
SHA-512:	D7A6378372386C45C907D3CB48B923511A719794B0C0BFA3694DBCE094A46A48249720653836C2F10CBB2178DD8EEEEA6B5019E4CC6C6B650FD7BE256BE1CA99
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Jujuy)]} {. LoadTimeZoneFile America/Argentina/Jujuy.}.set TZData(:America/Jujuy) $TZData(:America/Argentina/Jujuy).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-717H2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8136
Entropy (8bit):	3.7460641906933345
Encrypted:	false
SSDEEP:
MD5:	0D0DC4A816CDAE4707CDF4DF51A18D30
SHA1:	7ED2835AA8F723B958A6631092019A779554CADE
SHA-256:	3C659C1EAC7848BBE8DF00F857F8F81D2F64B56BD1CEF3495641C53C007434FA
SHA-512:	930F2FDC2C1EAE4106F9B37A16BCBBAF618A2CCBBA98C712E8215555CF09B9303D71842DEC38EFAF930DB71E14E8208B14E41E10B54EF98335E01435D0FC3518
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Menominee) {. {-9223372036854775808 -21027 0 LMT}. {-2659759773 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-733942800 -21600 0 CST}. {-116438400 -18000 1 CDT}. {-100112400 -21600 0 CST}. {-21484800 -18000 0 EST}. {104914800 -21600 0 CST}. {104918400 -18000 1 CDT}. {120639600 -21600 0 CST}. {126691200 -18000 1 CDT}. {152089200 -21600 0 CST}. {162374400 -18000 1 CDT}. {183538800 -21600 0 CST}. {199267200 -18000 1 CDT}. {215593200 -21600 0 CST}. {230716800 -18000 1 CDT}. {247042800 -21600 0 CST}. {262771200 -18000 1 CDT}. {278492400 -21600 0 CST}. {294220800 -18000 1 CDT}. {309942000 -21600 0 CST}. {325670400 -18000 1

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-7C1QO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6593
Entropy (8bit):	3.4670685654529194
Encrypted:	false
SSDEEP:
MD5:	7E7EF4D67CCD455833603F7EF9E374A6
SHA1:	4AD722F75FC88572DD5A2CD1845FF5F68ED4B58A
SHA-256:	2B5B2A00793545C8D32437D7DAA2A36B42D3B1B7421054621841E2919F713294
SHA-512:	0688EB3EBDE78E18EE5E31DE57F1CBE0BF10071A6EDC97D284B2B3E1E22975262190934446C202E90EFD161686F4790342EDDBCACADB3A65B0AC6C1A9099C79F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Scoresbysund) {. {-9223372036854775808 -5272 0 LMT}. {-1686090728 -7200 0 -02}. {323841600 -3600 0 -01}. {338961600 -7200 0 -02}. {354679200 0 0 +00}. {370400400 -3600 0 -01}. {386125200 0 1 +00}. {401850000 -3600 0 -01}. {417574800 0 1 +00}. {433299600 -3600 0 -01}. {449024400 0 1 +00}. {465354000 -3600 0 -01}. {481078800 0 1 +00}. {496803600 -3600 0 -01}. {512528400 0 1 +00}. {528253200 -3600 0 -01}. {543978000 0 1 +00}. {559702800 -3600 0 -01}. {575427600 0 1 +00}. {591152400 -3600 0 -01}. {606877200 0 1 +00}. {622602000 -3600 0 -01}. {638326800 0 1 +00}. {654656400 -3600 0 -01}. {670381200 0 1 +00}. {686106000 -3600 0 -01}. {701830800 0 1 +00}. {717555600 -3600 0 -01}. {733280400 0 1 +00}. {749005200 -3600 0 -01}. {764730000 0 1 +00}. {780454800 -3600 0 -01}. {796179600 0 1 +00}. {811904400 -3600 0 -01}. {828234000

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-7C2UV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6846
Entropy (8bit):	3.44227328239419
Encrypted:	false
SSDEEP:
MD5:	0C7122725D98CDE5CB9B22624D24A26C
SHA1:	1889279EBE1377DB3460B706CAA4ECF803651517
SHA-256:	86BB088047FB5A6041C7B0792D15F9CB453F49A54F78529CC415B7FF2C41265A
SHA-512:	C23D3AE8D579FAC56521A0C06178550C4976E906A4CD149554821A2550B0EAB43344C6536166271EAA22EC77AF8529D9164696D7A5A740B02FA34C4272D43F26
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Miquelon) {. {-9223372036854775808 -13480 0 LMT}. {-1850328920 -14400 0 AST}. {326001600 -10800 0 -03}. {536468400 -10800 0 -02}. {544597200 -7200 1 -02}. {562132800 -10800 0 -02}. {576046800 -7200 1 -02}. {594187200 -10800 0 -02}. {607496400 -7200 1 -02}. {625636800 -10800 0 -02}. {638946000 -7200 1 -02}. {657086400 -10800 0 -02}. {671000400 -7200 1 -02}. {688536000 -10800 0 -02}. {702450000 -7200 1 -02}. {719985600 -10800 0 -02}. {733899600 -7200 1 -02}. {752040000 -10800 0 -02}. {765349200 -7200 1 -02}. {783489600 -10800 0 -02}. {796798800 -7200 1 -02}. {814939200 -10800 0 -02}. {828853200 -7200 1 -02}. {846388800 -10800 0 -02}. {860302800 -7200 1 -02}. {877838400 -10800 0 -02}. {891752400 -7200 1 -02}. {909288000 -10800 0 -02}. {923202000 -7200 1 -02}. {941342400 -10800 0 -02}. {954651600 -7200 1 -02}. {972792000 -10800 0 -

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-7M3NL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	178
Entropy (8bit):	4.781235086647991
Encrypted:	false
SSDEEP:
MD5:	1FFD7817EE1DC55EF72AD686749AE9CE
SHA1:	AE972D5395F3562F052780AD014BA2C0767943B6
SHA-256:	9CE77C0A01BFDA002EE3B2DCEF316DB7C9AC80B270DFC3A0D7769021E731D849
SHA-512:	480D8D56F7B8829F6E82D8AFF1A0A161C3C45402D85A588027E98F2FA20C6E6F35549FFC5F38F0EEA9C4190A70B334066FCD406D39FF06EE7B7855AF75CD0FC3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Cayenne) {. {-9223372036854775808 -12560 0 LMT}. {-1846269040 -14400 0 -04}. {-71092800 -10800 0 -03}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-7PC0V.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9409
Entropy (8bit):	3.767062784666229
Encrypted:	false
SSDEEP:
MD5:	A661407CC08E68459018A636C8EF0EC1
SHA1:	5524A613B07C4B4CA7404504EAD917E5B0A00112
SHA-256:	C39E5A4C1482B13E862B4D36F4F4590BDF230BE44BAC30BDAB015CDBE02BE9C9
SHA-512:	F5BD08D99E0B54911AC3ABFD413A1D98A0EB7F39A41E348E17D38EA9226A9320BA0CFE9CEB0954D158AB9B8761F0A9ECFB6F82DF033CD9B2234BC71A2D163B3A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Los_Angeles) {. {-9223372036854775808 -28378 0 LMT}. {-2717640000 -28800 0 PST}. {-1633269600 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-1601820000 -25200 1 PDT}. {-1583679600 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-757353600 -28800 0 PST}. {-687967140 -25200 1 PDT}. {-662655600 -28800 0 PST}. {-620838000 -25200 1 PDT}. {-608137200 -28800 0 PST}. {-589388400 -25200 1 PDT}. {-576082800 -28800 0 PST}. {-557938800 -25200 1 PDT}. {-544633200 -28800 0 PST}. {-526489200 -25200 1 PDT}. {-513183600 -28800 0 PST}. {-495039600 -25200 1 PDT}. {-481734000 -28800 0 PST}. {-463590000 -25200 1 PDT}. {-450284400 -28800 0 PST}. {-431535600 -25200 1 PDT}. {-418230000 -28800 0 PST}. {-400086000 -25200 1 PDT}. {-386780400 -28800 0 PST}. {-368636400 -25200 1 PDT}. {-355330800 -28800 0 PST}. {

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-88BDD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	244
Entropy (8bit):	4.731092370398455
Encrypted:	false
SSDEEP:
MD5:	5D11C2A86B0CDE60801190BFC8FA5E0B
SHA1:	38A63200995E359E61F1DEA00C5716938ED7A499
SHA-256:	D2078D8D396D5189E1D3555628960990FD63694D08256FF814EE841E01A3F56E
SHA-512:	D4D83019E5AE05C3FCDE3518672DC08925C0DECC9FCA6927D75ADA969647CE8EF2D1C67FFD1A075969309CD1B1AADDF15DB21ABDAF241EAA450D2C9E038AEF6A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Paramaribo) {. {-9223372036854775808 -13240 0 LMT}. {-1861906760 -13252 0 PMT}. {-1104524348 -13236 0 PMT}. {-765317964 -12600 0 -0330}. {465449400 -10800 0 -03}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-8GR34.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7552
Entropy (8bit):	3.4588792656032914
Encrypted:	false
SSDEEP:
MD5:	DEA27A3FE65A22BE42A97C6AB58E9687
SHA1:	CD50184C4D1739CF5568E21683980FC63C9BFF24
SHA-256:	AFA706258270F20F9317FF5B84957A2DF77842D564922C15DC302F7A8AB59CEC
SHA-512:	34C306EC889C10988B3D9C236903417BCA1590E96CD60AE700882C064CCC410132265F106BB10D9593AFFA32B923728FBDDFB6DEE77CAF4A058C877F4D5F1EF1
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Sao_Paulo) {. {-9223372036854775808 -11188 0 LMT}. {-1767214412 -10800 0 -03}. {-1206957600 -7200 1 -03}. {-1191362400 -10800 0 -03}. {-1175374800 -7200 1 -03}. {-1159826400 -10800 0 -03}. {-633819600 -7200 1 -03}. {-622069200 -10800 0 -03}. {-602283600 -7200 1 -03}. {-591832800 -10800 0 -03}. {-570747600 -7200 1 -03}. {-560210400 -10800 0 -03}. {-539125200 -7200 1 -03}. {-531352800 -10800 0 -03}. {-195429600 -7200 1 -02}. {-189381600 -7200 0 -03}. {-184197600 -10800 0 -03}. {-155163600 -7200 1 -03}. {-150069600 -10800 0 -03}. {-128898000 -7200 1 -03}. {-121125600 -10800 0 -03}. {-99954000 -7200 1 -03}. {-89589600 -10800 0 -03}. {-68418000 -7200 1 -03}. {-57967200 -10800 0 -03}. {499748400 -7200 1 -03}. {511236000 -10800 0 -03}. {530593200 -7200 1 -03}. {540266400 -10800 0 -03}. {562129200 -7200 1 -03}. {571197600 -10800 0 -03}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-8LM6U.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	331
Entropy (8bit):	4.599775510303771
Encrypted:	false
SSDEEP:
MD5:	5ACBD50E1CB87B4E7B735A8B5281917B
SHA1:	3E92C60B365C7E1F9BF5F312B007CBFD4175DB8F
SHA-256:	E61F3762B827971147772A01D51763A18CC5BED8F736000C64B4BDFF32973803
SHA-512:	9284FFDF115C7D7E548A06A6513E3591F88EE3E5197106B71B54CD82F27890D12773381218BCA69720F074A6762282F25830422DFA402FF19301D6834FD9FF7D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Blanc-Sablon) {. {-9223372036854775808 -13708 0 LMT}. {-2713896692 -14400 0 AST}. {-1632074400 -10800 1 ADT}. {-1615143600 -14400 0 AST}. {-880221600 -10800 1 AWT}. {-769395600 -10800 1 APT}. {-765399600 -14400 0 AST}. {14400 -14400 0 AST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-8N9E1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8435
Entropy (8bit):	3.7724320820194475
Encrypted:	false
SSDEEP:
MD5:	FECBDD64036247B2FBB723ADD8F798F6
SHA1:	60B1719958AD6151CDB174A319A396D5F48C7CF1
SHA-256:	EC95041E0A97B37A60EF16A6FA2B6BCB1EBEFABBC9468B828D0F467595132BC2
SHA-512:	7CF94EC5040F4C8FA3C6ED30CFDAB59A199C18AA0CDA9A66D1A477F15563D2B7CB872CEEF1E2295E0F3B9A85508A03AEC29E3ECEBE11D9B089A92794D510BA00
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Edmonton) {. {-9223372036854775808 -27232 0 LMT}. {-1998663968 -25200 0 MST}. {-1632063600 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1600614000 -21600 1 MDT}. {-1596816000 -25200 0 MST}. {-1567954800 -21600 1 MDT}. {-1551628800 -25200 0 MST}. {-1536505200 -21600 1 MDT}. {-1523203200 -25200 0 MST}. {-1504450800 -21600 1 MDT}. {-1491753600 -25200 0 MST}. {-1473001200 -21600 1 MDT}. {-1459699200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-715791600 -21600 1 MDT}. {-702489600 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {73472400 -21600 1 MDT}. {89193600 -25200 0 MST}. {104922000 -21600 1 MDT}. {120643200 -25200 0 MST}. {136371600 -21600 1 MDT}. {152092800 -25200 0 MST}. {167821200 -21600 1 MDT}. {183542400

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-8QMIU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8010
Entropy (8bit):	3.742999180017181
Encrypted:	false
SSDEEP:
MD5:	177B0815E8BD6BFA6E62895FE12A61E5
SHA1:	EC2400FA644023D6B3100B52381DB65EAF2606F0
SHA-256:	402EC5AB0E99EF6EBB33F4D482EEA5198EC686C7EAE75FC4F7D9B4EF4AC0A9E9
SHA-512:	CFA4226A21FDB23C723335F7385EA15436D8A0752EE50C67DA4C1D839BFFD4792EE9AB6E408498CD06C6B8A99A96E95E0B591F7EA17B41C1895ED396438C6D5A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Detroit) {. {-9223372036854775808 -19931 0 LMT}. {-2051202469 -21600 0 CST}. {-1724083200 -18000 0 EST}. {-883594800 -18000 0 EST}. {-880218000 -14400 1 EWT}. {-769395600 -14400 1 EPT}. {-765396000 -18000 0 EST}. {-757364400 -18000 0 EST}. {-684349200 -14400 1 EDT}. {-671047200 -18000 0 EST}. {94712400 -18000 0 EST}. {104914800 -14400 1 EDT}. {120636000 -18000 0 EST}. {126687600 -14400 1 EDT}. {152085600 -18000 0 EST}. {157784400 -18000 0 EST}. {167814000 -14400 0 EDT}. {183535200 -18000 0 EST}. {199263600 -14400 1 EDT}. {215589600 -18000 0 EST}. {230713200 -14400 1 EDT}. {247039200 -18000 0 EST}. {262767600 -14400 1 EDT}. {278488800 -18000 0 EST}. {294217200 -14400 1 EDT}. {309938400 -18000 0 EST}. {325666800 -14400 1 EDT}. {341388000 -18000 0 EST}. {357116400 -14400 1 EDT}. {372837600 -18000 0 EST}. {388566000 -14400 1 EDT}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-8RR2L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	185
Entropy (8bit):	4.696915330047381
Encrypted:	false
SSDEEP:
MD5:	F4631583229AD8B12C548E624AAF4A9F
SHA1:	C56022CEACBD910C9CBF8C39C974021294AEE9DA
SHA-256:	884575BE85D1276A1AE3426F33153B3D4787AC5238FDBE0991C6608E7EB0DF07
SHA-512:	48FB9910D8A75AD9451C860716746D38B29319CA04DF9E8690D62FB875A5BEBCC7A8C546A60878821BD68A83271C69671D483C3133E4F807F2C3AC899CEBF065
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Toronto)]} {. LoadTimeZoneFile America/Toronto.}.set TZData(:America/Montreal) $TZData(:America/Toronto).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-9D2UI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	237
Entropy (8bit):	4.649012348678967
Encrypted:	false
SSDEEP:
MD5:	4B3B0F66FB3BC69A5AB5DA79D02F7E34
SHA1:	79B84C0578BBB0E4C07E99977D02EDE45F11CC8A
SHA-256:	E7C45CA67F1BA913E7DC1632C166973FDA8DA4734F8BCF3AB1157A45454C8D7B
SHA-512:	96289B4D179F146D6C5FB5DDAA4336CBCB60CF27BABCC20B9691387920897B293903DF41F5D9DE7237A689013A9266134B32AB4B4656796419B46E8378D84358
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Bogota) {. {-9223372036854775808 -17776 0 LMT}. {-2707671824 -17776 0 BMT}. {-1739041424 -18000 0 -05}. {704869200 -14400 1 -05}. {733896000 -18000 0 -05}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-9N3AU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1043
Entropy (8bit):	3.7336343389566795
Encrypted:	false
SSDEEP:
MD5:	8F5EAA4F5099B82EDD68893C5D99A0EF
SHA1:	1B21DAD0CD54E083A6EADCFD57CA8F58759189AD
SHA-256:	1A46357BC4FE682AF78FFAB10A6A88893BEF50AECC6ACA217A5EBC1B98C01C07
SHA-512:	2C82822CCA208E900383A1B55882BFC3559EC116C5B5AD2452BA367594AEF36F34C316FFA18B2BAB71A82FC382559069385947548EE9902FEDCDED084801ABF2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Santarem) {. {-9223372036854775808 -13128 0 LMT}. {-1767212472 -14400 0 -04}. {-1206954000 -10800 1 -04}. {-1191358800 -14400 0 -04}. {-1175371200 -10800 1 -04}. {-1159822800 -14400 0 -04}. {-633816000 -10800 1 -04}. {-622065600 -14400 0 -04}. {-602280000 -10800 1 -04}. {-591829200 -14400 0 -04}. {-570744000 -10800 1 -04}. {-560206800 -14400 0 -04}. {-539121600 -10800 1 -04}. {-531349200 -14400 0 -04}. {-191361600 -10800 1 -04}. {-184194000 -14400 0 -04}. {-155160000 -10800 1 -04}. {-150066000 -14400 0 -04}. {-128894400 -10800 1 -04}. {-121122000 -14400 0 -04}. {-99950400 -10800 1 -04}. {-89586000 -14400 0 -04}. {-68414400 -10800 1 -04}. {-57963600 -14400 0 -04}. {499752000 -10800 1 -04}. {511239600 -14400 0 -04}. {530596800 -10800 1 -04}. {540270000 -14400 0 -04}. {562132800 -10800 1 -04}. {571201200 -14400 0 -04}. {590036400 -14

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-9SI9R.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7836
Entropy (8bit):	3.7462966187089535
Encrypted:	false
SSDEEP:
MD5:	3D389AA51D3E29E8A1E8ED07646AA0DD
SHA1:	2E3DF9406B14662ADEDDC0F891CD81DF23D98157
SHA-256:	3A0FB897E5CCB31B139E009B909053DCE36BB5791ACF23529D874AFA9F0BB405
SHA-512:	AFF7B30355ECB6EBD43D1E6C943C250AB98CC82BDC8DDC7595769E4CE188A23591AEFCF18A028CC6479CF6AA20F65980E37C74F6CEE907537366136FAF29B66E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Nipigon) {. {-9223372036854775808 -21184 0 LMT}. {-2366734016 -18000 0 EST}. {-1632070800 -14400 1 EDT}. {-1615140000 -18000 0 EST}. {-923252400 -14400 1 EDT}. {-880218000 -14400 0 EWT}. {-769395600 -14400 1 EPT}. {-765396000 -18000 0 EST}. {136364400 -14400 1 EDT}. {152085600 -18000 0 EST}. {167814000 -14400 1 EDT}. {183535200 -18000 0 EST}. {199263600 -14400 1 EDT}. {215589600 -18000 0 EST}. {230713200 -14400 1 EDT}. {247039200 -18000 0 EST}. {262767600 -14400 1 EDT}. {278488800 -18000 0 EST}. {294217200 -14400 1 EDT}. {309938400 -18000 0 EST}. {325666800 -14400 1 EDT}. {341388000 -18000 0 EST}. {357116400 -14400 1 EDT}. {372837600 -18000 0 EST}. {388566000 -14400 1 EDT}. {404892000 -18000 0 EST}. {420015600 -14400 1 EDT}. {436341600 -18000 0 EST}. {452070000 -14400 1 EDT}. {467791200 -18000 0 EST}. {483519600 -14400 1 EDT}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-A0069.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1089
Entropy (8bit):	3.793747183330894
Encrypted:	false
SSDEEP:
MD5:	E83072C1351121C5CFD74E110ECA9B4B
SHA1:	360B468851EBFF266E4A8F40FE5D196BC6809E65
SHA-256:	6A12AD52CBCF0B3F8BB449C7BC51A784BE560F4BD13545D04426E76B2511D8F9
SHA-512:	539C53AA1D02E3AABF65873CA830782697AC9D55EC6694B68B95C325608F8703882B1182215D2B4E2B6066784AC880BCF0F4EBC5A72B2E637BD9B2C3A61D2979
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Danmarkshavn) {. {-9223372036854775808 -4480 0 LMT}. {-1686091520 -10800 0 -03}. {323845200 -7200 0 -02}. {338950800 -10800 0 -03}. {354675600 -7200 1 -02}. {370400400 -10800 0 -03}. {386125200 -7200 1 -02}. {401850000 -10800 0 -03}. {417574800 -7200 1 -02}. {433299600 -10800 0 -03}. {449024400 -7200 1 -02}. {465354000 -10800 0 -03}. {481078800 -7200 1 -02}. {496803600 -10800 0 -03}. {512528400 -7200 1 -02}. {528253200 -10800 0 -03}. {543978000 -7200 1 -02}. {559702800 -10800 0 -03}. {575427600 -7200 1 -02}. {591152400 -10800 0 -03}. {606877200 -7200 1 -02}. {622602000 -10800 0 -03}. {638326800 -7200 1 -02}. {654656400 -10800 0 -03}. {670381200 -7200 1 -02}. {686106000 -10800 0 -03}. {701830800 -7200 1 -02}. {717555600 -10800 0 -03}. {733280400 -7200 1 -02}. {749005200 -10800 0 -03}. {764730000 -7200 1 -02}. {780454800 -10800 0

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-A5Q2A.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	182
Entropy (8bit):	4.760006229014668
Encrypted:	false
SSDEEP:
MD5:	84605CB5AC93D51FF8C0C3D46B6A566F
SHA1:	8B56DBDAD33684743E5828EFBD638F082E9AA20D
SHA-256:	680651D932753C9F9E856018B7C1B6D944536111900CB56685ABA958DE9EC9C1
SHA-512:	A5FA747C4743130308A8D8832AD33CF10B2DA2F214DEE129CAC9543D6F88FF232B4387026976578D037DF7816D0F4177835866A35F497438DD2526FEBACA2AF6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Curacao)]} {. LoadTimeZoneFile America/Curacao.}.set TZData(:America/Aruba) $TZData(:America/Curacao).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-AD2LU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6621
Entropy (8bit):	3.7945318113967823
Encrypted:	false
SSDEEP:
MD5:	D88A28F381C79410D816F8D2D1610A02
SHA1:	81949A1CACD5907CA5A8649385C03813EEFCDDE0
SHA-256:	F65C0F8532387AFE703FACDEE325BF8D7F3D1232DEE92D65426FF917DD582CB3
SHA-512:	9A9B0C65ECDFF690EF2933B323B3A1CF2D67D0A43F285BB9FEEFF275316148A07F5AC044C48F64E3D8CFA7C1DE44AF220A6855DC01225F8BFFF63AEC946B944A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Ojinaga) {. {-9223372036854775808 -25060 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {820476000 -21600 0 CST}. {828864000 -18000 1 CDT}. {846399600 -21600 0 CST}. {860313600 -18000 1 CDT}. {877849200 -21600 0 CST}. {883634400 -21600 0 CST}. {891766800 -21600 0 MDT}. {909302400 -25200 0 MST}. {923216400 -21600 1 MDT}. {941356800 -25200 0 MST}. {954666000 -21600 1 MDT}. {972806400 -25200 0 MST}. {989139600 -21600 1 MDT}. {1001836800 -25200 0 MST}. {1018170000 -21600 1 MDT}. {1035705600 -25200 0 MST}. {1049619600 -21600 1 MDT}. {1067155200 -25200 0 MST}. {1081069200 -21600 1 MDT}. {1099209600 -25200 0 MST}. {1112518800 -21600 1 MDT}. {1130659200 -25200 0 MST}. {1143968400 -21600 1 MDT}. {1162108800 -2520

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-ALHI1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	181
Entropy (8bit):	4.858195118945703
Encrypted:	false
SSDEEP:
MD5:	CE0F18F27502E771B27236C5BF7D3317
SHA1:	D2E68415B8544A8BAC2A4F335854FC048BD4B34C
SHA-256:	118EC9D89937FDA05FCE45F694F8C3841664BBE9DFADB86347B375BF437F9BD6
SHA-512:	B04B5DAB30384FF05ABFC235DA4F9BFE96F400076DEB7CBBA0938F93E66BFF5E86B18E95E9BC0448D812722C8F2D4AFD78AC75180FD80D992F96DFA0CEC156AC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Curacao) {. {-9223372036854775808 -16547 0 LMT}. {-1826738653 -16200 0 -0430}. {-157750200 -14400 0 AST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-AQ3JV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	818
Entropy (8bit):	4.132568007446054
Encrypted:	false
SSDEEP:
MD5:	5C35FFB7D73B7F46DB4A508CF7AB1C54
SHA1:	5C631104044E9413C86F95E072A630C2AD9EA56D
SHA-256:	7FDD008C250308942D0D1DE485B05670A6A4276CB61F5F052385769B7E1906C1
SHA-512:	7B3FF2C945598DDBF43B0BD0650192D6C70B333BF89916013C35F56DC1489CB65A72BA70FB0AE7341C71A71D4B73805F9D597A5B5FA525F4BFB1DF0F582641AE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Jamaica) {. {-9223372036854775808 -18430 0 LMT}. {-2524503170 -18430 0 KMT}. {-1827687170 -18000 0 EST}. {126248400 -18000 0 EST}. {126687600 -14400 1 EDT}. {152085600 -18000 0 EST}. {162370800 -14400 1 EDT}. {183535200 -18000 0 EST}. {199263600 -14400 1 EDT}. {215589600 -18000 0 EST}. {230713200 -14400 1 EDT}. {247039200 -18000 0 EST}. {262767600 -14400 1 EDT}. {278488800 -18000 0 EST}. {294217200 -14400 1 EDT}. {309938400 -18000 0 EST}. {325666800 -14400 1 EDT}. {341388000 -18000 0 EST}. {357116400 -14400 1 EDT}. {372837600 -18000 0 EST}. {388566000 -14400 1 EDT}. {404892000 -18000 0 EST}. {420015600 -14400 1 EDT}. {436341600 -18000 0 EST}. {441781200 -18000 0 EST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-B258P.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	3.6943875149362064
Encrypted:	false
SSDEEP:
MD5:	1567A3F3419D1A4FCF817A6EDC11769E
SHA1:	2970F9EDD76B77A843D31F518587C17A05EC4C43
SHA-256:	3F62246DF3A378815772D9D942033FB235B048B62F5EF52A3DCD6DB3871E0DB5
SHA-512:	567BEAC48AE0FEEB32FE40EEA73EB4601DBDBF72FA963777E5F5C3E9972E2AD7A359301E80E574592AFB3045414A177D0ABD38DF958BD5317B02D4DFD2DCE607
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Recife) {. {-9223372036854775808 -8376 0 LMT}. {-1767217224 -10800 0 -03}. {-1206957600 -7200 1 -03}. {-1191362400 -10800 0 -03}. {-1175374800 -7200 1 -03}. {-1159826400 -10800 0 -03}. {-633819600 -7200 1 -03}. {-622069200 -10800 0 -03}. {-602283600 -7200 1 -03}. {-591832800 -10800 0 -03}. {-570747600 -7200 1 -03}. {-560210400 -10800 0 -03}. {-539125200 -7200 1 -03}. {-531352800 -10800 0 -03}. {-191365200 -7200 1 -03}. {-184197600 -10800 0 -03}. {-155163600 -7200 1 -03}. {-150069600 -10800 0 -03}. {-128898000 -7200 1 -03}. {-121125600 -10800 0 -03}. {-99954000 -7200 1 -03}. {-89589600 -10800 0 -03}. {-68418000 -7200 1 -03}. {-57967200 -10800 0 -03}. {499748400 -7200 1 -03}. {511236000 -10800 0 -03}. {530593200 -7200 1 -03}. {540266400 -10800 0 -03}. {562129200 -7200 1 -03}. {571197600 -10800 0 -03}. {592974000 -7200 1 -03}. {60

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-B2CBE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8582
Entropy (8bit):	3.4381885094053835
Encrypted:	false
SSDEEP:
MD5:	47BED3B60EF45B00267B4D628A2F18C4
SHA1:	B3827DF571CF2CA16074188CE0E3061E296B8B26
SHA-256:	51BB12A2397CAD3D412C9E8F3BA06DD98CC379F999DB3D00ED651A84DA1D6D1C
SHA-512:	8DA831A0EAB180C982395F2BA85952959A676AADA87823E56C5B643FEB7082B6605FD3645D880B19F3F9EE5B25353002309CDB37AE68F1B3A192AE1280B74404
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Santiago) {. {-9223372036854775808 -16966 0 LMT}. {-2524504634 -16966 0 SMT}. {-1892661434 -18000 0 -05}. {-1688410800 -16966 0 SMT}. {-1619205434 -14400 0 -04}. {-1593806400 -16966 0 SMT}. {-1335986234 -18000 0 -05}. {-1335985200 -14400 1 -05}. {-1317585600 -18000 0 -05}. {-1304362800 -14400 1 -05}. {-1286049600 -18000 0 -05}. {-1272826800 -14400 1 -05}. {-1254513600 -18000 0 -05}. {-1241290800 -14400 1 -05}. {-1222977600 -18000 0 -05}. {-1209754800 -14400 1 -05}. {-1191355200 -18000 0 -05}. {-1178132400 -14400 0 -04}. {-870552000 -18000 0 -05}. {-865278000 -14400 0 -04}. {-740520000 -10800 1 -03}. {-736376400 -14400 0 -04}. {-718056000 -18000 0 -05}. {-713649600 -14400 0 -04}. {-36619200 -10800 1 -04}. {-23922000 -14400 0 -04}. {-3355200 -10800 1 -04}. {7527600 -14400 0 -04}. {24465600 -10800 1 -04}. {37767600 -14400 0 -04}. {55

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-B8CJE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11003
Entropy (8bit):	3.728817385585057
Encrypted:	false
SSDEEP:
MD5:	6175956F3052F3BE172F6110EF6342EE
SHA1:	532E2600DFAFAACCD3A187A233956462383401A6
SHA-256:	FC172494A4943F8D1C3FC35362D96F3D12D6D352984B93BC1DE7BDCB7C85F15E
SHA-512:	36B47003183EB9D7886F9980538DB3BDDC231BB27D4F14006CDBE0CB9042215A02559D97085679F8320DED6109FC7745DC43859EBA99B87365B09C4526D28193
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Chicago) {. {-9223372036854775808 -21036 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-1577901600 -21600 0 CST}. {-1563724800 -18000 1 CDT}. {-1551632400 -21600 0 CST}. {-1538928000 -18000 1 CDT}. {-1520182800 -21600 0 CST}. {-1504454400 -18000 1 CDT}. {-1491757200 -21600 0 CST}. {-1473004800 -18000 1 CDT}. {-1459702800 -21600 0 CST}. {-1441555200 -18000 1 CDT}. {-1428253200 -21600 0 CST}. {-1410105600 -18000 1 CDT}. {-1396803600 -21600 0 CST}. {-1378656000 -18000 1 CDT}. {-1365354000 -21600 0 CST}. {-1347206400 -18000 1 CDT}. {-1333904400 -21600 0 CST}. {-1315152000 -18000 1 CDT}. {-1301850000 -21600 0 CST}. {-1283702400 -18000 1 CDT}. {-1270400400 -21600 0 CST}. {-1252252800 -18000 1 CDT}. {-1238950800 -21600 0 CST}. {-1220803200

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-B8EHN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	274
Entropy (8bit):	4.527582804527589
Encrypted:	false
SSDEEP:
MD5:	D47486658B408AAF7F91569435B49D19
SHA1:	C69EDC17F2E77723A5C711342822BF21ECCB9C8E
SHA-256:	555A66624909220ACCCB35D852079D44944E188A81DF6A07CBA7433AC2478E5E
SHA-512:	35A4AF702405BD36F6EF7E42F1E1AEAD841A5710D04306C1C3390B3CC134E88F1221F284F489F6926C58E8FD50BD7E6BE0E5904AAE2ACBEA817EFCE0AAE61169
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Caracas) {. {-9223372036854775808 -16064 0 LMT}. {-2524505536 -16060 0 CMT}. {-1826739140 -16200 0 -0430}. {-157750200 -14400 0 -04}. {1197183600 -16200 0 -0430}. {1462086000 -14400 0 -04}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-BC1O3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1189
Entropy (8bit):	3.7118381376452767
Encrypted:	false
SSDEEP:
MD5:	D6945DF73BA7E12D3B23889CC34F6CFB
SHA1:	8C1317F3EF82225A14751318DFDA8904F908C457
SHA-256:	71F15943EAD942224B8807CCBB21F9AE34F04619FD76176404633BDB49D9E88C
SHA-512:	088C2D7BE44650A044B7632337A1FF8C3CF8A6188F24507C846B9B648FE796466B22D4A322B602B75C2943653FC43C7B9A99AE0AACF9AB7BCC86388EC3953F8A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Eirunepe) {. {-9223372036854775808 -16768 0 LMT}. {-1767208832 -18000 0 -05}. {-1206950400 -14400 1 -05}. {-1191355200 -18000 0 -05}. {-1175367600 -14400 1 -05}. {-1159819200 -18000 0 -05}. {-633812400 -14400 1 -05}. {-622062000 -18000 0 -05}. {-602276400 -14400 1 -05}. {-591825600 -18000 0 -05}. {-570740400 -14400 1 -05}. {-560203200 -18000 0 -05}. {-539118000 -14400 1 -05}. {-531345600 -18000 0 -05}. {-191358000 -14400 1 -05}. {-184190400 -18000 0 -05}. {-155156400 -14400 1 -05}. {-150062400 -18000 0 -05}. {-128890800 -14400 1 -05}. {-121118400 -18000 0 -05}. {-99946800 -14400 1 -05}. {-89582400 -18000 0 -05}. {-68410800 -14400 1 -05}. {-57960000 -18000 0 -05}. {499755600 -14400 1 -05}. {511243200 -18000 0 -05}. {530600400 -14400 1 -05}. {540273600 -18000 0 -05}. {562136400 -14400 1 -05}. {571204800 -18000 0 -05}. {590040000 -18

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-BLQUM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7307
Entropy (8bit):	3.755018614919114
Encrypted:	false
SSDEEP:
MD5:	8582299C1262010B6843306D65DB436C
SHA1:	70DB6B507D7F51B1E2C96E087CD7987EB69E9A1D
SHA-256:	7CFBA4D1B1E6106A0EC6D6B5600791D6A33AD527B7D47325C3AB9524B17B1829
SHA-512:	CC12912C38D85B23242C69211BA2B58167C55836D51DB02E6D820CDBD6368F835893AF656FC81F73EA745FD786E9134EC4A3E8D325D1515A01540E8A7EBEF03B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Grand_Turk) {. {-9223372036854775808 -17072 0 LMT}. {-2524504528 -18430 0 KMT}. {-1827687170 -18000 0 EST}. {284014800 -18000 0 EST}. {294217200 -14400 1 EDT}. {309938400 -18000 0 EST}. {325666800 -14400 1 EDT}. {341388000 -18000 0 EST}. {357116400 -14400 1 EDT}. {372837600 -18000 0 EST}. {388566000 -14400 1 EDT}. {404892000 -18000 0 EST}. {420015600 -14400 1 EDT}. {436341600 -18000 0 EST}. {452070000 -14400 1 EDT}. {467791200 -18000 0 EST}. {483519600 -14400 1 EDT}. {499240800 -18000 0 EST}. {514969200 -14400 1 EDT}. {530690400 -18000 0 EST}. {544604400 -14400 1 EDT}. {562140000 -18000 0 EST}. {576054000 -14400 1 EDT}. {594194400 -18000 0 EST}. {607503600 -14400 1 EDT}. {625644000 -18000 0 EST}. {638953200 -14400 1 EDT}. {657093600 -18000 0 EST}. {671007600 -14400 1 EDT}. {688543200 -18000 0 EST}. {702457200 -14400 1 EDT}. {71

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-C51J5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	205
Entropy (8bit):	4.865859395466201
Encrypted:	false
SSDEEP:
MD5:	705E51A8FB38AA8F9714256AFB55DA8A
SHA1:	97D96BE4C08F128E739D541A43057F08D24DDDCF
SHA-256:	0FED15D7D58E8A732110FF6765D0D148D15ACBB0251EE867CE7596933E999865
SHA-512:	4D7E42ECDB16F7A8A62D9EDA1E365325F3CBFAA1EF0E9FEE2790E24BA8DEAAA716D41F9389B849C69DC3973DA61D575146932FB2C8AC81579C65C18E45AE386E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Montserrat) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-CCET7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6435
Entropy (8bit):	3.757504464563519
Encrypted:	false
SSDEEP:
MD5:	A7C5CFE3FA08D4CEDF6324457EA5766E
SHA1:	83BB96398C0B1B34771940C8F7A19CB78C5EF72F
SHA-256:	A1D7DE7285DC78ADDE1B0A04E05DA44D0D46D4696F67A682D0D28313A53825FE
SHA-512:	092DD7CEF6A5861472965E082171937EEDCFB3AE1821E3C88AA1BDFAB1EC48F765CAC497E3E5C78C19653C78B087C7CE28A8AB76F9073558963234901EF4B4A4
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Merida) {. {-9223372036854775808 -21508 0 LMT}. {-1514743200 -21600 0 CST}. {377935200 -18000 0 EST}. {407653200 -21600 0 CST}. {828864000 -18000 1 CDT}. {846399600 -21600 0 CST}. {860313600 -18000 1 CDT}. {877849200 -21600 0 CST}. {891763200 -18000 1 CDT}. {909298800 -21600 0 CST}. {923212800 -18000 1 CDT}. {941353200 -21600 0 CST}. {954662400 -18000 1 CDT}. {972802800 -21600 0 CST}. {989136000 -18000 1 CDT}. {1001833200 -21600 0 CST}. {1018166400 -18000 1 CDT}. {1035702000 -21600 0 CST}. {1049616000 -18000 1 CDT}. {1067151600 -21600 0 CST}. {1081065600 -18000 1 CDT}. {1099206000 -21600 0 CST}. {1112515200 -18000 1 CDT}. {1130655600 -21600 0 CST}. {1143964800 -18000 1 CDT}. {1162105200 -21600 0 CST}. {1175414400 -18000 1 CDT}. {1193554800 -21600 0 CST}. {1207468800 -18000 1 CDT}. {1225004400 -21600 0 CST}. {1238918400 -18000 1 CD

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-CD5RK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	211
Entropy (8bit):	4.798554218839104
Encrypted:	false
SSDEEP:
MD5:	9E3726148A53940507998FA1A5EEE6DB
SHA1:	2493B72DF895ED2AE91D09D43BDDADDB41E4DEBC
SHA-256:	E809F227E92542C6FB4BAC82E6079661EEF7700964079AA4D7E289B5B400EC49
SHA-512:	F5ED4085160A06DE672DB93CEE700C420D0438DE9AC3548B291DA236AA8CCC84F97270DA3956E49432AE1E281CCECEB6DF92E71EB305106655B4DF231E04B558
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Creston) {. {-9223372036854775808 -27964 0 LMT}. {-2713882436 -25200 0 MST}. {-1680454800 -28800 0 PST}. {-1627833600 -25200 0 MST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-CE4SL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10763
Entropy (8bit):	3.724988391778253
Encrypted:	false
SSDEEP:
MD5:	7DE8E355A725B3D9B3FD06A838B9715F
SHA1:	41C6AAEA03FC7FEED50CFFFC4DFF7F35E2B1C23D
SHA-256:	5F65F38FFA6B05C59B21DB98672EB2124E4283530ACB01B22093EAEFB256D116
SHA-512:	4C61A15DDF28124343C1E6EFE068D15E48F0662534486EC38A4E2731BE085CDA5856F884521EF32A6E0EDD610A8A491A722220BDD1BAF2A9652D8457778AF696
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Halifax) {. {-9223372036854775808 -15264 0 LMT}. {-2131645536 -14400 0 AST}. {-1696276800 -10800 1 ADT}. {-1680469200 -14400 0 AST}. {-1640980800 -14400 0 AST}. {-1632074400 -10800 1 ADT}. {-1615143600 -14400 0 AST}. {-1609444800 -14400 0 AST}. {-1566763200 -10800 1 ADT}. {-1557090000 -14400 0 AST}. {-1535486400 -10800 1 ADT}. {-1524949200 -14400 0 AST}. {-1504468800 -10800 1 ADT}. {-1493413200 -14400 0 AST}. {-1472414400 -10800 1 ADT}. {-1461963600 -14400 0 AST}. {-1440964800 -10800 1 ADT}. {-1429390800 -14400 0 AST}. {-1409515200 -10800 1 ADT}. {-1396731600 -14400 0 AST}. {-1376856000 -10800 1 ADT}. {-1366491600 -14400 0 AST}. {-1346616000 -10800 1 ADT}. {-1333832400 -14400 0 AST}. {-1313956800 -10800 1 ADT}. {-1303678800 -14400 0 AST}. {-1282507200 -10800 1 ADT}. {-1272661200 -14400 0 AST}. {-1251057600 -10800 1 ADT}. {-1240088400

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-CFE1H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	329
Entropy (8bit):	4.580220354026118
Encrypted:	false
SSDEEP:
MD5:	004588073FADF67C3167FF007759BCEA
SHA1:	64A6344776A95E357071D4FC65F71673382DAF9D
SHA-256:	55C18EA96D3BA8FD9E8C4F01D4713EC133ACCD2C917EC02FD5E74A4E0089BFBF
SHA-512:	ADC834C393C5A3A7BFD86A933E7C7F594AC970A3BD1E38110467A278DC4266D81C3E96394C102E565F05DE7FBBDA623C673597E19BEC1EA26AB12E4354991066
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Tegucigalpa) {. {-9223372036854775808 -20932 0 LMT}. {-1538503868 -21600 0 CST}. {547020000 -18000 1 CDT}. {559717200 -21600 0 CST}. {578469600 -18000 1 CDT}. {591166800 -21600 0 CST}. {1146981600 -18000 1 CDT}. {1154926800 -21600 0 CST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-CH2QI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8171
Entropy (8bit):	3.783938143940452
Encrypted:	false
SSDEEP:
MD5:	DD838D2C8CF84B775BBCBA7868E7FFB5
SHA1:	509CFC15E2CBFC2F183B4A3CDEC42C8427EBA825
SHA-256:	01A88ADE038DDD264B74ED921441642CAA93830CEF9594F70188CCF6D19C4664
SHA-512:	9D520CADC0134E7812B5643311246CED011A22D50240A03260478C90B69EC325AE5BD7548BA266E00253AC3288605A912C5DBB026EA1516CB2030F302BFCDF0E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Adak) {. {-9223372036854775808 44002 0 LMT}. {-3225223727 -42398 0 LMT}. {-2188944802 -39600 0 NST}. {-883573200 -39600 0 NST}. {-880196400 -36000 1 NWT}. {-769395600 -36000 1 NPT}. {-765374400 -39600 0 NST}. {-757342800 -39600 0 NST}. {-86878800 -39600 0 BST}. {-31496400 -39600 0 BST}. {-21466800 -36000 1 BDT}. {-5745600 -39600 0 BST}. {9982800 -36000 1 BDT}. {25704000 -39600 0 BST}. {41432400 -36000 1 BDT}. {57758400 -39600 0 BST}. {73486800 -36000 1 BDT}. {89208000 -39600 0 BST}. {104936400 -36000 1 BDT}. {120657600 -39600 0 BST}. {126709200 -36000 1 BDT}. {152107200 -39600 0 BST}. {162392400 -36000 1 BDT}. {183556800 -39600 0 BST}. {199285200 -36000 1 BDT}. {215611200 -39600 0 BST}. {230734800 -36000 1 BDT}. {247060800 -39600 0 BST}. {262789200 -36000 1 BDT}. {278510400 -39600 0 BST}. {294238800 -36000 1 BDT}. {309960000 -3

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-CUBOJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6593
Entropy (8bit):	3.795313170000037
Encrypted:	false
SSDEEP:
MD5:	B0CA4CFF6571AFBFF25FAC72CDDB5B08
SHA1:	1BF3ACEC369AEA504AAA248459A115E61CF79C4B
SHA-256:	C689A3BEED80D26EAB96C95C85874428F80699F7E136A44377776E52B5855D00
SHA-512:	398496EBA4344EDF78AFBF51BD6024481D3A12546D0EE597B7C593A1CD1BF575AFDE62FFADE7A0DDFEDA79CF235612E6F4DA74D7305A6E48F5942EA10D8A4F8E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Chihuahua) {. {-9223372036854775808 -25460 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {820476000 -21600 0 CST}. {828864000 -18000 1 CDT}. {846399600 -21600 0 CST}. {860313600 -18000 1 CDT}. {877849200 -21600 0 CST}. {883634400 -21600 0 CST}. {891766800 -21600 0 MDT}. {909302400 -25200 0 MST}. {923216400 -21600 1 MDT}. {941356800 -25200 0 MST}. {954666000 -21600 1 MDT}. {972806400 -25200 0 MST}. {989139600 -21600 1 MDT}. {1001836800 -25200 0 MST}. {1018170000 -21600 1 MDT}. {1035705600 -25200 0 MST}. {1049619600 -21600 1 MDT}. {1067155200 -25200 0 MST}. {1081069200 -21600 1 MDT}. {1099209600 -25200 0 MST}. {1112518800 -21600 1 MDT}. {1130659200 -25200 0 MST}. {1143968400 -21600 1 MDT}. {1162108800 -25

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-DGAEU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	996
Entropy (8bit):	3.799419505060255
Encrypted:	false
SSDEEP:
MD5:	2F3314B71810C1AC0280F292F09F37BE
SHA1:	B8702125A9768AE530354CE2A765BC07BABAEF34
SHA-256:	9ECA949D328915C6CB02A2E6084F3E0730D49F1C53C6D6AA12751F852C51BF02
SHA-512:	C4E1ADD2E580BFD4100EE776305530BCEA017D57A65205881536A1CDDA3A299816C133B5B1F4B40A99E47BB94AE2A7E727F3D24D06131705818CC0C1AA12E5BD
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Belem) {. {-9223372036854775808 -11636 0 LMT}. {-1767213964 -10800 0 -03}. {-1206957600 -7200 1 -03}. {-1191362400 -10800 0 -03}. {-1175374800 -7200 1 -03}. {-1159826400 -10800 0 -03}. {-633819600 -7200 1 -03}. {-622069200 -10800 0 -03}. {-602283600 -7200 1 -03}. {-591832800 -10800 0 -03}. {-570747600 -7200 1 -03}. {-560210400 -10800 0 -03}. {-539125200 -7200 1 -03}. {-531352800 -10800 0 -03}. {-191365200 -7200 1 -03}. {-184197600 -10800 0 -03}. {-155163600 -7200 1 -03}. {-150069600 -10800 0 -03}. {-128898000 -7200 1 -03}. {-121125600 -10800 0 -03}. {-99954000 -7200 1 -03}. {-89589600 -10800 0 -03}. {-68418000 -7200 1 -03}. {-57967200 -10800 0 -03}. {499748400 -7200 1 -03}. {511236000 -10800 0 -03}. {530593200 -7200 1 -03}. {540266400 -10800 0 -03}. {562129200 -7200 1 -03}. {571197600 -10800 0 -03}. {590032800 -10800 0 -03}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-DMKT8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7362
Entropy (8bit):	3.7460671071064846
Encrypted:	false
SSDEEP:
MD5:	07FFF43B350D520D13D91701618AD72E
SHA1:	8D4B36A6D3257509C209D0B78B58982709FB8807
SHA-256:	39E13235F87A1B8621ADA62C9AD2EBF8E17687C5533658E075EFA70A04D5C78D
SHA-512:	37397A2621F0A1EA6B46F6769D583CAEA9703924A2C652B8B58FA4C7DBA8E789BA8FE442FB2C77504E495617591FB138AD733063E3A4A0153ED2B26D4B863018
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Resolute) {. {-9223372036854775808 0 0 -00}. {-704937600 -21600 0 CST}. {-147895200 -14400 1 CDDT}. {-131565600 -21600 0 CST}. {325670400 -18000 1 CDT}. {341391600 -21600 0 CST}. {357120000 -18000 1 CDT}. {372841200 -21600 0 CST}. {388569600 -18000 1 CDT}. {404895600 -21600 0 CST}. {420019200 -18000 1 CDT}. {436345200 -21600 0 CST}. {452073600 -18000 1 CDT}. {467794800 -21600 0 CST}. {483523200 -18000 1 CDT}. {499244400 -21600 0 CST}. {514972800 -18000 1 CDT}. {530694000 -21600 0 CST}. {544608000 -18000 1 CDT}. {562143600 -21600 0 CST}. {576057600 -18000 1 CDT}. {594198000 -21600 0 CST}. {607507200 -18000 1 CDT}. {625647600 -21600 0 CST}. {638956800 -18000 1 CDT}. {657097200 -21600 0 CST}. {671011200 -18000 1 CDT}. {688546800 -21600 0 CST}. {702460800 -18000 1 CDT}. {719996400 -21600 0 CST}. {733910400 -18000 1 CDT}. {752050800

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-DUFU7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7652
Entropy (8bit):	3.4267759764212906
Encrypted:	false
SSDEEP:
MD5:	87CB052D17717B696F3D9158B237E4FB
SHA1:	79B3947A50ED15C908CFC2D699D2B7F11468E7B2
SHA-256:	113E8ADCECE14A96261A59E0C26073EA5CFF864C4FF2DA6FAB5C61129A549043
SHA-512:	2BF788FD51E7268A1989F1C564E7B81B002B876381AEC561564D4BCE8D76C9D3F621A2F1AB26C1EAB5E5C64A3C41A536A1E21A5322D678CB11CB608333515144
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Campo_Grande) {. {-9223372036854775808 -13108 0 LMT}. {-1767212492 -14400 0 -04}. {-1206954000 -10800 1 -04}. {-1191358800 -14400 0 -04}. {-1175371200 -10800 1 -04}. {-1159822800 -14400 0 -04}. {-633816000 -10800 1 -04}. {-622065600 -14400 0 -04}. {-602280000 -10800 1 -04}. {-591829200 -14400 0 -04}. {-570744000 -10800 1 -04}. {-560206800 -14400 0 -04}. {-539121600 -10800 1 -04}. {-531349200 -14400 0 -04}. {-191361600 -10800 1 -04}. {-184194000 -14400 0 -04}. {-155160000 -10800 1 -04}. {-150066000 -14400 0 -04}. {-128894400 -10800 1 -04}. {-121122000 -14400 0 -04}. {-99950400 -10800 1 -04}. {-89586000 -14400 0 -04}. {-68414400 -10800 1 -04}. {-57963600 -14400 0 -04}. {499752000 -10800 1 -04}. {511239600 -14400 0 -04}. {530596800 -10800 1 -04}. {540270000 -14400 0 -04}. {562132800 -10800 1 -04}. {571201200 -14400 0 -04}. {592977600

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-E0N07.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	595
Entropy (8bit):	4.2803367804689785
Encrypted:	false
SSDEEP:
MD5:	9D1A1746614CE2CEE26D066182938CDC
SHA1:	967590403A84E80ED299B8D548A2B37C8EEB21CE
SHA-256:	493DB3E7B56B2E6B266A5C212CD1F75F1E5CF57533DA03BB1C1F2449543B9F48
SHA-512:	DFAE6BC48F2E4B75DD6744AEE57D31D6A6E764D02DCA5731C7B516AD87B9BAB2FEB355A012EC38BDD53008B501B0744953EB7E0677F02B9EAF083D2E66042B37
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Hermosillo) {. {-9223372036854775808 -26632 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {-873828000 -25200 0 MST}. {-661539600 -28800 0 PST}. {28800 -25200 0 MST}. {828867600 -21600 1 MDT}. {846403200 -25200 0 MST}. {860317200 -21600 1 MDT}. {877852800 -25200 0 MST}. {891766800 -21600 1 MDT}. {909302400 -25200 0 MST}. {915174000 -25200 0 MST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-E4N6A.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	179
Entropy (8bit):	4.924365872261203
Encrypted:	false
SSDEEP:
MD5:	771816CABF25492752C5DA76C5EF74A5
SHA1:	6494F467187F99C9A51AB670CD8DC35078D63904
SHA-256:	0E323D15EA84D4B6E838D5DCD99AEE68666AF97A770DA2AF84B7BDCA4AB1DBBA
SHA-512:	C32D918E121D800B9DFD5CE1F13A4BF2505C0EDCE0085639C8EDF48073E0888906F1A28EF375BDCF549DB14CD33F7C405E28BC35DDF22445C224FBC64146B4EC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Panama) {. {-9223372036854775808 -19088 0 LMT}. {-2524502512 -19176 0 CMT}. {-1946918424 -18000 0 EST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-E62OD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	479
Entropy (8bit):	4.379302206927978
Encrypted:	false
SSDEEP:
MD5:	1B5C5CBC4168FCCC9100487D3145AF6D
SHA1:	6E9E3074B783108032469C8E601D2C63A573B840
SHA-256:	9E28F87C0D9EE6AD6791A220742C10C135448965E1F66A7EB04D6477D8FA11B0
SHA-512:	4A6527FF5C7F0A0FDC574629714399D9A475EDC1338BF4C9EEEEDCC8CA23E14D2DE4DCA421D46FABA813A65236CD7B8ADBE103B641A763C6BC508738BF73A58C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Phoenix) {. {-9223372036854775808 -26898 0 LMT}. {-2717643600 -25200 0 MST}. {-1633273200 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1601823600 -21600 1 MDT}. {-1583683200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-820519140 -25200 0 MST}. {-796841940 -25200 0 MST}. {-94669200 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-56221200 -25200 0 MST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-EBHUQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	189
Entropy (8bit):	4.820569634622523
Encrypted:	false
SSDEEP:
MD5:	75EA3845AFED3FBBF8496824A353DA32
SHA1:	207A1520F041B09CCD5034E6E87D3F7A4FBD460E
SHA-256:	2FACC167377FC1F592D2926829EB2980F58BE38D50424F64DFA04A2ECBBE1559
SHA-512:	B9D4DB95CEA1DADCE27264BBD198676465854E9C55D6BB175966D860D9AF7014F6635A945510602C0A9FBF08596B064DAE7D30589886960F06B2F8E69786CFF6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Tijuana)]} {. LoadTimeZoneFile America/Tijuana.}.set TZData(:America/Santa_Isabel) $TZData(:America/Tijuana).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-F6P66.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	182
Entropy (8bit):	4.840231755053259
Encrypted:	false
SSDEEP:
MD5:	65307038DB12A7A447284DF4F3E6A3E8
SHA1:	DC28D6863986D7A158CEF239D46BE9F5033DF897
SHA-256:	3FD862C9DB2D5941DFDBA5622CC53487A7FC5039F7012B78D3EE4B58753D078D
SHA-512:	91BC29B7EC9C49D4020DC26F682D0EFBBBEE83D10D79C766A08C78D5FF04D9C0A09288D9696A378E777B65E0C2C2AC8A218C12F86C45BD6E7B5E204AE5FC2335
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Denver)]} {. LoadTimeZoneFile America/Denver.}.set TZData(:America/Shiprock) $TZData(:America/Denver).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-F82OV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	185
Entropy (8bit):	4.786739478919165
Encrypted:	false
SSDEEP:
MD5:	74AB4664E80A145D808CAB004A22859B
SHA1:	2AF7665C4E155A227B3F76D1C4BC87854C25A6CB
SHA-256:	BDD0893AA5D170F388B1E93CE5FE2EDF438866707E52033E49898AFC499F86C5
SHA-512:	CCC2E75E07BA1CAAFD1149A22D07668D191594272922AA2A1CE6DE628A8FF49AD90AA8BFE75C005328820C700B991AD87A6F40DEB5AD519B2708D8F7BF04E5A0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Tijuana)]} {. LoadTimeZoneFile America/Tijuana.}.set TZData(:America/Ensenada) $TZData(:America/Tijuana).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-FE2BI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1854
Entropy (8bit):	3.8463726575443573
Encrypted:	false
SSDEEP:
MD5:	1BFD01ECF77E031C23BDA5ED371E061F
SHA1:	7A38C5665A834B812613E4D10FE4D1E45F606407
SHA-256:	BDF09D97876E3A3C0422C655562252806B4EF914679FDCAB6DD78BD2B84DD932
SHA-512:	D7A2C2645129C4BAB1F0170A29A084396AD8CF07237DE339512C3A5C7227B017BF1D4B78EBD5A7274CAF1D172ECB2DB6F912887BFF1C6AC73E9D645E333A75A3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Belize) {. {-9223372036854775808 -21168 0 LMT}. {-1822500432 -21600 0 CST}. {-1616954400 -19800 1 -0530}. {-1606069800 -21600 0 CST}. {-1585504800 -19800 1 -0530}. {-1574015400 -21600 0 CST}. {-1554055200 -19800 1 -0530}. {-1542565800 -21600 0 CST}. {-1522605600 -19800 1 -0530}. {-1511116200 -21600 0 CST}. {-1490551200 -19800 1 -0530}. {-1479666600 -21600 0 CST}. {-1459101600 -19800 1 -0530}. {-1448217000 -21600 0 CST}. {-1427652000 -19800 1 -0530}. {-1416162600 -21600 0 CST}. {-1396202400 -19800 1 -0530}. {-1384713000 -21600 0 CST}. {-1364752800 -19800 1 -0530}. {-1353263400 -21600 0 CST}. {-1333303200 -19800 1 -0530}. {-1321813800 -21600 0 CST}. {-1301248800 -19800 1 -0530}. {-1290364200 -21600 0 CST}. {-1269799200 -19800 1 -0530}. {-1258914600 -21600 0 CST}. {-1238349600 -19800 1 -0530}. {-1226860200 -21600 0 CST}. {-1206900000 -1980

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-FMIE9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1016
Entropy (8bit):	3.7660008200834842
Encrypted:	false
SSDEEP:
MD5:	5E4CB713378D22D90A1A86F0AF33D6E8
SHA1:	CF4B2A68873BF778257D40AEA887D4BCBEE6CC72
SHA-256:	6D7F49E0A67C69A3945DA4BC780653C8D875650536A810610A6518080CC483DB
SHA-512:	06559B6E80BCDD42120398E19CCB3AEE8A1B08E09D0DF07DB9CCD68A863A7670D6D6457018CE3D9E23FE359D3E2EC0D249134EE0D969C0312665975B67DB8E80
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Porto_Velho) {. {-9223372036854775808 -15336 0 LMT}. {-1767210264 -14400 0 -04}. {-1206954000 -10800 1 -04}. {-1191358800 -14400 0 -04}. {-1175371200 -10800 1 -04}. {-1159822800 -14400 0 -04}. {-633816000 -10800 1 -04}. {-622065600 -14400 0 -04}. {-602280000 -10800 1 -04}. {-591829200 -14400 0 -04}. {-570744000 -10800 1 -04}. {-560206800 -14400 0 -04}. {-539121600 -10800 1 -04}. {-531349200 -14400 0 -04}. {-191361600 -10800 1 -04}. {-184194000 -14400 0 -04}. {-155160000 -10800 1 -04}. {-150066000 -14400 0 -04}. {-128894400 -10800 1 -04}. {-121122000 -14400 0 -04}. {-99950400 -10800 1 -04}. {-89586000 -14400 0 -04}. {-68414400 -10800 1 -04}. {-57963600 -14400 0 -04}. {499752000 -10800 1 -04}. {511239600 -14400 0 -04}. {530596800 -10800 1 -04}. {540270000 -14400 0 -04}. {562132800 -10800 1 -04}. {571201200 -14400 0 -04}. {590036400

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-G5F8V.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	190
Entropy (8bit):	4.81236985301262
Encrypted:	false
SSDEEP:
MD5:	EBB062CC0AA5C21F7C4278B79B9EAE6C
SHA1:	6DFC8303BBE1FB990D7CB258E7DBC6270A5CFE64
SHA-256:	4842420076033349DD9560879505326FFAB91BED75D6C133143FFBBFB8725975
SHA-512:	5087C6257CA797317D049424324F5DC31BBD938436DCEB4CF4FE3D2520F7745F1C023E3EC48689957E389900EF2AACB3F5E9E49FD154DF51FF89F9A7173818CD
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Curacao)]} {. LoadTimeZoneFile America/Curacao.}.set TZData(:America/Lower_Princes) $TZData(:America/Curacao).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-G6J1G.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7613
Entropy (8bit):	3.789738507183991
Encrypted:	false
SSDEEP:
MD5:	CBCFD98E08FCCEB580F66AFE8E670AF5
SHA1:	7E922CCD99CD7758709205E4C9210A2F09F09800
SHA-256:	72992080AA9911184746633C7D6E47570255EE85CC6FE5E843F62331025B2A61
SHA-512:	18290654E5330186B739DEDBC7D6860FD017D089DAE19E480F868E1FB56A3CF2E685D0099C4CF1D4F2AE5F36D0B72ABE52FBAC29AD4F6AB8A45C4C420D90E2D5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Whitehorse) {. {-9223372036854775808 -32412 0 LMT}. {-2188997988 -32400 0 YST}. {-1632056400 -28800 1 YDT}. {-1615125600 -32400 0 YST}. {-1596978000 -28800 1 YDT}. {-1583164800 -32400 0 YST}. {-880203600 -28800 1 YWT}. {-769395600 -28800 1 YPT}. {-765381600 -32400 0 YST}. {-147884400 -25200 1 YDDT}. {-131554800 -32400 0 YST}. {315561600 -28800 0 PST}. {325677600 -25200 1 PDT}. {341398800 -28800 0 PST}. {357127200 -25200 1 PDT}. {372848400 -28800 0 PST}. {388576800 -25200 1 PDT}. {404902800 -28800 0 PST}. {420026400 -25200 1 PDT}. {436352400 -28800 0 PST}. {452080800 -25200 1 PDT}. {467802000 -28800 0 PST}. {483530400 -25200 1 PDT}. {499251600 -28800 0 PST}. {514980000 -25200 1 PDT}. {530701200 -28800 0 PST}. {544615200 -25200 1 PDT}. {562150800 -28800 0 PST}. {576064800 -25200 1 PDT}. {594205200 -28800 0 PST}. {607514400 -25200 1

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-GRU75.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8629
Entropy (8bit):	3.76966035849006
Encrypted:	false
SSDEEP:
MD5:	F641A7F5DE8FCF4ADC1E5A1A2C9DEC53
SHA1:	B013EBBE8002C91C0C45A2D389245A1A9194077A
SHA-256:	DF5459068DB3C771E41BE8D62FB89A2822CB2A33CF9A5640C6C666AB20ECE608
SHA-512:	C2EA07FF21FD6D1A45A87C6AD85DD3929C2B56E66A52D23103DDFF7B2B3B6433EC5EBFC17BED0F9C0A9AF036F0DF965E12EA3D4463207A128AEF5F6BC12970D7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Denver) {. {-9223372036854775808 -25196 0 LMT}. {-2717643600 -25200 0 MST}. {-1633273200 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1601823600 -21600 1 MDT}. {-1583683200 -25200 0 MST}. {-1577898000 -25200 0 MST}. {-1570374000 -21600 1 MDT}. {-1551628800 -25200 0 MST}. {-1538924400 -21600 1 MDT}. {-1534089600 -25200 0 MST}. {-883587600 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-757357200 -25200 0 MST}. {-147884400 -21600 1 MDT}. {-131558400 -25200 0 MST}. {-116434800 -21600 1 MDT}. {-100108800 -25200 0 MST}. {-94669200 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-52930800 -21600 1 MDT}. {-37209600 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {9968400 -21600 1 MDT}. {25689600 -25200 0 MST}. {41418000 -21600 1 MDT}. {57744000 -25200

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-H0F2O.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7685
Entropy (8bit):	3.4198614734785875
Encrypted:	false
SSDEEP:
MD5:	625A707182C6E0027D49F0FFD775AC51
SHA1:	6423A50DB875051656A1C3C5B6C6AF556F8FBE0A
SHA-256:	CD884C5C99949F5723DC94FBFF011B97AE0989EF2EDE089B30C2CD4893AFCE08
SHA-512:	C5787953997D7D1B583AEE7F68FCC255AC1FAC5C9A7025C8093F274206A0C8163DE221B4823F7750B5B30AF32D673F88D5956C0E510851EBA72CC2360AC35D18
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Asuncion) {. {-9223372036854775808 -13840 0 LMT}. {-2524507760 -13840 0 AMT}. {-1206389360 -14400 0 -04}. {86760000 -10800 0 -03}. {134017200 -14400 0 -04}. {162878400 -14400 0 -04}. {181368000 -10800 1 -04}. {194497200 -14400 0 -04}. {212990400 -10800 1 -04}. {226033200 -14400 0 -04}. {244526400 -10800 1 -04}. {257569200 -14400 0 -04}. {276062400 -10800 1 -04}. {291783600 -14400 0 -04}. {307598400 -10800 1 -04}. {323406000 -14400 0 -04}. {339220800 -10800 1 -04}. {354942000 -14400 0 -04}. {370756800 -10800 1 -04}. {386478000 -14400 0 -04}. {402292800 -10800 1 -04}. {418014000 -14400 0 -04}. {433828800 -10800 1 -04}. {449636400 -14400 0 -04}. {465451200 -10800 1 -04}. {481172400 -14400 0 -04}. {496987200 -10800 1 -04}. {512708400 -14400 0 -04}. {528523200 -10800 1 -04}. {544244400 -14400 0 -04}. {560059200 -10800 1 -04}. {57586

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-HC27A.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7186
Entropy (8bit):	3.4539479411234977
Encrypted:	false
SSDEEP:
MD5:	F7C502D77495455080AC3125CE2B42EA
SHA1:	B4883AF71068903AFA372DBFA9E73A39B658A8FF
SHA-256:	058FBB47D5CD3001C0E5A0B5D92ACE1F8A720527A673A78AB71925198AC0ACA1
SHA-512:	B0361D7FB7B02C996B9E608F9B8B1D8DB76FC7D298FA9AC841C4C51A0469FF05A06E0F7829E6C7D810D13BDF3B792A9547B70F6721CA9D7544CBD94028364CAB
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Godthab) {. {-9223372036854775808 -12416 0 LMT}. {-1686083584 -10800 0 -03}. {323845200 -7200 0 -02}. {338950800 -10800 0 -03}. {354675600 -7200 1 -02}. {370400400 -10800 0 -03}. {386125200 -7200 1 -02}. {401850000 -10800 0 -03}. {417574800 -7200 1 -02}. {433299600 -10800 0 -03}. {449024400 -7200 1 -02}. {465354000 -10800 0 -03}. {481078800 -7200 1 -02}. {496803600 -10800 0 -03}. {512528400 -7200 1 -02}. {528253200 -10800 0 -03}. {543978000 -7200 1 -02}. {559702800 -10800 0 -03}. {575427600 -7200 1 -02}. {591152400 -10800 0 -03}. {606877200 -7200 1 -02}. {622602000 -10800 0 -03}. {638326800 -7200 1 -02}. {654656400 -10800 0 -03}. {670381200 -7200 1 -02}. {686106000 -10800 0 -03}. {701830800 -7200 1 -02}. {717555600 -10800 0 -03}. {733280400 -7200 1 -02}. {749005200 -10800 0 -03}. {764730000 -7200 1 -02}. {780454800 -10800 0 -03

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-I1C9P.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10165
Entropy (8bit):	3.73501024949866
Encrypted:	false
SSDEEP:
MD5:	C1F34BD1FB4402481FFA5ABEE1573085
SHA1:	46B9AD38086417554549C36A40487140256BED57
SHA-256:	A4C2F586D7F59A192D6D326AD892C8BE20753FB4D315D506F4C2ED9E3F657B9A
SHA-512:	115D3E65A6A3834E748ED1917CF03A835F74EC0F8DB789C2B99EB78879EA3A5A2AFEB35981BA221D868E6A5B579374CFB3F865ACF6D4271B918EBCC2C3C69579
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Moncton) {. {-9223372036854775808 -15548 0 LMT}. {-2715882052 -18000 0 EST}. {-2131642800 -14400 0 AST}. {-1632074400 -10800 1 ADT}. {-1615143600 -14400 0 AST}. {-1167595200 -14400 0 AST}. {-1153681200 -10800 1 ADT}. {-1145822400 -14400 0 AST}. {-1122231600 -10800 1 ADT}. {-1114372800 -14400 0 AST}. {-1090782000 -10800 1 ADT}. {-1082923200 -14400 0 AST}. {-1059332400 -10800 1 ADT}. {-1051473600 -14400 0 AST}. {-1027882800 -10800 1 ADT}. {-1020024000 -14400 0 AST}. {-996433200 -10800 1 ADT}. {-988574400 -14400 0 AST}. {-965674800 -10800 1 ADT}. {-955396800 -14400 0 AST}. {-934743600 -10800 1 ADT}. {-923947200 -14400 0 AST}. {-904503600 -10800 1 ADT}. {-891892800 -14400 0 AST}. {-883598400 -14400 0 AST}. {-880221600 -10800 1 AWT}. {-769395600 -10800 1 APT}. {-765399600 -14400 0 AST}. {-757368000 -14400 0 AST}. {-747252000 -10800 1 ADT}

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-I246E.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8058
Entropy (8bit):	3.7473289441354263
Encrypted:	false
SSDEEP:
MD5:	CE6E17F16AA8BAD3D9DB8BD2E61A6406
SHA1:	7DF466E7BB5EDD8E1CDF0ADC8740248EF31ECB15
SHA-256:	E29F83A875E2E59EC99A836EC9203D5ABC2355D6BD4683A5AEAF31074928D572
SHA-512:	833300D17B7767DE74E6F2757513058FF5B25A9E7A04AB97BBBFFAC5D9ADCC43366A5737308894266A056382D2589D0778EEDD85D56B0F336C84054AB05F1079
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Thunder_Bay) {. {-9223372036854775808 -21420 0 LMT}. {-2366733780 -21600 0 CST}. {-1893434400 -18000 0 EST}. {-883594800 -18000 0 EST}. {-880218000 -14400 1 EWT}. {-769395600 -14400 1 EPT}. {-765396000 -18000 0 EST}. {18000 -18000 0 EST}. {9961200 -14400 1 EDT}. {25682400 -18000 0 EST}. {41410800 -14400 1 EDT}. {57736800 -18000 0 EST}. {73465200 -14400 1 EDT}. {89186400 -18000 0 EST}. {94712400 -18000 0 EST}. {126248400 -18000 0 EST}. {136364400 -14400 1 EDT}. {152085600 -18000 0 EST}. {167814000 -14400 1 EDT}. {183535200 -18000 0 EST}. {199263600 -14400 1 EDT}. {215589600 -18000 0 EST}. {230713200 -14400 1 EDT}. {247039200 -18000 0 EST}. {262767600 -14400 1 EDT}. {278488800 -18000 0 EST}. {294217200 -14400 1 EDT}. {309938400 -18000 0 EST}. {325666800 -14400 1 EDT}. {341388000 -18000 0 EST}. {357116400 -14400 1 EDT}. {372837600

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-I2NVT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1349
Entropy (8bit):	3.6915980783248976
Encrypted:	false
SSDEEP:
MD5:	10B0C457561BA600E9A39CE20CD22B72
SHA1:	07946FBB04D0C8D7CA92204E3E2DF3AB755196AB
SHA-256:	96AEE3A529C11C8DBDE3431C65C8C2315DBCFB5686957419EFCEB3D49208AB11
SHA-512:	A60AFB3DD064EAB9C4AE5F0A112DA5A7903BDB99DCF78BB99FE13DBB72310E8D47A2A62A58DAD2AB4F33971001F5B9787D663649E05FBD47B75994113CD5E8ED
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Noronha) {. {-9223372036854775808 -7780 0 LMT}. {-1767217820 -7200 0 -02}. {-1206961200 -3600 1 -02}. {-1191366000 -7200 0 -02}. {-1175378400 -3600 1 -02}. {-1159830000 -7200 0 -02}. {-633823200 -3600 1 -02}. {-622072800 -7200 0 -02}. {-602287200 -3600 1 -02}. {-591836400 -7200 0 -02}. {-570751200 -3600 1 -02}. {-560214000 -7200 0 -02}. {-539128800 -3600 1 -02}. {-531356400 -7200 0 -02}. {-191368800 -3600 1 -02}. {-184201200 -7200 0 -02}. {-155167200 -3600 1 -02}. {-150073200 -7200 0 -02}. {-128901600 -3600 1 -02}. {-121129200 -7200 0 -02}. {-99957600 -3600 1 -02}. {-89593200 -7200 0 -02}. {-68421600 -3600 1 -02}. {-57970800 -7200 0 -02}. {499744800 -3600 1 -02}. {511232400 -7200 0 -02}. {530589600 -3600 1 -02}. {540262800 -7200 0 -02}. {562125600 -3600 1 -02}. {571194000 -7200 0 -02}. {592970400 -3600 1 -02}. {602038800 -7200

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-ICH4R.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10917
Entropy (8bit):	3.7872036312069963
Encrypted:	false
SSDEEP:
MD5:	F87531D6DC9AAFB2B0F79248C5ADA772
SHA1:	E14C52B0F564FA3A3536B7576A2B27D4738CA76B
SHA-256:	0439DA60D4C52F0E777431BF853D366E2B5D89275505201080954D88F6CA9478
SHA-512:	5B43CE25D970EEEFD09865D89137388BD879C599191DE8ACE37DA657C142B6DF63143DBF9DED7659CBD5E45BAB699E2A3AFDD28C76A7CB2F300EBD9B74CDA59D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/St_Johns) {. {-9223372036854775808 -12652 0 LMT}. {-2713897748 -12652 0 NST}. {-1664130548 -9052 1 NDT}. {-1650137348 -12652 0 NST}. {-1640982548 -12652 0 NST}. {-1632076148 -9052 1 NDT}. {-1615145348 -12652 0 NST}. {-1609446548 -12652 0 NST}. {-1598650148 -9052 1 NDT}. {-1590100148 -12652 0 NST}. {-1567286948 -9052 1 NDT}. {-1551565748 -12652 0 NST}. {-1535837348 -9052 1 NDT}. {-1520116148 -12652 0 NST}. {-1503782948 -9052 1 NDT}. {-1488666548 -12652 0 NST}. {-1472333348 -9052 1 NDT}. {-1457216948 -12652 0 NST}. {-1440883748 -9052 1 NDT}. {-1425767348 -12652 0 NST}. {-1409434148 -9052 1 NDT}. {-1394317748 -12652 0 NST}. {-1377984548 -9052 1 NDT}. {-1362263348 -12652 0 NST}. {-1346534948 -9052 1 NDT}. {-1330813748 -12652 0 NST}. {-1314480548 -9052 1 NDT}. {-1299364148 -12652 0 NST}. {-1283030948 -9052 1 NDT}. {-1267914548 -12652 0 NS

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-IFKRV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	203
Entropy (8bit):	4.89157166321909
Encrypted:	false
SSDEEP:
MD5:	7B7FCA150465F48FAC9F392C079B6376
SHA1:	1B501288CC00E8B90A2FAD82619B49A9DDBE4475
SHA-256:	87203A4BF42B549FEBF467CC51E8BCAE01BE1A44C193BED7E2D697B1C3D268C9
SHA-512:	5E4F7EE08493547A012144884586D45020D83B5838254C257FD341B8B6D3F9E279013D068EFC7D6DF7569DDD20122B3B23E9C93A0017FB64E941A50311ED1F18
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/St_Lucia) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-IIRSN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6526
Entropy (8bit):	3.7582526108760064
Encrypted:	false
SSDEEP:
MD5:	2BBAA150389EAAE284D905A159A61167
SHA1:	0001B50C25FC0CDF015A60150963AAF895EEDEEF
SHA-256:	A7966B95DBE643291FB68E228B60E2DC780F8155E064D96B670C8290F104E4AB
SHA-512:	87CE18E7E4C2C59A953CD47005EF406F4923730459996B1BF09B04FFD9CD5F963A9E50299ECCDBF4B24C565412B706B1ABC39890D659E6F409F1BA50308E57F9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Matamoros) {. {-9223372036854775808 -24000 0 LMT}. {-1514743200 -21600 0 CST}. {568015200 -21600 0 CST}. {576057600 -18000 1 CDT}. {594198000 -21600 0 CST}. {599637600 -21600 0 CST}. {828864000 -18000 1 CDT}. {846399600 -21600 0 CST}. {860313600 -18000 1 CDT}. {877849200 -21600 0 CST}. {891763200 -18000 1 CDT}. {909298800 -21600 0 CST}. {923212800 -18000 1 CDT}. {941353200 -21600 0 CST}. {954662400 -18000 1 CDT}. {972802800 -21600 0 CST}. {989136000 -18000 1 CDT}. {1001833200 -21600 0 CST}. {1018166400 -18000 1 CDT}. {1035702000 -21600 0 CST}. {1049616000 -18000 1 CDT}. {1067151600 -21600 0 CST}. {1081065600 -18000 1 CDT}. {1099206000 -21600 0 CST}. {1112515200 -18000 1 CDT}. {1130655600 -21600 0 CST}. {1143964800 -18000 1 CDT}. {1162105200 -21600 0 CST}. {1175414400 -18000 1 CDT}. {1193554800 -21600 0 CST}. {1207468800 -18000 1 C

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-IL16A.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7840
Entropy (8bit):	3.75014960690837
Encrypted:	false
SSDEEP:
MD5:	9C10496730E961187C33C1AE91C8A60D
SHA1:	A77E3508859FB6F76A7445CD13CD42348CB4EBC7
SHA-256:	136F0A49742F30B05B7C6BF3BF014CC999104F4957715D0BEB39F5440D5216DF
SHA-512:	70936E65D0B439F6BE6E31E27032F10BA2EB54672647DA615744ABC7A767F197F0C7FDBCCEE0D335CBCECB6855B7BD899D1A5B97BA5083FFA42AF5F30343EA7F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Rainy_River) {. {-9223372036854775808 -22696 0 LMT}. {-2366732504 -21600 0 CST}. {-1632067200 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-923248800 -18000 1 CDT}. {-880214400 -18000 0 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {136368000 -18000 1 CDT}. {152089200 -21600 0 CST}. {167817600 -18000 1 CDT}. {183538800 -21600 0 CST}. {199267200 -18000 1 CDT}. {215593200 -21600 0 CST}. {230716800 -18000 1 CDT}. {247042800 -21600 0 CST}. {262771200 -18000 1 CDT}. {278492400 -21600 0 CST}. {294220800 -18000 1 CDT}. {309942000 -21600 0 CST}. {325670400 -18000 1 CDT}. {341391600 -21600 0 CST}. {357120000 -18000 1 CDT}. {372841200 -21600 0 CST}. {388569600 -18000 1 CDT}. {404895600 -21600 0 CST}. {420019200 -18000 1 CDT}. {436345200 -21600 0 CST}. {452073600 -18000 1 CDT}. {467794800 -21600 0 CST}. {483523200 -18000 1 CDT}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-IL9FG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	202
Entropy (8bit):	4.890561068654966
Encrypted:	false
SSDEEP:
MD5:	3340CD9706ECBB2C6BCB16F1D75C5428
SHA1:	FE230B53F0DCCE15C14C91F43796E46DA5C1A2CE
SHA-256:	BC2F908758F074D593C033F7B1C7D7B4F81618A4ED46E7907CD434E0CCFEE9F4
SHA-512:	016AB54B9E99600A296D99A036A555BB79E3C5FDB0F1BEB516AFFE17B7763D864CB076B9C2D95547ED44BA2F6FC372CDFF25708C5423E1CF643AB6F0AA78E0E3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Marigot) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-IPN4S.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7609
Entropy (8bit):	3.785302701923574
Encrypted:	false
SSDEEP:
MD5:	4DBA9C83ECAD5B5A099CC1AA78D391B0
SHA1:	FFCC77D7964BD16BD8A554FB437BCF4F2FC8958E
SHA-256:	3A89A6834DDBE4A3A6A1CB8C1A1F9579259E7FD6C6C55DE21DCD4807753D8E48
SHA-512:	21212AFE8917C0F3BBED433B510C4FCE671B0DA887A1C7338A18CD5409B1A95E766510A9E636E5AA3AB0BA21D7D2C00A462FEBB10D4567A343B85AFE6A3E2394
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Dawson) {. {-9223372036854775808 -33460 0 LMT}. {-2188996940 -32400 0 YST}. {-1632056400 -28800 1 YDT}. {-1615125600 -32400 0 YST}. {-1596978000 -28800 1 YDT}. {-1583164800 -32400 0 YST}. {-880203600 -28800 1 YWT}. {-769395600 -28800 1 YPT}. {-765381600 -32400 0 YST}. {-147884400 -25200 1 YDDT}. {-131554800 -32400 0 YST}. {315561600 -28800 0 PST}. {325677600 -25200 1 PDT}. {341398800 -28800 0 PST}. {357127200 -25200 1 PDT}. {372848400 -28800 0 PST}. {388576800 -25200 1 PDT}. {404902800 -28800 0 PST}. {420026400 -25200 1 PDT}. {436352400 -28800 0 PST}. {452080800 -25200 1 PDT}. {467802000 -28800 0 PST}. {483530400 -25200 1 PDT}. {499251600 -28800 0 PST}. {514980000 -25200 1 PDT}. {530701200 -28800 0 PST}. {544615200 -25200 1 PDT}. {562150800 -28800 0 PST}. {576064800 -25200 1 PDT}. {594205200 -28800 0 PST}. {607514400 -25200 1 PDT}

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-IS0C2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8406
Entropy (8bit):	3.8821515247187883
Encrypted:	false
SSDEEP:
MD5:	7D338E0224E7DDC690766CDC3E436805
SHA1:	89BB26B7731AC40DE75FFCD854BA4D30A0F1B716
SHA-256:	B703FC5AA56667A5F27FD80E5042AFE0F22F5A7EF7C5174646B2C10297E16810
SHA-512:	7B52EDD2FE3ECAB682138EC867B4D654A08BEA9C4A3BB20E1ED69F03DD9EF91A3B707C78D25CA5A32938152157E98188A253AD2D2D283EF24ECE7352BCB88B67
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Juneau) {. {-9223372036854775808 54139 0 LMT}. {-3225223727 -32261 0 LMT}. {-2188954939 -28800 0 PST}. {-883584000 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-757353600 -28800 0 PST}. {-31507200 -28800 0 PST}. {-21477600 -25200 1 PDT}. {-5756400 -28800 0 PST}. {9972000 -25200 1 PDT}. {25693200 -28800 0 PST}. {41421600 -25200 1 PDT}. {57747600 -28800 0 PST}. {73476000 -25200 1 PDT}. {89197200 -28800 0 PST}. {104925600 -25200 1 PDT}. {120646800 -28800 0 PST}. {126698400 -25200 1 PDT}. {152096400 -28800 0 PST}. {162381600 -25200 1 PDT}. {183546000 -28800 0 PST}. {199274400 -25200 1 PDT}. {215600400 -28800 0 PST}. {230724000 -25200 1 PDT}. {247050000 -28800 0 PST}. {262778400 -25200 1 PDT}. {278499600 -28800 0 PST}. {294228000 -25200 1 PDT}. {309949200 -28800 0 PST}. {325677600

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-ITUPF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9495
Entropy (8bit):	3.7630000632404426
Encrypted:	false
SSDEEP:
MD5:	1ACC41DA124C0CA5E67432760FDC91EC
SHA1:	13F56C3F53076E0027BB8C5814EC81256A37F4AF
SHA-256:	DFC19B5231F6A0AB9E9B971574FB612695A425A3B290699DF2819D46F1250DB0
SHA-512:	2F2E358F5743248DE946B90877EFCCCACAF039956249F17D24B7DA026830A181A125045E2C8937A6ACD674E32887049F2D36A1941F09803DF514ADCDA4055CC5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Vancouver) {. {-9223372036854775808 -29548 0 LMT}. {-2713880852 -28800 0 PST}. {-1632060000 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-747237600 -25200 1 PDT}. {-732726000 -28800 0 PST}. {-715788000 -25200 1 PDT}. {-702486000 -28800 0 PST}. {-684338400 -25200 1 PDT}. {-671036400 -28800 0 PST}. {-652888800 -25200 1 PDT}. {-639586800 -28800 0 PST}. {-620834400 -25200 1 PDT}. {-608137200 -28800 0 PST}. {-589384800 -25200 1 PDT}. {-576082800 -28800 0 PST}. {-557935200 -25200 1 PDT}. {-544633200 -28800 0 PST}. {-526485600 -25200 1 PDT}. {-513183600 -28800 0 PST}. {-495036000 -25200 1 PDT}. {-481734000 -28800 0 PST}. {-463586400 -25200 1 PDT}. {-450284400 -28800 0 PST}. {-431532000 -25200 1 PDT}. {-418230000 -28800 0 PST}. {-400082400 -25200 1 PDT}. {-386

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-J7OSD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	444
Entropy (8bit):	4.171707948838632
Encrypted:	false
SSDEEP:
MD5:	D20722EC3E24AA65C23DB94006246684
SHA1:	3E9D446FFA6163ED658D947BB582C9F566374777
SHA-256:	593FEBC924D0DE7DA5FC482952282F1B1E3432D7509798F475B13743047286DA
SHA-512:	326E300C837981DEFC497B5E467EA70DC2F6F10765FAB39977A2F03F3BEF0A0917EFD0524E2B66CBCFE0EE424273594437E098C6503EFC73002673678016C605
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Lima) {. {-9223372036854775808 -18492 0 LMT}. {-2524503108 -18516 0 LMT}. {-1938538284 -14400 0 -05}. {-1002052800 -18000 0 -05}. {-986756400 -14400 1 -05}. {-971035200 -18000 0 -05}. {-955306800 -14400 1 -05}. {-939585600 -18000 0 -05}. {512712000 -18000 0 -05}. {544248000 -18000 0 -05}. {638942400 -18000 0 -05}. {765172800 -18000 0 -05}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-JA5JH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1487
Entropy (8bit):	3.655866753080831
Encrypted:	false
SSDEEP:
MD5:	3BC7560FE4E357A36D53F6DCC1E6F176
SHA1:	F9F647E5021344A3A350CD895A26B049331E7CF1
SHA-256:	184EC961CA5D1233A96A030D75D0D47A4111717B793EE25C82C0540E25168BDD
SHA-512:	0805146230F55E12D7524F3F4EDB53D9C6C41C6926FA0603B3958AA82E85C9531D8CBDF4DFF085189908F293A2B29FDFA1BAEFB0FDADF34134D6C4D2FCF19397
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Maceio) {. {-9223372036854775808 -8572 0 LMT}. {-1767217028 -10800 0 -03}. {-1206957600 -7200 1 -03}. {-1191362400 -10800 0 -03}. {-1175374800 -7200 1 -03}. {-1159826400 -10800 0 -03}. {-633819600 -7200 1 -03}. {-622069200 -10800 0 -03}. {-602283600 -7200 1 -03}. {-591832800 -10800 0 -03}. {-570747600 -7200 1 -03}. {-560210400 -10800 0 -03}. {-539125200 -7200 1 -03}. {-531352800 -10800 0 -03}. {-191365200 -7200 1 -03}. {-184197600 -10800 0 -03}. {-155163600 -7200 1 -03}. {-150069600 -10800 0 -03}. {-128898000 -7200 1 -03}. {-121125600 -10800 0 -03}. {-99954000 -7200 1 -03}. {-89589600 -10800 0 -03}. {-68418000 -7200 1 -03}. {-57967200 -10800 0 -03}. {499748400 -7200 1 -03}. {511236000 -10800 0 -03}. {530593200 -7200 1 -03}. {540266400 -10800 0 -03}. {562129200 -7200 1 -03}. {571197600 -10800 0 -03}. {592974000 -7200 1 -03}. {60

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-JD5M3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1365
Entropy (8bit):	3.9551252054637245
Encrypted:	false
SSDEEP:
MD5:	2EC91D30699B64FA8199004F97C63645
SHA1:	4C4E00857B1FB3970E7C16C4EFAA9347ED2C3629
SHA-256:	4EB4C729FF11E170D683310422D8F10BCE78992CF13DACCB06662308C76CCA3B
SHA-512:	D7811C32E4D2B3B9FAEE730D580BC813EC41B63765DE34BB3A30A0D9BBEF2F090E2DA59C6D9A4D8FC91885DDEA2B6E3B1FD3FD434E42D805AF66E578E66AE6FE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Cancun) {. {-9223372036854775808 -20824 0 LMT}. {-1514743200 -21600 0 CST}. {377935200 -18000 0 EST}. {828860400 -14400 1 EDT}. {846396000 -18000 0 EST}. {860310000 -14400 1 EDT}. {877845600 -18000 0 EST}. {891759600 -14400 1 EDT}. {902041200 -18000 0 CDT}. {909298800 -21600 0 CST}. {923212800 -18000 1 CDT}. {941353200 -21600 0 CST}. {954662400 -18000 1 CDT}. {972802800 -21600 0 CST}. {989136000 -18000 1 CDT}. {1001833200 -21600 0 CST}. {1018166400 -18000 1 CDT}. {1035702000 -21600 0 CST}. {1049616000 -18000 1 CDT}. {1067151600 -21600 0 CST}. {1081065600 -18000 1 CDT}. {1099206000 -21600 0 CST}. {1112515200 -18000 1 CDT}. {1130655600 -21600 0 CST}. {1143964800 -18000 1 CDT}. {1162105200 -21600 0 CST}. {1175414400 -18000 1 CDT}. {1193554800 -21600 0 CST}. {1207468800 -18000 1 CDT}. {1225004400 -21600 0 CST}. {1238918400 -18000 1 CD

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-K5TC8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	180
Entropy (8bit):	4.723325073771884
Encrypted:	false
SSDEEP:
MD5:	E03755B574F4962030DB1E21D1317963
SHA1:	5B5FA4787DA7AE358EFEA81787EB2AB48E4D7247
SHA-256:	8E85F05135DB89CB304689081B22535002DBD184D5DCDBF6487CD0A2FBE4621E
SHA-512:	8B85E51BD8DC04AE768A4D42F8DF0E0D60F23FAB2607E3DCAD4E10695E50C2A3F2124DA7E3A87E97DB7AF090EF70C9A5B5C2D34F7D1B6F74FEFEA9148FEB15AB
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Panama)]} {. LoadTimeZoneFile America/Panama.}.set TZData(:America/Cayman) $TZData(:America/Panama).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-K6Q4K.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1075
Entropy (8bit):	3.7557219407321303
Encrypted:	false
SSDEEP:
MD5:	9AA66AEB91380EFD3313338A2DCBE432
SHA1:	2D86915D1F331CC7050BBFAAE3315CE1440813C1
SHA-256:	53DB45CF4CB369DA06C31478A793E787541DA0E77C042EBC7A10175A6BB6EFF6
SHA-512:	C9B4F6544B4A1E77BFF6D423A9AD5E003E32FA77B00ECC2A7AF6D2279ACC849ABE331E5DE27C450A6BF86ECC2450CEBFAB4880AB69C54649D4C7EE0AF05CD377
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Rio_Branco) {. {-9223372036854775808 -16272 0 LMT}. {-1767209328 -18000 0 -05}. {-1206950400 -14400 1 -05}. {-1191355200 -18000 0 -05}. {-1175367600 -14400 1 -05}. {-1159819200 -18000 0 -05}. {-633812400 -14400 1 -05}. {-622062000 -18000 0 -05}. {-602276400 -14400 1 -05}. {-591825600 -18000 0 -05}. {-570740400 -14400 1 -05}. {-560203200 -18000 0 -05}. {-539118000 -14400 1 -05}. {-531345600 -18000 0 -05}. {-191358000 -14400 1 -05}. {-184190400 -18000 0 -05}. {-155156400 -14400 1 -05}. {-150062400 -18000 0 -05}. {-128890800 -14400 1 -05}. {-121118400 -18000 0 -05}. {-99946800 -14400 1 -05}. {-89582400 -18000 0 -05}. {-68410800 -14400 1 -05}. {-57960000 -18000 0 -05}. {499755600 -14400 1 -05}. {511243200 -18000 0 -05}. {530600400 -14400 1 -05}. {540273600 -18000 0 -05}. {562136400 -14400 1 -05}. {571204800 -18000 0 -05}. {590040000 -

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-KU4F5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	242
Entropy (8bit):	4.7982301339896285
Encrypted:	false
SSDEEP:
MD5:	2F7A1415403071E5D2E545C1DAA96A15
SHA1:	6A8FB2ABAD2B2D25AF569624C6C9AAE9821EF70B
SHA-256:	40F3C68A518F294062AC3DD5361BB9884308E1C490EF11D2CFDC93CB219C3D26
SHA-512:	3E4D94AB6A46E6C3BB97304F3A5596A06041C0E0935CC840F4A6EB56D0892778F853959A742C5B832CD8F07AB9B74539C45599F22C080577503B2E34B6CE28C5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Martinique) {. {-9223372036854775808 -14660 0 LMT}. {-2524506940 -14660 0 FFMT}. {-1851537340 -14400 0 AST}. {323841600 -10800 1 ADT}. {338958000 -14400 0 AST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-KVS0Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8410
Entropy (8bit):	3.882284820226162
Encrypted:	false
SSDEEP:
MD5:	30468928CFDD0B6AAC8EA5BF84956E21
SHA1:	0B146D4D789CD49F0A7FEDFFE85FFD31C0926D9C
SHA-256:	202A45DEBFD6E92EF21E2FFF37281C1DE5B4AF4C79DC59A642013EBB37FE5AF0
SHA-512:	721049A2C751BC3F90B0D757C85F59971B46C70942B2F8A20B0E0E0834B89BBE9A5F16D20AEB5F58C1B6268D71DD5F39F9135C60FDE692E3E472598E054C1D96
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Anchorage) {. {-9223372036854775808 50424 0 LMT}. {-3225223727 -35976 0 LMT}. {-2188951224 -36000 0 AST}. {-883576800 -36000 0 AST}. {-880200000 -32400 1 AWT}. {-769395600 -32400 1 APT}. {-765378000 -36000 0 AST}. {-86882400 -36000 0 AHST}. {-31500000 -36000 0 AHST}. {-21470400 -32400 1 AHDT}. {-5749200 -36000 0 AHST}. {9979200 -32400 1 AHDT}. {25700400 -36000 0 AHST}. {41428800 -32400 1 AHDT}. {57754800 -36000 0 AHST}. {73483200 -32400 1 AHDT}. {89204400 -36000 0 AHST}. {104932800 -32400 1 AHDT}. {120654000 -36000 0 AHST}. {126705600 -32400 1 AHDT}. {152103600 -36000 0 AHST}. {162388800 -32400 1 AHDT}. {183553200 -36000 0 AHST}. {199281600 -32400 1 AHDT}. {215607600 -36000 0 AHST}. {230731200 -32400 1 AHDT}. {247057200 -36000 0 AHST}. {262785600 -32400 1 AHDT}. {278506800 -36000 0 AHST}. {294235200 -32400 1 AHDT}. {309956400 -360

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-L54KG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10015
Entropy (8bit):	3.780383775128893
Encrypted:	false
SSDEEP:
MD5:	77DEEF08876F92042F71E1DEFA666857
SHA1:	7E21B51B3ED8EBEB85193374174C6E2BCA7FEB7F
SHA-256:	87E9C6E265BFA58885FBEC128263D5E5D86CC32B8FFEDECAFE96F773192C18BE
SHA-512:	C9AB8C9147354A388AEC5FE04C6C5317481478A07893461706CDC9FD5B42E31733EAC01C95C357F3C5DC3556C49F20374F58A6E0A120755D5E96744DE3A95A81
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Goose_Bay) {. {-9223372036854775808 -14500 0 LMT}. {-2713895900 -12652 0 NST}. {-1640982548 -12652 0 NST}. {-1632076148 -9052 1 NDT}. {-1615145348 -12652 0 NST}. {-1609446548 -12652 0 NST}. {-1096921748 -12600 0 NST}. {-1072989000 -12600 0 NST}. {-1061670600 -9000 1 NDT}. {-1048973400 -12600 0 NST}. {-1030221000 -9000 1 NDT}. {-1017523800 -12600 0 NST}. {-998771400 -9000 1 NDT}. {-986074200 -12600 0 NST}. {-966717000 -9000 1 NDT}. {-954624600 -12600 0 NST}. {-935267400 -9000 1 NDT}. {-922570200 -12600 0 NST}. {-903817800 -9000 1 NDT}. {-891120600 -12600 0 NST}. {-872368200 -9000 0 NWT}. {-769395600 -9000 1 NPT}. {-765401400 -12600 0 NST}. {-757369800 -12600 0 NST}. {-746044200 -9000 1 NDT}. {-733347000 -12600 0 NST}. {-714594600 -9000 1 NDT}. {-701897400 -12600 0 NST}. {-683145000 -9000 1 NDT}. {-670447800 -12600 0 NST}. {-6516954

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-LAJDB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	187
Entropy (8bit):	4.810917109656368
Encrypted:	false
SSDEEP:
MD5:	4763D6524D2D8FC62720BCD020469FF6
SHA1:	EE567965467E4F3BDFE4094604E526A49305FDD8
SHA-256:	A794B43E498484FFD83702CFB9250932058C01627F6F6F4EE1432C80A9B37CD6
SHA-512:	37462E0A3C24D5BAEBDD1ADCF8EE94EA07682960D710D57D5FD05AF9C5F09FF30312528D79516A16A0A84A2D351019DBB33308FC39EC468033B18FB0AC872C13
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Curacao)]} {. LoadTimeZoneFile America/Curacao.}.set TZData(:America/Kralendijk) $TZData(:America/Curacao).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-LGBKQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1723
Entropy (8bit):	3.956012642028802
Encrypted:	false
SSDEEP:
MD5:	7D955B277C43D51F19377A91B987FAF9
SHA1:	F2F3E11E955C3E58E21654F3D841B5B1528C0913
SHA-256:	A1FA7BF002B3BA8DCA4D52AA0BB41C047DDAF88B2E542E1FCF81CB3AAF91AA75
SHA-512:	719DEE7A932EDB9255D711E82AC0CA3FCFB07AF3EFE2EE0D887D7137F6059BEBE07F85D910CC0005391D244B4EADA16257BE49787938386FD4B5DB6D8E31D513
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Regina) {. {-9223372036854775808 -25116 0 LMT}. {-2030202084 -25200 0 MST}. {-1632063600 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1251651600 -21600 1 MDT}. {-1238349600 -25200 0 MST}. {-1220202000 -21600 1 MDT}. {-1206900000 -25200 0 MST}. {-1188752400 -21600 1 MDT}. {-1175450400 -25200 0 MST}. {-1156698000 -21600 1 MDT}. {-1144000800 -25200 0 MST}. {-1125248400 -21600 1 MDT}. {-1111946400 -25200 0 MST}. {-1032714000 -21600 1 MDT}. {-1016992800 -25200 0 MST}. {-1001264400 -21600 1 MDT}. {-986148000 -25200 0 MST}. {-969814800 -21600 1 MDT}. {-954093600 -25200 0 MST}. {-937760400 -21600 1 MDT}. {-922039200 -25200 0 MST}. {-906310800 -21600 1 MDT}. {-890589600 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-748450800 -21600 1 MDT}. {-732729600 -25200 0 MST}. {-715791600 -21600 1 MDT}

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-LMFH0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	222
Entropy (8bit):	4.615632762186706
Encrypted:	false
SSDEEP:
MD5:	359226FA8A7EAFCA0851F658B4EBBCDC
SHA1:	611A24C24462DF5994B5D043E65770B778A6443B
SHA-256:	F2782781F1FB7FD12FF85D36BB244887D1C2AD52746456B3C3FEAC2A63EC2157
SHA-512:	6F9DD2D1662103EC5A34A8858BDFA69AC9F74D3337052AB47EA61DC4D76216886A0644CF1284940E8862A09CBA3E0A87784DFDB6414434C92E45004AAF312614
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Catamarca)]} {. LoadTimeZoneFile America/Argentina/Catamarca.}.set TZData(:America/Catamarca) $TZData(:America/Argentina/Catamarca).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-LQFK4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	234
Entropy (8bit):	4.775296176809929
Encrypted:	false
SSDEEP:
MD5:	861DAA3C2FFF1D3E9F81FB5C63EA71F1
SHA1:	8E219E63E6D7E702FD0644543E05778CE786601A
SHA-256:	1D32F22CF50C7586CB566E45988CA05538E61A05DF09FD8F824D870717832307
SHA-512:	71B47C369DF1958C560E71B114616B999FB4B091FAA6DD203B29D2555FFE419D6FC5EF82FA810DC56E6F00722E13B03BFBED2516B4C5C2321F21E03F0198B91B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Buenos_Aires)]} {. LoadTimeZoneFile America/Argentina/Buenos_Aires.}.set TZData(:America/Buenos_Aires) $TZData(:America/Argentina/Buenos_Aires).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-LS49H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	172
Entropy (8bit):	4.761501750421919
Encrypted:	false
SSDEEP:
MD5:	E641C6615E1EF015427202803761AADD
SHA1:	E254129517335E60D82DFE00C6D5AF722D36565A
SHA-256:	9C546927B107BB4AB345F618A91C0F8C03D8A366028B2F0FCBF0A3CE29E6588E
SHA-512:	B7D34B1EA0D6722D7BFCD91F082D79EE009B97A2B5684D76A3F04CB59079637134275CF9A0306B9F4423A03CC0C2AB43994207D1B209161C893C2C6F3F3B6311
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Adak)]} {. LoadTimeZoneFile America/Adak.}.set TZData(:America/Atka) $TZData(:America/Adak).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-LSBCQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6619
Entropy (8bit):	3.788952004807415
Encrypted:	false
SSDEEP:
MD5:	4D63766E65BF3E772CCEC2D6DB3E2D3E
SHA1:	DB541D2908159C7EF98F912D8DBC36755FFD13F3
SHA-256:	81CEA4A397AF6190FD250325CF513976B3508209AE3A88FDFD55490A5016A36D
SHA-512:	DFAF1B3547B1B1B78B33F1F0F5E9624C693492687EC5D060FC4C6CBE2AFBB61B2E9B618133636DD62364D28B2450F741561AADFDE7B811F579BBC7247343A041
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Mazatlan) {. {-9223372036854775808 -25540 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {-873828000 -25200 0 MST}. {-661539600 -28800 0 PST}. {28800 -25200 0 MST}. {828867600 -21600 1 MDT}. {846403200 -25200 0 MST}. {860317200 -21600 1 MDT}. {877852800 -25200 0 MST}. {891766800 -21600 1 MDT}. {909302400 -25200 0 MST}. {923216400 -21600 1 MDT}. {941356800 -25200 0 MST}. {954666000 -21600 1 MDT}. {972806400 -25200 0 MST}. {989139600 -21600 1 MDT}. {1001836800 -25200 0 MST}. {1018170000 -21600 1 MDT}. {1035705600 -25200 0 MST}. {1049619600 -21600 1 MDT}. {1067155200 -25200 0 MST}. {1081069200 -21600 1 MDT}. {1099209600 -25200 0 MST}. {1112518800 -21600 1 MDT}. {1130659200 -25200 0 MST}. {1143968400 -21600

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-M7QJ2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	203
Entropy (8bit):	4.856609165175433
Encrypted:	false
SSDEEP:
MD5:	F85ADC16127A74C9B35D16C631E11F4F
SHA1:	F7716E20F546AA04697FB0F4993A14BAFDD1825E
SHA-256:	67ACF237962E3D12E0C746AEDC7CDBC8579DC7C0A7998AC6B6E169C58A687C17
SHA-512:	89E8F9DC6A306912B2DAEE77705E2DCD76E32F403352C23ED6BE34F8BEBB12C3604C20DA11DB921553D20E3FC43EC7984C7103D8D1396AB83B104E70BA6D13B1
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Dominica) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-MDJ3L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6666
Entropy (8bit):	3.7481713130223295
Encrypted:	false
SSDEEP:
MD5:	8FFE81344C31A51489A254DE97E83C3E
SHA1:	4397D9EDAC304668D95921EF03DFD90F967E772F
SHA-256:	EF6AF4A3FA500618B37AF3CDD40C475E54347D7510274051006312A42C79F20C
SHA-512:	F34A6D44499DE5A4E328A8EAFBA5E77B1B8C04A843160D74978398F1545C821C3034FCBD5ADBFAD8D14D1688907C57E7570023ABD3096D4E4C19E3D3C04428B3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Thule) {. {-9223372036854775808 -16508 0 LMT}. {-1686079492 -14400 0 AST}. {670399200 -10800 1 ADT}. {686120400 -14400 0 AST}. {701848800 -10800 1 ADT}. {717570000 -14400 0 AST}. {733903200 -10800 1 ADT}. {752043600 -14400 0 AST}. {765352800 -10800 1 ADT}. {783493200 -14400 0 AST}. {796802400 -10800 1 ADT}. {814942800 -14400 0 AST}. {828856800 -10800 1 ADT}. {846392400 -14400 0 AST}. {860306400 -10800 1 ADT}. {877842000 -14400 0 AST}. {891756000 -10800 1 ADT}. {909291600 -14400 0 AST}. {923205600 -10800 1 ADT}. {941346000 -14400 0 AST}. {954655200 -10800 1 ADT}. {972795600 -14400 0 AST}. {986104800 -10800 1 ADT}. {1004245200 -14400 0 AST}. {1018159200 -10800 1 ADT}. {1035694800 -14400 0 AST}. {1049608800 -10800 1 ADT}. {1067144400 -14400 0 AST}. {1081058400 -10800 1 ADT}. {1099198800 -14400 0 AST}. {1112508000 -10800 1 ADT}. {1

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-MJH05.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	210
Entropy (8bit):	4.853705210019575
Encrypted:	false
SSDEEP:
MD5:	FE113AA98220A177DA9DD5BF588EB317
SHA1:	083F2C36FF97185E2078B389F6DB2B3B04E95672
SHA-256:	AF2A931C2CC39EED49710B9AFDBB3E56F1E4A1A5B9B1C813565BE43D6668493A
SHA-512:	B6A34966F4150E3E3785563DFEB543726868923DB3980F693B4F2504B773A6CFD4102225C24897C81F1B3D22F35D1BE92D5ECE19F03028AC485A6B975896BB8F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/La_Paz) {. {-9223372036854775808 -16356 0 LMT}. {-2524505244 -16356 0 CMT}. {-1205954844 -12756 1 BST}. {-1192307244 -14400 0 -04}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-MMMS1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1876
Entropy (8bit):	3.9458112723626755
Encrypted:	false
SSDEEP:
MD5:	D7E4978775F290809B7C042674F46903
SHA1:	E94DB1EBB6A1594ED1A5AEA48B52395482D06085
SHA-256:	2E6CFFE8E0C1FE93F55B1BD01F96AA1F3CE645BC802C061CB4917318E30C4494
SHA-512:	1FF3CD58A4C4DEC7538F0816E93E6577C51B0045CF36190FF4D327E81FB8282ADDB0EF20BD78A838ABD507EBAD1C187F2A20CC7840E2325B9C326EC449897B45
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Dawson_Creek) {. {-9223372036854775808 -28856 0 LMT}. {-2713881544 -28800 0 PST}. {-1632060000 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-725817600 -28800 0 PST}. {-715788000 -25200 1 PDT}. {-702486000 -28800 0 PST}. {-684338400 -25200 1 PDT}. {-671036400 -28800 0 PST}. {-652888800 -25200 1 PDT}. {-639586800 -28800 0 PST}. {-620834400 -25200 1 PDT}. {-608137200 -28800 0 PST}. {-589384800 -25200 1 PDT}. {-576082800 -28800 0 PST}. {-557935200 -25200 1 PDT}. {-544633200 -28800 0 PST}. {-526485600 -25200 1 PDT}. {-513183600 -28800 0 PST}. {-495036000 -25200 1 PDT}. {-481734000 -28800 0 PST}. {-463586400 -25200 1 PDT}. {-450284400 -28800 0 PST}. {-431532000 -25200 1 PDT}. {-418230000 -28800 0 PST}. {-400082400 -25200 1 PDT}. {-386780400 -28800 0 PST}. {-

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-N2RQD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6625
Entropy (8bit):	3.791871111929614
Encrypted:	false
SSDEEP:
MD5:	6A18936EC3AA0FCEC8A230ADAF90FF1E
SHA1:	B13B8BF1FD2EEED44F63A0DC71F0BCE8AC15C783
SHA-256:	974481F867DEA51B6D8C6C21432F9F6F7D6A951EC1C34B49D5445305A6FB29B7
SHA-512:	75AA7A3AE63ED41AFF6CF0F6DC3CA649786A86A64293E715962B003383D31A8AD2B99C72CE6B788EC4DFF1AF7820F011B3F1FD353B37C326EF02289CE4A061BF
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Bahia_Banderas) {. {-9223372036854775808 -25260 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {-873828000 -25200 0 MST}. {-661539600 -28800 0 PST}. {28800 -25200 0 MST}. {828867600 -21600 1 MDT}. {846403200 -25200 0 MST}. {860317200 -21600 1 MDT}. {877852800 -25200 0 MST}. {891766800 -21600 1 MDT}. {909302400 -25200 0 MST}. {923216400 -21600 1 MDT}. {941356800 -25200 0 MST}. {954666000 -21600 1 MDT}. {972806400 -25200 0 MST}. {989139600 -21600 1 MDT}. {1001836800 -25200 0 MST}. {1018170000 -21600 1 MDT}. {1035705600 -25200 0 MST}. {1049619600 -21600 1 MDT}. {1067155200 -25200 0 MST}. {1081069200 -21600 1 MDT}. {1099209600 -25200 0 MST}. {1112518800 -21600 1 MDT}. {1130659200 -25200 0 MST}. {1143968400 -

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-NHIDP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6398
Entropy (8bit):	3.770736282266079
Encrypted:	false
SSDEEP:
MD5:	7802A7D0CAEECF52062EA9AAC665051A
SHA1:	D965CD157A99FD258331A45F5E86B8F17A444D2B
SHA-256:	3D1BEDC932E5CB6315438C7EF060824C927C547009EEA25E8CF16C9D8C4A28B6
SHA-512:	4D369FF44CC1B1CBA75C0249B032581BA792830479D22C418C5B0599975E715B8983D93F52B00793F2A419F530BC8877D2DA251393592FD6B865499A97875FD8
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Port-au-Prince) {. {-9223372036854775808 -17360 0 LMT}. {-2524504240 -17340 0 PPMT}. {-1670483460 -18000 0 EST}. {421218000 -14400 1 EDT}. {436334400 -18000 0 EST}. {452062800 -14400 1 EDT}. {467784000 -18000 0 EST}. {483512400 -14400 1 EDT}. {499233600 -18000 0 EST}. {514962000 -14400 1 EDT}. {530683200 -18000 0 EST}. {546411600 -14400 1 EDT}. {562132800 -18000 0 EST}. {576050400 -14400 1 EDT}. {594194400 -18000 0 EST}. {607500000 -14400 1 EDT}. {625644000 -18000 0 EST}. {638949600 -14400 1 EDT}. {657093600 -18000 0 EST}. {671004000 -14400 1 EDT}. {688543200 -18000 0 EST}. {702453600 -14400 1 EDT}. {719992800 -18000 0 EST}. {733903200 -14400 1 EDT}. {752047200 -18000 0 EST}. {765352800 -14400 1 EDT}. {783496800 -18000 0 EST}. {796802400 -14400 1 EDT}. {814946400 -18000 0 EST}. {828856800 -14400 1 EDT}. {846396000 -18000 0 EST}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-NIR31.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7366
Entropy (8bit):	3.749928775816306
Encrypted:	false
SSDEEP:
MD5:	54F6D5098A0CF940F066EADEEA234A57
SHA1:	20B9FE5F6F70E97420A6D9939AA43C4CCFA8231B
SHA-256:	AA68088E41A018002E5CE12B14F8910E5ECE5F26D5854092E351BAAC2F90DB2B
SHA-512:	9EC1AF599604CEE266D9A4377B6CDABF94E61D0177CBC2158122406BF551AE0E3EE4CF147B28A382277B015CCB8F4405DB3EB3AE6425431EBB43CCDE08AEA3E1
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Rankin_Inlet) {. {-9223372036854775808 0 0 -00}. {-410227200 -21600 0 CST}. {-147895200 -14400 1 CDDT}. {-131565600 -21600 0 CST}. {325670400 -18000 1 CDT}. {341391600 -21600 0 CST}. {357120000 -18000 1 CDT}. {372841200 -21600 0 CST}. {388569600 -18000 1 CDT}. {404895600 -21600 0 CST}. {420019200 -18000 1 CDT}. {436345200 -21600 0 CST}. {452073600 -18000 1 CDT}. {467794800 -21600 0 CST}. {483523200 -18000 1 CDT}. {499244400 -21600 0 CST}. {514972800 -18000 1 CDT}. {530694000 -21600 0 CST}. {544608000 -18000 1 CDT}. {562143600 -21600 0 CST}. {576057600 -18000 1 CDT}. {594198000 -21600 0 CST}. {607507200 -18000 1 CDT}. {625647600 -21600 0 CST}. {638956800 -18000 1 CDT}. {657097200 -21600 0 CST}. {671011200 -18000 1 CDT}. {688546800 -21600 0 CST}. {702460800 -18000 1 CDT}. {719996400 -21600 0 CST}. {733910400 -18000 1 CDT}. {75205

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-OP13E.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7484
Entropy (8bit):	3.768929501362495
Encrypted:	false
SSDEEP:
MD5:	2701DA468F9F1C819301374E807AAA27
SHA1:	F08D7525639EA752D52F36A6D14F14C5514CED8E
SHA-256:	6C7DFDE581AC9DE7B4ED6A525A40F905B7550BD2AE7E55D7E2E1B81B771D030B
SHA-512:	98BD9EDD40D2982E20A169B8B8E8D411382E5707634BB4F8365CFFF73DB17B8C042D7ED1A59B9511A3A7EB587895119532CCED69F5EFBC49D74FFDC9CA91966F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Pangnirtung) {. {-9223372036854775808 0 0 -00}. {-1546300800 -14400 0 AST}. {-880221600 -10800 1 AWT}. {-769395600 -10800 1 APT}. {-765399600 -14400 0 AST}. {-147902400 -7200 1 ADDT}. {-131572800 -14400 0 AST}. {325663200 -10800 1 ADT}. {341384400 -14400 0 AST}. {357112800 -10800 1 ADT}. {372834000 -14400 0 AST}. {388562400 -10800 1 ADT}. {404888400 -14400 0 AST}. {420012000 -10800 1 ADT}. {436338000 -14400 0 AST}. {452066400 -10800 1 ADT}. {467787600 -14400 0 AST}. {483516000 -10800 1 ADT}. {499237200 -14400 0 AST}. {514965600 -10800 1 ADT}. {530686800 -14400 0 AST}. {544600800 -10800 1 ADT}. {562136400 -14400 0 AST}. {576050400 -10800 1 ADT}. {594190800 -14400 0 AST}. {607500000 -10800 1 ADT}. {625640400 -14400 0 AST}. {638949600 -10800 1 ADT}. {657090000 -14400 0 AST}. {671004000 -10800 1 ADT}. {688539600 -14400 0 AST}. {702

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-OP3E3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7487
Entropy (8bit):	3.787618233072156
Encrypted:	false
SSDEEP:
MD5:	839C797E403B4C102D466B1E759A6CC4
SHA1:	D95864FF269AD16B35CDAAC95AE03D8306B8DE1F
SHA-256:	37E219C4C7AEBCC8919293114280A247E8072F2760E69F083E9FDD6BE460B9BC
SHA-512:	A74F3B3C83815F62F6BDF4199EA471872AE539D6C0C595BA41E6D2DF033075D74CC00995C8F99C3ADD4B1E5E04A12D663BE9BED4CE600FC5F067D7CDDED4D7F5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Cambridge_Bay) {. {-9223372036854775808 0 0 -00}. {-1577923200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-147891600 -18000 1 MDDT}. {-131562000 -25200 0 MST}. {325674000 -21600 1 MDT}. {341395200 -25200 0 MST}. {357123600 -21600 1 MDT}. {372844800 -25200 0 MST}. {388573200 -21600 1 MDT}. {404899200 -25200 0 MST}. {420022800 -21600 1 MDT}. {436348800 -25200 0 MST}. {452077200 -21600 1 MDT}. {467798400 -25200 0 MST}. {483526800 -21600 1 MDT}. {499248000 -25200 0 MST}. {514976400 -21600 1 MDT}. {530697600 -25200 0 MST}. {544611600 -21600 1 MDT}. {562147200 -25200 0 MST}. {576061200 -21600 1 MDT}. {594201600 -25200 0 MST}. {607510800 -21600 1 MDT}. {625651200 -25200 0 MST}. {638960400 -21600 1 MDT}. {657100800 -25200 0 MST}. {671014800 -21600 1 MDT}. {688550400 -25200 0 MST}. {

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-OS96J.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	202
Entropy (8bit):	4.90033942341457
Encrypted:	false
SSDEEP:
MD5:	25CA3996DDB8F1964D3008660338BA72
SHA1:	B66D73B5B38C2CCCA78232ADC3572BBBEB79365D
SHA-256:	A2ABBD9BCFCE1DB1D78C99F4993AC0D414A08DB4AC5CE915B81119E17C4DA76F
SHA-512:	A25AFE4FD981F458FE194A5D87C35BE5FC7D4426C1EEE8311AE655BB53364CD4AAC0710C0D7E6A91C0F248E2A6916902F4FD43A220CFF7A6474B77D93CF35C81
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Antigua) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-P729K.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8376
Entropy (8bit):	3.8793735356495116
Encrypted:	false
SSDEEP:
MD5:	2F2C91BD29B32A281F9FB1F811953ACB
SHA1:	49102C37397CC9B7CDCDCE6A76F9BE03D0B446AB
SHA-256:	6ABBF55FEE7839B9EEEBB97EA53E185E1A0E189843531257708258841A35EB76
SHA-512:	FB06D4FE28BD9DD9D56A7365F1E2CC7434678B8850CECF99A232F07B4B720F092980EC337C279E599A12E54548DE6AC253547FE4C255BEFA7B545F8C93375589
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Sitka) {. {-9223372036854775808 53927 0 LMT}. {-3225223727 -32473 0 LMT}. {-2188954727 -28800 0 PST}. {-883584000 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-757353600 -28800 0 PST}. {-31507200 -28800 0 PST}. {-21477600 -25200 1 PDT}. {-5756400 -28800 0 PST}. {9972000 -25200 1 PDT}. {25693200 -28800 0 PST}. {41421600 -25200 1 PDT}. {57747600 -28800 0 PST}. {73476000 -25200 1 PDT}. {89197200 -28800 0 PST}. {104925600 -25200 1 PDT}. {120646800 -28800 0 PST}. {126698400 -25200 1 PDT}. {152096400 -28800 0 PST}. {162381600 -25200 1 PDT}. {183546000 -28800 0 PST}. {199274400 -25200 1 PDT}. {215600400 -28800 0 PST}. {230724000 -25200 1 PDT}. {247050000 -28800 0 PST}. {262778400 -25200 1 PDT}. {278499600 -28800 0 PST}. {294228000 -25200 1 PDT}. {309949200 -28800 0 PST}. {325677600 -

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-PDOGP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8324
Entropy (8bit):	3.772029913040983
Encrypted:	false
SSDEEP:
MD5:	239425659E7345C757E6A44ABF258A22
SHA1:	9659217B4D55795333DFA5E08451B69D17F514AD
SHA-256:	6D6D377DDF237B1C5AB012DDDEB5F4FAA39D1D51240AA5C4C34EE96556D2D2F4
SHA-512:	3891D7BC1F84FF6B01B6C2DF6F0413C9E168E5B84CE445030F1B871766DD38B2FF7418501AB7C0DCEAB8381E538D65DF4E7708502EE924546A28DF1AC9BB7129
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Boise) {. {-9223372036854775808 -27889 0 LMT}. {-2717640000 -28800 0 PST}. {-1633269600 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-1601820000 -25200 1 PDT}. {-1583679600 -28800 0 PST}. {-1471788000 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-52930800 -21600 1 MDT}. {-37209600 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {9968400 -21600 1 MDT}. {25689600 -25200 0 MST}. {41418000 -21600 1 MDT}. {57744000 -25200 0 MST}. {73472400 -21600 1 MDT}. {89193600 -25200 0 MST}. {104922000 -21600 1 MDT}. {120643200 -25200 0 MST}. {126255600 -25200 0 MST}. {129114000 -21600 0 MDT}. {152092800 -25200 0 MST}. {162378000 -21600 1 MDT}. {183542400 -25200 0 MST}. {199270800 -21600 1 MDT}. {215596800 -25200 0 MST}. {2307

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-PEL42.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6496
Entropy (8bit):	3.75909042772931
Encrypted:	false
SSDEEP:
MD5:	255A5A8E27CA1F0127D71E09033C6D9B
SHA1:	4F1C5E6D3F9E5BC9F8958FA50C195FDADD0F4022
SHA-256:	C753DEF7056E26D882DCD842729816890D42B6C7E31522111467C0C39A24B2F2
SHA-512:	96A67C3CC54EC39086D4DF681DDA39B4167FE80F0C45600045480F28C282071915F793BD672146119A22E0C15339F162DFF9DF326E7132E723684EF079666F58
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Monterrey) {. {-9223372036854775808 -24076 0 LMT}. {-1514743200 -21600 0 CST}. {568015200 -21600 0 CST}. {576057600 -18000 1 CDT}. {594198000 -21600 0 CST}. {599637600 -21600 0 CST}. {828864000 -18000 1 CDT}. {846399600 -21600 0 CST}. {860313600 -18000 1 CDT}. {877849200 -21600 0 CST}. {891763200 -18000 1 CDT}. {909298800 -21600 0 CST}. {923212800 -18000 1 CDT}. {941353200 -21600 0 CST}. {954662400 -18000 1 CDT}. {972802800 -21600 0 CST}. {989136000 -18000 1 CDT}. {1001833200 -21600 0 CST}. {1018166400 -18000 1 CDT}. {1035702000 -21600 0 CST}. {1049616000 -18000 1 CDT}. {1067151600 -21600 0 CST}. {1081065600 -18000 1 CDT}. {1099206000 -21600 0 CST}. {1112515200 -18000 1 CDT}. {1130655600 -21600 0 CST}. {1143964800 -18000 1 CDT}. {1162105200 -21600 0 CST}. {1175414400 -18000 1 CDT}. {1193554800 -21600 0 CST}. {1207468800 -18000 1 C

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-PHVG5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10883
Entropy (8bit):	3.7202964099536917
Encrypted:	false
SSDEEP:
MD5:	9C60AFDFA3BA2002BA68673B778194CF
SHA1:	D6D17C82AEC4B85BA7B0F6FCB36A7582CA26A82B
SHA-256:	7744DB6EFE39D636F1C88F8325ED3EB6BF8FA615F52A60333A58BCE579983E87
SHA-512:	3C793BB00725CF37474683EAB70A0F2B2ACAE1656402CDD7E75182988DC20361A8651A624A5220983E3E05333B9817DCBEAF20D34BD55C5128F55474A02A9455
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Toronto) {. {-9223372036854775808 -19052 0 LMT}. {-2366736148 -18000 0 EST}. {-1632070800 -14400 1 EDT}. {-1615140000 -18000 0 EST}. {-1609441200 -18000 0 EST}. {-1601753400 -14400 1 EDT}. {-1583697600 -18000 0 EST}. {-1567357200 -14400 1 EDT}. {-1554667200 -18000 0 EST}. {-1534698000 -14400 1 EDT}. {-1524074400 -18000 0 EST}. {-1503248400 -14400 1 EDT}. {-1492365600 -18000 0 EST}. {-1471798800 -14400 1 EDT}. {-1460916000 -18000 0 EST}. {-1440954000 -14400 1 EDT}. {-1428861600 -18000 0 EST}. {-1409504400 -14400 1 EDT}. {-1397412000 -18000 0 EST}. {-1378054800 -14400 1 EDT}. {-1365962400 -18000 0 EST}. {-1346605200 -14400 1 EDT}. {-1333908000 -18000 0 EST}. {-1315155600 -14400 1 EDT}. {-1301853600 -18000 0 EST}. {-1283706000 -14400 1 EDT}. {-1270404000 -18000 0 EST}. {-1252256400 -14400 1 EDT}. {-1238954400 -18000 0 EST}. {-1220806800

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-PRMBI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	590
Entropy (8bit):	4.233264210289004
Encrypted:	false
SSDEEP:
MD5:	6BF9AB156020E7AC62F93F561B314CB8
SHA1:	7484A57EADCFD870490395BB4D6865A2E024B791
SHA-256:	D45B4690B43C46A7CD8001F8AE950CD6C0FF7B01CD5B3623E3DD92C62FD5E473
SHA-512:	CF02E62650679D8E2D58D0D70DE2322CAAA6508AF4FF7A60E415AA8AA3A9D26D1A191CFAE986ACAF0AEF1DFC4C2E34F9A5B6EDC2018E0B7E9000917D429FB587
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Managua) {. {-9223372036854775808 -20708 0 LMT}. {-2524500892 -20712 0 MMT}. {-1121105688 -21600 0 CST}. {105084000 -18000 0 EST}. {161758800 -21600 0 CST}. {290584800 -18000 1 CDT}. {299134800 -21600 0 CST}. {322034400 -18000 1 CDT}. {330584400 -21600 0 CST}. {694260000 -18000 0 EST}. {717310800 -21600 0 CST}. {725868000 -18000 0 EST}. {852094800 -21600 0 CST}. {1113112800 -18000 1 CDT}. {1128229200 -21600 0 CST}. {1146384000 -18000 1 CDT}. {1159682400 -21600 0 CST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-RBBSP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2840
Entropy (8bit):	3.549378422404712
Encrypted:	false
SSDEEP:
MD5:	87A9F18CE5E5EE97D943316EE93DC664
SHA1:	C221C82FA644943AF05C5737B4A68418BEFE66D7
SHA-256:	E8DB201FDAF1FD43BE39422062CEB2A25F25764934C481A95CD7BB3F93949495
SHA-512:	AC7D6BA85A37585BEC2101AAF0F46B04BF49F56B449A2BEC4E32D009576CA4D0CB687981EFA96DA8DAB00453F0020925E5FB9681BF8071AC6EFFC4F938E0D891
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Montevideo) {. {-9223372036854775808 -13491 0 LMT}. {-1942690509 -13491 0 MMT}. {-1567455309 -14400 0 -04}. {-1459627200 -10800 0 -0330}. {-1443819600 -12600 0 -0330}. {-1428006600 -10800 1 -0330}. {-1412283600 -12600 0 -0330}. {-1396470600 -10800 1 -0330}. {-1380747600 -12600 0 -0330}. {-1141590600 -10800 1 -0330}. {-1128286800 -12600 0 -0330}. {-1110141000 -10800 1 -0330}. {-1096837200 -12600 0 -0330}. {-1078691400 -10800 1 -0330}. {-1065387600 -12600 0 -0330}. {-1047241800 -10800 1 -0330}. {-1033938000 -12600 0 -0330}. {-1015187400 -10800 1 -0330}. {-1002488400 -12600 0 -0330}. {-983737800 -10800 1 -0330}. {-971038800 -12600 0 -0330}. {-954707400 -10800 1 -0330}. {-938984400 -12600 0 -0330}. {-920838600 -10800 1 -0330}. {-907534800 -12600 0 -0330}. {-896819400 -10800 1 -0330}. {-853621200 -9000 0 -03}. {-845847000 -10800 0 -03}. {-33

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-RFF87.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	199
Entropy (8bit):	4.8191308888643345
Encrypted:	false
SSDEEP:
MD5:	465D405C9720EB7EC4BB007A279E88ED
SHA1:	7D80B8746816ECF4AF45166AED24C731B60CCFC6
SHA-256:	BE85C86FBD7D396D2307E7DCC945214977829E1314D1D71EFAE509E98AC15CF7
SHA-512:	C476022D2CC840793BF7B5841051F707A30CCAB1022E30FB1E45B420077417F517BEDA5564EFB154283C7C018A9CA09D10845C6A1BFE2A2DE7C939E307BDCE6F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Indiana/Knox)]} {. LoadTimeZoneFile America/Indiana/Knox.}.set TZData(:America/Knox_IN) $TZData(:America/Indiana/Knox).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-RK09L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1944
Entropy (8bit):	3.6123892296166242
Encrypted:	false
SSDEEP:
MD5:	E52095DB1E77EC4553A0AF56665CDE51
SHA1:	CED0966E8D89443F2CCBBE9F44DA683F7D2D688B
SHA-256:	30A4658BD46F88A1585ACABB9EB6BA03DB929EAF7D2F430BC4864D194A6CC0DD
SHA-512:	D6F3D51393F9D8F6414023A8435213EC6BD4FCAA5084B664B828CCDE8D57821E3E284B3D5A27414B4C2AB0B71E31D775D1F924C926C849F591D361DAA8681D8A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Bahia) {. {-9223372036854775808 -9244 0 LMT}. {-1767216356 -10800 0 -03}. {-1206957600 -7200 1 -03}. {-1191362400 -10800 0 -03}. {-1175374800 -7200 1 -03}. {-1159826400 -10800 0 -03}. {-633819600 -7200 1 -03}. {-622069200 -10800 0 -03}. {-602283600 -7200 1 -03}. {-591832800 -10800 0 -03}. {-570747600 -7200 1 -03}. {-560210400 -10800 0 -03}. {-539125200 -7200 1 -03}. {-531352800 -10800 0 -03}. {-191365200 -7200 1 -03}. {-184197600 -10800 0 -03}. {-155163600 -7200 1 -03}. {-150069600 -10800 0 -03}. {-128898000 -7200 1 -03}. {-121125600 -10800 0 -03}. {-99954000 -7200 1 -03}. {-89589600 -10800 0 -03}. {-68418000 -7200 1 -03}. {-57967200 -10800 0 -03}. {499748400 -7200 1 -03}. {511236000 -10800 0 -03}. {530593200 -7200 1 -03}. {540266400 -10800 0 -03}. {562129200 -7200 1 -03}. {571197600 -10800 0 -03}. {592974000 -7200 1 -03}. {602

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-RRL5C.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	226
Entropy (8bit):	4.730673843485836
Encrypted:	false
SSDEEP:
MD5:	4685E4E850E0B6669F72B8E1B4314A0A
SHA1:	BC6CCD58A2977A1E125B21D7B8FD57E800E624E1
SHA-256:	D35F335D6F575F95CEA4FF53382C0BE0BE94BE7EB8B1E0CA3B7C50E8F7614E4E
SHA-512:	867003B33A5FC6E42D546FBFC7A8AB351DE72232B89BA1BEC6DB566F6DCE135E65C08DE9112837190EB21D677E2F83E7E0F6049EC70CB9E36F223DE3A68E000A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Indiana/Indianapolis)]} {. LoadTimeZoneFile America/Indiana/Indianapolis.}.set TZData(:America/Fort_Wayne) $TZData(:America/Indiana/Indianapolis).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-RTH0I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7421
Entropy (8bit):	3.7475594770809835
Encrypted:	false
SSDEEP:
MD5:	67B9C859DCD38D60EB892500D7287387
SHA1:	E91BE702B1D97039528A3F540D1FFFF553683CE9
SHA-256:	34D907D9F2B36DC562DCD4E972170011B4DA98F9F6EDA819C50C130A51F1DBED
SHA-512:	239B0BA842C1432DB5A6DE4E0A63CDE4B4800FC76AE237B0E723116426F0700FFF418634FB1B5641B87E7792709E16A9ED679E37A570E9D723E3561C2B6B45B5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Iqaluit) {. {-9223372036854775808 0 0 -00}. {-865296000 -14400 0 EWT}. {-769395600 -14400 1 EPT}. {-765396000 -18000 0 EST}. {-147898800 -10800 1 EDDT}. {-131569200 -18000 0 EST}. {325666800 -14400 1 EDT}. {341388000 -18000 0 EST}. {357116400 -14400 1 EDT}. {372837600 -18000 0 EST}. {388566000 -14400 1 EDT}. {404892000 -18000 0 EST}. {420015600 -14400 1 EDT}. {436341600 -18000 0 EST}. {452070000 -14400 1 EDT}. {467791200 -18000 0 EST}. {483519600 -14400 1 EDT}. {499240800 -18000 0 EST}. {514969200 -14400 1 EDT}. {530690400 -18000 0 EST}. {544604400 -14400 1 EDT}. {562140000 -18000 0 EST}. {576054000 -14400 1 EDT}. {594194400 -18000 0 EST}. {607503600 -14400 1 EDT}. {625644000 -18000 0 EST}. {638953200 -14400 1 EDT}. {657093600 -18000 0 EST}. {671007600 -14400 1 EDT}. {688543200 -18000 0 EST}. {702457200 -14400 1 EDT}. {71999280

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-RVTE4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	208
Entropy (8bit):	4.905980413237828
Encrypted:	false
SSDEEP:
MD5:	B6E45D20EB8CC73A77B9A75578E5C246
SHA1:	19C6BB6ED12B6943CF7BDFFE4C8A8D72DB491E44
SHA-256:	31E60EAC8ABFA8D3DAD501D3BCDCA7C4DB7031B65ADDA24EC11A6DEE1E3D14C3
SHA-512:	C0F3BF8D106E77C1000E45D0A6C8E7C05B7B97EFA2EECCA45FEF48EB42FBDD5336FD551C794064EADFB6919A12813FF66B2F95722877432B4A48B1FBA6C5409D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/St_Barthelemy) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-S13JH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7485
Entropy (8bit):	3.781666511020802
Encrypted:	false
SSDEEP:
MD5:	C9050AC32086644B15631E6FBE4D6292
SHA1:	8C074D0E04CAFB1BDD11953AE77687CFBC53C449
SHA-256:	447B801066A92624F58C00DA66FBB90B54195F4AB06886AE4796228244E19E85
SHA-512:	E7C73E67B247F912E774EF245D2323B24DDF75054C7BE9095BC19E3C58CB5AE287747076B2436ABF735738A969DAFCDB128F0BA2C76A0AFAB5449CF157BEB190
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Yellowknife) {. {-9223372036854775808 0 0 -00}. {-1104537600 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-147891600 -18000 1 MDDT}. {-131562000 -25200 0 MST}. {315558000 -25200 0 MST}. {325674000 -21600 1 MDT}. {341395200 -25200 0 MST}. {357123600 -21600 1 MDT}. {372844800 -25200 0 MST}. {388573200 -21600 1 MDT}. {404899200 -25200 0 MST}. {420022800 -21600 1 MDT}. {436348800 -25200 0 MST}. {452077200 -21600 1 MDT}. {467798400 -25200 0 MST}. {483526800 -21600 1 MDT}. {499248000 -25200 0 MST}. {514976400 -21600 1 MDT}. {530697600 -25200 0 MST}. {544611600 -21600 1 MDT}. {562147200 -25200 0 MST}. {576061200 -21600 1 MDT}. {594201600 -25200 0 MST}. {607510800 -21600 1 MDT}. {625651200 -25200 0 MST}. {638960400 -21600 1 MDT}. {657100800 -25200 0 MST}. {671014800 -21600 1 MDT}. {68

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-S94QF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	214
Entropy (8bit):	4.76389929825594
Encrypted:	false
SSDEEP:
MD5:	A6EFD8F443D4CB54A5FB238D4D975808
SHA1:	8F25C6C0EA9D73DC8D1964C4A28A4E2E783880CC
SHA-256:	39B34B406339F06A8D187F8CCC1B6BF2550E49329F7DCE223619190F560E75F8
SHA-512:	4B5D48472D56AF19B29AD2377573CC8CB3ED9EF1AF53C00C907B6576FA852EA3D1E9F9B3A78A280DC44F8ADBE5B81D6AEC2609BE08FFA08507CD0F4139878F46
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Mendoza)]} {. LoadTimeZoneFile America/Argentina/Mendoza.}.set TZData(:America/Mendoza) $TZData(:America/Argentina/Mendoza).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-S9DIQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7646
Entropy (8bit):	3.4194836403778353
Encrypted:	false
SSDEEP:
MD5:	7309EBE8210C3C84C24D459289484EFA
SHA1:	31EFE19E3CA2DB512C7AC9CAFD72991EF0517FD3
SHA-256:	FE7543FF576D7EDC3A3FF82759E5C244DE8EB57A95744E20610CEDF6E29AB4C9
SHA-512:	41C94E4093F015B61ACEFCEA067C101AA1ECB855789CFDB8FA4D17589D20868FB7A1456D21C90B5261445D970E5E7F134CBAF17EA926278C9E6DFC471D29F896
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Cuiaba) {. {-9223372036854775808 -13460 0 LMT}. {-1767212140 -14400 0 -04}. {-1206954000 -10800 1 -04}. {-1191358800 -14400 0 -04}. {-1175371200 -10800 1 -04}. {-1159822800 -14400 0 -04}. {-633816000 -10800 1 -04}. {-622065600 -14400 0 -04}. {-602280000 -10800 1 -04}. {-591829200 -14400 0 -04}. {-570744000 -10800 1 -04}. {-560206800 -14400 0 -04}. {-539121600 -10800 1 -04}. {-531349200 -14400 0 -04}. {-191361600 -10800 1 -04}. {-184194000 -14400 0 -04}. {-155160000 -10800 1 -04}. {-150066000 -14400 0 -04}. {-128894400 -10800 1 -04}. {-121122000 -14400 0 -04}. {-99950400 -10800 1 -04}. {-89586000 -14400 0 -04}. {-68414400 -10800 1 -04}. {-57963600 -14400 0 -04}. {499752000 -10800 1 -04}. {511239600 -14400 0 -04}. {530596800 -10800 1 -04}. {540270000 -14400 0 -04}. {562132800 -10800 1 -04}. {571201200 -14400 0 -04}. {592977600 -1080

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-SF95E.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	385
Entropy (8bit):	4.450029420195016
Encrypted:	false
SSDEEP:
MD5:	6E3FD9D19E0CD26275B0F95412F13F4C
SHA1:	A1B6D6219DEBDBC9B5FFF5848E5DF14F8F4B1158
SHA-256:	1DC103227CA0EDEEBA8EE8A41AE54B3E11459E4239DC051B0694CF7DF3636F1A
SHA-512:	BF615D16BB55186AFC7216B47250EE84B7834FD08077E29E0A8F49C65AACAAD8D27539EA751202EBFF5E0B00702EC59B0A7D95F5FB585BFED68AC6206416110D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Guatemala) {. {-9223372036854775808 -21724 0 LMT}. {-1617040676 -21600 0 CST}. {123055200 -18000 1 CDT}. {130914000 -21600 0 CST}. {422344800 -18000 1 CDT}. {433054800 -21600 0 CST}. {669708000 -18000 1 CDT}. {684219600 -21600 0 CST}. {1146376800 -18000 1 CDT}. {1159678800 -21600 0 CST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-SN48N.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7389
Entropy (8bit):	3.778898781146325
Encrypted:	false
SSDEEP:
MD5:	EFEFB694C4F54583C0ED45A955E823AF
SHA1:	6FF35D151E8E1DED0DC362671FFF904B3CFF59B4
SHA-256:	72C48C0CCC1B8C1BD80E5BB5B8879A07A2DBE82317667568523BBE1F855E4883
SHA-512:	52BDACF02C5A595927FF9B7DC0151367C81B259C8831A91F66A0C10D5271DCDF834763F44868CCF7EDA497295D9D55C49C8F8FD43EEC383C29BC3CABAA4B6B0F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Inuvik) {. {-9223372036854775808 0 0 -00}. {-536457600 -28800 0 PST}. {-147888000 -21600 1 PDDT}. {-131558400 -28800 0 PST}. {315558000 -25200 0 MST}. {325674000 -21600 1 MDT}. {341395200 -25200 0 MST}. {357123600 -21600 1 MDT}. {372844800 -25200 0 MST}. {388573200 -21600 1 MDT}. {404899200 -25200 0 MST}. {420022800 -21600 1 MDT}. {436348800 -25200 0 MST}. {452077200 -21600 1 MDT}. {467798400 -25200 0 MST}. {483526800 -21600 1 MDT}. {499248000 -25200 0 MST}. {514976400 -21600 1 MDT}. {530697600 -25200 0 MST}. {544611600 -21600 1 MDT}. {562147200 -25200 0 MST}. {576061200 -21600 1 MDT}. {594201600 -25200 0 MST}. {607510800 -21600 1 MDT}. {625651200 -25200 0 MST}. {638960400 -21600 1 MDT}. {657100800 -25200 0 MST}. {671014800 -21600 1 MDT}. {688550400 -25200 0 MST}. {702464400 -21600 1 MDT}. {720000000 -25200 0 MST}. {733914000 -

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-T0F61.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8260
Entropy (8bit):	3.7353311910027376
Encrypted:	false
SSDEEP:
MD5:	6F9F530A792FC34E2B0CEE4BC3DB3809
SHA1:	4DF8A4A6993E47DD5A710BEE921D88FEF44858E7
SHA-256:	9F62117DDA0A21D37B63C9083B3C50572399B22D640262F427D68123078B32F9
SHA-512:	C2BF93FDBE8430113FA63561D1A08145DCF31CD679AB7230098993C7A19EF0F29F486C962656F8A62505CB1BFE993FBD3BB5FB0BAE7B6E7E190DE2865C445408
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Nassau) {. {-9223372036854775808 -18570 0 LMT}. {-1825095030 -18000 0 EST}. {-179341200 -14400 1 EDT}. {-163620000 -18000 0 EST}. {-147891600 -14400 1 EDT}. {-131565600 -18000 0 EST}. {-116442000 -14400 1 EDT}. {-100116000 -18000 0 EST}. {-84387600 -14400 1 EDT}. {-68666400 -18000 0 EST}. {-52938000 -14400 1 EDT}. {-37216800 -18000 0 EST}. {-21488400 -14400 1 EDT}. {-5767200 -18000 0 EST}. {9961200 -14400 1 EDT}. {25682400 -18000 0 EST}. {41410800 -14400 1 EDT}. {57736800 -18000 0 EST}. {73465200 -14400 1 EDT}. {89186400 -18000 0 EST}. {104914800 -14400 1 EDT}. {120636000 -18000 0 EST}. {136364400 -14400 1 EDT}. {152085600 -18000 0 EST}. {167814000 -14400 1 EDT}. {183535200 -18000 0 EST}. {189320400 -18000 0 EST}. {199263600 -14400 1 EDT}. {215589600 -18000 0 EST}. {230713200 -14400 1 EDT}. {247039200 -18000 0 EST}. {262767600

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-T49QN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	269
Entropy (8bit):	4.7060952459188305
Encrypted:	false
SSDEEP:
MD5:	77BE2E0759A3B7227B4DAC601A670D03
SHA1:	1FB09211F291E5B1C5CC9848EB53106AF48EE830
SHA-256:	40994535FE02326EA9E373F54CB60804BA7AE7162B52EA5F73497E7F72F2D482
SHA-512:	EB5E6A4A912053E399F6225A02DDC524A223D4A5724165CAD9009F1FA10B042F971E52CE17B395A86BC80FCC6897FD2CCC3B00708506FEF39E4D71812F5DF595
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/El_Salvador) {. {-9223372036854775808 -21408 0 LMT}. {-1546279392 -21600 0 CST}. {547020000 -18000 1 CDT}. {559717200 -21600 0 CST}. {578469600 -18000 1 CDT}. {591166800 -21600 0 CST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-T5NNL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	203
Entropy (8bit):	4.878034750755565
Encrypted:	false
SSDEEP:
MD5:	B149DC2A23F741BA943E5511E35370D3
SHA1:	3C8D3CFDB329B7ECB90C19D3EB3DE6F33A063ADD
SHA-256:	36046A74F6BB23EA8EABA25AD3B93241EBB509EF1821CC4BEC860489F5EC6DCA
SHA-512:	CEB38EC2405A3B0A4E09CDD2D69A11884CCB28DA0FD7CF8B344E1472642A0571674D3ED33C639E745DDEEE741E52B0948B86DFFFD324BB07A9F1A6B9F38F898E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/St_Kitts) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-TFKJL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	202
Entropy (8bit):	4.854311472609309
Encrypted:	false
SSDEEP:
MD5:	B931564D937C807282F1432FF6EA52A6
SHA1:	7ECA025D97717EEA7C91B5390122D3A47A25CAD0
SHA-256:	FF5CF153C4EC65E7E57A608A481F12939B6E4ACC8D62C5B01FEB5A04769A6F07
SHA-512:	97271500C7D7959B90A6AC0A98D5D0D29DA00E92F9FC973594267DF906DEE767243698DBA2F3A0CF00156E949E29CDDD45A151F263583514090717CFDF1FB4DD
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Tortola) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-TQQVE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	413
Entropy (8bit):	4.429320498710922
Encrypted:	false
SSDEEP:
MD5:	49EED111AB16F289E7D2D145A2641720
SHA1:	2F0A37524209FC26421C2951F169B4352250ED9E
SHA-256:	E7415944397EF395DDBD8EACB6D68662908A25E2DB18E4A3411016CBB6B8AFC6
SHA-512:	3AD4511798BA763C4E4A549340C807FE2FDF6B107C74A977E425734BBADDFF44ADAA68B5AE1F96170902A10208BC4BBF551C596EB1A3E292071549B8F3012A35
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Barbados) {. {-9223372036854775808 -14309 0 LMT}. {-1451678491 -14309 0 BMT}. {-1199217691 -14400 0 AST}. {234943200 -10800 1 ADT}. {244616400 -14400 0 AST}. {261554400 -10800 1 ADT}. {276066000 -14400 0 AST}. {293004000 -10800 1 ADT}. {307515600 -14400 0 AST}. {325058400 -10800 1 ADT}. {338706000 -14400 0 AST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-U3FFQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	196
Entropy (8bit):	4.818272118524638
Encrypted:	false
SSDEEP:
MD5:	1C0C736D0593654230FCBB0DC275313B
SHA1:	00518615F97BCFF2F6862116F4DF834B70E2D4CA
SHA-256:	5C97E6DF0FC03F13A0814274A9C3A983C474000AE3E78806B38DF9208372FD54
SHA-512:	2252D17CB4F770124586BBF35974077212B92C1587071C9F552F1EFAC15CBF92128E61C456F9F5154D212F7D66CC5BD85B76B1187D5A6F24E89E14EDF322D67F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Rio_Branco)]} {. LoadTimeZoneFile America/Rio_Branco.}.set TZData(:America/Porto_Acre) $TZData(:America/Rio_Branco).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-U5T28.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6462
Entropy (8bit):	3.906655458013535
Encrypted:	false
SSDEEP:
MD5:	897140EE4C46A300FBA4B66692A77D2B
SHA1:	D5F2F3C8561A19EA0C5DAF0236696D5DB98D4220
SHA-256:	8B48C28A0AB6728CEDBCC82197355A5F9DD7D73E270EE949D996BB788777623B
SHA-512:	17E52B3C00C4EDE3B2FA10A4BE0601889B12581D31936D075E85118F37329716C4083D2B16F7081F7AA73EC9774ED7B4CF67615BE6090F8A506BF77AADE0CAFD
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Metlakatla) {. {-9223372036854775808 54822 0 LMT}. {-3225223727 -31578 0 LMT}. {-2188955622 -28800 0 PST}. {-883584000 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-757353600 -28800 0 PST}. {-31507200 -28800 0 PST}. {-21477600 -25200 1 PDT}. {-5756400 -28800 0 PST}. {9972000 -25200 1 PDT}. {25693200 -28800 0 PST}. {41421600 -25200 1 PDT}. {57747600 -28800 0 PST}. {73476000 -25200 1 PDT}. {89197200 -28800 0 PST}. {104925600 -25200 1 PDT}. {120646800 -28800 0 PST}. {126698400 -25200 1 PDT}. {152096400 -28800 0 PST}. {162381600 -25200 1 PDT}. {183546000 -28800 0 PST}. {199274400 -25200 1 PDT}. {215600400 -28800 0 PST}. {230724000 -25200 1 PDT}. {247050000 -28800 0 PST}. {262778400 -25200 1 PDT}. {278499600 -28800 0 PST}. {294228000 -25200 1 PDT}. {309949200 -28800 0 PST}. {325677

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-U8Q6H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1375
Entropy (8bit):	3.695923796037783
Encrypted:	false
SSDEEP:
MD5:	2BCCE3C71898F3D7F2327419950C5838
SHA1:	CE45568E951C227CB3D88D20B337E5E1E1D4B1EF
SHA-256:	AA2CF8DA8D63FC4DE912A4F220CF7E49379021F5E51ABA1AFCFC7C9164D5A381
SHA-512:	420066E5D39446AA53547CBF1A015A4745F02D1059B2530B7735AC4C28BD2BFC431AEB7531C2C49C2BDF8E31405F15717D88DE0DE3F5F42BAA96A8289A014D06
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Fortaleza) {. {-9223372036854775808 -9240 0 LMT}. {-1767216360 -10800 0 -03}. {-1206957600 -7200 1 -03}. {-1191362400 -10800 0 -03}. {-1175374800 -7200 1 -03}. {-1159826400 -10800 0 -03}. {-633819600 -7200 1 -03}. {-622069200 -10800 0 -03}. {-602283600 -7200 1 -03}. {-591832800 -10800 0 -03}. {-570747600 -7200 1 -03}. {-560210400 -10800 0 -03}. {-539125200 -7200 1 -03}. {-531352800 -10800 0 -03}. {-191365200 -7200 1 -03}. {-184197600 -10800 0 -03}. {-155163600 -7200 1 -03}. {-150069600 -10800 0 -03}. {-128898000 -7200 1 -03}. {-121125600 -10800 0 -03}. {-99954000 -7200 1 -03}. {-89589600 -10800 0 -03}. {-68418000 -7200 1 -03}. {-57967200 -10800 0 -03}. {499748400 -7200 1 -03}. {511236000 -10800 0 -03}. {530593200 -7200 1 -03}. {540266400 -10800 0 -03}. {562129200 -7200 1 -03}. {571197600 -10800 0 -03}. {592974000 -7200 1 -03}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-UADKQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	205
Entropy (8bit):	4.876306758637305
Encrypted:	false
SSDEEP:
MD5:	52DAAF1636B5B70E0BA2015E9F322A74
SHA1:	4BD05207601CF6DB467C27052EBB25C9A64DAC96
SHA-256:	A5B3687BBA1D14D52599CB355BA5F4399632BF98DF4CEB258F9C479B1EA73586
SHA-512:	E3DE0447236F6EA24D173CCB46EA1A4A31B5FFBCE2A442CD542DA8C54DAD22391FD1CA301776C0FB07CBCF256FC708E61B7BBA682C02EEBE03BECCEA2B6D3BD0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/St_Vincent) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-UL9NV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	214
Entropy (8bit):	4.74004515366486
Encrypted:	false
SSDEEP:
MD5:	89870B2001C2EE737755A692E7CA2F18
SHA1:	F67F6C22BF681C105068BEEB494A59B3809C5ED8
SHA-256:	38C3DD7DAF75DBF0179DBFC387CE7E64678232497AF0DACF35DC76050E9424F7
SHA-512:	EFA8A5A90BE6FAAA7C6F5F39CBBBA3C7D44C7943E1BB1B0F7E966FEE4F00F0E4BF1D999A377D4E5230271B120B059EB020BD93E7DA46CF1FFA54AB13D7EC3FFE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Cordoba)]} {. LoadTimeZoneFile America/Argentina/Cordoba.}.set TZData(:America/Cordoba) $TZData(:America/Argentina/Cordoba).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-UPIU5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8404
Entropy (8bit):	3.88589736733708
Encrypted:	false
SSDEEP:
MD5:	F5E89780553D3D30A32CF65746CA9A69
SHA1:	43D8B6E3C5D719599A680E1E6D4FF913D2700D7E
SHA-256:	5BDA4867EC7707E9D5E07AD3E558DA7C1E44EC1135E85A8F1809441A54B22BE5
SHA-512:	D1239FF5277055DD8787BF58ED14DBDC229FC46EDDF21E034CA77DEA439631974F44FCE63EF12483520ADB83AD235642AE480230544A7284A8BDAA5296486563
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Nome) {. {-9223372036854775808 46702 0 LMT}. {-3225223727 -39698 0 LMT}. {-2188947502 -39600 0 NST}. {-883573200 -39600 0 NST}. {-880196400 -36000 1 NWT}. {-769395600 -36000 1 NPT}. {-765374400 -39600 0 NST}. {-757342800 -39600 0 NST}. {-86878800 -39600 0 BST}. {-31496400 -39600 0 BST}. {-21466800 -36000 1 BDT}. {-5745600 -39600 0 BST}. {9982800 -36000 1 BDT}. {25704000 -39600 0 BST}. {41432400 -36000 1 BDT}. {57758400 -39600 0 BST}. {73486800 -36000 1 BDT}. {89208000 -39600 0 BST}. {104936400 -36000 1 BDT}. {120657600 -39600 0 BST}. {126709200 -36000 1 BDT}. {152107200 -39600 0 BST}. {162392400 -36000 1 BDT}. {183556800 -39600 0 BST}. {199285200 -36000 1 BDT}. {215611200 -39600 0 BST}. {230734800 -36000 1 BDT}. {247060800 -39600 0 BST}. {262789200 -36000 1 BDT}. {278510400 -39600 0 BST}. {294238800 -36000 1 BDT}. {309960000 -3

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-UQHGJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	228
Entropy (8bit):	4.655121947675421
Encrypted:	false
SSDEEP:
MD5:	CB79BE371FAB0B0A5EBEB1BA101AA8BA
SHA1:	6A24348AB24D6D55A8ABDEE1500ED03D5D1357F3
SHA-256:	6AABF28AC5A766828DD91F2EE2783F50E9C6C6307D8942FCD4DFAE21DB2F1855
SHA-512:	156E1E7046D7A0938FE4BF40BC586F0A7BEF1B0ED7B887665E9C6041980B511F079AA739B7BD42A89794CB9E82DB6629E81DD39D2F8161DFABDED539E272FB6E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Indiana/Indianapolis)]} {. LoadTimeZoneFile America/Indiana/Indianapolis.}.set TZData(:America/Indianapolis) $TZData(:America/Indiana/Indianapolis).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-V2A41.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3576
Entropy (8bit):	3.5316229197228632
Encrypted:	false
SSDEEP:
MD5:	1FFFED9AA83AA3CA9E7330AA27E8D188
SHA1:	9B45F2662C1F3F0799ED4221E843483674878F43
SHA-256:	FECDC08709D5852A07D8F5C7DD7DBDBCD3D864A0893248E3D3932A2F848EB4B2
SHA-512:	8F6D51F94A91168EE092972316E150C2B487808EA3506F77FD028F84436FE29AD5BAD50A8DB65BCFB524D5A12DC1C66C5C0BC9A7FC6AE8A0EAAED6F4BA5ADED7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Punta_Arenas) {. {-9223372036854775808 -17020 0 LMT}. {-2524504580 -16966 0 SMT}. {-1892661434 -18000 0 -05}. {-1688410800 -16966 0 SMT}. {-1619205434 -14400 0 -04}. {-1593806400 -16966 0 SMT}. {-1335986234 -18000 0 -05}. {-1335985200 -14400 1 -05}. {-1317585600 -18000 0 -05}. {-1304362800 -14400 1 -05}. {-1286049600 -18000 0 -05}. {-1272826800 -14400 1 -05}. {-1254513600 -18000 0 -05}. {-1241290800 -14400 1 -05}. {-1222977600 -18000 0 -05}. {-1209754800 -14400 1 -05}. {-1191355200 -18000 0 -05}. {-1178132400 -14400 0 -04}. {-870552000 -18000 0 -05}. {-865278000 -14400 0 -04}. {-718056000 -18000 0 -05}. {-713649600 -14400 0 -04}. {-36619200 -10800 1 -04}. {-23922000 -14400 0 -04}. {-3355200 -10800 1 -04}. {7527600 -14400 0 -04}. {24465600 -10800 1 -04}. {37767600 -14400 0 -04}. {55915200 -10800 1 -04}. {69217200 -14400 0 -04}. {87

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-V9KH1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	416
Entropy (8bit):	4.443696146912203
Encrypted:	false
SSDEEP:
MD5:	D47A1FBA5AD701E1CA168A356D0DA0A9
SHA1:	6738EA6B4F54CC76B9723917AA373034F6865AF1
SHA-256:	51F08C1671F07D21D69E2B7868AA5B9BDBFA6C31D57EB84EB5FF37A06002C5CD
SHA-512:	DB6AD81466500F22820941DF3369155BA03CFA42FA9D267984A28A6D15F88E1A71625E3DC578370B5F97727355EBB7C338482FA33A7701ADB85A160C09BAD232
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Costa_Rica) {. {-9223372036854775808 -20173 0 LMT}. {-2524501427 -20173 0 SJMT}. {-1545071027 -21600 0 CST}. {288770400 -18000 1 CDT}. {297234000 -21600 0 CST}. {320220000 -18000 1 CDT}. {328683600 -21600 0 CST}. {664264800 -18000 1 CDT}. {678344400 -21600 0 CST}. {695714400 -18000 1 CDT}. {700635600 -21600 0 CST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\America\is-VRQ4L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6807
Entropy (8bit):	3.761365047166545
Encrypted:	false
SSDEEP:
MD5:	C675DA8A44A9841C417C585C2661EF13
SHA1:	147DDE5DD00E520DA889AC9931088E6232CE6FEA
SHA-256:	82B9AAD03408A9DFC0B6361EC923FEAEF97DBB4B3129B772B902B9DAE345D63E
SHA-512:	00615A5EC0D08BABF009C3CAAF3D631B1F4E2E4324E91B0F29ADD7E61B51C80D5D495D20BD131A9370C3005B2E510C8A4E4869A5032D82BC33C875E909CDE086
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Mexico_City) {. {-9223372036854775808 -23796 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {-975261600 -18000 1 CDT}. {-963169200 -21600 0 CST}. {-917114400 -18000 1 CDT}. {-907354800 -21600 0 CST}. {-821901600 -18000 1 CWT}. {-810068400 -21600 0 CST}. {-627501600 -18000 1 CDT}. {-612990000 -21600 0 CST}. {828864000 -18000 1 CDT}. {846399600 -21600 0 CST}. {860313600 -18000 1 CDT}. {877849200 -21600 0 CST}. {891763200 -18000 1 CDT}. {909298800 -21600 0 CST}. {923212800 -18000 1 CDT}. {941353200 -21600 0 CST}. {954662400 -18000 1 CDT}. {972802800 -21600 0 CST}. {989136000 -18000 1 CDT}. {1001836800 -21600 0 CST}. {1014184800 -21600 0 CST}. {1018166400 -18000 1 CDT}. {1035702000 -21600 0 CST}. {1049616000

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Antarctica\is-01DOL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	312
Entropy (8bit):	4.290371654524798
Encrypted:	false
SSDEEP:
MD5:	780DA74192C8F569B1450AACE54A0558
SHA1:	F2650D6D21A4B4AC8D931383ED343CE916252319
SHA-256:	88A4DBB222E9FD2FFC26D9B5A8657FA6552DF6B3B6A14D951CE1168B5646E8F8
SHA-512:	7F1E9E5C0F8E2A9D8AC68E19AF3D48D2BEE9840812A219A759475E7D036EA18CB122C40DDB88977079C1831AEF7EFBCB519C691616631D490B3C04382EB993C0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Davis) {. {-9223372036854775808 0 0 -00}. {-409190400 25200 0 +07}. {-163062000 0 0 -00}. {-28857600 25200 0 +07}. {1255806000 18000 0 +05}. {1268251200 25200 0 +07}. {1319742000 18000 0 +05}. {1329854400 25200 0 +07}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Antarctica\is-3MLVT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	143
Entropy (8bit):	4.7487926695696006
Encrypted:	false
SSDEEP:
MD5:	AA415901BB9E53CF7FAEA47E546D9AED
SHA1:	CF12572D2C4D0ABF12B0450D366944E297744217
SHA-256:	F161CFAB3E40A0358FF0DEC2EB8ED9231D357FAC20710668B9CE31CDA68E8B96
SHA-512:	4F90E0EA7086EB729080E77A47C2E998F7AD3BCEA4997DAB06044BCDD2E2E1729A83C679EF2E1D78CD0255C37F24FCC6746518444CC4E96EBB2A0547312D8354
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Syowa) {. {-9223372036854775808 0 0 -00}. {-407808000 10800 0 +03}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Antarctica\is-6DQF0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2526
Entropy (8bit):	3.514598338545733
Encrypted:	false
SSDEEP:
MD5:	7738686109BCC8AF5271608FCD04EBFB
SHA1:	401217F0F69945ADA13F593681D8F13A368BCF94
SHA-256:	3EECDA7E4507A321A03171658187D2F50F7C6C46E8A1B0831E6B6B6AAFFAC4AC
SHA-512:	F7982BF9D82B2D7C2C1825AF1FF9178849BB699A50367872C11572E6F8A452619A63C9F97CEAF06FD5104075FBDE70936B8363B993F2571FD9A2B699A1D17521
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Palmer) {. {-9223372036854775808 0 0 -00}. {-157766400 -14400 0 -04}. {-152654400 -14400 0 -04}. {-132955200 -10800 1 -04}. {-121122000 -14400 0 -04}. {-101419200 -10800 1 -04}. {-86821200 -14400 0 -04}. {-71092800 -10800 1 -04}. {-54766800 -14400 0 -04}. {-39038400 -10800 1 -04}. {-23317200 -14400 0 -04}. {-7588800 -10800 0 -03}. {128142000 -7200 1 -03}. {136605600 -10800 0 -03}. {389070000 -14400 0 -04}. {403070400 -10800 1 -04}. {416372400 -14400 0 -04}. {434520000 -10800 1 -04}. {447822000 -14400 0 -04}. {466574400 -10800 1 -04}. {479271600 -14400 0 -04}. {498024000 -10800 1 -04}. {510721200 -14400 0 -04}. {529473600 -10800 1 -04}. {545194800 -14400 0 -04}. {560923200 -10800 1 -04}. {574225200 -14400 0 -04}. {592372800 -10800 1 -04}. {605674800 -14400 0 -04}. {624427200 -10800 1 -04}. {637124400 -14400 0 -04}. {653457600

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Antarctica\is-A1V3U.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2800
Entropy (8bit):	3.8632793034261463
Encrypted:	false
SSDEEP:
MD5:	A3E1A9DFB6D6F061E60739865E6E0D18
SHA1:	10C014CB444DEEF093854EE6A415DC17D7C2A4C5
SHA-256:	975026D38C4BF136769D31215F2908867EC37E568380F864983DD57FFADA4676
SHA-512:	9425CF1B717FBDFD4EA04AAC06CF5ACE365A4FCC911D85130B910D022ED4261F1FFF431CE63BA538871C7D3CA1EF65490A30BEE975884EB39FC1E5C2D88009D0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Macquarie) {. {-9223372036854775808 0 0 -00}. {-2214259200 36000 0 AEST}. {-1680508800 39600 1 AEDT}. {-1669892400 39600 0 AEDT}. {-1665392400 36000 0 AEST}. {-1601719200 0 0 -00}. {-94730400 36000 0 AEST}. {-71136000 39600 1 AEDT}. {-55411200 36000 0 AEST}. {-37267200 39600 1 AEDT}. {-25776000 36000 0 AEST}. {-5817600 39600 1 AEDT}. {5673600 36000 0 AEST}. {25632000 39600 1 AEDT}. {37728000 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {89136000 39600 1 AEDT}. {100022400 36000 0 AEST}. {120585600 39600 1 AEDT}. {131472000 36000 0 AEST}. {152035200 39600 1 AEDT}. {162921600 36000 0 AEST}. {183484800 39600 1 AEDT}. {194976000 36000 0 AEST}. {215539200 39600 1 AEDT}. {226425600 36000 0 AEST}. {246988800 39600 1 AEDT}. {257875200 36000 0 AEST}. {278438400 39600 1 AEDT}. {289324800 36000 0 AEST}. {309888000 39

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Antarctica\is-AVFDL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	316
Entropy (8bit):	4.338100448107153
Encrypted:	false
SSDEEP:
MD5:	4AD8AC155D466E47A6BF075508DC05ED
SHA1:	2C911F651B26C27C07756111B5291C63C6954D34
SHA-256:	282A352404B30C4336C0E09F3C5371393511C602B9E55648FB0251EACC9C715D
SHA-512:	4A7305653D700FF565C9747C8A4E69A79609EB4748F3FFAA60C5A8548BBFAEC541EB8EAF830FF9202508BEAFAC2A0895BC4A52473FA51EBC74FAD83FCD0EB8F5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Casey) {. {-9223372036854775808 0 0 -00}. {-31536000 28800 0 +08}. {1255802400 39600 0 +11}. {1267714800 28800 0 +08}. {1319738400 39600 0 +11}. {1329843600 28800 0 +08}. {1477065600 39600 0 +11}. {1520701200 28800 0 +08}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Antarctica\is-BVSA0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	206
Entropy (8bit):	4.716730745171491
Encrypted:	false
SSDEEP:
MD5:	83B53540FADB1A36903E2A619954BFFC
SHA1:	C9F520043A641104F43FB5422971B4D7A39A421C
SHA-256:	0E50BA70DE94E6BABC4847C15865867D0F821F6BDDDC0B9750CB6BF13EF5DF3B
SHA-512:	0AE7FE58EED7EAC03CBFFA2EA32CCBF726DBED0A3B1C20CF1D549CDA801CEB2B54F106787BD15B17DA3D9404E2D84936D50E4A2F63D1A72B0FEBCD8F8EA3195F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/DumontDUrville) {. {-9223372036854775808 0 0 -00}. {-725846400 36000 0 +10}. {-566992800 0 0 -00}. {-415497600 36000 0 +10}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Antarctica\is-CGF12.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	190
Entropy (8bit):	4.832254042797831
Encrypted:	false
SSDEEP:
MD5:	0048A7427AC7880B9F6413208B216BC9
SHA1:	CBB4A29316581CFC7868A779E97DB94F75870F41
SHA-256:	487D4845885643700B4FF043AC5EA59E2355FD38357809BE12679ECAFFA93030
SHA-512:	EC107FA59203B7BCB58253E2715380EF70DF5470030B83E1DEA8D1AC4E7D3FB2908E8C7009D8136212871EC3DA8B4C4194FF3290E5A41EEE8E7D07CABE80ECC0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Auckland)]} {. LoadTimeZoneFile Pacific/Auckland.}.set TZData(:Antarctica/McMurdo) $TZData(:Pacific/Auckland).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Antarctica\is-DJQLB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	144
Entropy (8bit):	4.773942010845718
Encrypted:	false
SSDEEP:
MD5:	A07C4769267AFA9501BE44BD406ADA34
SHA1:	86747047EFD1F47FEFC7DA44465EAB53F808C9FB
SHA-256:	92816E1C4FDE037D982596610A1F6E11D4E7FD408C3B1FAAB7BEC32B09911FE7
SHA-512:	051A327C898867228C8B1848162C2604BED8456B61533D4A40FBEB9A0069AE2EAF33F79803A0C6A80C6446C34F757A751F4ABC5AC5CCED6C125E2A42D46A022A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Vostok) {. {-9223372036854775808 0 0 -00}. {-380073600 21600 0 +06}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Antarctica\is-P3HP3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	193
Entropy (8bit):	4.858829912809126
Encrypted:	false
SSDEEP:
MD5:	51AC23110E7EAB20319EE8EC82F048D2
SHA1:	7B4DE168A3078041841762F468AE65A2EE6C5322
SHA-256:	D33E094979B3CE495BEF7109D78F7B77D470AB848E4E2951851A7C57140354BF
SHA-512:	13E800DFFA3D65F94FAD6B529FC8A29A26F40F4F29DBF19283392733458AD3C6B27E479218A8C123424E965711B4746976E39EB9FD54CD0B57281134FEAC4F31
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Auckland)]} {. LoadTimeZoneFile Pacific/Auckland.}.set TZData(:Antarctica/South_Pole) $TZData(:Pacific/Auckland).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Antarctica\is-PSJK9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5174
Entropy (8bit):	3.411985404081831
Encrypted:	false
SSDEEP:
MD5:	CA4730C864AB3CC903F79BDF0F9E8777
SHA1:	7B3E9DDB36766F95F9C651CF244EDA9ED22BDDC5
SHA-256:	E437539A85E91AD95CD100F9628142FEBB455553C95415DB1147FD25948EBF59
SHA-512:	32EE0CCA0AB92D68D6C21A925E5367730A172C49DC5245A61DA1A39E08317569154C52EC695E3FB43BB40D066C4C0E9625C835A7F6E2EB5DDF0768D48DB99F3C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Troll) {. {-9223372036854775808 0 0 -00}. {1108166400 0 0 +00}. {1111885200 7200 1 +02}. {1130634000 0 0 +00}. {1143334800 7200 1 +02}. {1162083600 0 0 +00}. {1174784400 7200 1 +02}. {1193533200 0 0 +00}. {1206838800 7200 1 +02}. {1224982800 0 0 +00}. {1238288400 7200 1 +02}. {1256432400 0 0 +00}. {1269738000 7200 1 +02}. {1288486800 0 0 +00}. {1301187600 7200 1 +02}. {1319936400 0 0 +00}. {1332637200 7200 1 +02}. {1351386000 0 0 +00}. {1364691600 7200 1 +02}. {1382835600 0 0 +00}. {1396141200 7200 1 +02}. {1414285200 0 0 +00}. {1427590800 7200 1 +02}. {1445734800 0 0 +00}. {1459040400 7200 1 +02}. {1477789200 0 0 +00}. {1490490000 7200 1 +02}. {1509238800 0 0 +00}. {1521939600 7200 1 +02}. {1540688400 0 0 +00}. {1553994000 7200 1 +02}. {1572138000 0 0 +00}. {1585443600 7200 1 +02}. {1603587600 0 0 +00}. {1616893200

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Antarctica\is-T8NLU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.6965808819415695
Encrypted:	false
SSDEEP:
MD5:	A07C6FA0B635EC81C5199F2515888C9E
SHA1:	587AC900E285F6298A7287F10466DFA4683B9A87
SHA-256:	2D8F0218800F6E0BD645A7270BEAF60A517AE20CBFFD64CF77E3CE4F8F959348
SHA-512:	76A3590748F698E51BF29A1D3C119A253A8C07E9F77835CCDFC6AC51C554B5888351C95E6012CDADB106B42A384D49E56537FBF8DB9DC5BB791CB115FDB623FD
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Mawson) {. {-9223372036854775808 0 0 -00}. {-501206400 21600 0 +06}. {1255809600 18000 0 +05}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Antarctica\is-TGD3V.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	145
Entropy (8bit):	4.778784990010973
Encrypted:	false
SSDEEP:
MD5:	8CAED0DB4C911E84AF29910478D0DBD6
SHA1:	80DE97C9959D58C6BF782A948EED735AB4C423CC
SHA-256:	9415FA3A573B98A6EBCBFAEEC15B1C52352F2574161648BB977F55072414002F
SHA-512:	28F27F7EDDF30EB08F8B37ED13219501D14D2AEA4EFA07AFAD36A643BD448E1BD992463C12C47152C99772D755E6EA0198B51B806A05B57743635A9059676EC2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Rothera) {. {-9223372036854775808 0 0 -00}. {218246400 -10800 0 -03}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Arctic\is-AB42T.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	176
Entropy (8bit):	4.922114908130109
Encrypted:	false
SSDEEP:
MD5:	0F69284483D337DC8202970461A28386
SHA1:	0D4592B8EBE070119CB3308534FE9A07A758F309
SHA-256:	3A5DB7C2C71F95C495D0884001F82599E794118452E2748E95A7565523546A8E
SHA-512:	D9F2618B153BFE4888E893A62128BE0BD59DFAFC824DA629454D5D541A9789536AC029BF73B6E9749409C522F450D53A270D302B2CF084444EA64D9138D77DFE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Oslo)]} {. LoadTimeZoneFile Europe/Oslo.}.set TZData(:Arctic/Longyearbyen) $TZData(:Europe/Oslo).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-065T5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	362
Entropy (8bit):	4.404454529095857
Encrypted:	false
SSDEEP:
MD5:	B5FC8D431304F5C1ADF7D0B237DA5A52
SHA1:	79FC3057CD88E4DF71421AD52C34E0127FBD6FDA
SHA-256:	138912D754FBA8A1306063CCE897218972A4B0976EDDEC5C8E69A7965B0CD198
SHA-512:	27DC64B43958814E1A935D817CCFE7ADE8E6E6A778E27E391683FC491764EB77774A3D4A871C4E83BBA43FF8BA2383CBB8CC2D4F1FEB1AE063735C95651865E9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Kuala_Lumpur) {. {-9223372036854775808 24406 0 LMT}. {-2177477206 24925 0 SMT}. {-2038200925 25200 0 +07}. {-1167634800 26400 1 +0720}. {-1073028000 26400 0 +0720}. {-894180000 27000 0 +0730}. {-879665400 32400 0 +09}. {-767005200 27000 0 +0730}. {378664200 28800 0 +08}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-0J5OR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	181
Entropy (8bit):	4.8489855608543575
Encrypted:	false
SSDEEP:
MD5:	AF91CF42CFBA12F55AF3E6D26A71946D
SHA1:	673AC77D4E5B6ED7CE8AE67975372462F6AF870B
SHA-256:	D9BCAE393D4B9EE5F308FA0C26A7A6BCE716E77DB056E75A3B39B33A227760C8
SHA-512:	1FD61EA39FF08428486E07AF4404CEA67ACCCB600F11BA74B340A4F663EB8221BC7BF84AE677566F7DDEC0CB42F1946614CD11A9CD7824E0D6CAA804DF0EF514
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Makassar)]} {. LoadTimeZoneFile Asia/Makassar.}.set TZData(:Asia/Ujung_Pandang) $TZData(:Asia/Makassar).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-13T4H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	142
Entropy (8bit):	4.927936359970315
Encrypted:	false
SSDEEP:
MD5:	6CC252314EDA586C514C76E6981EEAEE
SHA1:	F58C9072FBBA31C735345162F629BB6CAAB9C871
SHA-256:	8D7409EBC94A817962C3512E07AFF32838B54B939068129C73EBBEEF8F858ED2
SHA-512:	40BC04B25F16247F9F6569A37D28EDCA1D7FB33586482A990A36B5B148BF7598CF5493D38C4D1CBDF664553302E4D6505D80EB7E7B5B9FB5141CB7F39B99A93D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Dubai) {. {-9223372036854775808 13272 0 LMT}. {-1577936472 14400 0 +04}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-18VPF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	168
Entropy (8bit):	4.82804794783422
Encrypted:	false
SSDEEP:
MD5:	6D6109F6EC1E12881C60EC44AAEB772B
SHA1:	B5531BEAC1C07DA57A901D0A48F4E1AC03F07467
SHA-256:	67BB9F159C752C744AC6AB26BBC0688CF4FA94C58C23B2B49B871CAA8774FC5D
SHA-512:	B0624B9F936E5C1392B7EBB3190D7E97EAE96647AB965BB9BE045D2C3082B1C7E48FF89A7B57FD3475D018574E7294D45B068C555A43AAEDFD65AC5C5C5D0A5B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Riyadh)]} {. LoadTimeZoneFile Asia/Riyadh.}.set TZData(:Asia/Kuwait) $TZData(:Asia/Riyadh).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-1PQ34.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2014
Entropy (8bit):	3.680306971172711
Encrypted:	false
SSDEEP:
MD5:	E0396BBBB3FDDD2B651D2DBB4EF90884
SHA1:	C1FFCDC6EB77B5F4CFAFA90EA8E1025DB142D5C5
SHA-256:	6A9B4EF8FBED758E8D1737C79D803F9DF4F5BF61F115064ED60DA2397B88FE19
SHA-512:	8FB6D19189142F11812B82F5803F4E5C85BF107689D317305D32EF71905DC9E0655DD2F2D4CE234B5872A6BF452670221F94EF1D48EF776C002AA5A484C2481B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Anadyr) {. {-9223372036854775808 42596 0 LMT}. {-1441194596 43200 0 +12}. {-1247572800 46800 0 +14}. {354884400 50400 1 +14}. {370692000 46800 0 +13}. {386420400 43200 0 +13}. {386424000 46800 1 +13}. {402231600 43200 0 +12}. {417960000 46800 1 +13}. {433767600 43200 0 +12}. {449582400 46800 1 +13}. {465314400 43200 0 +12}. {481039200 46800 1 +13}. {496764000 43200 0 +12}. {512488800 46800 1 +13}. {528213600 43200 0 +12}. {543938400 46800 1 +13}. {559663200 43200 0 +12}. {575388000 46800 1 +13}. {591112800 43200 0 +12}. {606837600 46800 1 +13}. {622562400 43200 0 +12}. {638287200 46800 1 +13}. {654616800 43200 0 +12}. {670341600 39600 0 +12}. {670345200 43200 1 +12}. {686070000 39600 0 +11}. {695746800 43200 0 +13}. {701791200 46800 1 +13}. {717516000 43200 0 +12}. {733240800 46800 1 +13}. {748965600 43200 0 +12}. {764690400 46

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-1RHB1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1606
Entropy (8bit):	3.6164715895962876
Encrypted:	false
SSDEEP:
MD5:	38914E248C13912E33187496C5AD9691
SHA1:	94C3711FC5EED22FE1929F2250208AC53DB175AC
SHA-256:	581AF958787971BE487B37C2D2534E58FFA085AFD0D9F0E12E0EEFF03F476E53
SHA-512:	8C7F21C8FCE2614181A998774E7038BAC483E502C3C31EDB0F4954E1424A0C16AD7DC5003E9533BB47CA2C06DD027E989BD696B2A74A23F686F74B8C9650BAE6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Oral) {. {-9223372036854775808 12324 0 LMT}. {-1441164324 10800 0 +03}. {-1247540400 18000 0 +05}. {354913200 21600 1 +06}. {370720800 21600 0 +06}. {386445600 18000 0 +05}. {386449200 21600 1 +05}. {402256800 18000 0 +05}. {417985200 21600 1 +05}. {433792800 18000 0 +05}. {449607600 21600 1 +05}. {465339600 18000 0 +05}. {481064400 21600 1 +05}. {496789200 18000 0 +05}. {512514000 21600 1 +05}. {528238800 18000 0 +05}. {543963600 21600 1 +05}. {559688400 18000 0 +05}. {575413200 21600 1 +05}. {591138000 18000 0 +05}. {606862800 14400 0 +04}. {606866400 18000 1 +04}. {622591200 14400 0 +04}. {638316000 18000 1 +04}. {654645600 14400 0 +04}. {670370400 18000 1 +04}. {686095200 14400 0 +04}. {701816400 14400 0 +04}. {701820000 18000 1 +04}. {717544800 14400 0 +04}. {733269600 18000 1 +04}. {748994400 14400 0 +04}. {764719200 1800

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-2B60G.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1991
Entropy (8bit):	3.617868789838068
Encrypted:	false
SSDEEP:
MD5:	589D58D0819C274BD76648B290E3B6A7
SHA1:	8EF67425A86E1663263C380B81C878EFEE107261
SHA-256:	F7CA7543A15D0EA7380552E9CA4506E1527D5A0C9081B21A6A6CAEAD51085293
SHA-512:	38A4264039866E82CC2CCAF52FF1AB3384A72AD9F2FF0060FC49B3D2C09CB072700F28F2CA3A0850B3E5BAB62F6AA6031ECAB2EAB09EB08833D8CD778B338BDD
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Vladivostok) {. {-9223372036854775808 31651 0 LMT}. {-1487321251 32400 0 +09}. {-1247562000 36000 0 +11}. {354895200 39600 1 +11}. {370702800 36000 0 +10}. {386431200 39600 1 +11}. {402238800 36000 0 +10}. {417967200 39600 1 +11}. {433774800 36000 0 +10}. {449589600 39600 1 +11}. {465321600 36000 0 +10}. {481046400 39600 1 +11}. {496771200 36000 0 +10}. {512496000 39600 1 +11}. {528220800 36000 0 +10}. {543945600 39600 1 +11}. {559670400 36000 0 +10}. {575395200 39600 1 +11}. {591120000 36000 0 +10}. {606844800 39600 1 +11}. {622569600 36000 0 +10}. {638294400 39600 1 +11}. {654624000 36000 0 +10}. {670348800 32400 0 +10}. {670352400 36000 1 +10}. {686077200 32400 0 +09}. {695754000 36000 0 +11}. {701798400 39600 1 +11}. {717523200 36000 0 +10}. {733248000 39600 1 +11}. {748972800 36000 0 +10}. {764697600 39600 1 +11}. {7804224

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-2FEDO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7950
Entropy (8bit):	3.6634483349947593
Encrypted:	false
SSDEEP:
MD5:	67602731E9D02418D0B1DCBCB9367870
SHA1:	13D896B6B8B553879D70BFBA6734AFDFE3A522A4
SHA-256:	9D89F879C6F47F05015C8B7D66639AAC8AF2D5A6F733CDA60CFF22EB0EB71221
SHA-512:	ECA8EB42144EF4097E606AC57795491248D02C331CE426E7C23D42490F873CD19924F1C2318E2FF1D18E275F3CAD60E9DFBB08B4B8334EA3FF1EE31452B9E167
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Hebron) {. {-9223372036854775808 8423 0 LMT}. {-2185410023 7200 0 EEST}. {-933645600 10800 1 EEST}. {-857358000 7200 0 EEST}. {-844300800 10800 1 EEST}. {-825822000 7200 0 EEST}. {-812685600 10800 1 EEST}. {-794199600 7200 0 EEST}. {-779853600 10800 1 EEST}. {-762656400 7200 0 EEST}. {-748310400 10800 1 EEST}. {-731127600 7200 0 EEST}. {-682653600 7200 0 EET}. {-399088800 10800 1 EEST}. {-386650800 7200 0 EET}. {-368330400 10800 1 EEST}. {-355114800 7200 0 EET}. {-336790800 10800 1 EEST}. {-323654400 7200 0 EET}. {-305168400 10800 1 EEST}. {-292032000 7200 0 EET}. {-273632400 10800 1 EEST}. {-260496000 7200 0 EET}. {-242096400 10800 1 EEST}. {-228960000 7200 0 EET}. {-210560400 10800 1 EEST}. {-197424000 7200 0 EET}. {-178938000 10800 1 EEST}. {-165801600 7200 0 EET}. {-147402000 10800 1 EEST}. {-134265600 7200 0 EET}. {-115866000

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-2IPMC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1987
Entropy (8bit):	3.684365782602096
Encrypted:	false
SSDEEP:
MD5:	F648B8CDF0F44BF2733AD480D91602C2
SHA1:	FCDB62F1D2781836AAAFF1C1B651E91A8E79A901
SHA-256:	C94B072DDB28C27AAA936D27D5A2F1400E47E8BBFCB3EF370BF2C7252E69FB98
SHA-512:	39E793B707C2EEF99BAE8E926A1C8CAF4A1989F71842C348A5819CC4BE3D6DC81D2781BF20CB95631EC532A345B7CD41BA88505B301CA7928E676F55252C6DDD
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Ust-Nera) {. {-9223372036854775808 34374 0 LMT}. {-1579426374 28800 0 +08}. {354898800 43200 0 +12}. {370699200 39600 0 +11}. {386427600 43200 1 +12}. {402235200 39600 0 +11}. {417963600 43200 1 +12}. {433771200 39600 0 +11}. {449586000 43200 1 +12}. {465318000 39600 0 +11}. {481042800 43200 1 +12}. {496767600 39600 0 +11}. {512492400 43200 1 +12}. {528217200 39600 0 +11}. {543942000 43200 1 +12}. {559666800 39600 0 +11}. {575391600 43200 1 +12}. {591116400 39600 0 +11}. {606841200 43200 1 +12}. {622566000 39600 0 +11}. {638290800 43200 1 +12}. {654620400 39600 0 +11}. {670345200 36000 0 +11}. {670348800 39600 1 +11}. {686073600 36000 0 +10}. {695750400 39600 0 +12}. {701794800 43200 1 +12}. {717519600 39600 0 +11}. {733244400 43200 1 +12}. {748969200 39600 0 +11}. {764694000 43200 1 +12}. {780418800 39600 0 +11}. {796143600 43

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-2JJQA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2014
Entropy (8bit):	3.6060921590827193
Encrypted:	false
SSDEEP:
MD5:	A3FB98DC18AC53AE13337F3CC1C4CE68
SHA1:	F0280D5598AEB6B6851A8C2831D4370E27121B5F
SHA-256:	D0A984F2EDB6A5A4E3C3CFA812550782F6B34AD0C79B1DD742712EBA14B7B9FB
SHA-512:	A33E2E0EA093BB758539A761B4CF82204699BC35950ACD329DA9205A141469930CAF179E4331DF505408C7C4F97480416DC16C7E93E53B12392509E5A093E562
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Chita) {. {-9223372036854775808 27232 0 LMT}. {-1579419232 28800 0 +08}. {-1247558400 32400 0 +10}. {354898800 36000 1 +10}. {370706400 32400 0 +09}. {386434800 36000 1 +10}. {402242400 32400 0 +09}. {417970800 36000 1 +10}. {433778400 32400 0 +09}. {449593200 36000 1 +10}. {465325200 32400 0 +09}. {481050000 36000 1 +10}. {496774800 32400 0 +09}. {512499600 36000 1 +10}. {528224400 32400 0 +09}. {543949200 36000 1 +10}. {559674000 32400 0 +09}. {575398800 36000 1 +10}. {591123600 32400 0 +09}. {606848400 36000 1 +10}. {622573200 32400 0 +09}. {638298000 36000 1 +10}. {654627600 32400 0 +09}. {670352400 28800 0 +09}. {670356000 32400 1 +09}. {686080800 28800 0 +08}. {695757600 32400 0 +10}. {701802000 36000 1 +10}. {717526800 32400 0 +09}. {733251600 36000 1 +10}. {748976400 32400 0 +09}. {764701200 36000 1 +10}. {780426000 324

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-34F7S.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	187
Entropy (8bit):	4.675919405724711
Encrypted:	false
SSDEEP:
MD5:	73C6A7BC088A3CD92CAC2F8B019994A0
SHA1:	74D5DCE1100F6C97DFCFAD5EFC310196F03ABED5
SHA-256:	8F075ACF5FF86E5CDE63E178F7FCB692C209B6023C80157A2ABF6826AE63C6C3
SHA-512:	4EAD916D2251CF3A9B336448B467282C251EE5D98299334F365711CCA8CAF9CA83600503A3346AEC9DFA9E9AF064BA6DEF570BABCC48AE5EB954DBF574A769B2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Ulaanbaatar)]} {. LoadTimeZoneFile Asia/Ulaanbaatar.}.set TZData(:Asia/Ulan_Bator) $TZData(:Asia/Ulaanbaatar).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-3ABCE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2150
Entropy (8bit):	3.923186571913929
Encrypted:	false
SSDEEP:
MD5:	BBA59A5886F48DCEC5CEFDB689D36880
SHA1:	8207DE6AB5F7EC6077506ED3AE2EEA3AB35C5FAE
SHA-256:	F66F0F161B55571CC52167427C050327D4DB98AD58C6589FF908603CD53447F0
SHA-512:	D071D97E6773FC22ABCCE3C8BE133E0FDA40C385234FEB23F69C84ABB9042E319D6891BD9CA65F2E0A048E6F374DB91E8880DCD9711A86B79A3A058517A3DBFA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Hong_Kong) {. {-9223372036854775808 27402 0 LMT}. {-2056693002 28800 0 HKT}. {-907389000 32400 1 HKST}. {-891667800 28800 0 HKT}. {-884246400 32400 0 JST}. {-766746000 28800 0 HKT}. {-747981000 32400 1 HKST}. {-728544600 28800 0 HKT}. {-717049800 32400 1 HKST}. {-694503000 28800 0 HKT}. {-683785800 32400 1 HKST}. {-668064600 28800 0 HKT}. {-654755400 32400 1 HKST}. {-636615000 28800 0 HKT}. {-623305800 32400 1 HKST}. {-605165400 28800 0 HKT}. {-591856200 32400 1 HKST}. {-573715800 28800 0 HKT}. {-559801800 32400 1 HKST}. {-542352600 28800 0 HKT}. {-528352200 32400 1 HKST}. {-510211800 28800 0 HKT}. {-498112200 32400 1 HKST}. {-478762200 28800 0 HKT}. {-466662600 32400 1 HKST}. {-446707800 28800 0 HKT}. {-435213000 32400 1 HKST}. {-415258200 28800 0 HKT}. {-403158600 32400 1 HKST}. {-383808600 28800 0 HKT}. {-371709000 32400 1 HKST}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-3F8RG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	324
Entropy (8bit):	4.554598325373998
Encrypted:	false
SSDEEP:
MD5:	FABB53074E1D767952C664BBA02E8975
SHA1:	36D2D438FEEBF585D7A0B546647C08B63A582EA1
SHA-256:	DAB02F68D5EEA0DAC6A2BBB7D12930E1B4DA62EBAEC7DE35C0AA55F72CCFF139
SHA-512:	E178779CE31F8D16DFEC5F71F228BCB05FDA1939B1BCE204C40B14904682283BDC99F27B662E3995EEEE607D0E8C70BE3CE3DF6EAD355399566CF360D5EC9E70
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Kolkata) {. {-9223372036854775808 21208 0 LMT}. {-3645237208 21200 0 HMT}. {-3155694800 19270 0 MMT}. {-2019705670 19800 0 IST}. {-891581400 23400 1 +0630}. {-872058600 19800 0 IST}. {-862637400 23400 1 +0630}. {-764145000 19800 0 IST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-3FQQF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	263
Entropy (8bit):	4.653238218910832
Encrypted:	false
SSDEEP:
MD5:	96754BB7D98975118E86B539D8F917B4
SHA1:	5D366D64E08F1E9869EA2E93B5C6C5C0C5E7E3BE
SHA-256:	10432381A63B2101A1218D357DA2075885F061F3A60BE00A32EED4DF868E5566
SHA-512:	58BFFF63D40CF899304D69468949B806F00F5F2F2BE47040D5704E8C463D7B502725846933749172AF94CCD0AA894E30AD3154CC953D917AC8040B00D331124E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Pyongyang) {. {-9223372036854775808 30180 0 LMT}. {-1948782180 30600 0 KST}. {-1830414600 32400 0 JST}. {-768646800 32400 0 KST}. {1439564400 30600 0 KST}. {1525446000 32400 0 KST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-419BJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8031
Entropy (8bit):	3.629699951300869
Encrypted:	false
SSDEEP:
MD5:	202E5950F6324878B0E6FD0056D2F186
SHA1:	A668D4DC3E73A292728CCE136EFFAC95D5952A81
SHA-256:	3BB43B71FF807AA3BF6A7F94680FB8BD586A1471218307A6A7A4CE73A5A3A55E
SHA-512:	5F9A7308E9C08267ECB8D502505EF9B32269D62FA490D6BC01F6927CB8D5B40CA17BB0CDFA3EE78D48C7686EAA7FD266666EB80E54125859F86CADFD7366DB6B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Damascus) {. {-9223372036854775808 8712 0 LMT}. {-1577931912 7200 0 EET}. {-1568592000 10800 1 EEST}. {-1554080400 7200 0 EET}. {-1537142400 10800 1 EEST}. {-1522630800 7200 0 EET}. {-1505692800 10800 1 EEST}. {-1491181200 7200 0 EET}. {-1474243200 10800 1 EEST}. {-1459126800 7200 0 EET}. {-242265600 10800 1 EEST}. {-228877200 7200 0 EET}. {-210556800 10800 1 EEST}. {-197427600 7200 0 EET}. {-178934400 10800 1 EEST}. {-165718800 7200 0 EET}. {-147398400 10800 1 EEST}. {-134269200 7200 0 EET}. {-116467200 10800 1 EEST}. {-102646800 7200 0 EET}. {-84326400 10800 1 EEST}. {-71110800 7200 0 EET}. {-52704000 10800 1 EEST}. {-39488400 7200 0 EET}. {-21168000 10800 1 EEST}. {-7952400 7200 0 EET}. {10368000 10800 1 EEST}. {23583600 7200 0 EET}. {41904000 10800 1 EEST}. {55119600 7200 0 EET}. {73526400 10800 1 EEST}. {86742000 7200 0 EET}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-437RN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7690
Entropy (8bit):	3.684387169764595
Encrypted:	false
SSDEEP:
MD5:	4C37DF27AB1E906CC624A62288847BA8
SHA1:	BE690D3958A4A6722ABDF047BF22ACEC8B6D6AFE
SHA-256:	F10DF7378FF71EDA45E8B1C007A280BBD4629972D12EAB0C6BA7623E98AAFA17
SHA-512:	B14F5FB330078A564796114FA6804EA12CE0AD6B2DF6D871FF6E7B416425B12FFD6B4E8511FCD55609FBCE95C8EDFF1E14B1C8C505F4B5B66F47EA52FD53F307
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Jerusalem) {. {-9223372036854775808 8454 0 LMT}. {-2840149254 8440 0 JMT}. {-1641003640 7200 0 IST}. {-933645600 10800 1 IDT}. {-857358000 7200 0 IST}. {-844300800 10800 1 IDT}. {-825822000 7200 0 IST}. {-812685600 10800 1 IDT}. {-794199600 7200 0 IST}. {-779853600 10800 1 IDT}. {-762656400 7200 0 IST}. {-748310400 10800 1 IDT}. {-731127600 7200 0 IST}. {-681962400 14400 1 IDDT}. {-673243200 10800 1 IDT}. {-667962000 7200 0 IST}. {-652327200 10800 1 IDT}. {-636426000 7200 0 IST}. {-622087200 10800 1 IDT}. {-608947200 7200 0 IST}. {-591847200 10800 1 IDT}. {-572486400 7200 0 IST}. {-558576000 10800 1 IDT}. {-542851200 7200 0 IST}. {-527731200 10800 1 IDT}. {-514425600 7200 0 IST}. {-490845600 10800 1 IDT}. {-482986800 7200 0 IST}. {-459475200 10800 1 IDT}. {-451537200 7200 0 IST}. {-428551200 10800 1 IDT}. {-418262400 7200 0 IST}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-4649B.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2043
Entropy (8bit):	3.6031458640952554
Encrypted:	false
SSDEEP:
MD5:	436E5AA70DD662E337E0144558EA277B
SHA1:	E268AAD83CE3CC32CB23647E961509EBB4C8AA2C
SHA-256:	9917B2A1BFAAD1378B90879C92F157BD7912A4072BE21A2A4CB366A38F310D3B
SHA-512:	C714CFBB58170E2291A78AD4F725613049BC9D52DB9F8685803E8F7E181D7E0C2AAF7E603D29243D2E5F4F1D8A3B0272559E7CBCB51736A8115A44E6D56FA7CC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Tomsk) {. {-9223372036854775808 20391 0 LMT}. {-1578807591 21600 0 +06}. {-1247551200 25200 0 +08}. {354906000 28800 1 +08}. {370713600 25200 0 +07}. {386442000 28800 1 +08}. {402249600 25200 0 +07}. {417978000 28800 1 +08}. {433785600 25200 0 +07}. {449600400 28800 1 +08}. {465332400 25200 0 +07}. {481057200 28800 1 +08}. {496782000 25200 0 +07}. {512506800 28800 1 +08}. {528231600 25200 0 +07}. {543956400 28800 1 +08}. {559681200 25200 0 +07}. {575406000 28800 1 +08}. {591130800 25200 0 +07}. {606855600 28800 1 +08}. {622580400 25200 0 +07}. {638305200 28800 1 +08}. {654634800 25200 0 +07}. {670359600 21600 0 +07}. {670363200 25200 1 +07}. {686088000 21600 0 +06}. {695764800 25200 0 +08}. {701809200 28800 1 +08}. {717534000 25200 0 +07}. {733258800 28800 1 +08}. {748983600 25200 0 +07}. {764708400 28800 1 +08}. {780433200 252

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-4PSEE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	848
Entropy (8bit):	3.8621003155318263
Encrypted:	false
SSDEEP:
MD5:	6E54D9946AC13DD77FDB8EA9C4FBD989
SHA1:	EF0A4BFD84EC369CB9581D830F20193D73187C0B
SHA-256:	28A76A0EAF55EEC9FE7BEFF3785FDEF8C3D93AAAA2E15EE37D861E73418AC9E4
SHA-512:	15522A5B85DCD54DC0143A38799A870268D74C8A26FED44D50A55C536D3738905597AE4F3F2AB767DE73A7EDBAE8FBF467A6014E2001FA03924C3F39E0361F27
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Samarkand) {. {-9223372036854775808 16073 0 LMT}. {-1441168073 14400 0 +04}. {-1247544000 18000 0 +05}. {354913200 21600 1 +06}. {370720800 21600 0 +06}. {386445600 18000 0 +05}. {386449200 21600 1 +05}. {402256800 18000 0 +05}. {417985200 21600 1 +05}. {433792800 18000 0 +05}. {449607600 21600 1 +05}. {465339600 18000 0 +05}. {481064400 21600 1 +05}. {496789200 18000 0 +05}. {512514000 21600 1 +05}. {528238800 18000 0 +05}. {543963600 21600 1 +05}. {559688400 18000 0 +05}. {575413200 21600 1 +05}. {591138000 18000 0 +05}. {606862800 21600 1 +05}. {622587600 18000 0 +05}. {638312400 21600 1 +05}. {654642000 18000 0 +05}. {670366800 21600 1 +05}. {686091600 18000 0 +05}. {694206000 18000 0 +05}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-52V4L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	847
Entropy (8bit):	3.8433853520749905
Encrypted:	false
SSDEEP:
MD5:	24587E02A79D02973DE32E4CDACBE84C
SHA1:	41B8CA1CAE10A9340359317EC8DD16C8637C0F1A
SHA-256:	46C2D8E86BACFDB8280862AD9E28F7A0867740726EF21D08138C9F9A900CC1E9
SHA-512:	07C939DCD5AB0DA3D3667D0D56421C6B40598C6DAB9641664E0ABB2CE4CC4562B10853C88DB51FBA5D1ED733E86193E88CE8984130FFF83955BD9335A59CF031
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Tashkent) {. {-9223372036854775808 16631 0 LMT}. {-1441168631 18000 0 +05}. {-1247547600 21600 0 +06}. {354909600 25200 1 +06}. {370717200 21600 0 +06}. {386445600 25200 1 +06}. {402253200 21600 0 +06}. {417981600 25200 1 +06}. {433789200 21600 0 +06}. {449604000 25200 1 +06}. {465336000 21600 0 +06}. {481060800 25200 1 +06}. {496785600 21600 0 +06}. {512510400 25200 1 +06}. {528235200 21600 0 +06}. {543960000 25200 1 +06}. {559684800 21600 0 +06}. {575409600 25200 1 +06}. {591134400 21600 0 +06}. {606859200 25200 1 +06}. {622584000 21600 0 +06}. {638308800 25200 1 +06}. {654638400 21600 0 +06}. {670363200 18000 0 +05}. {670366800 21600 1 +05}. {686091600 18000 0 +05}. {694206000 18000 0 +05}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-5T83I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1611
Entropy (8bit):	3.653654369590701
Encrypted:	false
SSDEEP:
MD5:	1A3A4825B73F11024FD21F94AE85F9D2
SHA1:	E63443CC267B43EFEFFD1E3161293217526E7DC8
SHA-256:	D8205F34BB8B618E2F8B4EB6E613BE1B5CFBBF3B6CBFAFE868644E1A1648C164
SHA-512:	5C766BD6FB6195BEBD7CDF703B7E0A67FBB2BCF98052866AE9ACDC5B90469421508F52C60F22542BBA6ED8CC59B4889F20DB131B183918592139B6D135BC57A2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Bishkek) {. {-9223372036854775808 17904 0 LMT}. {-1441169904 18000 0 +05}. {-1247547600 21600 0 +06}. {354909600 25200 1 +06}. {370717200 21600 0 +06}. {386445600 25200 1 +06}. {402253200 21600 0 +06}. {417981600 25200 1 +06}. {433789200 21600 0 +06}. {449604000 25200 1 +06}. {465336000 21600 0 +06}. {481060800 25200 1 +06}. {496785600 21600 0 +06}. {512510400 25200 1 +06}. {528235200 21600 0 +06}. {543960000 25200 1 +06}. {559684800 21600 0 +06}. {575409600 25200 1 +06}. {591134400 21600 0 +06}. {606859200 25200 1 +06}. {622584000 21600 0 +06}. {638308800 25200 1 +06}. {654638400 21600 0 +06}. {670363200 18000 0 +05}. {670366800 21600 1 +05}. {683586000 18000 0 +05}. {703018800 21600 1 +05}. {717530400 18000 0 +05}. {734468400 21600 1 +05}. {748980000 18000 0 +05}. {765918000 21600 1 +05}. {780429600 18000 0 +05}. {797367600 2

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-6P12H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	887
Entropy (8bit):	4.102844989906348
Encrypted:	false
SSDEEP:
MD5:	D3D88F264E5E44BAA890C19A4C87A24D
SHA1:	BA2E3F8D69D1092CE925D40FE31BEABA0DC22905
SHA-256:	90B585115252C37625B6BCDE14708AAE003E2D6F3408D8A9034ABB6FFFD66490
SHA-512:	14485EEC4C77DA6D7DD813A84F3F5B0DE17AE06C23FBCDB20727376C62D675ED675893B8B9A4DAAA00C21B7550F83593780CA538DB05B4ADDD4604FBCD3B0E51
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Shanghai) {. {-9223372036854775808 29143 0 LMT}. {-2177481943 28800 0 CST}. {-933667200 32400 1 CDT}. {-922093200 28800 0 CST}. {-908870400 32400 1 CDT}. {-888829200 28800 0 CST}. {-881049600 32400 1 CDT}. {-767869200 28800 0 CST}. {-745833600 32400 1 CDT}. {-733827600 28800 0 CST}. {-716889600 32400 1 CDT}. {-699613200 28800 0 CST}. {-683884800 32400 1 CDT}. {-670669200 28800 0 CST}. {-652348800 32400 1 CDT}. {-650016000 28800 0 CST}. {515527200 32400 1 CDT}. {527014800 28800 0 CST}. {545162400 32400 1 CDT}. {558464400 28800 0 CST}. {577216800 32400 1 CDT}. {589914000 28800 0 CST}. {608666400 32400 1 CDT}. {621968400 28800 0 CST}. {640116000 32400 1 CDT}. {653418000 28800 0 CST}. {671565600 32400 1 CDT}. {684867600 28800 0 CST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-6QPP8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	406
Entropy (8bit):	4.4205762929520755
Encrypted:	false
SSDEEP:
MD5:	3A833BF91AFE7FABBA98D11F29D84EAA
SHA1:	1622BEF54A12DE163B77309A0B7AF1C38AA6324B
SHA-256:	665E07B7A01E8A9D04B76B74B2EA0D11BDFC0BE6CA855DFDDBB5F9A6C9A97E90
SHA-512:	DFABB558CE2A8B96A976DD3B45B78CECE3633D51EE67F24E5AD59C7CF388538C5560EC133C60C3F0AFE8C68D88B1C05A12608A0408ACECBEEC38A84E3DC972FC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Manila) {. {-9223372036854775808 -57360 0 LMT}. {-3944621040 29040 0 LMT}. {-2229321840 28800 0 PST}. {-1046678400 32400 1 PDT}. {-1038733200 28800 0 PST}. {-873273600 32400 0 JST}. {-794221200 28800 0 PST}. {-496224000 32400 1 PDT}. {-489315600 28800 0 PST}. {259344000 32400 1 PDT}. {275151600 28800 0 PST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-7D2DE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	177
Entropy (8bit):	4.750782589043179
Encrypted:	false
SSDEEP:
MD5:	73E1F618FB430C503A1499E3A0298C97
SHA1:	29F31A7C9992F9D9B3447FCBC878F1AF8E4BD57F
SHA-256:	5917FC603270C0470D2EC416E6C85E999A52B6A384A2E1C5CFC41B29ABCA963A
SHA-512:	FAE39F158A4F47B4C37277A1DC77B8524DD4287EBAD5D8E6CBB906184E6DA275A308B55051114F4CD4908B449AE3C8FD48384271E3F7106801AD765E5958B4DD
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Ashgabat)]} {. LoadTimeZoneFile Asia/Ashgabat.}.set TZData(:Asia/Ashkhabad) $TZData(:Asia/Ashgabat).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-7MAJP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1984
Entropy (8bit):	3.5988580260925795
Encrypted:	false
SSDEEP:
MD5:	54E1F8C11C9CF4BF1DBCABF4AF31B7D4
SHA1:	3C428E50A02941B19AF2A2F1EA02763AA2C1A846
SHA-256:	5B9E95C813A184C969CC9808E136AD66C1231A55E66D4EE817BD2E85751C4EE9
SHA-512:	83DBFCC089AC902609FFFCA8E675430B9BF1EA452626E83173F83317884B6AC2620CE8AA96488ACF13445D9D1D4776EB908232BD8205B8F4F9B034A68864C9A9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Omsk) {. {-9223372036854775808 17610 0 LMT}. {-1582088010 18000 0 +05}. {-1247547600 21600 0 +07}. {354909600 25200 1 +07}. {370717200 21600 0 +06}. {386445600 25200 1 +07}. {402253200 21600 0 +06}. {417981600 25200 1 +07}. {433789200 21600 0 +06}. {449604000 25200 1 +07}. {465336000 21600 0 +06}. {481060800 25200 1 +07}. {496785600 21600 0 +06}. {512510400 25200 1 +07}. {528235200 21600 0 +06}. {543960000 25200 1 +07}. {559684800 21600 0 +06}. {575409600 25200 1 +07}. {591134400 21600 0 +06}. {606859200 25200 1 +07}. {622584000 21600 0 +06}. {638308800 25200 1 +07}. {654638400 21600 0 +06}. {670363200 18000 0 +06}. {670366800 21600 1 +06}. {686091600 18000 0 +05}. {695768400 21600 0 +07}. {701812800 25200 1 +07}. {717537600 21600 0 +06}. {733262400 25200 1 +07}. {748987200 21600 0 +06}. {764712000 25200 1 +07}. {780436800 2160

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-7VSR5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	359
Entropy (8bit):	4.370799489849578
Encrypted:	false
SSDEEP:
MD5:	DFABB80419B69BE34B2FCD475CFDFE22
SHA1:	2CF4F330E00397020328BCE28449B9F63E17067D
SHA-256:	B251FBDB0DB4ACBB3855063C32681A5F32E609FA3AA0DDC43225D056D07CB2D3
SHA-512:	EB362B7D0C5A4F1C605A8F2533A5CCAFCFA1F4D3B0F48C417CEA8C492834FE36822A75C726659786CBD4D5A544376D806E6BA8E952607997FBDDAF84E343B353
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Singapore) {. {-9223372036854775808 24925 0 LMT}. {-2177477725 24925 0 SMT}. {-2038200925 25200 0 +07}. {-1167634800 26400 1 +0720}. {-1073028000 26400 0 +0720}. {-894180000 27000 0 +0730}. {-879665400 32400 0 +09}. {-767005200 27000 0 +0730}. {378664200 28800 0 +08}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-86I9F.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	374
Entropy (8bit):	4.405484223376936
Encrypted:	false
SSDEEP:
MD5:	4549B66A26A96C10DB196B8957BB6127
SHA1:	B2B96699AE70CA47F2B180B9AEF8FB9864AE98A1
SHA-256:	EC533BBE242CE6A521BAED1D37E0DD0247A37FE8D36D25205520B93CF51E4595
SHA-512:	A6C147DF80BB6D41877AD99673C49FF6AD5C1C03B587D71A70C8F7BD8D321817D9E99BFAE11F7F7C27C1A7563C9A101B6C3E65D962B3524C95113A807720ED4E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Tokyo) {. {-9223372036854775808 33539 0 LMT}. {-2587712400 32400 0 JST}. {-683802000 36000 1 JDT}. {-672310800 32400 0 JST}. {-654771600 36000 1 JDT}. {-640861200 32400 0 JST}. {-620298000 36000 1 JDT}. {-609411600 32400 0 JST}. {-588848400 36000 1 JDT}. {-577962000 32400 0 JST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-89O88.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	143
Entropy (8bit):	4.962709386113539
Encrypted:	false
SSDEEP:
MD5:	6E79B04FC6FE96C90277593719BECD36
SHA1:	81798A9F349A7DEAF9218A21B8C2D8A3E641E9B7
SHA-256:	A73686D7BF4EE44DC7BBD1CAAF2D212D7D12478F1521BF5A628EDBEA79B99725
SHA-512:	F6781EDA72F4B62FE128332AC2B6BDDFFF6E94DF79914C467C2A30BBE05ABE005B23C0F8A5682095FA874CB3787BD499DBBA8F1644515B6914180A68C9AB6066
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Urumqi) {. {-9223372036854775808 21020 0 LMT}. {-1325483420 21600 0 +06}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-8H921.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7341
Entropy (8bit):	3.6266031318601386
Encrypted:	false
SSDEEP:
MD5:	997FF37AE5C6E2E13664100C2FBF8E19
SHA1:	BF59628212564E50BCC5247C534658C8B7CFF0EE
SHA-256:	639F26A411E298948A4FAC560E218ED7079722FB4E4AAF8CE0688A3BE24868AE
SHA-512:	41FEF2026A3062ECA62729A555D10F9ABA777CCBE4E907489B74FC91C645E6010ECFABD2ACB4ED652ADF97E0A69935CB2FADA6732744ED3ADA95DD2EB3C08655
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Famagusta) {. {-9223372036854775808 8148 0 LMT}. {-1518920148 7200 0 EET}. {166572000 10800 1 EEST}. {182293200 7200 0 EET}. {200959200 10800 1 EEST}. {213829200 7200 0 EET}. {228866400 10800 1 EEST}. {243982800 7200 0 EET}. {260316000 10800 1 EEST}. {276123600 7200 0 EET}. {291765600 10800 1 EEST}. {307486800 7200 0 EET}. {323820000 10800 1 EEST}. {338936400 7200 0 EET}. {354664800 10800 1 EEST}. {370386000 7200 0 EET}. {386114400 10800 1 EEST}. {401835600 7200 0 EET}. {417564000 10800 1 EEST}. {433285200 7200 0 EET}. {449013600 10800 1 EEST}. {465339600 7200 0 EET}. {481068000 10800 1 EEST}. {496789200 7200 0 EET}. {512517600 10800 1 EEST}. {528238800 7200 0 EET}. {543967200 10800 1 EEST}. {559688400 7200 0 EET}. {575416800 10800 1 EEST}. {591138000 7200 0 EET}. {606866400 10800 1 EEST}. {622587600 7200 0 EET}. {638316000 108

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-8U47S.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.721946029615065
Encrypted:	false
SSDEEP:
MD5:	A967F010A398CD98871E1FF97F3E48AC
SHA1:	6C8C0AF614D6789CD1F9B6243D26FAC1F9B767EF
SHA-256:	B07250CD907CA11FE1C94F1DCCC999CECF8E9969F74442A9FCC00FC48EDE468B
SHA-512:	67E3207C8A63A5D8A1B7ED1A62D57639D695F9CD83126EB58A70EF076B816EC5C4FDBD23F1F32A4BB6F0F9131D30AF16B56CD92B1C42C240FD886C81BA8940DA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Kolkata)]} {. LoadTimeZoneFile Asia/Kolkata.}.set TZData(:Asia/Calcutta) $TZData(:Asia/Kolkata).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-8VTKP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	381
Entropy (8bit):	4.352557338100764
Encrypted:	false
SSDEEP:
MD5:	41EF18FF071B8541A5CA830C131B22D3
SHA1:	65E502FD93FE025FD7B358B2953335F4B41BBC68
SHA-256:	95525205BC65B8DB626EF5257F6C3A93A4902AB6415C080EE67399B41D9AD7AA
SHA-512:	3889199D84CE456CC7231B0A81CCA7F4C976ED13015869BF486078075F24687C588F9FB52E09744ED4763CA71CC869048C588CDD42C2EA195A9B04EB9C18A123
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Ho_Chi_Minh) {. {-9223372036854775808 25600 0 LMT}. {-2004073600 25590 0 PLMT}. {-1851577590 25200 0 +07}. {-852105600 28800 0 +08}. {-782643600 32400 0 +09}. {-767869200 25200 0 +07}. {-718095600 28800 0 +08}. {-457776000 25200 0 +07}. {-315648000 28800 0 +08}. {171820800 25200 0 +07}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-996RK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	351
Entropy (8bit):	4.345019966462698
Encrypted:	false
SSDEEP:
MD5:	F5A6B4C90D50208EF512A728A2A03BB6
SHA1:	C9D3C712EDABDFCD1629E72AF363CEB2A0E2334E
SHA-256:	42BF62F13C2F808BEFD2601D668AFE5D49EA417FC1AC5391631C20ED7225FF46
SHA-512:	64D413D9299436877F287943FF454EB2AFD415D87DE13AACA50E7BD123828D16CFABD679677F36C891024AB53C62695559DAABDECCC127A669C3ECA0F155453B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Dhaka) {. {-9223372036854775808 21700 0 LMT}. {-2524543300 21200 0 HMT}. {-891582800 23400 0 +0630}. {-872058600 19800 0 +0530}. {-862637400 23400 0 +0630}. {-576138600 21600 0 +06}. {1230746400 21600 0 +06}. {1245430800 25200 1 +06}. {1262278800 21600 0 +06}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-9R9N8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	205
Entropy (8bit):	4.7830039894710366
Encrypted:	false
SSDEEP:
MD5:	3C073BD9DFD2C4F9BC95C8A94652FF5D
SHA1:	F4084CDFC025B3A21092DE18DD8ECAFCA5F0EBBB
SHA-256:	82FC06E73477EBB50C894244C91E613BF3551053359798F42F2F2C913730A470
SHA-512:	7E79E4425A0D855AAE8DCF5C7196AABE8E75D92CD9B65C61B82B31B29395D4A5F2D8B1E90454037753D03A1BDDE44E8F15D7E999E65C49BE8E8F8A2B2C4EECD0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Jayapura) {. {-9223372036854775808 33768 0 LMT}. {-1172913768 32400 0 +09}. {-799491600 34200 0 +0930}. {-189423000 32400 0 WIT}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-9SHIM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1608
Entropy (8bit):	3.6351436957032477
Encrypted:	false
SSDEEP:
MD5:	F2A86E76222B06103F6C1E8F89EB453E
SHA1:	D73938EBCA8C1340A7C86E865492EE581DFFC393
SHA-256:	211AB2318746486C356091EC2D3508D6FB79B9EBC78FC843BF2ADC96A38C4217
SHA-512:	B5F4F8FF11FA6D113B23F60D64E1737C7FABDDEBF12C37138F0FA05254E6C1643A2D3CA6C322943F4E877CE2E3736CF0F0741DD390C79E7EE94D56361B14BF45
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Atyrau) {. {-9223372036854775808 12464 0 LMT}. {-1441164464 10800 0 +03}. {-1247540400 18000 0 +05}. {370724400 21600 0 +06}. {386445600 18000 0 +05}. {386449200 21600 1 +05}. {402256800 18000 0 +05}. {417985200 21600 1 +05}. {433792800 18000 0 +05}. {449607600 21600 1 +05}. {465339600 18000 0 +05}. {481064400 21600 1 +05}. {496789200 18000 0 +05}. {512514000 21600 1 +05}. {528238800 18000 0 +05}. {543963600 21600 1 +05}. {559688400 18000 0 +05}. {575413200 21600 1 +05}. {591138000 18000 0 +05}. {606862800 21600 1 +05}. {622587600 18000 0 +05}. {638312400 21600 1 +05}. {654642000 18000 0 +05}. {670366800 14400 0 +04}. {670370400 18000 1 +04}. {686095200 14400 0 +04}. {695772000 18000 0 +05}. {701816400 21600 1 +05}. {717541200 18000 0 +05}. {733266000 21600 1 +05}. {748990800 18000 0 +05}. {764715600 21600 1 +05}. {780440400 18

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-A85AA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	356
Entropy (8bit):	4.428640713376822
Encrypted:	false
SSDEEP:
MD5:	81C643629BB417E38A5514BBEFEF55C8
SHA1:	7D91E7F00A1A0B795EF3FDD1B3DD052EA2F6122C
SHA-256:	998DFACE4BEE8A925E88D779D6C9FB9F9010BDB68010A9CCBC0B97BB5C49D452
SHA-512:	1291521B74984EC03557C4DC492DB4DD1312626F61612C1F143BA482E2C32CD331647D86507D3B3721D148B2ED3CED6678123BD801DAA6B4F2D9A0C07B90575F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Pontianak) {. {-9223372036854775808 26240 0 LMT}. {-1946186240 26240 0 PMT}. {-1172906240 27000 0 +0730}. {-881220600 32400 0 +09}. {-766054800 27000 0 +0730}. {-683883000 28800 0 +08}. {-620812800 27000 0 +0730}. {-189415800 28800 0 WITA}. {567964800 25200 0 WIB}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-ADFOA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.804360783547797
Encrypted:	false
SSDEEP:
MD5:	9A8CCA0B4337CB6FA15BF1A4F01F6C22
SHA1:	A4C72FC1EF6EEBDBB5C8C698BCB298DFB5061726
SHA-256:	4F266D90C413FA44DFCA5BE13E45C00428C694AC662CB06F2451CC3FF08E080F
SHA-512:	E8074AA0D8B15EE33D279C97A01FF69451A99C7711FFD66B3E9B6B6B021DE957A63F6B747C7A63E3F3C1241E0A2687D81E780D6B54228EE6B7EB9040D7F06A60
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Kabul) {. {-9223372036854775808 16608 0 LMT}. {-2524538208 14400 0 +04}. {-788932800 16200 0 +0430}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-B55D4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1528
Entropy (8bit):	3.661748285763298
Encrypted:	false
SSDEEP:
MD5:	6CF9D198D7CC1F0E16DDFE91A6B4A1A5
SHA1:	D1DEE309E479271CDC3A306272CF4D94367EC68A
SHA-256:	7E189D7937E5B41CD94AB5208E40C645BE678F2A4F4B02EE1305595E5296E3D0
SHA-512:	56488F1DD1C694457FC7F8B13550B3D2B3BC737241E311783135115E2BD585FDD083A5146488A121BC02CC1F05EF40C05A88EED1AF391FB9E4653C1F25CC4AF7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Hovd) {. {-9223372036854775808 21996 0 LMT}. {-2032927596 21600 0 +06}. {252439200 25200 0 +07}. {417978000 28800 1 +07}. {433785600 25200 0 +07}. {449600400 28800 1 +07}. {465321600 25200 0 +07}. {481050000 28800 1 +07}. {496771200 25200 0 +07}. {512499600 28800 1 +07}. {528220800 25200 0 +07}. {543949200 28800 1 +07}. {559670400 25200 0 +07}. {575398800 28800 1 +07}. {591120000 25200 0 +07}. {606848400 28800 1 +07}. {622569600 25200 0 +07}. {638298000 28800 1 +07}. {654624000 25200 0 +07}. {670352400 28800 1 +07}. {686073600 25200 0 +07}. {701802000 28800 1 +07}. {717523200 25200 0 +07}. {733251600 28800 1 +07}. {748972800 25200 0 +07}. {764701200 28800 1 +07}. {780422400 25200 0 +07}. {796150800 28800 1 +07}. {811872000 25200 0 +07}. {828205200 28800 1 +07}. {843926400 25200 0 +07}. {859654800 28800 1 +07}. {875376000 25200

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-BA84I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	235
Entropy (8bit):	4.635396864572362
Encrypted:	false
SSDEEP:
MD5:	12B1D08ED6DFAB647D8F1D1371D771F6
SHA1:	2AC1CE6E85533D6B99A8E9725F43A867833B956E
SHA-256:	DCC9323EF236D2E3B6DAA296EB14B9208754FCD449D2351067201BCEC15381A2
SHA-512:	C563B6A3F1B21B5FFD0F092CAF6344D5A6D74F5AC03DA44DCA6FB1B4BC0D321C6E0E8F315248D41C0D1D0FFD35F8DE31D96FBD4AE1CFE15DA52E40EE3FF7F8E3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Yangon) {. {-9223372036854775808 23087 0 LMT}. {-2840163887 23087 0 RMT}. {-1577946287 23400 0 +0630}. {-873268200 32400 0 +09}. {-778410000 23400 0 +0630}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-C3UJ4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	234
Entropy (8bit):	4.682322181661182
Encrypted:	false
SSDEEP:
MD5:	87D843314195847B6E4117119A1F701C
SHA1:	E51DC3A0BF20B09D8745AC682B4869A031A0A515
SHA-256:	22046165D40C8A553FE22A28E127514DF469E79581E0746101816A973456029D
SHA-512:	D241803442876A59170C1A90ACC66DEAF169CBF9B8CD7DE964BEF02D222B1D07511E241D441C3DA6AE7A7D1AAC1F4EDB5A21655C2923A3807BBFA8630071BCE9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Makassar) {. {-9223372036854775808 28656 0 LMT}. {-1577951856 28656 0 MMT}. {-1172908656 28800 0 +08}. {-880272000 32400 0 +09}. {-766054800 28800 0 WITA}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-CN3F7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1992
Entropy (8bit):	3.626746433557725
Encrypted:	false
SSDEEP:
MD5:	11B80F2A9B7B090DD146BD97E9DB7D43
SHA1:	4A2886799A50D031D79C935261B50363AA27768A
SHA-256:	4018CE273BC4D02057F66A4715626F0E4D8C7050391C00BB5AE054B4DA8DE2F8
SHA-512:	1F1650C1DBC3A171FF30C7657D7F99963A0C8D63B85460B45DE75AFABECE28F2A51236FB71DFF3EE567CC58E71B88623E4880DEBD18E9E9C9E527CF97D5FE926
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Novokuznetsk) {. {-9223372036854775808 20928 0 LMT}. {-1441259328 21600 0 +06}. {-1247551200 25200 0 +08}. {354906000 28800 1 +08}. {370713600 25200 0 +07}. {386442000 28800 1 +08}. {402249600 25200 0 +07}. {417978000 28800 1 +08}. {433785600 25200 0 +07}. {449600400 28800 1 +08}. {465332400 25200 0 +07}. {481057200 28800 1 +08}. {496782000 25200 0 +07}. {512506800 28800 1 +08}. {528231600 25200 0 +07}. {543956400 28800 1 +08}. {559681200 25200 0 +07}. {575406000 28800 1 +08}. {591130800 25200 0 +07}. {606855600 28800 1 +08}. {622580400 25200 0 +07}. {638305200 28800 1 +08}. {654634800 25200 0 +07}. {670359600 21600 0 +07}. {670363200 25200 1 +07}. {686088000 21600 0 +06}. {695764800 25200 0 +08}. {701809200 28800 1 +08}. {717534000 25200 0 +07}. {733258800 28800 1 +08}. {748983600 25200 0 +07}. {764708400 28800 1 +08}. {780433

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-CR175.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	165
Entropy (8bit):	4.754394427749078
Encrypted:	false
SSDEEP:
MD5:	5D8EBBC297A2258C352BC80535B7F7F1
SHA1:	684CAF480AF5B8A98D9AD1A1ECD4E07434F36875
SHA-256:	4709F2DA036EB96FB7B6CC40859BF59F1146FE8D3A7AFE326FBA3B8CB68049CE
SHA-512:	FD67E920D3D5FE69AF35535A8BBD2791204C6B63050EFECC0857F24D393712C4BC4660EA0A350D2A4DDA144073413BE013D71D73E6F3638CA30480541F9731FA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Dubai)]} {. LoadTimeZoneFile Asia/Dubai.}.set TZData(:Asia/Muscat) $TZData(:Asia/Dubai).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-CTEQC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	174
Entropy (8bit):	4.808435832735883
Encrypted:	false
SSDEEP:
MD5:	6372DA942647071A0514AEBF0AFEB7C7
SHA1:	C9FB6B05DA246224D5EB016035AB905657B9D3FA
SHA-256:	7B1A3F36E9A12B850DC06595AAE6294FAEAC98AD933B3327B866E83C0E9A1999
SHA-512:	DC7D8753AD0D6908CA8765623EC1C4E4717833D183435957BB43E7ADB8A0D078F87319408F4C1D284CFB24BE010141B3254A36EF50C5DDCC59D7DEE5B3E33B7F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Bangkok)]} {. LoadTimeZoneFile Asia/Bangkok.}.set TZData(:Asia/Vientiane) $TZData(:Asia/Bangkok).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-D0B7K.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2046
Entropy (8bit):	3.6162520408317844
Encrypted:	false
SSDEEP:
MD5:	0AB1CB51373021D2929AD3BB6A6A7B36
SHA1:	6A58A13DE2479D7C07DA574A2850DB5479F42106
SHA-256:	7C282AFCBC654495AD174C5679C0FDA9C65DED557389648F924E809E337DF6A5
SHA-512:	E865073DF7273319ADE90C0520D843C636679ACFF1FEEC4C62B85AB7458393A71EAAE32F507D90863BE4018212B497E41EFC7EA684DF821A0D4FF1A9895FDCD8
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Khandyga) {. {-9223372036854775808 32533 0 LMT}. {-1579424533 28800 0 +08}. {-1247558400 32400 0 +10}. {354898800 36000 1 +10}. {370706400 32400 0 +09}. {386434800 36000 1 +10}. {402242400 32400 0 +09}. {417970800 36000 1 +10}. {433778400 32400 0 +09}. {449593200 36000 1 +10}. {465325200 32400 0 +09}. {481050000 36000 1 +10}. {496774800 32400 0 +09}. {512499600 36000 1 +10}. {528224400 32400 0 +09}. {543949200 36000 1 +10}. {559674000 32400 0 +09}. {575398800 36000 1 +10}. {591123600 32400 0 +09}. {606848400 36000 1 +10}. {622573200 32400 0 +09}. {638298000 36000 1 +10}. {654627600 32400 0 +09}. {670352400 28800 0 +09}. {670356000 32400 1 +09}. {686080800 28800 0 +08}. {695757600 32400 0 +10}. {701802000 36000 1 +10}. {717526800 32400 0 +09}. {733251600 36000 1 +10}. {748976400 32400 0 +09}. {764701200 36000 1 +10}. {780426000

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-DPDGC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2017
Entropy (8bit):	3.6386982097761646
Encrypted:	false
SSDEEP:
MD5:	E4995DD6F78F859B17952F15DB554ADC
SHA1:	19D4957E2A8CC17BCA7F020E4DF411F0E3AC8B49
SHA-256:	122FEB27760CC2CD714531CF68E6C77F8505E9CA11A147DDA649E2C98E150494
SHA-512:	A36B334E72C9D0854F0DE040EEEBF7B92E537F770D4EEBB1697AB9DD6AB00E678BE58A7CE2514A4667BA2B8760625C22D21AFE3AB80C5B1DBB7C10E91CDDDB3A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Irkutsk) {. {-9223372036854775808 25025 0 LMT}. {-2840165825 25025 0 IMT}. {-1575874625 25200 0 +07}. {-1247554800 28800 0 +09}. {354902400 32400 1 +09}. {370710000 28800 0 +08}. {386438400 32400 1 +09}. {402246000 28800 0 +08}. {417974400 32400 1 +09}. {433782000 28800 0 +08}. {449596800 32400 1 +09}. {465328800 28800 0 +08}. {481053600 32400 1 +09}. {496778400 28800 0 +08}. {512503200 32400 1 +09}. {528228000 28800 0 +08}. {543952800 32400 1 +09}. {559677600 28800 0 +08}. {575402400 32400 1 +09}. {591127200 28800 0 +08}. {606852000 32400 1 +09}. {622576800 28800 0 +08}. {638301600 32400 1 +09}. {654631200 28800 0 +08}. {670356000 25200 0 +08}. {670359600 28800 1 +08}. {686084400 25200 0 +07}. {695761200 28800 0 +09}. {701805600 32400 1 +09}. {717530400 28800 0 +08}. {733255200 32400 1 +09}. {748980000 28800 0 +08}. {764704800

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-E14J2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	847
Entropy (8bit):	3.852939540326754
Encrypted:	false
SSDEEP:
MD5:	BFDAC4AE48AD49E5C0A048234586507E
SHA1:	ACFE49AED50D0FDF2978034BB3098331F6266CC8
SHA-256:	77FB5A9F578E75EEC3E3B83618C99F33A04C19C8BB9AFB314888091A8DD64AA3
SHA-512:	11B412E0856BD384080B982C9DE6CE196E8C71A68096F7ED22972B7617533F9BD92EFA4C153F2CEE7EA4F0DE206281B6B9066C5969AFFE913AF2FA5CF82EDD90
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Ashgabat) {. {-9223372036854775808 14012 0 LMT}. {-1441166012 14400 0 +04}. {-1247544000 18000 0 +05}. {354913200 21600 1 +05}. {370720800 18000 0 +05}. {386449200 21600 1 +05}. {402256800 18000 0 +05}. {417985200 21600 1 +05}. {433792800 18000 0 +05}. {449607600 21600 1 +05}. {465339600 18000 0 +05}. {481064400 21600 1 +05}. {496789200 18000 0 +05}. {512514000 21600 1 +05}. {528238800 18000 0 +05}. {543963600 21600 1 +05}. {559688400 18000 0 +05}. {575413200 21600 1 +05}. {591138000 18000 0 +05}. {606862800 21600 1 +05}. {622587600 18000 0 +05}. {638312400 21600 1 +05}. {654642000 18000 0 +05}. {670366800 14400 0 +04}. {670370400 18000 1 +04}. {686095200 14400 0 +04}. {695772000 18000 0 +05}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-EABR1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2044
Entropy (8bit):	3.6106776173203916
Encrypted:	false
SSDEEP:
MD5:	DC7A71DAB17C7F4A348DC1EE2FC458C5
SHA1:	982FAB93A637D18A049DDBE96B0341736C66561D
SHA-256:	52DB3278189AA2380D84A81199A2E7F3B40E9706228D2291C6257FD513D78667
SHA-512:	90659D37D2A2E8574A88FD7F222C28D9572A9866FC3459B0CC1760FECBC7C4A0574B224C252877D723B06DD72165C4FE368D5B00DAB662B85D2E0F4CB2A89271
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Barnaul) {. {-9223372036854775808 20100 0 LMT}. {-1579844100 21600 0 +06}. {-1247551200 25200 0 +08}. {354906000 28800 1 +08}. {370713600 25200 0 +07}. {386442000 28800 1 +08}. {402249600 25200 0 +07}. {417978000 28800 1 +08}. {433785600 25200 0 +07}. {449600400 28800 1 +08}. {465332400 25200 0 +07}. {481057200 28800 1 +08}. {496782000 25200 0 +07}. {512506800 28800 1 +08}. {528231600 25200 0 +07}. {543956400 28800 1 +08}. {559681200 25200 0 +07}. {575406000 28800 1 +08}. {591130800 25200 0 +07}. {606855600 28800 1 +08}. {622580400 25200 0 +07}. {638305200 28800 1 +08}. {654634800 25200 0 +07}. {670359600 21600 0 +07}. {670363200 25200 1 +07}. {686088000 21600 0 +06}. {695764800 25200 0 +08}. {701809200 28800 1 +08}. {717534000 25200 0 +07}. {733258800 28800 1 +08}. {748983600 25200 0 +07}. {764708400 28800 1 +08}. {780433200 2

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-EDBKP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7055
Entropy (8bit):	3.621680472512772
Encrypted:	false
SSDEEP:
MD5:	703F8A37D41186AC8CDBCB86B9FE6C1B
SHA1:	B2D7FCBD290DA0FEB31CD310BA29FE27A59822BE
SHA-256:	847FA8211956C5930930E2D7E760B1D7F551E8CDF99817DB630222C960069EB8
SHA-512:	66504E448469D2358C228966739F0FEB381BF862866A951B092A600A17DAD80E6331F6D88C4CFCE483F45E79451722A19B37291EDA75C7CD4D7E0A7E82096F47
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Amman) {. {-9223372036854775808 8624 0 LMT}. {-1230776624 7200 0 EET}. {108165600 10800 1 EEST}. {118270800 7200 0 EET}. {136591200 10800 1 EEST}. {149806800 7200 0 EET}. {168127200 10800 1 EEST}. {181342800 7200 0 EET}. {199749600 10800 1 EEST}. {215643600 7200 0 EET}. {231285600 10800 1 EEST}. {244501200 7200 0 EET}. {262735200 10800 1 EEST}. {275950800 7200 0 EET}. {481154400 10800 1 EEST}. {496962000 7200 0 EET}. {512949600 10800 1 EEST}. {528670800 7200 0 EET}. {544399200 10800 1 EEST}. {560120400 7200 0 EET}. {575848800 10800 1 EEST}. {592174800 7200 0 EET}. {610581600 10800 1 EEST}. {623624400 7200 0 EET}. {641167200 10800 1 EEST}. {655074000 7200 0 EET}. {671839200 10800 1 EEST}. {685918800 7200 0 EET}. {702856800 10800 1 EEST}. {717973200 7200 0 EET}. {733701600 10800 1 EEST}. {749422800 7200 0 EET}. {765151200 10800 1

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-EL7J2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7754
Entropy (8bit):	3.6329631010207892
Encrypted:	false
SSDEEP:
MD5:	2D3AE4AD36BD5F302F980EB5F1DD0E4A
SHA1:	02244056D6D4EC57937D1E187CC65E8FD18F67F0
SHA-256:	E9DD371FA47F8EF1BE04109F0FD3EBD9FC5E2B0A12C0630CDD20099C838CBEBB
SHA-512:	2E4528254102210B8A9A2263A8A8E72774D40F57C2431C2DD6B1761CD91FB6CEA1FAD23877E1E2D86217609882F3605D7FE477B771A398F91F8D8AD3EAF90BAC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Beirut) {. {-9223372036854775808 8520 0 LMT}. {-2840149320 7200 0 EET}. {-1570413600 10800 1 EEST}. {-1552186800 7200 0 EET}. {-1538359200 10800 1 EEST}. {-1522551600 7200 0 EET}. {-1507514400 10800 1 EEST}. {-1490583600 7200 0 EET}. {-1473645600 10800 1 EEST}. {-1460948400 7200 0 EET}. {-399866400 10800 1 EEST}. {-386650800 7200 0 EET}. {-368330400 10800 1 EEST}. {-355114800 7200 0 EET}. {-336794400 10800 1 EEST}. {-323578800 7200 0 EET}. {-305172000 10800 1 EEST}. {-291956400 7200 0 EET}. {-273636000 10800 1 EEST}. {-260420400 7200 0 EET}. {78012000 10800 1 EEST}. {86734800 7200 0 EET}. {105055200 10800 1 EEST}. {118270800 7200 0 EET}. {136591200 10800 1 EEST}. {149806800 7200 0 EET}. {168127200 10800 1 EEST}. {181342800 7200 0 EET}. {199749600 10800 1 EEST}. {212965200 7200 0 EET}. {231285600 10800 1 EEST}. {244501200 7200 0 EE

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-ELMR2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	226
Entropy (8bit):	4.536797249025477
Encrypted:	false
SSDEEP:
MD5:	54EC6A256F6D636CD98DD48CDF0E48F1
SHA1:	571244C3D84A8A6EFFE55C787BFBCE7A6014462C
SHA-256:	88D61A495724F72DA6AB20CC997575F27797589C7B80F2C63C27F84BF1EB8D61
SHA-512:	EDD67865D3AD3D2F6D1AFFAE35B6B25E2439164E0BEF8E0E819F88F937F896C10EAB513467524DA0A5A2E3D4C78F55EA3F98F25979B8625DFC66801CBBE9301F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Dili) {. {-9223372036854775808 30140 0 LMT}. {-1830414140 28800 0 +08}. {-879152400 32400 0 +09}. {199897200 28800 0 +08}. {969120000 32400 0 +09}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-EVQFV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	166
Entropy (8bit):	4.7788335911117095
Encrypted:	false
SSDEEP:
MD5:	BBAFEA8E55A739C72E69A619C406BD5D
SHA1:	0C2793114CA716C5DBAF081083DF1E137F1D0A63
SHA-256:	6E69C5C3C3E1C98F24F5F523EC666B82534C9F33132A93CCC1100F27E594027F
SHA-512:	7741F2281FDCA8F01A75ABEBF908F0B70320C4C026D90D4B0C283F3E2B8C47C95263569916EF83CAD40C87D5B6E714045D0B43370A263BC7BE80EC3DA62CC82F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Riyadh)]} {. LoadTimeZoneFile Asia/Riyadh.}.set TZData(:Asia/Aden) $TZData(:Asia/Riyadh).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-FPBOV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7368
Entropy (8bit):	3.620699686510499
Encrypted:	false
SSDEEP:
MD5:	21EEEC6314C94D1476C2E79BBACFEB77
SHA1:	2C9805CD01C84D446CBDB90B9542CB24CCDE4E39
SHA-256:	7AAB1AC67D96287EE468608506868707B28FCD27A8F53128621801DCF0122162
SHA-512:	D4B0A0E60B102E10E03CF5BD07C5783E908D5E7079B646177C57C30D67B44C114EFF4DCFC71AF8441D67BD5A351068FBFFD8C5E08F06F1D69946B3EA7D49FC2D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Nicosia) {. {-9223372036854775808 8008 0 LMT}. {-1518920008 7200 0 EET}. {166572000 10800 1 EEST}. {182293200 7200 0 EET}. {200959200 10800 1 EEST}. {213829200 7200 0 EET}. {228866400 10800 1 EEST}. {243982800 7200 0 EET}. {260316000 10800 1 EEST}. {276123600 7200 0 EET}. {291765600 10800 1 EEST}. {307486800 7200 0 EET}. {323820000 10800 1 EEST}. {338936400 7200 0 EET}. {354664800 10800 1 EEST}. {370386000 7200 0 EET}. {386114400 10800 1 EEST}. {401835600 7200 0 EET}. {417564000 10800 1 EEST}. {433285200 7200 0 EET}. {449013600 10800 1 EEST}. {465339600 7200 0 EET}. {481068000 10800 1 EEST}. {496789200 7200 0 EET}. {512517600 10800 1 EEST}. {528238800 7200 0 EET}. {543967200 10800 1 EEST}. {559688400 7200 0 EET}. {575416800 10800 1 EEST}. {591138000 7200 0 EET}. {606866400 10800 1 EEST}. {622587600 7200 0 EET}. {638316000 10800

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-GGE9K.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	441
Entropy (8bit):	4.32891547054552
Encrypted:	false
SSDEEP:
MD5:	7A7CFCB7273FCAE33F77048F225BBBBD
SHA1:	44701B91CBC61FCAC8EEB6E67BCCA0403E9FDD7E
SHA-256:	9F8C46E5AC4DF691DDCB13C853660915C94316E73F74DD36AF889D5137F1761B
SHA-512:	44D5A0656032D61152C98B92E3ACA88197A73D87E2D0E8853D6A0E430BDF9290D3B718F9E5864840A6FFA59CDC0D4D47BCEE0471F176E62A05C1083CB35BEBB1
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Karachi) {. {-9223372036854775808 16092 0 LMT}. {-1988166492 19800 0 +0530}. {-862637400 23400 1 +0630}. {-764145000 19800 0 +0530}. {-576135000 18000 0 +05}. {38775600 18000 0 PKT}. {1018119600 21600 1 PKST}. {1033840800 18000 0 PKT}. {1212260400 21600 1 PKST}. {1225476000 18000 0 PKT}. {1239735600 21600 1 PKST}. {1257012000 18000 0 PKT}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-GHSJ7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	164
Entropy (8bit):	4.733855608307331
Encrypted:	false
SSDEEP:
MD5:	629FC03B52D24615FB052C84B0F30452
SHA1:	80D24B1A70FC568AB9C555BD1CC70C17571F6061
SHA-256:	BD3E4EE002AFF8F84E74A6D53E08AF5B5F2CAF2B06C9E70B64B05FC8F0B6CA99
SHA-512:	1C912A5F323E84A82D60300F6AC55892F870974D4DEFE0AF0B8F6A87867A176D3F8D66C1A5B11D8560F549D738FFE377DC20EB055182615062D4649BBA011F32
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Dhaka)]} {. LoadTimeZoneFile Asia/Dhaka.}.set TZData(:Asia/Dacca) $TZData(:Asia/Dhaka).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-GIBUS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	174
Entropy (8bit):	4.863210418273511
Encrypted:	false
SSDEEP:
MD5:	8291C9916E9D5E5C78DE38257798799D
SHA1:	F67A474337CF5FF8460911C7003930455AA0C530
SHA-256:	ED9D1C47D50461D312C7314D5C1403703E29EE14E6BAC97625EFB06F38E4942C
SHA-512:	9B552812A0001271980F87C270EF4149201403B911826BDF17F66EE1015B9AC859C1B2E7BB4EB6BC56E37CDB24097BF001201C34AD7D4C0C910AE17CFEC36C8B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Bangkok) {. {-9223372036854775808 24124 0 LMT}. {-2840164924 24124 0 BMT}. {-1570084924 25200 0 +07}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-H2AP9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	178
Entropy (8bit):	4.8475287330512495
Encrypted:	false
SSDEEP:
MD5:	FEFB0E2021110BC9175AC505536BDE12
SHA1:	8366110D91C7EA929DB300871DDC70808D458F90
SHA-256:	C4E46CE4385C676F5D7AC4B123C42F153F7B3F3E9F434698E8D56E1907A9B7C9
SHA-512:	F8F9EE0B8648154B3E3BEF192C58F2415475422BED139F20FD3D3EF253E8137CBB39AB769704AB1F20EE03B398402BC5B4A3E55BE284D1785F347B951FECEF62
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Kathmandu) {. {-9223372036854775808 20476 0 LMT}. {-1577943676 19800 0 +0530}. {504901800 20700 0 +0545}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-H2CPM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2075
Entropy (8bit):	3.5206282649651808
Encrypted:	false
SSDEEP:
MD5:	460EDC7D17FFA6AF834B6474D8262FB0
SHA1:	913E117814A5B4B7283A533F47525C8A0C68FD3C
SHA-256:	0A1FDA259EE5EBC779768BBADACC7E1CCAC56484AA6C03F7C1F79647AB79593D
SHA-512:	4047A7AD5F248F0B304FEF06C73EA655D603C39B6AC74629A2ADD49A93E74B23F458DC70E8150AD3F5BBF773F2387907B4BB69A95EB945B9FA432CA6B8AB173D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Baku) {. {-9223372036854775808 11964 0 LMT}. {-1441163964 10800 0 +03}. {-405140400 14400 0 +04}. {354916800 18000 1 +04}. {370724400 14400 0 +04}. {386452800 18000 1 +04}. {402260400 14400 0 +04}. {417988800 18000 1 +04}. {433796400 14400 0 +04}. {449611200 18000 1 +04}. {465343200 14400 0 +04}. {481068000 18000 1 +04}. {496792800 14400 0 +04}. {512517600 18000 1 +04}. {528242400 14400 0 +04}. {543967200 18000 1 +04}. {559692000 14400 0 +04}. {575416800 18000 1 +04}. {591141600 14400 0 +04}. {606866400 18000 1 +04}. {622591200 14400 0 +04}. {638316000 18000 1 +04}. {654645600 14400 0 +04}. {670370400 10800 0 +03}. {670374000 14400 1 +03}. {686098800 10800 0 +03}. {701823600 14400 1 +03}. {717548400 14400 0 +04}. {820440000 14400 0 +04}. {828234000 18000 1 +05}. {846378000 14400 0 +04}. {852062400 14400 0 +04}. {859680000 18000

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-HNVU0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	164
Entropy (8bit):	4.729350272507574
Encrypted:	false
SSDEEP:
MD5:	DB6155900D4556EE7B3089860AD5C4E3
SHA1:	708E4AE427C8BAF589509F4330C389EE55C1D514
SHA-256:	8264648CF1EA3E352E13482DE2ACE70B97FD37FBB1F28F70011561CFCBF533EA
SHA-512:	941D52208FABB634BABCD602CD468F2235199813F4C1C5AB82A453E8C4CE4543C1CE3CBDB9D035DB039CFFDBC94D5D0F9D29363442E2458426BDD52ECDF7C3C5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Macau)]} {. LoadTimeZoneFile Asia/Macau.}.set TZData(:Asia/Macao) $TZData(:Asia/Macau).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-IGCJG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	177
Entropy (8bit):	4.840543487466552
Encrypted:	false
SSDEEP:
MD5:	6F21100628DD48B2FF4B1F2AF92E05CB
SHA1:	B74478D0EC95A577C2A58497692DB293BBD31586
SHA-256:	DB2C572E039D1A777FFC66558E2BEE46C52D8FE57401436AE18BB4D5892131CE
SHA-512:	2D3C37790B6A764FE4E1B8BD8EDF1D073D711F59CEA3EC5E6003E481898F7285B42A14E904C3D148422244BB083FBA42C6623DF7DA05923F6145EEE3FD259520
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Shanghai)]} {. LoadTimeZoneFile Asia/Shanghai.}.set TZData(:Asia/Chungking) $TZData(:Asia/Shanghai).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-JCDH0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	646
Entropy (8bit):	3.99554344665026
Encrypted:	false
SSDEEP:
MD5:	2F27D1377C9EBBACDC260A50C195BDBB
SHA1:	397B8714F2C909A8EB88A7A1F4A1AEA0A5B8E80E
SHA-256:	519FDD455107270E6F8F3848C214D3D44CC1465B7B3E375318857D4A9093E1C0
SHA-512:	E4583E6C3FEB5ADAD41827D8ADCD7DA34CCB92D2B62B9D7C3D59F76719B9EE2FE44697CFD00943D9E2A4DBAEB929C97A1FF520FFF62EB6829C88D71EC8C51993
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Kuching) {. {-9223372036854775808 26480 0 LMT}. {-1383463280 27000 0 +0730}. {-1167636600 28800 0 +08}. {-1082448000 30000 1 +08}. {-1074586800 28800 0 +08}. {-1050825600 30000 1 +08}. {-1042964400 28800 0 +08}. {-1019289600 30000 1 +08}. {-1011428400 28800 0 +08}. {-987753600 30000 1 +08}. {-979892400 28800 0 +08}. {-956217600 30000 1 +08}. {-948356400 28800 0 +08}. {-924595200 30000 1 +08}. {-916734000 28800 0 +08}. {-893059200 30000 1 +08}. {-885198000 28800 0 +08}. {-879667200 32400 0 +09}. {-767005200 28800 0 +08}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-JFOTB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.838482422690701
Encrypted:	false
SSDEEP:
MD5:	A52B235D91207E823482EEC1EE8C6433
SHA1:	84826EAC8043739256E34D828D6BE8E17172A8F8
SHA-256:	21CE1FAEDD45DED62E78D6DB24F47ED9DEC5642E4A4D7ADDF85B33F8AB82D8CA
SHA-512:	08E8C68BF6BE5E876A59130C207D4911732EBA0F4E72603213A0AD0CC5DA8EF6AC6389AF8A0781F01B0E72CA030C9A47C46CC0FB422F5C0104A7365D818A4EB9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Thimphu) {. {-9223372036854775808 21516 0 LMT}. {-706341516 19800 0 +0530}. {560025000 21600 0 +06}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-JOM4K.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	182
Entropy (8bit):	4.853387718159342
Encrypted:	false
SSDEEP:
MD5:	7EC8D7D32DC13BE15122D8E26C55F9A2
SHA1:	5B07C7161F236DF34B0FA83007ECD75B6435F420
SHA-256:	434B8D0E3034656B3E1561615CCA192EFA62942F285CD59338313710900DB6CB
SHA-512:	D8F1999AF509871C0A7184CFEFB0A50C174ABDE218330D9CDC784C7599A655AD55F6F2173096EA91EE5700B978B9A94BBFCA41970206E7ADEB804D0EE03B45ED
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Istanbul)]} {. LoadTimeZoneFile Europe/Istanbul.}.set TZData(:Asia/Istanbul) $TZData(:Europe/Istanbul).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-JPMVI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1580
Entropy (8bit):	3.640808791765599
Encrypted:	false
SSDEEP:
MD5:	AC511C65052CE2D780FD583E50CB475C
SHA1:	6B9171A13F6E6F33F878A347173A03112BCF1B89
SHA-256:	C9739892527CCEBDF91D7E22A6FCD0FD57AAFA6A1B4535915AC82CF6F72F34A4
SHA-512:	12743486EB02C241C90ECCEDD323D0F560D5FA1F55CB3EBB5AF3A65331D362433F2EAF7285B19335F5C262DA033EB8BE5A4618794EA74DFCD4107C170035CE96
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Almaty) {. {-9223372036854775808 18468 0 LMT}. {-1441170468 18000 0 +05}. {-1247547600 21600 0 +06}. {354909600 25200 1 +06}. {370717200 21600 0 +06}. {386445600 25200 1 +06}. {402253200 21600 0 +06}. {417981600 25200 1 +06}. {433789200 21600 0 +06}. {449604000 25200 1 +06}. {465336000 21600 0 +06}. {481060800 25200 1 +06}. {496785600 21600 0 +06}. {512510400 25200 1 +06}. {528235200 21600 0 +06}. {543960000 25200 1 +06}. {559684800 21600 0 +06}. {575409600 25200 1 +06}. {591134400 21600 0 +06}. {606859200 25200 1 +06}. {622584000 21600 0 +06}. {638308800 25200 1 +06}. {654638400 21600 0 +06}. {670363200 18000 0 +05}. {670366800 21600 1 +05}. {686091600 18000 0 +05}. {695768400 21600 0 +06}. {701812800 25200 1 +06}. {717537600 21600 0 +06}. {733262400 25200 1 +06}. {748987200 21600 0 +06}. {764712000 25200 1 +06}. {780436800 21

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-JTGBV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	142
Entropy (8bit):	4.928343799484186
Encrypted:	false
SSDEEP:
MD5:	76E7F746F8663772A350A2E2C2F680C7
SHA1:	698E3C80122AC7B9E6EF7A45F87898334A1A622E
SHA-256:	7D2FAC4F33EE0FA667AF8A2BF8257638A37CE0308038AC02C7B5BE6E1D1E5EDD
SHA-512:	9B1C326D3B7C89957176540AB4F856780C57C495A44F80D998A4B0C5A10F358C2F727BF160FB49D17C104B4A8EB15AC5431CCB886AC59A92E56C964D757FA3B0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Riyadh) {. {-9223372036854775808 11212 0 LMT}. {-719636812 10800 0 +03}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-K6C09.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2023
Entropy (8bit):	3.6129679767742124
Encrypted:	false
SSDEEP:
MD5:	9C578B55160C4CDE22E0CD3AE449AA89
SHA1:	DAEB24B867A835AA97E7E6A67C1AD4278015D6BB
SHA-256:	924E60D3C57F296CDEA175D4E970FF3C68A92ADBBBA23EF37B76D7AD5D41DCE9
SHA-512:	E3F2798038F897DF5D1D112F294BFD4E3FDBFCF4D568C4038C85289F84E0844010A6C88659C4B9D94720DBB680F2628CECEB17E6C6D0DFC231E6DCBA75068458
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Yekaterinburg) {. {-9223372036854775808 14553 0 LMT}. {-1688270553 13505 0 PMT}. {-1592610305 14400 0 +04}. {-1247544000 18000 0 +06}. {354913200 21600 1 +06}. {370720800 18000 0 +05}. {386449200 21600 1 +06}. {402256800 18000 0 +05}. {417985200 21600 1 +06}. {433792800 18000 0 +05}. {449607600 21600 1 +06}. {465339600 18000 0 +05}. {481064400 21600 1 +06}. {496789200 18000 0 +05}. {512514000 21600 1 +06}. {528238800 18000 0 +05}. {543963600 21600 1 +06}. {559688400 18000 0 +05}. {575413200 21600 1 +06}. {591138000 18000 0 +05}. {606862800 21600 1 +06}. {622587600 18000 0 +05}. {638312400 21600 1 +06}. {654642000 18000 0 +05}. {670366800 14400 0 +05}. {670370400 18000 1 +05}. {686095200 14400 0 +04}. {695772000 18000 0 +06}. {701816400 21600 1 +06}. {717541200 18000 0 +05}. {733266000 21600 1 +06}. {748990800 18000 0 +05}. {764

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-KP0P5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1959
Entropy (8bit):	3.554930605948629
Encrypted:	false
SSDEEP:
MD5:	013DD03BE28257101FC72E3294709AC6
SHA1:	2EBBB3DA858B1BBC0C3CDFCBED3A4BAA0D6CE1B2
SHA-256:	15CBC98425C074D9D5D1B107483BF68C75C318C240C7CDBDA390F8D102D76D53
SHA-512:	10A651C82E6D5386FDC1FC95EF15F1CB0A4D8850A2324E7D62F63E1D3FBA87812045FFCF1DF013D7A3E90BBF514A4C5B2B23C547905737193B369644986D6A42
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Yerevan) {. {-9223372036854775808 10680 0 LMT}. {-1441162680 10800 0 +03}. {-405140400 14400 0 +04}. {354916800 18000 1 +04}. {370724400 14400 0 +04}. {386452800 18000 1 +04}. {402260400 14400 0 +04}. {417988800 18000 1 +04}. {433796400 14400 0 +04}. {449611200 18000 1 +04}. {465343200 14400 0 +04}. {481068000 18000 1 +04}. {496792800 14400 0 +04}. {512517600 18000 1 +04}. {528242400 14400 0 +04}. {543967200 18000 1 +04}. {559692000 14400 0 +04}. {575416800 18000 1 +04}. {591141600 14400 0 +04}. {606866400 18000 1 +04}. {622591200 14400 0 +04}. {638316000 18000 1 +04}. {654645600 14400 0 +04}. {670370400 10800 0 +03}. {670374000 14400 1 +03}. {686098800 10800 0 +03}. {701823600 14400 1 +03}. {717548400 10800 0 +03}. {733273200 14400 1 +03}. {748998000 10800 0 +03}. {764722800 14400 1 +03}. {780447600 10800 0 +03}. {796172400 14

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-KRL6G.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1989
Entropy (8bit):	3.6993158455985338
Encrypted:	false
SSDEEP:
MD5:	496BD39D36218DF67279DA8DE9C7457B
SHA1:	8AE6E5CF7E1E693D11A112B75A0D24A135E94487
SHA-256:	6B757333C12F2BFE782258D7E9126ECE0E62696EF9C24B2955A791145D6780E9
SHA-512:	BADBF7893825F6C7053A23A7AA11B45A2EDBECC4580695BB6B8E568B7FFE5ED72BF61019F3CB6D7B8E663ACAF099F26E266450EC03F3C6B2F8E34BA0D12D100A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Kamchatka) {. {-9223372036854775808 38076 0 LMT}. {-1487759676 39600 0 +11}. {-1247569200 43200 0 +13}. {354888000 46800 1 +13}. {370695600 43200 0 +12}. {386424000 46800 1 +13}. {402231600 43200 0 +12}. {417960000 46800 1 +13}. {433767600 43200 0 +12}. {449582400 46800 1 +13}. {465314400 43200 0 +12}. {481039200 46800 1 +13}. {496764000 43200 0 +12}. {512488800 46800 1 +13}. {528213600 43200 0 +12}. {543938400 46800 1 +13}. {559663200 43200 0 +12}. {575388000 46800 1 +13}. {591112800 43200 0 +12}. {606837600 46800 1 +13}. {622562400 43200 0 +12}. {638287200 46800 1 +13}. {654616800 43200 0 +12}. {670341600 39600 0 +12}. {670345200 43200 1 +12}. {686070000 39600 0 +11}. {695746800 43200 0 +13}. {701791200 46800 1 +13}. {717516000 43200 0 +12}. {733240800 46800 1 +13}. {748965600 43200 0 +12}. {764690400 46800 1 +13}. {780415200

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-L1CMG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1298
Entropy (8bit):	3.983254382416919
Encrypted:	false
SSDEEP:
MD5:	16CF8E32D5B2933CE5A0F2F90B8090BA
SHA1:	F899656FE3FDDD5F63B18D4800F909CD2DA6A151
SHA-256:	E098A0A94ED53EC471841CDF6995AEF1F3A2699EDC143FF5DBDA7CB0AFD3FD6C
SHA-512:	4856AC8AE2BB0C8856A87C5E46AD478E697AACB46B8679870FD581706802772D333FEA5D1D840BDDB1EAB3B4FDD46883CFD2EC4017F9E5C06CAF2A24539FA808
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Taipei) {. {-9223372036854775808 29160 0 LMT}. {-2335248360 28800 0 CST}. {-1017820800 32400 0 JST}. {-766224000 28800 0 CST}. {-745833600 32400 1 CDT}. {-733827600 28800 0 CST}. {-716889600 32400 1 CDT}. {-699613200 28800 0 CST}. {-683884800 32400 1 CDT}. {-670669200 28800 0 CST}. {-652348800 32400 1 CDT}. {-639133200 28800 0 CST}. {-620812800 32400 1 CDT}. {-607597200 28800 0 CST}. {-589276800 32400 1 CDT}. {-576061200 28800 0 CST}. {-562924800 32400 1 CDT}. {-541760400 28800 0 CST}. {-528710400 32400 1 CDT}. {-510224400 28800 0 CST}. {-497174400 32400 1 CDT}. {-478688400 28800 0 CST}. {-465638400 32400 1 CDT}. {-449830800 28800 0 CST}. {-434016000 32400 1 CDT}. {-418208400 28800 0 CST}. {-402480000 32400 1 CDT}. {-386672400 28800 0 CST}. {-370944000 32400 1 CDT}. {-355136400 28800 0 CST}. {-339408000 32400 1 CDT}. {-323600400 2

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-LBPOG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1993
Entropy (8bit):	3.7026922613316886
Encrypted:	false
SSDEEP:
MD5:	0F445767A84A429787070F7CCFB4D35B
SHA1:	B524665DAC57E53A6D9A5386B5AEAAE52BD405A5
SHA-256:	07F4857391E114D4B958C02B8FF72BEBCED72AA730F4F4B09F68F57349473503
SHA-512:	8FE2AC4C1DCA60E597633377EF1F1C38EE027B7893DB77BA912F294B9B791B6762E62E87DAC17171B15629DD45BD7960D25ADAE96827DAB63FAA80E0956A8C80
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Srednekolymsk) {. {-9223372036854775808 36892 0 LMT}. {-1441188892 36000 0 +10}. {-1247565600 39600 0 +12}. {354891600 43200 1 +12}. {370699200 39600 0 +11}. {386427600 43200 1 +12}. {402235200 39600 0 +11}. {417963600 43200 1 +12}. {433771200 39600 0 +11}. {449586000 43200 1 +12}. {465318000 39600 0 +11}. {481042800 43200 1 +12}. {496767600 39600 0 +11}. {512492400 43200 1 +12}. {528217200 39600 0 +11}. {543942000 43200 1 +12}. {559666800 39600 0 +11}. {575391600 43200 1 +12}. {591116400 39600 0 +11}. {606841200 43200 1 +12}. {622566000 39600 0 +11}. {638290800 43200 1 +12}. {654620400 39600 0 +11}. {670345200 36000 0 +11}. {670348800 39600 1 +11}. {686073600 36000 0 +10}. {695750400 39600 0 +12}. {701794800 43200 1 +12}. {717519600 39600 0 +11}. {733244400 43200 1 +12}. {748969200 39600 0 +11}. {764694000 43200 1 +12}. {78041

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-LSLI2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7974
Entropy (8bit):	3.660638074803316
Encrypted:	false
SSDEEP:
MD5:	45C8B6CB180839A1F3D500071D1AFC1D
SHA1:	59E900FB2D7BFF44AED578B9BD10AA0530B4F5D1
SHA-256:	FA459622B54CD0A5603323EA00CE64D63BBC957EC0BDCC9BE73D48916237619C
SHA-512:	5F485299D6DF9EBD620D2AEF7BDE21C7505EAD51467699874408691C644E9E6D8C63DD6061489E924B95672A227B5B9921E4281405981FCBBCA4619F80195AB5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Gaza) {. {-9223372036854775808 8272 0 LMT}. {-2185409872 7200 0 EEST}. {-933645600 10800 1 EEST}. {-857358000 7200 0 EEST}. {-844300800 10800 1 EEST}. {-825822000 7200 0 EEST}. {-812685600 10800 1 EEST}. {-794199600 7200 0 EEST}. {-779853600 10800 1 EEST}. {-762656400 7200 0 EEST}. {-748310400 10800 1 EEST}. {-731127600 7200 0 EEST}. {-682653600 7200 0 EET}. {-399088800 10800 1 EEST}. {-386650800 7200 0 EET}. {-368330400 10800 1 EEST}. {-355114800 7200 0 EET}. {-336790800 10800 1 EEST}. {-323654400 7200 0 EET}. {-305168400 10800 1 EEST}. {-292032000 7200 0 EET}. {-273632400 10800 1 EEST}. {-260496000 7200 0 EET}. {-242096400 10800 1 EEST}. {-228960000 7200 0 EET}. {-210560400 10800 1 EEST}. {-197424000 7200 0 EET}. {-178938000 10800 1 EEST}. {-165801600 7200 0 EET}. {-147402000 10800 1 EEST}. {-134265600 7200 0 EET}. {-115866000 1

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-M6D9H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2016
Entropy (8bit):	3.6746770806664517
Encrypted:	false
SSDEEP:
MD5:	18E80309362762B7757629B51F28AF99
SHA1:	502C70F24251BC062785A9349E6204CB719BF932
SHA-256:	6493D629E3CD4DB555A547F942BCCB4FFC7BBF7298FFBF9503F6DE3177ADBAC9
SHA-512:	C477E0DCF4E78E57E075FB5CAA45E70D4864EDFC40EAC2DD43D80F71408836E5BD468B15EB34B95020F2DB6CE531D67F076EF8EED4833ADEC1F6D37B2200CC84
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Magadan) {. {-9223372036854775808 36192 0 LMT}. {-1441188192 36000 0 +10}. {-1247565600 39600 0 +12}. {354891600 43200 1 +12}. {370699200 39600 0 +11}. {386427600 43200 1 +12}. {402235200 39600 0 +11}. {417963600 43200 1 +12}. {433771200 39600 0 +11}. {449586000 43200 1 +12}. {465318000 39600 0 +11}. {481042800 43200 1 +12}. {496767600 39600 0 +11}. {512492400 43200 1 +12}. {528217200 39600 0 +11}. {543942000 43200 1 +12}. {559666800 39600 0 +11}. {575391600 43200 1 +12}. {591116400 39600 0 +11}. {606841200 43200 1 +12}. {622566000 39600 0 +11}. {638290800 43200 1 +12}. {654620400 39600 0 +11}. {670345200 36000 0 +11}. {670348800 39600 1 +11}. {686073600 36000 0 +10}. {695750400 39600 0 +12}. {701794800 43200 1 +12}. {717519600 39600 0 +11}. {733244400 43200 1 +12}. {748969200 39600 0 +11}. {764694000 43200 1 +12}. {780418800 3

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-MG9L0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	179
Entropy (8bit):	4.82789113675599
Encrypted:	false
SSDEEP:
MD5:	D044282CC9B9F531D8136612B4AA938D
SHA1:	5FD01E48BFFC2B54BBA48926EFD2137A91B57E0F
SHA-256:	FE57D86184A7F4A64F3555DE3F4463531A86BB18F124534F17B09FAB825F83B4
SHA-512:	DBBA54D68F33E51D51E816D79D83B61490BD31262DFF6037C0834BADA48CBC02F4281203D7212EDF6D96F7FF1EF3843299698BF0DFE10B5F1383AA504594505A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Jerusalem)]} {. LoadTimeZoneFile Asia/Jerusalem.}.set TZData(:Asia/Tel_Aviv) $TZData(:Asia/Jerusalem).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-MMPAF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	174
Entropy (8bit):	4.814799933523261
Encrypted:	false
SSDEEP:
MD5:	2B286E58F2214F7A28D2A678B905CFA3
SHA1:	A76B2D8BA2EA264FE84C5C1ED3A6D3E13288132F
SHA-256:	6917C89A78ED54DD0C5C9968E5149D42727A9299723EC1D2EBD531A65AD37227
SHA-512:	0022B48003FE9C8722FD1762FFB8E07E731661900FCE40BD6FE82B70F162FF5D32888028519D51682863ADCAC6DD21D35634CA06489FD4B704DA5A8A018BF26F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Shanghai)]} {. LoadTimeZoneFile Asia/Shanghai.}.set TZData(:Asia/Harbin) $TZData(:Asia/Shanghai).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-NM7J6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1643
Entropy (8bit):	3.6348723729667975
Encrypted:	false
SSDEEP:
MD5:	2C0422E86BA0AECAA97CA01F3A27B797
SHA1:	C28FD8530B7895B4631EA0CAE03E6019561C4C40
SHA-256:	D5D69D7A4FE29761C5C3FFBB41A4F8B6B5F2101A34678B1FA9B1D39FC5478EA8
SHA-512:	3C346DE7E82B8EF1783F5A6D8A6099F7A530DD29AD48EDBB72F019ADC47155A703845503B1DD2589315BB67FA40AEF584313150686248DF45F983781F4B18710
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Baghdad) {. {-9223372036854775808 10660 0 LMT}. {-2524532260 10656 0 BMT}. {-1641005856 10800 0 +03}. {389048400 14400 0 +03}. {402264000 10800 0 +03}. {417906000 14400 1 +03}. {433800000 10800 0 +03}. {449614800 14400 1 +03}. {465422400 10800 0 +03}. {481150800 14400 1 +03}. {496792800 10800 0 +03}. {512517600 14400 1 +03}. {528242400 10800 0 +03}. {543967200 14400 1 +03}. {559692000 10800 0 +03}. {575416800 14400 1 +03}. {591141600 10800 0 +03}. {606866400 14400 1 +03}. {622591200 10800 0 +03}. {638316000 14400 1 +03}. {654645600 10800 0 +03}. {670464000 14400 1 +03}. {686275200 10800 0 +03}. {702086400 14400 1 +03}. {717897600 10800 0 +03}. {733622400 14400 1 +03}. {749433600 10800 0 +03}. {765158400 14400 1 +03}. {780969600 10800 0 +03}. {796694400 14400 1 +03}. {812505600 10800 0 +03}. {828316800 14400 1 +03}. {844128000 1

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-NTVF8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	175
Entropy (8bit):	4.792958708451203
Encrypted:	false
SSDEEP:
MD5:	95EE0EFC01271C3E3195ADC360F832C7
SHA1:	CDFA243F359AC5D2FA22032BF296169C8B2B942A
SHA-256:	241C47769C689823961D308B38D8282F6852BC0511E7DC196BF6BF4CFADBE401
SHA-512:	11CAE9804EF933A790F5B9B86CC03C133DBD1DB97FAA78F508D681662AAC3714B93166B596F248799FC5B86344B48764865D3371427119999CB02963C98E15C3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Brunei) {. {-9223372036854775808 27580 0 LMT}. {-1383464380 27000 0 +0730}. {-1167636600 28800 0 +08}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-O2GKT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	166
Entropy (8bit):	4.732157428331905
Encrypted:	false
SSDEEP:
MD5:	6291D60E3A30B76FEB491CB944BC2003
SHA1:	3D31032CF518A712FBA49DEC42FF3D99DD468140
SHA-256:	A462F83DDB0CCC41AC10E0B5B98287B4D89DA8BBBCA869CCFB81979C70613C6C
SHA-512:	C62D44527EAD47D2281FF951B9CF84C297859CFDC9A497CB92A583B6012B2B9DAAE9924EF17BC6B7CD317B770FF4924D8E1E77ED2E0EBC02502530D132EDE35B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Qatar)]} {. LoadTimeZoneFile Asia/Qatar.}.set TZData(:Asia/Bahrain) $TZData(:Asia/Qatar).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-O8PFJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	169
Entropy (8bit):	4.761776859195572
Encrypted:	false
SSDEEP:
MD5:	6135C39675BB0F7BB94756F2057382CF
SHA1:	EB2C51837E721776BED5F3F1F4A014BA29DA0282
SHA-256:	E573ADFBB9935B7D0B56FAE699160226BF3416C50EB63D8EFEB1748C4B13BF91
SHA-512:	BC1E7C9F1F64FF7D6A50E70E62566F385A923A475E309A321FCC03964350E427A4AEE801A20B3293A289AD67E03C86B59A674F91F34238068DA6C35BBB3B4307
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Yangon)]} {. LoadTimeZoneFile Asia/Yangon.}.set TZData(:Asia/Rangoon) $TZData(:Asia/Yangon).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-O9AQ2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	183
Entropy (8bit):	4.899371908380106
Encrypted:	false
SSDEEP:
MD5:	A978C9AD6320DA94CB15324CA82C7417
SHA1:	585C232F3FB2693C78C7831C1AF1DC25D6824CA7
SHA-256:	73E1850BB0827043024EAFA1934190413CB36EA6FE18C90EA86B9DBC1D61EEBF
SHA-512:	AE48BFB2A348CA992F2BCD6B1AF7495713B0526C326678309133D3271D90600624C096B4B8678AD7ECD19822E3BB24E27D12680FCA7FAA455D3CE324CE0B88ED
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Ho_Chi_Minh)]} {. LoadTimeZoneFile Asia/Ho_Chi_Minh.}.set TZData(:Asia/Saigon) $TZData(:Asia/Ho_Chi_Minh).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-OFGGP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2048
Entropy (8bit):	3.623418616375595
Encrypted:	false
SSDEEP:
MD5:	46E5FB7DEB8041BC9A2ADC83728944A7
SHA1:	B5826E206EAA3E8789A0F9E4B7511CEBFD1B6764
SHA-256:	C241F732B9731FA141B03FF1F990556C9BF14A1B21C9757C7FF75E688908B8A0
SHA-512:	42B6BEEE9C15CB59C010013FE0673CB0DF46CD0AC388DF7D57DCCD54482C950F2935F8A8D7DC68CFFD184B698283589134901C9C597970D95C5B608CD160AF70
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Novosibirsk) {. {-9223372036854775808 19900 0 LMT}. {-1579476700 21600 0 +06}. {-1247551200 25200 0 +08}. {354906000 28800 1 +08}. {370713600 25200 0 +07}. {386442000 28800 1 +08}. {402249600 25200 0 +07}. {417978000 28800 1 +08}. {433785600 25200 0 +07}. {449600400 28800 1 +08}. {465332400 25200 0 +07}. {481057200 28800 1 +08}. {496782000 25200 0 +07}. {512506800 28800 1 +08}. {528231600 25200 0 +07}. {543956400 28800 1 +08}. {559681200 25200 0 +07}. {575406000 28800 1 +08}. {591130800 25200 0 +07}. {606855600 28800 1 +08}. {622580400 25200 0 +07}. {638305200 28800 1 +08}. {654634800 25200 0 +07}. {670359600 21600 0 +07}. {670363200 25200 1 +07}. {686088000 21600 0 +06}. {695764800 25200 0 +08}. {701809200 28800 1 +08}. {717534000 25200 0 +07}. {733258800 28800 1 +08}. {738090000 25200 0 +07}. {748987200 21600 0 +06}. {7647120

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-P5JQK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1608
Entropy (8bit):	3.6301391279603696
Encrypted:	false
SSDEEP:
MD5:	B8D914F33D568AE8EB46B7F3FC5BF944
SHA1:	91DE61EC025E8F74D9CD10816C3534B5F8D397F7
SHA-256:	9C1C30ADD1919951350C86DA6B716326178CF74A849A3350AE147DD2ADC34049
SHA-512:	A32B34C15D94C42E9DF13316ACB9E0C9AF151F2EF14F502BE1A75E40735A2BC5D9E59244A72ACFB68184DA0D62A48FCC7AB288F1BA85DBB4DC385FA04BF3075D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Aqtobe) {. {-9223372036854775808 13720 0 LMT}. {-1441165720 14400 0 +04}. {-1247544000 18000 0 +05}. {354913200 21600 1 +06}. {370720800 21600 0 +06}. {386445600 18000 0 +05}. {386449200 21600 1 +05}. {402256800 18000 0 +05}. {417985200 21600 1 +05}. {433792800 18000 0 +05}. {449607600 21600 1 +05}. {465339600 18000 0 +05}. {481064400 21600 1 +05}. {496789200 18000 0 +05}. {512514000 21600 1 +05}. {528238800 18000 0 +05}. {543963600 21600 1 +05}. {559688400 18000 0 +05}. {575413200 21600 1 +05}. {591138000 18000 0 +05}. {606862800 21600 1 +05}. {622587600 18000 0 +05}. {638312400 21600 1 +05}. {654642000 18000 0 +05}. {670366800 14400 0 +04}. {670370400 18000 1 +04}. {686095200 14400 0 +04}. {695772000 18000 0 +05}. {701816400 21600 1 +05}. {717541200 18000 0 +05}. {733266000 21600 1 +05}. {748990800 18000 0 +05}. {764715600 21

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-PDKH2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	791
Entropy (8bit):	3.8859952964866946
Encrypted:	false
SSDEEP:
MD5:	316F527821D632517866A6E7F97365B3
SHA1:	6F56985AF44E6533778CFB1FC04D206367A6C0BF
SHA-256:	5A8FFD24FF0E26C99536EB9D3FB308C28B3491042034B187140039B7A5DF6F1F
SHA-512:	7EA1ABD02CD8461DD91576B5BCB46B6E3AE25F94BC7936DC051C0964F4EA2F55C58CB1FA6C3A82334AAAAFCDBD6D6DBEBE33FB1C7C45FBDCA5EC43FD46A970A7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Dushanbe) {. {-9223372036854775808 16512 0 LMT}. {-1441168512 18000 0 +05}. {-1247547600 21600 0 +06}. {354909600 25200 1 +06}. {370717200 21600 0 +06}. {386445600 25200 1 +06}. {402253200 21600 0 +06}. {417981600 25200 1 +06}. {433789200 21600 0 +06}. {449604000 25200 1 +06}. {465336000 21600 0 +06}. {481060800 25200 1 +06}. {496785600 21600 0 +06}. {512510400 25200 1 +06}. {528235200 21600 0 +06}. {543960000 25200 1 +06}. {559684800 21600 0 +06}. {575409600 25200 1 +06}. {591134400 21600 0 +06}. {606859200 25200 1 +06}. {622584000 21600 0 +06}. {638308800 25200 1 +06}. {654638400 21600 0 +06}. {670363200 21600 1 +06}. {684363600 18000 0 +05}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-PNE00.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1607
Entropy (8bit):	3.623112789966889
Encrypted:	false
SSDEEP:
MD5:	410226AA30925F31BA963139FD594AEB
SHA1:	860E17C83D0DF2CBB4B8E73B9C7CB956994F5549
SHA-256:	69402CA6D56138A6A6D09964B90D1781A7CBEFBDFFE506B7292758EC24740B0E
SHA-512:	AE2610D1D779500132D5FA12E7529551ECD009848619C7D802F6EE89B0D2C3D6E7C91FB83DA7616180C166CE9C4499D7A2A4FEB5373621353640A71830B655A3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Aqtau) {. {-9223372036854775808 12064 0 LMT}. {-1441164064 14400 0 +04}. {-1247544000 18000 0 +05}. {370724400 21600 0 +06}. {386445600 18000 0 +05}. {386449200 21600 1 +05}. {402256800 18000 0 +05}. {417985200 21600 1 +05}. {433792800 18000 0 +05}. {449607600 21600 1 +05}. {465339600 18000 0 +05}. {481064400 21600 1 +05}. {496789200 18000 0 +05}. {512514000 21600 1 +05}. {528238800 18000 0 +05}. {543963600 21600 1 +05}. {559688400 18000 0 +05}. {575413200 21600 1 +05}. {591138000 18000 0 +05}. {606862800 21600 1 +05}. {622587600 18000 0 +05}. {638312400 21600 1 +05}. {654642000 18000 0 +05}. {670366800 14400 0 +04}. {670370400 18000 1 +04}. {686095200 14400 0 +04}. {695772000 18000 0 +05}. {701816400 21600 1 +05}. {717541200 18000 0 +05}. {733266000 21600 1 +05}. {748990800 18000 0 +05}. {764715600 21600 1 +05}. {780440400 180

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-Q45QF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1987
Entropy (8bit):	3.6163895181017764
Encrypted:	false
SSDEEP:
MD5:	29C007E4E3E0015DBF39D78DF39CB790
SHA1:	C3311ED4D7774A7DC14E0436D0B90C88ADD9BDA5
SHA-256:	C2DD93EEAFC3E2FD6CCE0EED0633C40D8BF34331760D23A75ADCEA1719A11AE6
SHA-512:	24609B8C01F3420CC19CA8F5AC78867DCAD1DD1A09A4B1C5356F90F0041BBCA322BC0C64D5DE4F565331674CFE15B7BF66AF6B69ACE9D18765A91B044962F781
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Yakutsk) {. {-9223372036854775808 31138 0 LMT}. {-1579423138 28800 0 +08}. {-1247558400 32400 0 +10}. {354898800 36000 1 +10}. {370706400 32400 0 +09}. {386434800 36000 1 +10}. {402242400 32400 0 +09}. {417970800 36000 1 +10}. {433778400 32400 0 +09}. {449593200 36000 1 +10}. {465325200 32400 0 +09}. {481050000 36000 1 +10}. {496774800 32400 0 +09}. {512499600 36000 1 +10}. {528224400 32400 0 +09}. {543949200 36000 1 +10}. {559674000 32400 0 +09}. {575398800 36000 1 +10}. {591123600 32400 0 +09}. {606848400 36000 1 +10}. {622573200 32400 0 +09}. {638298000 36000 1 +10}. {654627600 32400 0 +09}. {670352400 28800 0 +09}. {670356000 32400 1 +09}. {686080800 28800 0 +08}. {695757600 32400 0 +10}. {701802000 36000 1 +10}. {717526800 32400 0 +09}. {733251600 36000 1 +10}. {748976400 32400 0 +09}. {764701200 36000 1 +10}. {780426000 3

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-Q50DP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1583
Entropy (8bit):	3.64822959139346
Encrypted:	false
SSDEEP:
MD5:	E79902C294AEFC5A3A3DCFFF4142E54F
SHA1:	8F9E8413C8F2D1DCF7DB74BE3AF067CBFEF2E73C
SHA-256:	4A254C094E4F5955E33C19E01EF2B8D5B70AC0AD08203FD105F475C8F862F28C
SHA-512:	3283248979FC76BE94D705013728FF206A32B8820D475C4DFC0636D2329E8FA5D251EAE5A21D9A9DC30659A6B567E73A7C614D7DA3F60025BFEA617ACE2EE597
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Qyzylorda) {. {-9223372036854775808 15712 0 LMT}. {-1441167712 14400 0 +04}. {-1247544000 18000 0 +05}. {354913200 21600 1 +06}. {370720800 21600 0 +06}. {386445600 18000 0 +05}. {386449200 21600 1 +05}. {402256800 18000 0 +05}. {417985200 21600 1 +05}. {433792800 18000 0 +05}. {449607600 21600 1 +05}. {465339600 18000 0 +05}. {481064400 21600 1 +05}. {496789200 18000 0 +05}. {512514000 21600 1 +05}. {528238800 18000 0 +05}. {543963600 21600 1 +05}. {559688400 18000 0 +05}. {575413200 21600 1 +05}. {591138000 18000 0 +05}. {606862800 21600 1 +05}. {622587600 18000 0 +05}. {638312400 21600 1 +05}. {654642000 18000 0 +05}. {670366800 14400 0 +04}. {670370400 18000 1 +04}. {701812800 18000 0 +05}. {701816400 21600 1 +05}. {717541200 18000 0 +05}. {733266000 21600 1 +05}. {748990800 18000 0 +05}. {764715600 21600 1 +05}. {780440400

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-QPBFF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	169
Entropy (8bit):	4.800949065138005
Encrypted:	false
SSDEEP:
MD5:	E70F65EBF35BE045F43456A67DEBCD34
SHA1:	EE5669823D60518D0AAB07A7C539B8089807D589
SHA-256:	B8E3F98A20BE938B9B1A6CE1CE4218751393B33E933A8F9278AA3EEECB13D2C6
SHA-512:	9B142D27C92C2478ED086668F8E3DC4BD8E9FDA712D8888469816B4795B5DFDD7F5F22D7BA6A31CA4E32483ABE5A5B4C7CEFC91856B09DDF651E58867FC932C9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Qatar) {. {-9223372036854775808 12368 0 LMT}. {-1577935568 14400 0 +04}. {76190400 10800 0 +03}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-QR73K.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7021
Entropy (8bit):	3.4346704245463338
Encrypted:	false
SSDEEP:
MD5:	E179D37382F44D866D495F5D38FD5D88
SHA1:	35C5BFFE89795786B7ED0BB3B7822666D6BFCB5B
SHA-256:	41F1DBB61094C00E2424E22780930258BC99A71D182E7A181065B0A1A57306F1
SHA-512:	AF1A4AB0BD690F038EBC3AA5CB2CAEE575E639B4504E3BEBC8E1DE85081C780744CBAD5871D62D4F028314D165B4D71E9B3D0B68019FE9D1E49D702101602431
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Tehran) {. {-9223372036854775808 12344 0 LMT}. {-1704165944 12344 0 TMT}. {-757394744 12600 0 +0330}. {247177800 14400 0 +04}. {259272000 18000 1 +04}. {277758000 14400 0 +04}. {283982400 12600 0 +0330}. {290809800 16200 1 +0330}. {306531000 12600 0 +0330}. {322432200 16200 1 +0330}. {338499000 12600 0 +0330}. {673216200 16200 1 +0330}. {685481400 12600 0 +0330}. {701209800 16200 1 +0330}. {717103800 12600 0 +0330}. {732745800 16200 1 +0330}. {748639800 12600 0 +0330}. {764281800 16200 1 +0330}. {780175800 12600 0 +0330}. {795817800 16200 1 +0330}. {811711800 12600 0 +0330}. {827353800 16200 1 +0330}. {843247800 12600 0 +0330}. {858976200 16200 1 +0330}. {874870200 12600 0 +0330}. {890512200 16200 1 +0330}. {906406200 12600 0 +0330}. {922048200 16200 1 +0330}. {937942200 12600 0 +0330}. {953584200 16200 1 +0330}. {969478200 12600 0 +

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-RLG8H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	175
Entropy (8bit):	4.911861786274714
Encrypted:	false
SSDEEP:
MD5:	754059D3B44B7D60FB3BBFC97782C6CF
SHA1:	6AE931805E6A42836D65E4EBC76A58BBFB3DCAF4
SHA-256:	2C2DBD952FDA5CC042073B538C240B11C5C8E614DD4A697E1AA4C80E458575D0
SHA-512:	B5AA4B51699EEAE0D9F91BBAB5B682BD84537C4E2CCE282613E1FFA1DDBE562CA487FB2F8CD006EE9DBC9EFAEFA587EC9998F0364E5C932CDB42C14319328D46
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Bangkok)]} {. LoadTimeZoneFile Asia/Bangkok.}.set TZData(:Asia/Phnom_Penh) $TZData(:Asia/Bangkok).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-RTJ06.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	171
Entropy (8bit):	4.858169634371472
Encrypted:	false
SSDEEP:
MD5:	B678D97B4E6E6112299746833C06C70B
SHA1:	A49BD45DB59BDD3B7BF9159699272389E8EF77AC
SHA-256:	6AEAE87CAD7FE358A5A1BABE6C0244A3F89403FC64C5AA19E1FFDEDCEB6CF57B
SHA-512:	BEA10EAE5941E027D8FE9E5D5C03FAE5DCFEF7603088E71CA7CCD0461851E175AE1CC7592DFBEC63F91D840E4E0AA04B54549EB71303666E6EA16AFFF6EDA058
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Thimphu)]} {. LoadTimeZoneFile Asia/Thimphu.}.set TZData(:Asia/Thimbu) $TZData(:Asia/Thimphu).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-S102I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	177
Entropy (8bit):	4.815975603028152
Encrypted:	false
SSDEEP:
MD5:	37D7B7C1E435E2539FDD83D71149DD9A
SHA1:	F4ADE88DDF244BD2FF5B23714BF7449A74907E08
SHA-256:	78611E8A0EBEBC4CA2A55611FAC1F00F8495CB044B2A6462214494C7D1F5DA6A
SHA-512:	E0C57229DC76746C6424606E41E10E97F0F08DD2B00659172DA35F3444BF48B4BC7E2F339A10ECC21628A683E2CB8B4FA5945B8AC68C6BAFEA720AFBB88C90C6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Shanghai)]} {. LoadTimeZoneFile Asia/Shanghai.}.set TZData(:Asia/Chongqing) $TZData(:Asia/Shanghai).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-S9OBD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	356
Entropy (8bit):	4.4006537789533695
Encrypted:	false
SSDEEP:
MD5:	4074FBEF7DD0DF48AD74BDAED3106A75
SHA1:	FB1E5190EAF8BF9B64EED49F115E34926C1EAF53
SHA-256:	DB6A7EA0DC757706126114BED5E693565938AABFE3DA1670170647CCDE6BE6CD
SHA-512:	A469C09FA6A1DA1DB140BFFECB931DBC4B2315A13B82FCA8813C93954598D03818323B7DDE1106D1F1D815ED69523361369AF883CA4818CA562D728F7A88D8A7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Colombo) {. {-9223372036854775808 19164 0 LMT}. {-2840159964 19172 0 MMT}. {-2019705572 19800 0 +0530}. {-883287000 21600 1 +06}. {-862639200 23400 1 +0630}. {-764051400 19800 0 +0530}. {832962600 23400 0 +0630}. {846266400 21600 0 +06}. {1145039400 19800 0 +0530}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-SLJT8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1991
Entropy (8bit):	3.6170298534050245
Encrypted:	false
SSDEEP:
MD5:	83333A0E3E9810621A8BADA29B04F256
SHA1:	CDC375C93E7F3019562DE7CE1D9EE2776FE7FE9E
SHA-256:	00A9E8DDDC4314F7271F7490001ABD29B6F5EAEB9080645911FF5DA8BD7F671C
SHA-512:	08913E002C7D3D54F0E09029C70A0F2D18636F6F52B12F10593BECF732F40E180780D4C6127E0A3B321EAF54AF660A48E8C3E29A161B6ED6E0E46C06BBD309D6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Krasnoyarsk) {. {-9223372036854775808 22286 0 LMT}. {-1577513486 21600 0 +06}. {-1247551200 25200 0 +08}. {354906000 28800 1 +08}. {370713600 25200 0 +07}. {386442000 28800 1 +08}. {402249600 25200 0 +07}. {417978000 28800 1 +08}. {433785600 25200 0 +07}. {449600400 28800 1 +08}. {465332400 25200 0 +07}. {481057200 28800 1 +08}. {496782000 25200 0 +07}. {512506800 28800 1 +08}. {528231600 25200 0 +07}. {543956400 28800 1 +08}. {559681200 25200 0 +07}. {575406000 28800 1 +08}. {591130800 25200 0 +07}. {606855600 28800 1 +08}. {622580400 25200 0 +07}. {638305200 28800 1 +08}. {654634800 25200 0 +07}. {670359600 21600 0 +07}. {670363200 25200 1 +07}. {686088000 21600 0 +06}. {695764800 25200 0 +08}. {701809200 28800 1 +08}. {717534000 25200 0 +07}. {733258800 28800 1 +08}. {748983600 25200 0 +07}. {764708400 28800 1 +08}. {7804332

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-SOQNK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1535
Entropy (8bit):	3.6833061173791726
Encrypted:	false
SSDEEP:
MD5:	9C497C3C57F4FEE50C6BF35D0A3A7E5F
SHA1:	FAFB3456CADE6AD6FFBADC699AB882FAE2591739
SHA-256:	19855D4B0EEF8CD85D502262DF7B7F15B069B1A4D169FAB0F20F803C598C1D83
SHA-512:	255CDF3333789771240A37CECBEB87EEAAE4561616A7066C935B67B8CA930F026F68A82315083190B175C54FBB4B2DB0126F25FDDD6C09DC374E09833225DFB8
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Ulaanbaatar) {. {-9223372036854775808 25652 0 LMT}. {-2032931252 25200 0 +07}. {252435600 28800 0 +08}. {417974400 32400 1 +08}. {433782000 28800 0 +08}. {449596800 32400 1 +08}. {465318000 28800 0 +08}. {481046400 32400 1 +08}. {496767600 28800 0 +08}. {512496000 32400 1 +08}. {528217200 28800 0 +08}. {543945600 32400 1 +08}. {559666800 28800 0 +08}. {575395200 32400 1 +08}. {591116400 28800 0 +08}. {606844800 32400 1 +08}. {622566000 28800 0 +08}. {638294400 32400 1 +08}. {654620400 28800 0 +08}. {670348800 32400 1 +08}. {686070000 28800 0 +08}. {701798400 32400 1 +08}. {717519600 28800 0 +08}. {733248000 32400 1 +08}. {748969200 28800 0 +08}. {764697600 32400 1 +08}. {780418800 28800 0 +08}. {796147200 32400 1 +08}. {811868400 28800 0 +08}. {828201600 32400 1 +08}. {843922800 28800 0 +08}. {859651200 32400 1 +08}. {875372400

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-T1V1O.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2044
Entropy (8bit):	3.636696819312369
Encrypted:	false
SSDEEP:
MD5:	265EF8FD8FB07585726D3054289A1C48
SHA1:	DDFB1197C7A7455674AA085A6B8089124EB47689
SHA-256:	4CCF3795EF0EF42AA09A9225370E8E1537B53A0231363077DAC385F397208669
SHA-512:	1ACE8C173E87530FCC809814DEA779CB09ED8A277DB3B0519E57727AD3A93F3AFAFAF0F80419A8B6A8FAC1B30600716169BEAE397E34E6BE1A18D0E31DB69B3F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Sakhalin) {. {-9223372036854775808 34248 0 LMT}. {-2031039048 32400 0 +09}. {-768560400 39600 0 +12}. {354891600 43200 1 +12}. {370699200 39600 0 +11}. {386427600 43200 1 +12}. {402235200 39600 0 +11}. {417963600 43200 1 +12}. {433771200 39600 0 +11}. {449586000 43200 1 +12}. {465318000 39600 0 +11}. {481042800 43200 1 +12}. {496767600 39600 0 +11}. {512492400 43200 1 +12}. {528217200 39600 0 +11}. {543942000 43200 1 +12}. {559666800 39600 0 +11}. {575391600 43200 1 +12}. {591116400 39600 0 +11}. {606841200 43200 1 +12}. {622566000 39600 0 +11}. {638290800 43200 1 +12}. {654620400 39600 0 +11}. {670345200 36000 0 +11}. {670348800 39600 1 +11}. {686073600 36000 0 +10}. {695750400 39600 0 +12}. {701794800 43200 1 +12}. {717519600 39600 0 +11}. {733244400 43200 1 +12}. {748969200 39600 0 +11}. {764694000 43200 1 +12}. {780418800 3

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-T60AQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1563
Entropy (8bit):	3.6863846285633057
Encrypted:	false
SSDEEP:
MD5:	799F0221A1834C723E6BBA2D00727156
SHA1:	569BBC1F20F7157ECF753A8DEB49156B260A96E0
SHA-256:	02FF47A619BE154A88530BA8C83F5D52277FA8E8F7941C0D33F89161CE1B5503
SHA-512:	535812754A92E251A9C86C20E3032A6B363F77F6839C95DAD6ED18200ACAA3075E602AD626F50B84EB931D1D33BD0E00CA5AE1D1D95DEBECDE57EE9E65A137DF
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Choibalsan) {. {-9223372036854775808 27480 0 LMT}. {-2032933080 25200 0 +07}. {252435600 28800 0 +08}. {417974400 36000 0 +09}. {433778400 32400 0 +09}. {449593200 36000 1 +09}. {465314400 32400 0 +09}. {481042800 36000 1 +09}. {496764000 32400 0 +09}. {512492400 36000 1 +09}. {528213600 32400 0 +09}. {543942000 36000 1 +09}. {559663200 32400 0 +09}. {575391600 36000 1 +09}. {591112800 32400 0 +09}. {606841200 36000 1 +09}. {622562400 32400 0 +09}. {638290800 36000 1 +09}. {654616800 32400 0 +09}. {670345200 36000 1 +09}. {686066400 32400 0 +09}. {701794800 36000 1 +09}. {717516000 32400 0 +09}. {733244400 36000 1 +09}. {748965600 32400 0 +09}. {764694000 36000 1 +09}. {780415200 32400 0 +09}. {796143600 36000 1 +09}. {811864800 32400 0 +09}. {828198000 36000 1 +09}. {843919200 32400 0 +09}. {859647600 36000 1 +09}. {875368800

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-TF229.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	179
Entropy (8bit):	4.786408960928606
Encrypted:	false
SSDEEP:
MD5:	A30FEA461B22B2CB3A67A616E3AE08FD
SHA1:	F368B215E15F6F518AEBC92289EE703DCAE849A1
SHA-256:	1E2A1569FE432CDA75C64FA55E24CA6F938C1C72C15FBB280D5B04F6C5E9AD69
SHA-512:	4F3D0681791C23EF19AFF239D2932D2CE1C991406F6DC8E313C083B5E03D806D26337ED2477700596D9A9F4FB1B7FC4A551F897A2A88CB7253CC7F863E586F03
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Kathmandu)]} {. LoadTimeZoneFile Asia/Kathmandu.}.set TZData(:Asia/Katmandu) $TZData(:Asia/Kathmandu).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-TFGD2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	719
Entropy (8bit):	4.129493275264732
Encrypted:	false
SSDEEP:
MD5:	7F24687F220D3B7F3C08A1F09F86BAEF
SHA1:	2D96019AE5137935F7A43FCFD229645D656E21AF
SHA-256:	8DBBFEEDD583DBE60E88E381D511B72DDD7AE93FEB64A2F97D6CDBF6B92A0775
SHA-512:	BFD955BA4A284D91542D15CAE849C162D1470167D65365FF93B117D7B4361DB314ABEF5448CF5BA382002726D472FA74C3B9DD5B43CD539395FDC8241E4A0248
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Seoul) {. {-9223372036854775808 30472 0 LMT}. {-1948782472 30600 0 KST}. {-1830414600 32400 0 JST}. {-767350800 32400 0 KST}. {-498128400 30600 0 KST}. {-462702600 34200 1 KDT}. {-451733400 30600 0 KST}. {-429784200 34200 1 KDT}. {-418296600 30600 0 KST}. {-399544200 34200 1 KDT}. {-387451800 30600 0 KST}. {-368094600 34200 1 KDT}. {-356002200 30600 0 KST}. {-336645000 34200 1 KDT}. {-324552600 30600 0 KST}. {-305195400 34200 1 KDT}. {-293103000 30600 0 KST}. {-264933000 32400 0 KST}. {547578000 36000 1 KDT}. {560883600 32400 0 KST}. {579027600 36000 1 KDT}. {592333200 32400 0 KST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-TN64P.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1669
Entropy (8bit):	3.588597734517364
Encrypted:	false
SSDEEP:
MD5:	EEA5CEEDA499381B331676CF2D3B1189
SHA1:	BC1D3871CC170F0BCBAE567C0D934CC131A7E410
SHA-256:	260F3F9A9209170AC02961E881F02AA6D6C720BAACC29756CF1CC730FACCF662
SHA-512:	0E8FF6B4EF0E102152B20D3C819F2673B6426B3D56DF42F89F44EB4467D0CA45F3D49B6564DA6FCB88BDB1887AF39382766F75FE3A3977CFB4408E06C6D1C062
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Tbilisi) {. {-9223372036854775808 10751 0 LMT}. {-2840151551 10751 0 TBMT}. {-1441162751 10800 0 +03}. {-405140400 14400 0 +04}. {354916800 18000 1 +04}. {370724400 14400 0 +04}. {386452800 18000 1 +04}. {402260400 14400 0 +04}. {417988800 18000 1 +04}. {433796400 14400 0 +04}. {449611200 18000 1 +04}. {465343200 14400 0 +04}. {481068000 18000 1 +04}. {496792800 14400 0 +04}. {512517600 18000 1 +04}. {528242400 14400 0 +04}. {543967200 18000 1 +04}. {559692000 14400 0 +04}. {575416800 18000 1 +04}. {591141600 14400 0 +04}. {606866400 18000 1 +04}. {622591200 14400 0 +04}. {638316000 18000 1 +04}. {654645600 14400 0 +04}. {670370400 10800 0 +03}. {670374000 14400 1 +03}. {686098800 10800 0 +03}. {694213200 10800 0 +03}. {701816400 14400 1 +03}. {717537600 10800 0 +03}. {733266000 14400 1 +03}. {748987200 10800 0 +03}. {764715600

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-U296H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	169
Entropy (8bit):	4.920527043039276
Encrypted:	false
SSDEEP:
MD5:	9A66108527388564A9FBDB87D586105F
SHA1:	945E043A3CC45A4654C2D745A48E1D15F80A3CB5
SHA-256:	E2965AF4328FB065A82E8A21FF342C29A5942C2EDD304CE1C9087A23A91B65E1
SHA-512:	C3985D972AFB27E194CBE117E6CF8C45AA5A1B6504133FF85D52E8024387133D11F9EE7238FF87DC1D96F140B9467E6DB3F99B0B98299E6782A643288ABD3308
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Urumqi)]} {. LoadTimeZoneFile Asia/Urumqi.}.set TZData(:Asia/Kashgar) $TZData(:Asia/Urumqi).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-U60NS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2141
Entropy (8bit):	3.8815104664173843
Encrypted:	false
SSDEEP:
MD5:	DC20959BDB02CF86A33CE2C82D4D9853
SHA1:	90FC1820FA0E3B1C4BD2158185F95DCD1AA271D6
SHA-256:	6263F011537DB5CAF6B09F16D55DADE527A475AEE04F1BA38A75D13E9D125355
SHA-512:	8C6D0FA9584595B93A563D60387520CE9B28595C2C3880004275BAE66313A7606379646D27FB5EB91EC8D96D3B23959E2F9E3ABC97C203FD76E1DCC5ABB64374
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Macau) {. {-9223372036854775808 27250 0 LMT}. {-2056692850 28800 0 CST}. {-884509200 32400 0 +09}. {-873280800 36000 1 +09}. {-855918000 32400 0 +09}. {-841744800 36000 1 +09}. {-828529200 32400 0 +10}. {-765363600 28800 0 CT}. {-747046800 32400 1 CDT}. {-733827600 28800 0 CST}. {-716461200 32400 1 CDT}. {-697021200 28800 0 CST}. {-683715600 32400 1 CDT}. {-667990800 28800 0 CST}. {-654771600 32400 1 CDT}. {-636627600 28800 0 CST}. {-623322000 32400 1 CDT}. {-605178000 28800 0 CST}. {-591872400 32400 1 CDT}. {-573642000 28800 0 CST}. {-559818000 32400 1 CDT}. {-541674000 28800 0 CST}. {-528368400 32400 1 CDT}. {-510224400 28800 0 CST}. {-498128400 32400 1 CDT}. {-478774800 28800 0 CST}. {-466678800 32400 1 CDT}. {-446720400 28800 0 CST}. {-435229200 32400 1 CDT}. {-415258200 28800 0 CST}. {-403158600 32400 1 CDT}. {-383808600 2880

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Asia\is-V67T0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	357
Entropy (8bit):	4.4086954127843585
Encrypted:	false
SSDEEP:
MD5:	88C82B18565C27E050074AD02536D257
SHA1:	9A150FCD9FAA0E903D70A719D949D00D82F531E3
SHA-256:	BC07AE610EF38F63EFF384E0815F6F64E79C61297F1C21469B2C5F19679CEAFB
SHA-512:	29152E0359BC0FB8648BC959DE01D0BCCD17EB928AE000FF77958E7F00FF7D65BFD2C740B438E114D53ABA260B7855B2695EF7C0484850A77FFF34F7A0B255CC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Jakarta) {. {-9223372036854775808 25632 0 LMT}. {-3231299232 25632 0 BMT}. {-1451719200 26400 0 +0720}. {-1172906400 27000 0 +0730}. {-876641400 32400 0 +09}. {-766054800 27000 0 +0730}. {-683883000 28800 0 +08}. {-620812800 27000 0 +0730}. {-189415800 25200 0 WIB}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Atlantic\is-3J14F.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	154
Entropy (8bit):	4.967019958156088
Encrypted:	false
SSDEEP:
MD5:	421C0110145FB8288B08133DD1409E75
SHA1:	CD2D62E739FF1715268B6DFB2C523ED3C76B7A90
SHA-256:	4B78F3E086B2A8B4366362AB5CEF2DF6A28E2B0EA8279C0FE9414E974BBC2E08
SHA-512:	3B20413C6E15A846B3CC730EBCD77D8AA170ECC262E160BB996AA79173F30D42588352C38EA1B44539A62D77B2BC8418A3C4B7507997AF4F15FBD647BF567A88
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/South_Georgia) {. {-9223372036854775808 -8768 0 LMT}. {-2524512832 -7200 0 -02}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Atlantic\is-5OIO6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6609
Entropy (8bit):	3.7165368441152715
Encrypted:	false
SSDEEP:
MD5:	230C7B4BB6D64818889E573ADBE97E35
SHA1:	97E6D43C3F9446C9A224DAF69F31CA55721BFC59
SHA-256:	6CDA69514774093B7219BB079077322F5C783DBAD137F89181E8434D8BD2A6CF
SHA-512:	A17246BC44C1FDC971304E0D2E8F721E254880FB725F1AACCA05645FFE82F2AF3791234F02824E357CBDD51D529C882E21B8712735C32420074F3B75813DE27C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Canary) {. {-9223372036854775808 -3696 0 LMT}. {-1509663504 -3600 0 -01}. {-733874400 0 0 WET}. {323827200 3600 1 WEST}. {338950800 0 0 WET}. {354675600 3600 1 WEST}. {370400400 0 0 WET}. {386125200 3600 1 WEST}. {401850000 0 0 WET}. {417574800 3600 1 WEST}. {433299600 0 0 WET}. {449024400 3600 1 WEST}. {465354000 0 0 WET}. {481078800 3600 1 WEST}. {496803600 0 0 WET}. {512528400 3600 1 WEST}. {528253200 0 0 WET}. {543978000 3600 1 WEST}. {559702800 0 0 WET}. {575427600 3600 1 WEST}. {591152400 0 0 WET}. {606877200 3600 1 WEST}. {622602000 0 0 WET}. {638326800 3600 1 WEST}. {654656400 0 0 WET}. {670381200 3600 1 WEST}. {686106000 0 0 WET}. {701830800 3600 1 WEST}. {717555600 0 0 WET}. {733280400 3600 1 WEST}. {749005200 0 0 WET}. {764730000 3600 1 WEST}. {780454800 0 0 WET}. {796179600 3600 1 WEST}. {811904400 0 0 WET

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Atlantic\is-GANSP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9474
Entropy (8bit):	3.4598088631836625
Encrypted:	false
SSDEEP:
MD5:	E9C33EAACFD20C021CE94292068CC1D8
SHA1:	9F8C0A4E07C33349C6ACDB0564771AEB11098B9D
SHA-256:	8E2B427733BF8DBCE5171DC57F0892F0987CF1BD7941DA40048CB53B86B23E0D
SHA-512:	8C77CF236855C51E03911A8203A2E81FC728C21A904B4962EA18F5FD39B00174D8A365FC0CA42E4EDE12DA84DD6445CFBB1B3E922189EB6B13AF6BC802E2B405
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Azores) {. {-9223372036854775808 -6160 0 LMT}. {-2713904240 -6872 0 HMT}. {-1830376800 -7200 0 -02}. {-1689548400 -3600 1 -01}. {-1677794400 -7200 0 -02}. {-1667430000 -3600 1 -01}. {-1647730800 -7200 0 -02}. {-1635807600 -3600 1 -01}. {-1616194800 -7200 0 -02}. {-1604358000 -3600 1 -01}. {-1584658800 -7200 0 -02}. {-1572735600 -3600 1 -01}. {-1553036400 -7200 0 -02}. {-1541199600 -3600 1 -01}. {-1521500400 -7200 0 -02}. {-1442444400 -3600 1 -01}. {-1426806000 -7200 0 -02}. {-1379286000 -3600 1 -01}. {-1364770800 -7200 0 -02}. {-1348441200 -3600 1 -01}. {-1333321200 -7200 0 -02}. {-1316386800 -3600 1 -01}. {-1301266800 -7200 0 -02}. {-1284332400 -3600 1 -01}. {-1269817200 -7200 0 -02}. {-1221433200 -3600 1 -01}. {-1206918000 -7200 0 -02}. {-1191193200 -3600 1 -01}. {-1175468400 -7200 0 -02}. {-1127689200 -3600 1 -01}. {-111196440

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Atlantic\is-HU9VU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	181
Entropy (8bit):	4.655846706649014
Encrypted:	false
SSDEEP:
MD5:	08C5EE09B8BE16C5E974BA8070D448EA
SHA1:	D171C194F6D61A891D3390FF6492AEFB0F67646A
SHA-256:	7C6A6BCF5AAEAB1BB57482DF1BBC934D367390782F6D8C5783DBBBE663169A9B
SHA-512:	E885F3C30DBE178F88464ED505BA1B838848E6BB15C0D27733932CD0634174D9645C5098686E183CC93CB46DE7EB0DBF2EB64CB77A50FC337E2581E25107C9A6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Atlantic/Faroe)]} {. LoadTimeZoneFile Atlantic/Faroe.}.set TZData(:Atlantic/Faeroe) $TZData(:Atlantic/Faroe).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Atlantic\is-LDPRJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	237
Entropy (8bit):	4.579111187402317
Encrypted:	false
SSDEEP:
MD5:	51BE50511F1FA17A6AF9D4AE892FAFDA
SHA1:	2491743E429AAE5DF70CC3E791DC9875E30F152D
SHA-256:	E444B51A4511F83D616E816B770A60088EA94B9286112F47331122F44119541D
SHA-512:	A509146E25174D9938AF13B78CF052E45F50A61B834C276607B281EF7B81C6696A793A3769B355C8C804A74F37ADDEBBCDC2A69E3B938EB5A2A9742BE135A4A7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Cape_Verde) {. {-9223372036854775808 -5644 0 LMT}. {-1830376800 -7200 0 -02}. {-862610400 -3600 1 -01}. {-764118000 -7200 0 -02}. {186120000 -3600 0 -01}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Atlantic\is-N59LH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9307
Entropy (8bit):	3.715509739111961
Encrypted:	false
SSDEEP:
MD5:	5D2EAAA0D116DD1C7965FCB229678FB4
SHA1:	DA59652A8E57DE9FAF02ED6EB9D863CD34642E6C
SHA-256:	8AAF754C1F9AABEA185808F21B864B02815D24451DB38BE8629DA4C57141E8F5
SHA-512:	E561B09A53CEC764B0B2B2544E774577553F6DFEFB80AEC04698C2B0FBEBBC7F03E11C31627654346752B4F85BB3EF669397162599F3ED6B8B8D286521447361
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Madeira) {. {-9223372036854775808 -4056 0 LMT}. {-2713906344 -4056 0 FMT}. {-1830380400 -3600 0 -01}. {-1689552000 0 1 +00}. {-1677798000 -3600 0 -01}. {-1667433600 0 1 +00}. {-1647734400 -3600 0 -01}. {-1635811200 0 1 +00}. {-1616198400 -3600 0 -01}. {-1604361600 0 1 +00}. {-1584662400 -3600 0 -01}. {-1572739200 0 1 +00}. {-1553040000 -3600 0 -01}. {-1541203200 0 1 +00}. {-1521504000 -3600 0 -01}. {-1442448000 0 1 +00}. {-1426809600 -3600 0 -01}. {-1379289600 0 1 +00}. {-1364774400 -3600 0 -01}. {-1348444800 0 1 +00}. {-1333324800 -3600 0 -01}. {-1316390400 0 1 +00}. {-1301270400 -3600 0 -01}. {-1284336000 0 1 +00}. {-1269820800 -3600 0 -01}. {-1221436800 0 1 +00}. {-1206921600 -3600 0 -01}. {-1191196800 0 1 +00}. {-1175472000 -3600 0 -01}. {-1127692800 0 1 +00}. {-1111968000 -3600 0 -01}. {-1096848000 0 1 +00}. {-10805184

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Atlantic\is-OTISQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2181
Entropy (8bit):	3.570822154620431
Encrypted:	false
SSDEEP:
MD5:	747D86EC0B020967D989E3D6C4DD273F
SHA1:	567F9E398FEDF58D68F73EB16CE33F8483B44ECE
SHA-256:	F88641114EC11D4129EEFE59CCD587AAD9C1898C3AFEE8A7CB85962312637640
SHA-512:	B7A97E1DCC9E52A0565B50C8865A955924AFED08C21BC1DCCF73A3327C98D0A98706C03913A4872BD24DD2167B2170A6134CA177B20305DEF23D72ADDD668FB0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Stanley) {. {-9223372036854775808 -13884 0 LMT}. {-2524507716 -13884 0 SMT}. {-1824235716 -14400 0 -04}. {-1018209600 -10800 1 -04}. {-1003093200 -14400 0 -04}. {-986760000 -10800 1 -04}. {-971643600 -14400 0 -04}. {-954705600 -10800 1 -04}. {-939589200 -14400 0 -04}. {-923256000 -10800 1 -04}. {-908139600 -14400 0 -04}. {-891806400 -10800 1 -04}. {-876690000 -14400 0 -04}. {-860356800 -10800 1 -04}. {420606000 -7200 0 -03}. {433303200 -7200 1 -03}. {452052000 -10800 0 -03}. {464151600 -7200 1 -03}. {483501600 -10800 0 -03}. {495597600 -14400 0 -04}. {495604800 -10800 1 -04}. {514350000 -14400 0 -04}. {527054400 -10800 1 -04}. {545799600 -14400 0 -04}. {558504000 -10800 1 -04}. {577249200 -14400 0 -04}. {589953600 -10800 1 -04}. {608698800 -14400 0 -04}. {621403200 -10800 1 -04}. {640753200 -14400 0 -04}. {652852800 -10800 1 -04}

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Atlantic\is-RC1LS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6551
Entropy (8bit):	3.7148806034051316
Encrypted:	false
SSDEEP:
MD5:	918E1825106C5C73B203B718918311DC
SHA1:	7C31B3521B396FE6BE7162BAECC4CFB4740F622B
SHA-256:	B648E691D8F3417B77EFB6D6C2F5052B3C4EAF8B5354E018EE2E9BD26F867B71
SHA-512:	5B1B5FE82A13127E3C63C8FB0A8CBD45A7277EF29720B937BB3174E8301830018755416D604F3551622E2E4D365D35E4EE1DF39B587A73E43AE0C68D1996B771
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Faroe) {. {-9223372036854775808 -1624 0 LMT}. {-1955748776 0 0 WET}. {347155200 0 0 WET}. {354675600 3600 1 WEST}. {370400400 0 0 WET}. {386125200 3600 1 WEST}. {401850000 0 0 WET}. {417574800 3600 1 WEST}. {433299600 0 0 WET}. {449024400 3600 1 WEST}. {465354000 0 0 WET}. {481078800 3600 1 WEST}. {496803600 0 0 WET}. {512528400 3600 1 WEST}. {528253200 0 0 WET}. {543978000 3600 1 WEST}. {559702800 0 0 WET}. {575427600 3600 1 WEST}. {591152400 0 0 WET}. {606877200 3600 1 WEST}. {622602000 0 0 WET}. {638326800 3600 1 WEST}. {654656400 0 0 WET}. {670381200 3600 1 WEST}. {686106000 0 0 WET}. {701830800 3600 1 WEST}. {717555600 0 0 WET}. {733280400 3600 1 WEST}. {749005200 0 0 WET}. {764730000 3600 1 WEST}. {780454800 0 0 WET}. {796179600 3600 1 WEST}. {811904400 0 0 WET}. {828234000 3600 1 WEST}. {846378000 0 0 WET}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Atlantic\is-S134P.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	175
Entropy (8bit):	4.92967249261586
Encrypted:	false
SSDEEP:
MD5:	AD9B5217497DBC1CE598573B85F3C056
SHA1:	60984544F5BBD4A5B2B8F43741D66A573A2CF1DC
SHA-256:	BE291E952254B6F0C95C2E2497BE12410D7F1E36D0D1035B3A9BC65D0EDCB65F
SHA-512:	F5D47008495425C386EBAB426195393168E402726405CF23826571E548A3CEFABBA51D87D637C0724FF2CC4F1276D81EACF14D0F9CFC7CBFCC025EEFA0960278
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Oslo)]} {. LoadTimeZoneFile Europe/Oslo.}.set TZData(:Atlantic/Jan_Mayen) $TZData(:Europe/Oslo).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Atlantic\is-S2KOO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	184
Entropy (8bit):	4.831929124818878
Encrypted:	false
SSDEEP:
MD5:	8F4668F0D79577139B59A80D714E45A5
SHA1:	BCD79EDCCB687A2E74794B8CFDE99A7FEC294811
SHA-256:	C78C4E980A378B781ED6D2EA72ABAEF8FFED186538DEB18B61D94B575734FC6A
SHA-512:	08D1472377229BC76A496259344263993791B4DF3F83D94F798779249A5CAE15F6B4341A665387780EA8B1278E9D5FFBCA1BCDE06B3E54750E32078FA482ABD6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Atlantic/St_Helena) $TZData(:Africa/Abidjan).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Atlantic\is-VFE8L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1962
Entropy (8bit):	3.623004596418002
Encrypted:	false
SSDEEP:
MD5:	0E3020348755C67F6A48F4C3F0F4E51D
SHA1:	FBA44F3DEBC47274A1C9CC4AE5A5F9B363157BF1
SHA-256:	83566E49A37703E11CF0884558BE3DD8827BD79409D04C5D053BCA69D666CEC8
SHA-512:	97F78A8C98B03705188B6F4D622F3B88D7C85B2FF1578DA24C4CD85C163FB05DBD908413B5F355F001755705F22943B1DA6C2A58A902751787238110D2A81F95
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Reykjavik) {. {-9223372036854775808 -5280 0 LMT}. {-1956609120 -3600 0 -01}. {-1668211200 0 1 -01}. {-1647212400 -3600 0 -01}. {-1636675200 0 1 -01}. {-1613430000 -3600 0 -01}. {-1605139200 0 1 -01}. {-1581894000 -3600 0 -01}. {-1539561600 0 1 -01}. {-1531350000 -3600 0 -01}. {-968025600 0 1 -01}. {-952293600 -3600 0 -01}. {-942008400 0 1 -01}. {-920239200 -3600 0 -01}. {-909957600 0 1 -01}. {-888789600 -3600 0 -01}. {-877903200 0 1 -01}. {-857944800 -3600 0 -01}. {-846453600 0 1 -01}. {-826495200 -3600 0 -01}. {-815004000 0 1 -01}. {-795045600 -3600 0 -01}. {-783554400 0 1 -01}. {-762991200 -3600 0 -01}. {-752104800 0 1 -01}. {-731541600 -3600 0 -01}. {-717631200 0 1 -01}. {-700092000 -3600 0 -01}. {-686181600 0 1 -01}. {-668642400 -3600 0 -01}. {-654732000 0 1 -01}. {-636588000 -3600 0 -01}. {-623282400 0 1 -01}. {-605

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Atlantic\is-VOVJ5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7684
Entropy (8bit):	3.7376923223964162
Encrypted:	false
SSDEEP:
MD5:	E55A91A96E1DC267AAEFAF27866F0A90
SHA1:	A3E8DB332114397F4F487256E9168E73784D3637
SHA-256:	A2EB47B25B3A389907DD242C86288073B0694B030B244CCF90421C0B510267BD
SHA-512:	9A8140365D76F1A83A98A35593638F2C047B3D2B1E9D0F6ACB2B321EBDB9CC5B6C8CCD3C110B127A12DCDB7D9ED16A8F7DB7DA7A8B4587486D060FACCA23F993
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Bermuda) {. {-9223372036854775808 -15558 0 LMT}. {-1262281242 -14400 0 AST}. {136360800 -10800 0 ADT}. {152082000 -14400 0 AST}. {167810400 -10800 1 ADT}. {183531600 -14400 0 AST}. {189316800 -14400 0 AST}. {199260000 -10800 1 ADT}. {215586000 -14400 0 AST}. {230709600 -10800 1 ADT}. {247035600 -14400 0 AST}. {262764000 -10800 1 ADT}. {278485200 -14400 0 AST}. {294213600 -10800 1 ADT}. {309934800 -14400 0 AST}. {325663200 -10800 1 ADT}. {341384400 -14400 0 AST}. {357112800 -10800 1 ADT}. {372834000 -14400 0 AST}. {388562400 -10800 1 ADT}. {404888400 -14400 0 AST}. {420012000 -10800 1 ADT}. {436338000 -14400 0 AST}. {452066400 -10800 1 ADT}. {467787600 -14400 0 AST}. {483516000 -10800 1 ADT}. {499237200 -14400 0 AST}. {514965600 -10800 1 ADT}. {530686800 -14400 0 AST}. {544600800 -10800 1 ADT}. {562136400 -14400 0 AST}. {576050

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Australia\is-46DL2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8066
Entropy (8bit):	3.763781985138297
Encrypted:	false
SSDEEP:
MD5:	B3498EEA194DDF38C732269A47050CAA
SHA1:	C32B703AA1FA34D890D151300A2B21E0FA8F55D3
SHA-256:	0EE9BE0F0D6EC0CE10DEA1BE7A9F494C74B747418E966B85EC1FFB15F6F22A4F
SHA-512:	A9419B797B1518AAEEE27A1796D0D024847F7A61D26238F1643EBD6131A6B36007FBABD9E766C3D4ED61B006FD31FC4555CB54B8681E7DBDEC26B38144D64BC9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Sydney) {. {-9223372036854775808 36292 0 LMT}. {-2364113092 36000 0 AEST}. {-1672567140 39600 1 AEDT}. {-1665392400 36000 0 AEST}. {-883641600 39600 1 AEDT}. {-876128400 36000 0 AEST}. {-860400000 39600 1 AEDT}. {-844678800 36000 0 AEST}. {-828345600 39600 1 AEDT}. {-813229200 36000 0 AEST}. {31500000 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {89136000 39600 1 AEDT}. {100022400 36000 0 AEST}. {120585600 39600 1 AEDT}. {131472000 36000 0 AEST}. {152035200 39600 1 AEDT}. {162921600 36000 0 AEST}. {183484800 39600 1 AEDT}. {194976000 36000 0 AEST}. {215539200 39600 1 AEDT}. {226425600 36000 0 AEST}. {246988800 39600 1 AEDT}. {257875200 36000 0 AEST}. {278438400 39600 1 AEDT}. {289324800 36000 0 AEST}. {309888000 39600 1 AEDT}. {320774400 36000 0 AEST}. {341337600 39600 1 AEDT}. {352224000 36000 0 AEST}. {3

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Australia\is-4RVLV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	734
Entropy (8bit):	4.049000512576295
Encrypted:	false
SSDEEP:
MD5:	F997E4624049132CEC09AC77FBA839E3
SHA1:	7BD0097EF75621646CE1969A61596F7FA2E75188
SHA-256:	C3E63F8BC7739A23C21DE71425EDDA7927C31D00BC9E23D3A265C93885248991
SHA-512:	B50EDBBA11D1B8FC7DF13A9DBDE9314E1694E36F2CB810C0160406406161CC8FD52BDBFD13D10EEABE2859FA7AEBC35EBF9AB826EB92BBF26D92EEDD15633649
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Eucla) {. {-9223372036854775808 30928 0 LMT}. {-2337928528 31500 0 +0945}. {-1672562640 35100 1 +0945}. {-1665387900 31500 0 +0945}. {-883637100 35100 1 +0945}. {-876123900 31500 0 +0945}. {-860395500 35100 1 +0945}. {-844674300 31500 0 +0945}. {-836473500 35100 0 +0945}. {152039700 35100 1 +0945}. {162926100 31500 0 +0945}. {436295700 35100 1 +0945}. {447182100 31500 0 +0945}. {690311700 35100 1 +0945}. {699383700 31500 0 +0945}. {1165079700 35100 1 +0945}. {1174756500 31500 0 +0945}. {1193505300 35100 1 +0945}. {1206810900 31500 0 +0945}. {1224954900 35100 1 +0945}. {1238260500 31500 0 +0945}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Australia\is-51LVR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	183
Entropy (8bit):	4.781808870279912
Encrypted:	false
SSDEEP:
MD5:	9E0EF0058DDA86016547F2BFE421DE74
SHA1:	5DB6AEAC6B0A42FEAE28BB1A45679BC235F4E5BF
SHA-256:	FC952BE48F11362981CDC8859F9C634312E5805F2F1513159F25AEFCE664867C
SHA-512:	C60E5A63378F8424CE8D862A575DFE138646D5E88C6A34562A77BEC4B34EA3ED3085424E2130E610197164C7E88805DC6CDE46416EB45DC256F387F632F48CA7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Perth)]} {. LoadTimeZoneFile Australia/Perth.}.set TZData(:Australia/West) $TZData(:Australia/Perth).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Australia\is-538K4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	199
Entropy (8bit):	4.7697171393457936
Encrypted:	false
SSDEEP:
MD5:	BD2EA272B8DF472E29B7DD0506287E92
SHA1:	55BF3A3B6398F9FF1DB3A46998A4EFF44F6F325C
SHA-256:	EE35DF8BBCD6A99A5550F67F265044529BD7AF6A83087DD73CA0BE1EE5C8BF51
SHA-512:	82B18D2C9BA7113C2714DC79A87101FFB0C36E5520D61ADEAB8A31AD219E51A6402A6C8A8FD7120A330FE8847FF8F083397A1BF5889B73484FBAA6F99497DE48
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Melbourne)]} {. LoadTimeZoneFile Australia/Melbourne.}.set TZData(:Australia/Victoria) $TZData(:Australia/Melbourne).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Australia\is-6PJ66.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	198
Entropy (8bit):	4.75392731256171
Encrypted:	false
SSDEEP:
MD5:	D12C6F15F8BFCA19FA402DAE16FC9529
SHA1:	0869E6D11681D74CC3301F4538D98A225BE7C2E1
SHA-256:	77EA0243A11D187C995CE8D83370C6682BC39D2C39809892A48251123FF19A1E
SHA-512:	A98D1AF1FC3E849CCF9E9CC090D3C65B7104C164762F88B6048EA2802F17D635C2E66BE2661338C1DD604B550A267678245DE867451A1412C4C06411A21BE3A9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Brisbane)]} {. LoadTimeZoneFile Australia/Brisbane.}.set TZData(:Australia/Queensland) $TZData(:Australia/Brisbane).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Australia\is-7I3B2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	651
Entropy (8bit):	4.265580091557009
Encrypted:	false
SSDEEP:
MD5:	296B4B78CEE05805E5EE53B4D5F7284F
SHA1:	DDB5B448E99F278C633B2DBD5A816C4DE28DC726
SHA-256:	2580C3EEEC029572A1FF629E393F64E326DEDAA96015641165813718A8891C4D
SHA-512:	9DE71000BB8AC48A82D83399BD707B661B50882EEBFE2A7E58A81A2F6C04B1F711DAE3AA09A77A9EE265FB633B8883D2C01867AF96F8BE5137119E4FB447DF8C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Brisbane) {. {-9223372036854775808 36728 0 LMT}. {-2366791928 36000 0 AEST}. {-1672567140 39600 1 AEDT}. {-1665392400 36000 0 AEST}. {-883641600 39600 1 AEDT}. {-876128400 36000 0 AEST}. {-860400000 39600 1 AEDT}. {-844678800 36000 0 AEST}. {-828345600 39600 1 AEDT}. {-813229200 36000 0 AEST}. {31500000 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {625593600 39600 1 AEDT}. {636480000 36000 0 AEST}. {657043200 39600 1 AEDT}. {667929600 36000 0 AEST}. {688492800 39600 1 AEDT}. {699379200 36000 0 AEST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Australia\is-7IPP1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	190
Entropy (8bit):	4.7264864039237215
Encrypted:	false
SSDEEP:
MD5:	C7C9CDC9EC855D2F0C23673FA0BAFFB6
SHA1:	4C79E1C17F418CEE4BE8F638F34201EE843D8E28
SHA-256:	014B3D71CE6BD77AD653047CF185EA03C870D78196A236693D7610FED7F30B6F
SHA-512:	79AE11CE076BFB87C0AAD35E9AF6E760FC592F1D086EB78E6DF88744F502ED4248853A0EAD72ADA8EA9583161925802EE5E46E3AA8CE8CF873852C26B4FDC05B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Hobart)]} {. LoadTimeZoneFile Australia/Hobart.}.set TZData(:Australia/Tasmania) $TZData(:Australia/Hobart).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Australia\is-9KCOC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8097
Entropy (8bit):	3.7668602204696375
Encrypted:	false
SSDEEP:
MD5:	7E0D1435E11C9AE84EF1A863D1D90C61
SHA1:	CE76A3D902221F0EF9D8C25EB2D46A63D0D09D0B
SHA-256:	3C0B35627729316A391C5A0BEE3A0E353A0BAEAD5E49CE7827E53D0F49FD6723
SHA-512:	D262294AC611396633184147B0F6656290BF97A298D6F7EC025E1D88AAC5343363744FD1CB849CDE84F3C1B2CF860CFA7CA43453ADBF68B0903DA1361F0DCD69
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Currie) {. {-9223372036854775808 34528 0 LMT}. {-2345794528 36000 0 AEST}. {-1680508800 39600 1 AEDT}. {-1669892400 39600 0 AEDT}. {-1665392400 36000 0 AEST}. {-883641600 39600 1 AEDT}. {-876128400 36000 0 AEST}. {-860400000 39600 1 AEDT}. {-844678800 36000 0 AEST}. {-828345600 39600 1 AEDT}. {-813229200 36000 0 AEST}. {47138400 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {89136000 39600 1 AEDT}. {100022400 36000 0 AEST}. {120585600 39600 1 AEDT}. {131472000 36000 0 AEST}. {152035200 39600 1 AEDT}. {162921600 36000 0 AEST}. {183484800 39600 1 AEDT}. {194976000 36000 0 AEST}. {215539200 39600 1 AEDT}. {226425600 36000 0 AEST}. {246988800 39600 1 AEDT}. {257875200 36000 0 AEST}. {278438400 39600 1 AEDT}. {289324800 36000 0 AEST}. {309888000 39600 1 AEDT}. {320774400 36000 0 AEST}. {341337600 39600 1 AEDT}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Australia\is-AO37F.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7519
Entropy (8bit):	3.4688530726187112
Encrypted:	false
SSDEEP:
MD5:	169FF1BE6B6407E853AAF9F6E9A9A047
SHA1:	C573582B8EF897D3AE5CA0FB089BE31F6ED076EB
SHA-256:	3C7C5CF7300957F73E9249FC8BF282F7CEE262849DD5D326F476E1AE8A7B8DD5
SHA-512:	BD8315022E8B190976FCED98252FCA0C248D857AC5045D741F6902871F0E3C158B248628DF9BA124A38AE878398F8BEA614254400F329D01F60EE50666AEE118
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Lord_Howe) {. {-9223372036854775808 38180 0 LMT}. {-2364114980 36000 0 AEST}. {352216800 37800 0 +1030}. {372785400 41400 1 +1030}. {384273000 37800 0 +1030}. {404839800 41400 1 +1030}. {415722600 37800 0 +1030}. {436289400 41400 1 +1030}. {447172200 37800 0 +1030}. {467739000 41400 1 +1030}. {478621800 37800 0 +1030}. {488984400 37800 0 +1030}. {499188600 39600 1 +1030}. {511282800 37800 0 +1030}. {530033400 39600 1 +1030}. {542732400 37800 0 +1030}. {562087800 39600 1 +1030}. {574786800 37800 0 +1030}. {594142200 39600 1 +1030}. {606236400 37800 0 +1030}. {625591800 39600 1 +1030}. {636476400 37800 0 +1030}. {657041400 39600 1 +1030}. {667926000 37800 0 +1030}. {688491000 39600 1 +1030}. {699375600 37800 0 +1030}. {719940600 39600 1 +1030}. {731430000 37800 0 +1030}. {751995000 39600 1 +1030}. {762879600 37800 0 +1030}. {78344

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Australia\is-BF2SQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	187
Entropy (8bit):	4.780732237583773
Encrypted:	false
SSDEEP:
MD5:	70EF2A87B4538500CFADB63B62DDCBC6
SHA1:	8D737E6E8D37323D3B41AD419F1CA9B5991E2E99
SHA-256:	59B67F2C7C62C5F9A93767898BA1B51315D2AC271075FAFC1A24313BB673FF27
SHA-512:	E148FC32894A7138D1547910CBD590891120CE5FB533D1348243539C35CE2994DC9F3E7B6A952BF871882C8D6ECA47E13E08AF59AB52A55F790508F2DB9B0EB6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Darwin)]} {. LoadTimeZoneFile Australia/Darwin.}.set TZData(:Australia/North) $TZData(:Australia/Darwin).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Australia\is-CRNE8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	422
Entropy (8bit):	4.4678452003570435
Encrypted:	false
SSDEEP:
MD5:	FC9689FEF4223726207271E2EAAE6548
SHA1:	26D0B4FC2AD943FCAC90F179F7DF6C18EE12EBB8
SHA-256:	C556C796CCD3C63D9F694535287DC42BB63140C8ED39D31FDA0DA6E94D660A1C
SHA-512:	7898C0DE77297FBAA6AAF9D15CB9765DAF63ED4761BA181D0D1A590A6F19A6B7F6E94564A80EB691ED2D89C96D68449BF57816E4093E5011B93D30C3E1624D60
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Darwin) {. {-9223372036854775808 31400 0 LMT}. {-2364108200 32400 0 ACST}. {-2230189200 34200 0 ACST}. {-1672565340 37800 1 ACDT}. {-1665390600 34200 0 ACST}. {-883639800 37800 1 ACDT}. {-876126600 34200 0 ACST}. {-860398200 37800 1 ACDT}. {-844677000 34200 0 ACST}. {-828343800 37800 1 ACDT}. {-813227400 34200 0 ACST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Australia\is-E2GFJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	207
Entropy (8bit):	4.871861105493913
Encrypted:	false
SSDEEP:
MD5:	5C3CED24741704A0A7019FA66AC0C0A1
SHA1:	88C7AF3B22ED01ED99784C3FAB4F5112AA4659F3
SHA-256:	71A56C71CC30A46950B1B4D4FBB12CB1CBAA24267F994A0F223AE879F1BB6EEC
SHA-512:	771A7AC5D03DD7099F565D6E926F7B97E8A7BA3795339D3FD78F7C465005B55388D8CC30A62978042C354254E1BA5467D0832C0D29497E33D6EF1DA217528806
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Broken_Hill)]} {. LoadTimeZoneFile Australia/Broken_Hill.}.set TZData(:Australia/Yancowinna) $TZData(:Australia/Broken_Hill).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Australia\is-FR2IG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	185
Entropy (8bit):	4.8456659038249
Encrypted:	false
SSDEEP:
MD5:	AE3539C49047BE3F8ABAD1AC670975F1
SHA1:	62CD5C3DB618B9FE5630B197AB3A9729B565CA41
SHA-256:	938A557C069B8E0BE8F52D721119CBA9A694F62CF8A7A11D68FD230CC231E17C
SHA-512:	6F143B50C1EEC1D77F87DD5B0FFCF6625800E247400AA58361748BFEA0626E2CDA9C3FD2A4C269B3218D28FF1FB8533F4F6741F6B2C5E83F9C84A5882C86716B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Sydney)]} {. LoadTimeZoneFile Australia/Sydney.}.set TZData(:Australia/NSW) $TZData(:Australia/Sydney).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Australia\is-JNB1R.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	190
Entropy (8bit):	4.80238049701662
Encrypted:	false
SSDEEP:
MD5:	16F9CFC4C5B9D5F9F9DB9346CECE4393
SHA1:	ED1ED7BA73EB287D2C8807C4F8EF3EFA516F5A68
SHA-256:	853A159B8503B9E8F42BBCE60496722D0A334FD79F30448BAD651F18BA388055
SHA-512:	9572CCB1BC499BADA72B5FE533B56156DB9EB0DEDFD4AE4397AD60F2A8AF5991F7B1B06A1B8D14C73832543AF8C12F5B16A9A80D093BF0C7ED6E38FF8B66E197
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Sydney)]} {. LoadTimeZoneFile Australia/Sydney.}.set TZData(:Australia/Canberra) $TZData(:Australia/Sydney).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Australia\is-JSPQV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8162
Entropy (8bit):	3.820479465698825
Encrypted:	false
SSDEEP:
MD5:	B4AF947B4737537DF09A039D1E500FB8
SHA1:	CCC0DC52D586BFAA7A0E70C80709231B4BB93C54
SHA-256:	80BBD6D25D4E4EFA234EAD3CB4EB801DC576D1348B9A3E1B58F729FEB688196D
SHA-512:	3B27C36FA3034CB371DD07C992B3A5B1357FC7A892C35910DA139C7DA560DDC0AA1E95966438776F75397E7219A7DA0AD4AD6FB922B5E0BE2828D3534488BFD0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Broken_Hill) {. {-9223372036854775808 33948 0 LMT}. {-2364110748 36000 0 AEST}. {-2314951200 32400 0 ACST}. {-2230189200 34200 0 ACST}. {-1672565340 37800 1 ACDT}. {-1665390600 34200 0 ACST}. {-883639800 37800 1 ACDT}. {-876126600 34200 0 ACST}. {-860398200 37800 1 ACDT}. {-844677000 34200 0 ACST}. {-828343800 37800 1 ACDT}. {-813227400 34200 0 ACST}. {31501800 34200 0 ACST}. {57688200 37800 1 ACDT}. {67969800 34200 0 ACST}. {89137800 37800 1 ACDT}. {100024200 34200 0 ACST}. {120587400 37800 1 ACDT}. {131473800 34200 0 ACST}. {152037000 37800 1 ACDT}. {162923400 34200 0 ACST}. {183486600 37800 1 ACDT}. {194977800 34200 0 ACST}. {215541000 37800 1 ACDT}. {226427400 34200 0 ACST}. {246990600 37800 1 ACDT}. {257877000 34200 0 ACST}. {278440200 37800 1 ACDT}. {289326600 34200 0 ACST}. {309889800 37800 1 ACDT}. {320776200 34200 0 ACS

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Australia\is-L9EVP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8325
Entropy (8bit):	3.767204262183229
Encrypted:	false
SSDEEP:
MD5:	67AF9A2B827308DD9F7ABEC9441C3250
SHA1:	CD87DD4181B41E66EFEA9C7311D5B7191F41EA3A
SHA-256:	814BD785B5ACDE9D2F4FC6E592E919BA0FE1C3499AFC1071B7FA02608B6032AB
SHA-512:	BC6B8CE215B3B4AC358EB989FB1BB5C6AD61B39B7BBD36AAA924A2352E823C029131E79DA927FEEBDD5CF759FDE527F39089C93B0826995D37052362BEAE09F6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Hobart) {. {-9223372036854775808 35356 0 LMT}. {-2345795356 36000 0 AEST}. {-1680508800 39600 1 AEDT}. {-1669892400 39600 0 AEDT}. {-1665392400 36000 0 AEST}. {-883641600 39600 1 AEDT}. {-876128400 36000 0 AEST}. {-860400000 39600 1 AEDT}. {-844678800 36000 0 AEST}. {-828345600 39600 1 AEDT}. {-813229200 36000 0 AEST}. {-94730400 36000 0 AEST}. {-71136000 39600 1 AEDT}. {-55411200 36000 0 AEST}. {-37267200 39600 1 AEDT}. {-25776000 36000 0 AEST}. {-5817600 39600 1 AEDT}. {5673600 36000 0 AEST}. {25632000 39600 1 AEDT}. {37728000 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {89136000 39600 1 AEDT}. {100022400 36000 0 AEST}. {120585600 39600 1 AEDT}. {131472000 36000 0 AEST}. {152035200 39600 1 AEDT}. {162921600 36000 0 AEST}. {183484800 39600 1 AEDT}. {194976000 36000 0 AEST}. {215539200 39600 1 AEDT}. {226

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Australia\is-LNJFN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	185
Entropy (8bit):	4.813373101386862
Encrypted:	false
SSDEEP:
MD5:	F48AD4B81CD3034F6E5D3CA1B5A8BDD4
SHA1:	676FE3F50E3E132C1FD185A1EE1D8C830763204F
SHA-256:	553D7DA9A2EDBD933E8920573AE6BCBAA00302817939046CF257CAEACEC19FAD
SHA-512:	36A4E2286FBEF2F4ED4B9CD1A71136E227FEF4B693F9F43649B790E859221EE470679A7E3C283770DA5CB0113A1C8C1F99480E7020328FFE3E9C870798B092F5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Sydney)]} {. LoadTimeZoneFile Australia/Sydney.}.set TZData(:Australia/ACT) $TZData(:Australia/Sydney).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Australia\is-RR7UA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8069
Entropy (8bit):	3.769669933493392
Encrypted:	false
SSDEEP:
MD5:	E38FDAF8D9A9B1D6F2B1A8E10B9886F4
SHA1:	6188BD62E94194DB469BE93224A396D08A986D4D
SHA-256:	399F727CB39D90520AD6AE78A8963F918A490A813BC4FF2D94A37B0315F52D99
SHA-512:	79FDCFF5066636C3218751C8B2B658C6B7A6864264DCC28B47843EAEFDD5564AC5E4B7A66E3D1B0D25DB86D6C6ED55D1599F1FE2C169085A8769E037E0E954BE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Melbourne) {. {-9223372036854775808 34792 0 LMT}. {-2364111592 36000 0 AEST}. {-1672567140 39600 1 AEDT}. {-1665392400 36000 0 AEST}. {-883641600 39600 1 AEDT}. {-876128400 36000 0 AEST}. {-860400000 39600 1 AEDT}. {-844678800 36000 0 AEST}. {-828345600 39600 1 AEDT}. {-813229200 36000 0 AEST}. {31500000 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {89136000 39600 1 AEDT}. {100022400 36000 0 AEST}. {120585600 39600 1 AEDT}. {131472000 36000 0 AEST}. {152035200 39600 1 AEDT}. {162921600 36000 0 AEST}. {183484800 39600 1 AEDT}. {194976000 36000 0 AEST}. {215539200 39600 1 AEDT}. {226425600 36000 0 AEST}. {246988800 39600 1 AEDT}. {257875200 36000 0 AEST}. {278438400 39600 1 AEDT}. {289324800 36000 0 AEST}. {309888000 39600 1 AEDT}. {320774400 36000 0 AEST}. {341337600 39600 1 AEDT}. {352224000 36000 0 AEST}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Australia\is-RTVQN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8099
Entropy (8bit):	3.812665609163787
Encrypted:	false
SSDEEP:
MD5:	4E73BDB571DBF2625E14E38B84C122B4
SHA1:	B9D7B7D2855D102800B53FB304633F5BC961A8D0
SHA-256:	9138DF8A3DE8BE4099C9C14917B5C5FD7EB14751ACCD66950E0FDB686555FFD6
SHA-512:	CF9AB3E9A7C1A76BCC113828ABAF88FE83AAF5CAD7BD181201E06A0CF43E30BA8817AAA88AB3F0F14F459599D91F63ECE851F095154050263C5AD08B2275B4C7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Adelaide) {. {-9223372036854775808 33260 0 LMT}. {-2364110060 32400 0 ACST}. {-2230189200 34200 0 ACST}. {-1672565340 37800 1 ACDT}. {-1665390600 34200 0 ACST}. {-883639800 37800 1 ACDT}. {-876126600 34200 0 ACST}. {-860398200 37800 1 ACDT}. {-844677000 34200 0 ACST}. {-828343800 37800 1 ACDT}. {-813227400 34200 0 ACST}. {31501800 34200 0 ACST}. {57688200 37800 1 ACDT}. {67969800 34200 0 ACST}. {89137800 37800 1 ACDT}. {100024200 34200 0 ACST}. {120587400 37800 1 ACDT}. {131473800 34200 0 ACST}. {152037000 37800 1 ACDT}. {162923400 34200 0 ACST}. {183486600 37800 1 ACDT}. {194977800 34200 0 ACST}. {215541000 37800 1 ACDT}. {226427400 34200 0 ACST}. {246990600 37800 1 ACDT}. {257877000 34200 0 ACST}. {278440200 37800 1 ACDT}. {289326600 34200 0 ACST}. {309889800 37800 1 ACDT}. {320776200 34200 0 ACST}. {341339400 37800 1 ACDT}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Australia\is-SG9P5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	796
Entropy (8bit):	4.1890768067004
Encrypted:	false
SSDEEP:
MD5:	08E88B2169BC76172E40515F9DA2C147
SHA1:	5C03B7C9748E63C2B437C97F8ED923A9F3E374E7
SHA-256:	9E3558C8514E97274D9F938E9841C5E3355E738BBD55BCB17FA27FF0E0276AEA
SHA-512:	39E10639C97DE82428818B9C5D059BA853A17113351BAEE2512806AC3066EDDF0294859519AFBE425E0D1315B1A090F84C08CEFEDCE2A3D3A38EEF782234D8C4
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Lindeman) {. {-9223372036854775808 35756 0 LMT}. {-2366790956 36000 0 AEST}. {-1672567140 39600 1 AEDT}. {-1665392400 36000 0 AEST}. {-883641600 39600 1 AEDT}. {-876128400 36000 0 AEST}. {-860400000 39600 1 AEDT}. {-844678800 36000 0 AEST}. {-828345600 39600 1 AEDT}. {-813229200 36000 0 AEST}. {31500000 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {625593600 39600 1 AEDT}. {636480000 36000 0 AEST}. {657043200 39600 1 AEDT}. {667929600 36000 0 AEST}. {688492800 39600 1 AEDT}. {699379200 36000 0 AEST}. {709912800 36000 0 AEST}. {719942400 39600 1 AEDT}. {731433600 36000 0 AEST}. {751996800 39600 1 AEDT}. {762883200 36000 0 AEST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Australia\is-UL215.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	194
Entropy (8bit):	4.865814837459796
Encrypted:	false
SSDEEP:
MD5:	1221FC8932CA3DCA431304AF660840F0
SHA1:	5E023E37D98EA1321B10D36A79B26DF1A017F9D5
SHA-256:	EB8FDBCFDE9E2A2AA829E784D402966F61A5BF6F2034E0CB06A24FACB5B87874
SHA-512:	EB19FE74DC13456D0F9F1EDC9C444793A4011D3B65ADF6C7E7A405504079EB3A0C27F69DDA662F797FE363948E93833422F5DC3C1891AA7D414B062BE4DD3887
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Lord_Howe)]} {. LoadTimeZoneFile Australia/Lord_Howe.}.set TZData(:Australia/LHI) $TZData(:Australia/Lord_Howe).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Australia\is-V3PN4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	193
Entropy (8bit):	4.701653352722385
Encrypted:	false
SSDEEP:
MD5:	23671880AC24D35F231E2FCECC1A5E3A
SHA1:	5EE2EFD5ADE268B5114EB02FDA77F4C5F507F3CB
SHA-256:	9823032FFEB0BFCE50B6261A848FE0C07267E0846E9F7487AE812CEECB286446
SHA-512:	E303C7DE927E7BAA10EE072D5308FEE6C4E9B2D69DDD8EF014ED60574E0855EE803FE19A7CB31587E62CAE894C087D47A91A130213A24FCCD152736D82F55AB1
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Adelaide)]} {. LoadTimeZoneFile Australia/Adelaide.}.set TZData(:Australia/South) $TZData(:Australia/Adelaide).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Australia\is-V85H8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	714
Entropy (8bit):	4.257489685002088
Encrypted:	false
SSDEEP:
MD5:	B354B9525896FDED8769CF5140E76FFF
SHA1:	8494E182E3803F2A6369261B4B4EAC184458ECC4
SHA-256:	C14CAAD41E99709ABF50BD7F5B1DAFE630CA494602166F527DBDA7C134017FB0
SHA-512:	717081F29FBACEE2722399DD627045B710C14CF6021E4F818B1768AF972061232412876872F113C468446D79A366D7FFD2E852563DC44A483761D78C7A16F74A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Perth) {. {-9223372036854775808 27804 0 LMT}. {-2337925404 28800 0 AWST}. {-1672559940 32400 1 AWDT}. {-1665385200 28800 0 AWST}. {-883634400 32400 1 AWDT}. {-876121200 28800 0 AWST}. {-860392800 32400 1 AWDT}. {-844671600 28800 0 AWST}. {-836470800 32400 0 AWST}. {152042400 32400 1 AWDT}. {162928800 28800 0 AWST}. {436298400 32400 1 AWDT}. {447184800 28800 0 AWST}. {690314400 32400 1 AWDT}. {699386400 28800 0 AWST}. {1165082400 32400 1 AWDT}. {1174759200 28800 0 AWST}. {1193508000 32400 1 AWDT}. {1206813600 28800 0 AWST}. {1224957600 32400 1 AWDT}. {1238263200 28800 0 AWST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Brazil\is-AFJ8J.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	189
Entropy (8bit):	4.84045343046357
Encrypted:	false
SSDEEP:
MD5:	DF4D752BEEAF40F081C03B4572E9D858
SHA1:	A83B5E4C3A9EB0CF43263AFF65DB374353F65595
SHA-256:	1B1AD73D3FE403AA1F939F05F613F6A3F39A8BA49543992D836CD6ED14B92F2C
SHA-512:	1F96F1D8AACD6D37AC13295B345E761204DAE6AA1DF4894A11E00857CCB7247FA7BEBD22407EA5D13193E2945EB1F4210E32669069F157F1459B26643A67F445
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Rio_Branco)]} {. LoadTimeZoneFile America/Rio_Branco.}.set TZData(:Brazil/Acre) $TZData(:America/Rio_Branco).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Brazil\is-HG0OT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	185
Entropy (8bit):	4.826795532956443
Encrypted:	false
SSDEEP:
MD5:	86B9E49F604AD5DBC4EC6BA735A513C7
SHA1:	BE3AB32339DF9830D4F445CCF883D79DDBA8708E
SHA-256:	628A9AE97682B98145588E356948996EAE18528E34A1428A6B2765CCAA7A8A1F
SHA-512:	EE312624EC0193C599B2BDBFA57CC4EA7C68890955E0D888149172DF8F2095C553BFBB80BF76C1B8F3232F3A5863A519FF59976BBAEA622C64737890D159AA22
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Noronha)]} {. LoadTimeZoneFile America/Noronha.}.set TZData(:Brazil/DeNoronha) $TZData(:America/Noronha).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Brazil\is-MP04P.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	177
Entropy (8bit):	4.853909262702622
Encrypted:	false
SSDEEP:
MD5:	116F0F146B004D476B6B86EC0EE2D54D
SHA1:	1F39A84EF3DFF676A844174D9045BE388D3BA8C0
SHA-256:	F24B9ED1FAFA98CD7807FFFEF4BACA1BCE1655ABD70EB69D46478732FA0DA573
SHA-512:	23BD7EC1B5ADB465A204AAA35024EE917F8D6C3136C4EA973D8B18B586282C4806329CEBE0EDBF9E13D0032063C8082EC0D84A049F1217C856943A4DDC4900D0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Manaus)]} {. LoadTimeZoneFile America/Manaus.}.set TZData(:Brazil/West) $TZData(:America/Manaus).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Brazil\is-O8AAL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	186
Entropy (8bit):	4.9019570219911275
Encrypted:	false
SSDEEP:
MD5:	FBF6B9E8B9C93B1B9E484D88EF208F38
SHA1:	44004E19A485B70E003687CB1057B8A2421D1BF0
SHA-256:	C89E831C4A0525C3CEFF17072843386369096C08878A4412FB208EF5D3F156D8
SHA-512:	4E518FC4CED0C756FF45E0EDE72F6503C4B3AE72E785651DE261D3F261D43F914721EFCEAB272398BC145E41827F35D46DE4E022EAF413D95F64E8B3BD752002
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Sao_Paulo)]} {. LoadTimeZoneFile America/Sao_Paulo.}.set TZData(:Brazil/East) $TZData(:America/Sao_Paulo).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Canada\is-0CCEB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	185
Entropy (8bit):	4.83938055689947
Encrypted:	false
SSDEEP:
MD5:	927FD3986F83A60C217A3006F65A3B0A
SHA1:	022D118024BFC5AE0922A1385288C3E4B41903DB
SHA-256:	BB457E954DB625A8606DD0F372DA9BFFAA01F774B4B82A2B1CEE2E969C15ABC3
SHA-512:	3EA932FA5416A9C817977F9D31C8A15C937A453B4D6A6409A7966E76D66A685C91F1117C82BEBEBA2AF5516556DA2BDEC898AD718C78FB8B690F31692174DA6C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Regina)]} {. LoadTimeZoneFile America/Regina.}.set TZData(:Canada/Saskatchewan) $TZData(:America/Regina).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Canada\is-1TNBF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	183
Entropy (8bit):	4.7067203041014185
Encrypted:	false
SSDEEP:
MD5:	22453AC70F84F34868B442E0A7BDC20A
SHA1:	730049FF6953E186C197601B27AB850305961FD0
SHA-256:	545B992E943A32210F768CB86DEF3203BE956EE03A3B1BC0D55A5CD18A4F064D
SHA-512:	91FE33FAD3954019F632A771BCBD9FF3FDCCDA1F51DD25E0E5808A724F2D9B905E5E2DEE32D415BEA9A9ADB74186D83548584414BB130DF1A166D49373AC7BEF
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Toronto)]} {. LoadTimeZoneFile America/Toronto.}.set TZData(:Canada/Eastern) $TZData(:America/Toronto).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Canada\is-2D2DT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	191
Entropy (8bit):	4.953647576523321
Encrypted:	false
SSDEEP:
MD5:	3A4E193C8624AE282739867B22B7270A
SHA1:	AC93EEDA7E8AB7E40834FFBA83BAE5D803CB7162
SHA-256:	70EF849809F72741FA4F37C04C102A8C6733639E905B4E7F554F1D94737BF26B
SHA-512:	BE2AACEE2A6F74520F4F1C0CCBBB750ED6C7375D4368023BAB419184F8F717D52981106C03F487B24A943907E60784136C0E5F8C1D5B3D1C67C20E23A4F412B3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/St_Johns)]} {. LoadTimeZoneFile America/St_Johns.}.set TZData(:Canada/Newfoundland) $TZData(:America/St_Johns).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Canada\is-6INQ0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	187
Entropy (8bit):	4.768148288986999
Encrypted:	false
SSDEEP:
MD5:	5E0D3D1A7E9F800210BB3E02DFF2ECD3
SHA1:	F2471795A9314A292DEAA3F3B94145D3DE5A2792
SHA-256:	A8B3A4D53AA1CC73312E80951A9E9CEA162F4F51DA29B897FEB58B2DF3431821
SHA-512:	F80C7CDFE20E5FAD9E4BA457446F067ACE0C3F4659761E3B4A2422D3456CDE92C20589954DE5E0DC64619E3B6AB3A55AE0E0E783F8EFB24D74A5F6DFBF5ABB16
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Edmonton)]} {. LoadTimeZoneFile America/Edmonton.}.set TZData(:Canada/Mountain) $TZData(:America/Edmonton).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Canada\is-B5AFD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	190
Entropy (8bit):	4.860347334610986
Encrypted:	false
SSDEEP:
MD5:	F5CB42BC029315088FAD03C9235FFB51
SHA1:	7773ECE0B85D66E4FA207A26EE4395F38BAC4068
SHA-256:	AF04A4558E31C9864B92FE3403011F7A2FBD837E1314A7BB5AF552D5AED06457
SHA-512:	0533B9D98834866FAA3C6E67A6F61A8A22C2BFDBA8C5336388C0894FBA550611C9112515F17E20E7B3508EC2318D58EA7CA814EC10C3451954C3CC169EDA0F8C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Regina)]} {. LoadTimeZoneFile America/Regina.}.set TZData(:Canada/East-Saskatchewan) $TZData(:America/Regina).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Canada\is-BQ99P.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	189
Entropy (8bit):	4.839589386398345
Encrypted:	false
SSDEEP:
MD5:	6AA0FCE594E991D6772C04E137C7BE00
SHA1:	6C53EE6FEBEC2BD5271DD80D40146247E779CB7B
SHA-256:	D2858621DA914C3F853E399F0819BA05BDE68848E78F59695B84B2B83C1FDD2A
SHA-512:	7B354BB9370BB61EB0E801A1477815865FDE51E6EA43BF166A6B1EED127488CC25106DEE1C6C5DC1EF3E13E9819451E10AFBC0E189D3D3CDE8AFFA4334C77CA3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Vancouver)]} {. LoadTimeZoneFile America/Vancouver.}.set TZData(:Canada/Pacific) $TZData(:America/Vancouver).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Canada\is-GO83B.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	190
Entropy (8bit):	4.841592909599599
Encrypted:	false
SSDEEP:
MD5:	9F2A7F0D8492F67F764F647638533C3F
SHA1:	3785DACD1645E0630649E411DC834E8A4FB7F40B
SHA-256:	F2A81B7E95D49CEC3C8952463B727129B4DC43D58ADC64BB7CAB642D3D191039
SHA-512:	0133870BB96851ECD486D55FD10EB4BCB1678772C1BFFADE85FC5644AC8445CDB4C6284BEFFED197E9386C9C6EF74F5F718F2CB43C4C7B8E65FE413C8EC51CD0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Whitehorse)]} {. LoadTimeZoneFile America/Whitehorse.}.set TZData(:Canada/Yukon) $TZData(:America/Whitehorse).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Canada\is-ISQP8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	186
Entropy (8bit):	4.814426408072182
Encrypted:	false
SSDEEP:
MD5:	8374E381BC8235B11B7C5CA215FA112C
SHA1:	181298556253D634B09D72BD925C4DBB92055A06
SHA-256:	1B87273B264A3243D2025B1CFC05B0797CBC4AA95D3319EEE2BEF8A09FDA8CAD
SHA-512:	12800E49B8094843F66454E270B4BE154B053E5FB453C83269AF7C27B965071C88B02AF7BB404E7F5A07277DB45E58D1C5240B377FC06172087BB29749C7543B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Winnipeg)]} {. LoadTimeZoneFile America/Winnipeg.}.set TZData(:Canada/Central) $TZData(:America/Winnipeg).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Canada\is-Q9JDL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	184
Entropy (8bit):	4.754307292225081
Encrypted:	false
SSDEEP:
MD5:	B0E220B9CD16038AAF3EA21D60064B62
SHA1:	333410CB7D4F96EF836CDC8097A1DCE34A2B961A
SHA-256:	6F71D7ED827C9EF6E758A44D2A998673E1225EB8005AD557A1713F5894833F92
SHA-512:	F879F60E36C739280E8FC255D2792BB24BCA90A265F8F90B5FB85630D5A58CE4FDBD24EA5594924375C3CD31DBC6D49C06CBFA43C52D0B9A1E9D799914A164F7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Halifax)]} {. LoadTimeZoneFile America/Halifax.}.set TZData(:Canada/Atlantic) $TZData(:America/Halifax).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Chile\is-0GM3L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	189
Entropy (8bit):	4.762021566751952
Encrypted:	false
SSDEEP:
MD5:	B2BDB6C027FF34D624EA8B992E5F41AB
SHA1:	425AB0D603C3F5810047A7DC8FD28FDF306CC2DB
SHA-256:	F2E3C1E88C5D165E1D38B0D2766D64AA4D2E6996DF1BE58DADC9C4FC4F503A2E
SHA-512:	6E5A8DC6F5D5F0218C37EE719441EBDC7EDED3708F8705A98AEF7E256C8DC5D82F4BF82C529282E01D8E6E669C4F843B143730AD9D8BBF43BCC98ECB65B52C9B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Santiago)]} {. LoadTimeZoneFile America/Santiago.}.set TZData(:Chile/Continental) $TZData(:America/Santiago).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Chile\is-JRMPH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	184
Entropy (8bit):	4.758503564906338
Encrypted:	false
SSDEEP:
MD5:	E9DF5E3D9E5E242A1B9C73D8F35C9911
SHA1:	9905EF3C1847CFF8156EC745779FCF0D920199B7
SHA-256:	AA305BEC168C0A5C8494B81114D69C61A0D3CF748995AF5CCC3E2591AC78C90C
SHA-512:	7707AC84D5C305F40A1713F1CBBED8A223553A5F989281CCDB278F0BD0D408E6FC9396D9FA0CCC82168248A30362D2D4B27EDEF36D9A3D70E286A5B668686FDE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Easter)]} {. LoadTimeZoneFile Pacific/Easter.}.set TZData(:Chile/EasterIsland) $TZData(:Pacific/Easter).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-01MQG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	158
Entropy (8bit):	4.862741414606617
Encrypted:	false
SSDEEP:
MD5:	2DADDAD47A64889162132E8DA0FFF54F
SHA1:	EC213743939D699A4EE4846E582B236F8C18CB29
SHA-256:	937970A93C2EB2D73684B644E671ACA5698BCB228810CC9CF15058D555347F43
SHA-512:	CA8C45BA5C1AF2F9C33D6E35913CED14B43A7AA37300928F14DEF8CB5E7D56B58968B9EE219A0ACCB4C17C52F0FBD80BD1018EF5426C137628429C7DAA41ACA2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:Etc/Greenwich) $TZData(:Etc/GMT).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-0ANNM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	113
Entropy (8bit):	4.959312316620187
Encrypted:	false
SSDEEP:
MD5:	5FC01E15A719B73A5AA5B0A6E7F16B0C
SHA1:	E1AAEF7C52DF944A9AEDCC74E6A07FABE09BAFCE
SHA-256:	69A82F9EB9E120FABFA88C846BC836B85A08FFF4B304914256E6C3A72CB371D0
SHA-512:	86659001C159730C012C385D505CD822F5CE6E59C0BD7899F90070372A56D348F0292F74C34A4E960E721D113DB5F65751A513D7C1A3CFBF09CBA22118323DED
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+11) {. {-9223372036854775808 -39600 0 -11}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-0D5H4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.883134479361256
Encrypted:	false
SSDEEP:
MD5:	2317D02708980D7F17B1A4BDE971D15F
SHA1:	2E78CDE3608F6B03DEB534D14D069D3D89DE85EF
SHA-256:	0BF01EEEBAA49CE9859C2A5835C6A826B158A7BC3B14C473FBB0167ABA9EA4B9
SHA-512:	21083EAEACD689FD07D458DB82BC2559445A1C558EB8BAF098B71CFD3A599BB756336F847CBE536648AF473E22E0000B2A8C44A45D0866994F03A78D4E841FC5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-7) {. {-9223372036854775808 25200 0 +07}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-2A16R.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.869188292977557
Encrypted:	false
SSDEEP:
MD5:	A94A70486CE0942B538D855647EDFE78
SHA1:	1A20872C6D577DB332F0A536695CE677BC28F294
SHA-256:	9CF2C86CC6173F19E0DA78CCA46C302469AB5C01752DCEA6A20DC151E2D980CC
SHA-512:	3B6456D217A08A6DBAC0DB296384F4DED803F080FD5C0FD1527535D85397351C67B3D2BEDF8C4E2FEFD5C0B9297A8DA938CF855CDAA2BB902498B15E75A0F776
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+8) {. {-9223372036854775808 -28800 0 -08}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-62DEJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.91213701043219
Encrypted:	false
SSDEEP:
MD5:	DD58339761ECF5503A48267CFD8E3837
SHA1:	B58511A80448D74B38365EA537BBE0D21956F0E2
SHA-256:	383EFE43E20963058BFCD852813BDA3FCCC0B4A7AC26317E621589B4C97C1B90
SHA-512:	C865244051882FD141D369435CFEED0A1E1D254C0313C1EFE55F5AF72412BE11F2B76484170B94BC4E9FCC0D2EEC373D523732FF7945999717D5827FCE68F54F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-9) {. {-9223372036854775808 32400 0 +09}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-715JV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.919647975606158
Encrypted:	false
SSDEEP:
MD5:	566FBA546E6B7668830D1812659AE671
SHA1:	EF3AF5CE0BB944973D5B2DCC872903F0C3B7F0FF
SHA-256:	962E810E02BAE087AD969FEB91C07F2CBB868D09E1BA4A453EB4773F7897157A
SHA-512:	F42BB5ACDE563A8A875D7B3F1C10CE9A5CE7E52FA9EF2D14BDA2C45BCD5A6D9B44227D079853551BAA13EAED32F4CA3C34BAD88E616B528DEF7DFAE7F42929CB
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-10) {. {-9223372036854775808 36000 0 +10}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-761MJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.958847614227257
Encrypted:	false
SSDEEP:
MD5:	02F46CC589D114C57B5687A703EB11C6
SHA1:	5199683CC7E5D18ED686B44E94FB72EA8C978A9A
SHA-256:	B1BEE376A0CBEA180391835DB97F8EB32873B2B58AD1AA1098E79FAC357799C5
SHA-512:	A0CDDCD3208D096712868FED0557CDF5FEC5E9FA5FB25864129D2A9047BCD1AFAA8270C1E41368D32DE2A7B1B66157BDCFC17F8CDF3EF6A9F0C74B42814B096F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-11) {. {-9223372036854775808 39600 0 +11}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-7843F.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	154
Entropy (8bit):	4.862090278972909
Encrypted:	false
SSDEEP:
MD5:	4AC2027A430A7343B74393C7FE1D6285
SHA1:	C675A91954EC82EB67E1B7FA4B0C0ED11AAF83DA
SHA-256:	01EEF5F81290DBA38366D8BEADAD156AAC40D049DBFA5B4D0E6A6A8641D798D1
SHA-512:	61943A348C4D133B0730EAA264A15EF37E0BBE2F767D87574801EAAA9A457DA48D854308B6ABADA21D33F4D498EB748BCB66964EB14BB8DC1367F77A803BA520
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:Etc/GMT+0) $TZData(:Etc/GMT).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-8QB30.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.911642645675445
Encrypted:	false
SSDEEP:
MD5:	81856E9473F48AB0F53B09CB6BEF61B1
SHA1:	52A906EE5B706091E407CA8A0D036A46727790EA
SHA-256:	B0224DBA144B1FE360E2922B1E558E79F6960A173045DE2A1EDACDC3F24A3E36
SHA-512:	7C9679A2C299741E98FF1E759313D1CDC050B73B7E4FB097FF3186B4C35271C203D54E12D758675639A3D3F3F1EB43D768834B9CE7D22376BEA71FB0ACF164A7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+5) {. {-9223372036854775808 -18000 0 -05}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-9PUMT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.930765051479699
Encrypted:	false
SSDEEP:
MD5:	757E578CE6FCD34966D9FF90D9F9A7BF
SHA1:	091E3FC890BF7A4C61CF6558F7984FD41F61803B
SHA-256:	28F4E6F7FDE80AE412D364D33A1714826F9F53FF980D2926D13229B691978979
SHA-512:	442FEBA01108124692A0F76ACA4868D5B7754C3527B9301AC0271DD5A379AF3675CE40B6C017310856D4CE700E3171B5EEA5EF89D5F8432EC3D6D27F48F2EEE8
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+6) {. {-9223372036854775808 -21600 0 -06}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-AVCR8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.936955816757987
Encrypted:	false
SSDEEP:
MD5:	B8D9D5AF8CE887722F92207393F93481
SHA1:	3F33F97F96AE9C30A616B8A84888B032A3E1A59A
SHA-256:	049ABD0DCEC9C4128FF6F5BBB1F1D64F53AB7E4A1BD07D0650B0B67D1F581C64
SHA-512:	7A10D28DA75FCBF5AF43FEECB91801E97CB161A6909E9463A2F1218323EE3B4ECA10E11438D20E876B6EF912E21D26264FFBD04C75D702D2386A4E959EB5FFAC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+1) {. {-9223372036854775808 -3600 0 -01}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-COS9D.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.876100974396153
Encrypted:	false
SSDEEP:
MD5:	316ED84A4318F8641592A0959395EFA3
SHA1:	970C97E6F433524BE88031098DD4F5F479FB4AA6
SHA-256:	8323CA90E2902CAAD2EBCFFBF681FC3661424AE5B179140581AA768E36639C93
SHA-512:	6DD62C72E24A24F8FCD8EC085942920A04A55DD03D54C712ADA2BE0EDD6166F34A1229E045C50384808735C40CF72B98458E0329B9762B4B3E95E7ACABB0017E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+2) {. {-9223372036854775808 -7200 0 -02}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-ECKN2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	158
Entropy (8bit):	4.825049978035721
Encrypted:	false
SSDEEP:
MD5:	7BE0766999E671DDD5033A61A8D84683
SHA1:	D2D3101E78919EB5FE324FFC85503A25CFD725E0
SHA-256:	90B776CF712B8FE4EEC587410C69A0EC27417E79006132A20288A9E3AC5BE896
SHA-512:	A4CA58CD4DC09393BBE3C43D0B5E851DEBEEDC0C5CEC7DCED4D24C14796FD336D5607B33296985BD14E7660DCE5C85C0FB625B2F1AD9AC10F1631A76ECEB04B8
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/UTC)]} {. LoadTimeZoneFile Etc/UTC.}.set TZData(:Etc/Universal) $TZData(:Etc/UTC).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-FGLMP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	110
Entropy (8bit):	4.8751066179878215
Encrypted:	false
SSDEEP:
MD5:	DAE7D42076F09E2E2A51A58CC253837D
SHA1:	44C587A71AE31A7424E0F2B005D11F9E0B463E80
SHA-256:	9D0D3FAD960E9EBF599218213F3AE8A22766B6CB15C8CDBC7ABD8A3FFD75C29A
SHA-512:	CEE724EEC6EC86FB417CD4D06B3FC17A404953CCE8740A03B024C05C0436340D9B056F3F1B2706284F57CC49FA229EE311D088AFE3D65F0BF946B0A18282ED46
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-2) {. {-9223372036854775808 7200 0 +02}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-FMP0F.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	154
Entropy (8bit):	4.849103265985896
Encrypted:	false
SSDEEP:
MD5:	FA608B6E2F9D0E64D2DF81B277D40E35
SHA1:	55A7735ACCF6A759D2069388B2943323E23EE56D
SHA-256:	48A929080C1E7C901246DC83A7A7F87396EAF9D982659460BF33A85B4C3FAE64
SHA-512:	35A8899B7084E85165886B07B6DD553745558EAF4297F702829A08BF71E5AA18790F0D02229093FA42515C97A1DDA7292F4D019DDB1251370D9896E94738D32A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:Etc/GMT-0) $TZData(:Etc/GMT).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-GJ0OF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.951215891260531
Encrypted:	false
SSDEEP:
MD5:	B505D6A064B6D976BD1BDE61AE937F1C
SHA1:	DBA0EA8DCCB50CC999397129369A340CA8A4C5B5
SHA-256:	EF28D4D6DAFE3AB08BE1CE9C32FAF7BF8F750332DF0D39314131F88DF463DFAC
SHA-512:	86A4CA670FBFFF95C9B22DA4E8957A4BE8A805457032AF47BDF08B5047881F692D665BEF8A76045EF50587149EDD52C8994A19CEE9675A3D12939D9CB9DE4649
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-13) {. {-9223372036854775808 46800 0 +13}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-GT3C8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.904010922708719
Encrypted:	false
SSDEEP:
MD5:	899F1AAB147D5A13D7E22CBE374F3F8D
SHA1:	C132B5E0859EB6C95C64D50408D4A310893D1E8F
SHA-256:	3C2EF9B7218D133E7611527CE1CD5F03FF6FED5DE245F082FF21F4571A7D9EA4
SHA-512:	63C8F98BAE437BB9717A3D13C70424FBB43CBA392A1750DE8EAB31C825F190C5DE1987B391591361F80CE084896B838BE78CBE56C1E1C4DC0A1A6D280742FD91
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+3) {. {-9223372036854775808 -10800 0 -03}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-H79RN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	153
Entropy (8bit):	4.824450775594084
Encrypted:	false
SSDEEP:
MD5:	64ED445C4272D11C85BD2CFC695F180F
SHA1:	EDE76B52D3EEBCC75C50E17C053009A453D60D42
SHA-256:	A68D32DA2214B81D1C0C318A5C77975DE7C4E184CB4D60F07858920B11D065FE
SHA-512:	4CE8FC2B7C389BD2058CE77CD7234D4EA3F81F40204C9190BF0FB6AA693FB40D0638BFB0EB0D9FA20CB88804B73F6EE8202439C1F553B1293C6D2E5964216A1D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/UTC)]} {. LoadTimeZoneFile Etc/UTC.}.set TZData(:Etc/Zulu) $TZData(:Etc/UTC).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-HI21Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.946259136243175
Encrypted:	false
SSDEEP:
MD5:	6BD2D15FA9AAF7F44D88BED0F6C969F3
SHA1:	3080291F9C9C9422995583175C560338F626E4CD
SHA-256:	748D443DA743D385497A43198A114BD8349310494ECC85F47D39745D53F6E291
SHA-512:	651983293BAD1EDE1211EEAA3CAA28C73F84FFE2B8554CF198DF014BEF6B7413C4C49C3080FC73430804ECCA3D2BDB316B6B735B72E7BA3525B330E6A5352715
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-14) {. {-9223372036854775808 50400 0 +14}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-HQANL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.92751033740291
Encrypted:	false
SSDEEP:
MD5:	9D050C35FCDFD703C387CF2065E6250B
SHA1:	EEE8A277CB49D03085A5C6FCEA94961790D23339
SHA-256:	B43B685B6B168FD964590BC6C4264511155DB76EBCB7A5BCB20C35C0AD9B8CC4
SHA-512:	D56449C34A7F63DCCE79F4A6C4731454BB909C6DA49593FFE6B59DD3DE755720931BFD245A799B7FB1397FC0AE0AF89E88AD4DAA91AB815740328B27D301DCDE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+4) {. {-9223372036854775808 -14400 0 -04}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-INHO3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	113
Entropy (8bit):	4.934932781202811
Encrypted:	false
SSDEEP:
MD5:	BEE0C510C41F541B4E919183459488B2
SHA1:	DA028394973155C52EDDDB4EB4CCACA7F3A74188
SHA-256:	3B3DA9CF6FEB6E90772E9EC391D857D060A2F52A34191C3A0472794FEC421F5F
SHA-512:	9EBE1FAD2B47DDA627F52F97094556F3A8C0D03BF2DD4C12CC8611BD2D59FE3A2C1016FFBDF0B95F2C5C56D81C8B2020EBF1D2AB4AAAFE33AB5469AFE1C596A1
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+12) {. {-9223372036854775808 -43200 0 -12}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-IRDSN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	153
Entropy (8bit):	4.836974611939794
Encrypted:	false
SSDEEP:
MD5:	BE8C5C3B3DACB97FADEB5444976AF56A
SHA1:	A0464B66E70A1AF7963D2BE7BC1D88E5842EC99A
SHA-256:	89F4624DC69DE64B7AF9339FE17136A88A0C28F5F300575540F8953B4A621451
SHA-512:	A0E11D9DF5AD2C14A012E82F24298921780E091EEDD680535658F9CD1337A4103BA0676DF9B58865DD7D2CFA96AEED7BF786B88786FAF31B06713D61B4C0308A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:Etc/GMT0) $TZData(:Etc/GMT).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-LP22M.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.884164328721898
Encrypted:	false
SSDEEP:
MD5:	723CE2E217F73927FE030E4E004C68B5
SHA1:	40E46C8F3631298C3FFBF0DDC72E48E13A42A3F4
SHA-256:	2D2B6A351501CB1023F45CE9B16B759D8971E45C2B8E1348A6935707925F0280
SHA-512:	25E1C37047CD2411B6F986F30EC54B53A3D3841FD275D05732A0DF6C0718981F2343CEE77E241F347030244B22EC4A23FDEE077EB4D18BC1788F4E5AF4FDB804
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+7) {. {-9223372036854775808 -25200 0 -07}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-M6P3B.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.92687099262498
Encrypted:	false
SSDEEP:
MD5:	C157F79ADE92A69E46472EA921E1370F
SHA1:	4B9E5AFA769D5BDF3FDF05BC24A6A632C6D86ECB
SHA-256:	0606FBAB9374A74D4B2ED17DD04D9DCED7131768CCF673C5C3B739727743383F
SHA-512:	B6814282465ABF4DF31341306050F11ECAAFC5915C420A8E7F8D787E66308C58FF7C348D6CBDB4064C346800564000C7C763BDD01CB8CE3A8A81550F65C9A74C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-4) {. {-9223372036854775808 14400 0 +04}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-MED3N.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	105
Entropy (8bit):	4.857741203314798
Encrypted:	false
SSDEEP:
MD5:	415F102602AFB6F9E9F2B58849A32CC9
SHA1:	002C7D99EBAA57E8599090CFBF39B8BEAABE4635
SHA-256:	549D4CC4336D35143A55A09C96FB9A36227F812CA070B2468BD3BB6BB4F1E58F
SHA-512:	6CA28E71F941D714F3AACA619D0F4FEEF5C35514E05953807C225DF976648F257D835B59A03991D009F738C6FD94EB50B4ECA45A011E63AFDCA537FBAC2B6D1B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/UCT) {. {-9223372036854775808 0 0 UCT}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-MNUS8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.930155028450208
Encrypted:	false
SSDEEP:
MD5:	298F4671F470C4628B3174D5D1D0608D
SHA1:	5626202FB7186B4555C03F94CEE38AD0FAB81F40
SHA-256:	19760989015244E4F39AC12C07E6665038AE08282DAF8D6DB0BB5E2F642C922D
SHA-512:	F81B901249D3FAED3805471F256F55463A7A2FC8CB612FF95E698D63F9609D5D1B3B57DD87021C5DD809D971709EC3831351D54E971E25643B67161E9EAD5E25
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-6) {. {-9223372036854775808 21600 0 +06}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-Q91UR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.903159871492102
Encrypted:	false
SSDEEP:
MD5:	3CABCADD8398567F6489C263BF55CA89
SHA1:	0981F225619E92D4B76ECB2C6D186156E46DA63D
SHA-256:	74EEBD9C48312D68DC5E54B843FACF3DB869E214D37214F1096AF1D6ECF6D9AF
SHA-512:	1FF86CFDAA407D7EFD0B0DBC32FC8ED03DAADF6D0D83463B4C6DA97B4B8D77FC381C4C140168AA06FA9A5444DDADBB39DBD8F22E4570EE86F2F7608AAFB0C7FC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-3) {. {-9223372036854775808 10800 0 +03}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-QIM74.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.91086034871979
Encrypted:	false
SSDEEP:
MD5:	AF742680C5A3BA5981DD7F0646EF6CCA
SHA1:	0753749D4636D561A8942BB1641BDBCC42349A9B
SHA-256:	5E2D90AF8A161D47F30E1C4A0F5E1CAB5E9F24201557864A02D3009B1ECFEDE0
SHA-512:	9B738675FC02613929BF90A7C78DD632AB782D20B5E660578AB590858D22BCD79E5AFB191D41E9DF94E2E586B5D2A163AB7D8364A02A5DE60E5B838F8B85D2FD
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-5) {. {-9223372036854775808 18000 0 +05}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-RGNHR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.8680235243759755
Encrypted:	false
SSDEEP:
MD5:	B940D187558341DBF4D619248C13C7CA
SHA1:	0C6B11AA9DBC0A395345F79B4B7325FBE870A414
SHA-256:	DAB4C0E14D2850BF917C5891E864834CA4BFD38D5470F119F529582976551862
SHA-512:	042176822D8BFD72FFC0727176596430B656E4986636E9869F883B7078389F936EFA8CCFA9BA7ED0963899BD7D134DB9CD25F24C42040781CC37F2701D0CA28A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-8) {. {-9223372036854775808 28800 0 +08}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-ROU2E.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	113
Entropy (8bit):	4.92045957745591
Encrypted:	false
SSDEEP:
MD5:	33022DF11BC5459AA1DD968CEF24EA03
SHA1:	45DE6AD3B142C1768B410C047DFD45444E307AB8
SHA-256:	15F72B4F2C04EDDC778AAD999B5A329F55F0D10AC141862488D2DCE520541A85
SHA-512:	0C13040965135D199A29CFE8E1598AA8E840B141B85CCF1A45611B367AF046107FDA8478B1779E2AC665534DC4E84630267B42F902DB3A2CB78DD6D20939010E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+10) {. {-9223372036854775808 -36000 0 -10}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-S6ALG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	110
Entropy (8bit):	4.936514686189307
Encrypted:	false
SSDEEP:
MD5:	CCC4BDA6EDA4933FB64F329E83EB6118
SHA1:	7C1B47D376966451540B4D095D16973763A73A73
SHA-256:	A82AA68616ADEB647456EA641587D76981888B3A022C98EA11302D458295A4FA
SHA-512:	ACC3DF6AA6025B45F06326062B2F0803BB6FD97AAAEBB276731E5DC5C496731C0853D54B2A4476A4A2EC2DD4FFDF69D78255FC8BCAB2412CE86925A94CE0559D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-1) {. {-9223372036854775808 3600 0 +01}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-TA0MR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.934250404386511
Encrypted:	false
SSDEEP:
MD5:	F6AF5C34BDE9FFF73F8B9631C0173EE9
SHA1:	A717214203F4B4952AE12374AE78992084CD5A61
SHA-256:	622E51EE9D4601DB90818F4B8E324F790F4D2405D66B899FC018A41E00473C0F
SHA-512:	0B898328A19DA7FE1BD2FB161EF1511684B569E4262C8149A789855C6F86C84360BC9E6BF82BC571BD7C585A30E0658560029FCC7C3C180BC0D2EA1872860753
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-12) {. {-9223372036854775808 43200 0 +12}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-U37C5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	105
Entropy (8bit):	4.883978227144926
Encrypted:	false
SSDEEP:
MD5:	94CDB0947C94E40D59CB9E56DB1FA435
SHA1:	B73907DAC08787D3859093E8F09828229EBAA6FD
SHA-256:	17AF31BD69C0048A0787BA588AD8641F1DC000A8C7AEC66386B0D9F80417ABBF
SHA-512:	5F47A2864F9036F3FD61FC65ED4969330DD2A1AC237CB2BD8E972DDFED75120D8D377D5C84060015DCFC163D03F384DC56DC8C6F29E65528C04F1FDA8BBC688E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT) {. {-9223372036854775808 0 0 GMT}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-VARHV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	105
Entropy (8bit):	4.857741203314798
Encrypted:	false
SSDEEP:
MD5:	6343442DDDC19AF39CADD82AC1DDA9BD
SHA1:	9D20B726C012F14D99E701A69C60F81CB33E9DA6
SHA-256:	48B88EED5EF95011F41F5CA7DF48B6C71BED711B079E1132B2C1CD538947EF64
SHA-512:	4CFED8C80D9BC2A75D4659A14F22A507CF55D3DCC88318025BCB8C99AE7909CAF1F11B1ADC363EF007520BF09473CB68357644E41A9BBDAF9DB0B0A44ECC4FBF
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/UTC) {. {-9223372036854775808 0 0 UTC}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Etc\is-VRC9T.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.912907908622555
Encrypted:	false
SSDEEP:
MD5:	821C0743B99BBD9B672D1B1606B2DADD
SHA1:	152C09F6E8079A4036BA8316BE3E739D2ECE674B
SHA-256:	532D16E2CDBE8E547F54DC22B521153D2215E8B6653336A36F045E0D338B0D1B
SHA-512:	CCFC5BC6246B4C9EF77081E79F0A0B1DACC79449388AD08F38912E857E77E12824835C447F769A2C9C707C7E6353010A9907CDF3468A94263CF2B21FC1BF4710
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+9) {. {-9223372036854775808 -32400 0 -09}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-02M66.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2046
Entropy (8bit):	3.588329521363201
Encrypted:	false
SSDEEP:
MD5:	E4394950F7838CD984172D68DA413486
SHA1:	75F84A4C887463DE3F82C7F0339DD7D71871AA65
SHA-256:	CB780BBC06F9268CE126461AF9B6539FF16964767A8763479099982214280896
SHA-512:	7D0E3904300FDD3C4814E15A3C042F3E641BF56AF6867DA7580D1DAD8E07F5B4F0C0717A34E8336C0908D760EDCD48605C7B6BA06A5165BD2BD3AF0B68399C59
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Ulyanovsk) {. {-9223372036854775808 11616 0 LMT}. {-1593820800 10800 0 +03}. {-1247540400 14400 0 +05}. {354916800 18000 1 +05}. {370724400 14400 0 +04}. {386452800 18000 1 +05}. {402260400 14400 0 +04}. {417988800 18000 1 +05}. {433796400 14400 0 +04}. {449611200 18000 1 +05}. {465343200 14400 0 +04}. {481068000 18000 1 +05}. {496792800 14400 0 +04}. {512517600 18000 1 +05}. {528242400 14400 0 +04}. {543967200 18000 1 +05}. {559692000 14400 0 +04}. {575416800 18000 1 +05}. {591141600 14400 0 +04}. {606866400 10800 0 +04}. {606870000 14400 1 +04}. {622594800 10800 0 +03}. {638319600 14400 1 +04}. {654649200 10800 0 +03}. {670374000 7200 0 +03}. {670377600 10800 1 +03}. {686102400 7200 0 +02}. {695779200 10800 0 +04}. {701823600 14400 1 +04}. {717548400 10800 0 +03}. {733273200 14400 1 +04}. {748998000 10800 0 +03}. {764722800

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-0KCGT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	181
Entropy (8bit):	4.866592240835745
Encrypted:	false
SSDEEP:
MD5:	9E18F66C32ADDDBCEDFE8A8B2135A0AC
SHA1:	9D2DC5BE334B0C6AEA15A98624321D56F57C3CB1
SHA-256:	6A03679D9748F4624078376D1FD05428ACD31E7CABBD31F4E38EBCCCF621C268
SHA-512:	014BAD4EF0209026424BC68CBF3F5D2B22B325D61A4476F1E4F020E1EF9CD4B365213E01C7EC6D9D40FA422FE8FE0FADB1E4CBB7D46905499691A642D813A379
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/London)]} {. LoadTimeZoneFile Europe/London.}.set TZData(:Europe/Isle_of_Man) $TZData(:Europe/London).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-0P4IS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7295
Entropy (8bit):	3.6772204206246193
Encrypted:	false
SSDEEP:
MD5:	981078CAEAA994DD0C088B8C4255018A
SHA1:	5B5E542491FCCC80B04F6F3CA3BA76FEE35BC207
SHA-256:	716CFFE58847E0084C904A01EF4230F63275660691A4BA54D0B80654E215CC8F
SHA-512:	3010639D28C7363D0B787F84EF57EE30F457BD8A6A64AEDED1E813EB1AF0A8D85DA0A788C810509F932867F7361B338753CC9B79ACA95D2D32A77F7A8AA8BC9F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Tallinn) {. {-9223372036854775808 5940 0 LMT}. {-2840146740 5940 0 TMT}. {-1638322740 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-1593824400 5940 0 TMT}. {-1535938740 7200 0 EET}. {-927943200 10800 0 MSK}. {-892954800 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-797648400 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 10800 1 EEST}. {622598400 7200 0 EET}. {638

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-0URFO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2397
Entropy (8bit):	3.8622541648513464
Encrypted:	false
SSDEEP:
MD5:	FE44AD99AF96A031D21D308B0E534928
SHA1:	36A666585D0895155D31A6E5AFD6B7395C7334AA
SHA-256:	0C65366AB59C4B8734DE0F69E7081269A367116363EB3863D16FB7184CCC5EB9
SHA-512:	2789E8FC8FD73A0D3C915F5CBAD158D2A4995EE51607C4368F3AE1CC6418E93E204E4FCE6F796CDC60BB2E0ED8F79650DA4549C7663589B58E189D0D10F059C5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Kaliningrad) {. {-9223372036854775808 4920 0 LMT}. {-2422056120 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-938905200 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-788922000 7200 0 CET}. {-778730400 10800 1 CEST}. {-762663600 7200 0 CET}. {-757389600 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-14C1P.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7396
Entropy (8bit):	3.6373782291014924
Encrypted:	false
SSDEEP:
MD5:	8B538BB68A7FF0EB541EB2716264BAD9
SHA1:	49899F763786D4E7324CC5BAAECFEA87D5C4F6C7
SHA-256:	9D60EF4DBA6D3802CDD25DC87E00413EC7F37777868C832A9E4963E8BCDB103C
SHA-512:	AD8D75EE4A484050BB108577AE16E609358A9E4F31EA1649169B4A26C8348A502B4135FE3A282A2454799250C6EDF9E70B236BCF23E1F6540E123E39E81BBE41
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Sofia) {. {-9223372036854775808 5596 0 LMT}. {-2840146396 7016 0 IMT}. {-2369527016 7200 0 EET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-788922000 3600 0 CET}. {-781048800 7200 0 EET}. {291762000 10800 0 EEST}. {307576800 7200 0 EET}. {323816400 10800 1 EEST}. {339026400 7200 0 EET}. {355266000 10800 1 EEST}. {370393200 7200 0 EET}. {386715600 10800 1 EEST}. {401846400 7200 0 EET}. {417571200 10800 1 EEST}. {433296000 7200 0 EET}. {449020800 10800 1 EEST}. {465350400 7200 0 EET}. {481075200 10800 1 EEST}. {496800000 7200 0 EET}. {512524800 10800 1 EEST}. {528249600 7200 0 EET}. {543974400 10800 1 EEST}. {559699200 7200 0 EET}. {575424000 10800 1 EEST}. {591148800 7200 0 EET}. {606873600 10800 1 EEST}. {622598400 7200 0 EET}. {638323200 10

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-1OKCK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	180
Entropy (8bit):	4.89628096026481
Encrypted:	false
SSDEEP:
MD5:	7C0606BC846344D78A85B4C14CE85B95
SHA1:	CEDFDC3C81E519413DDD634477533C89E8AF2E35
SHA-256:	D7DF89C23D2803683FE3DB57BF326846C9B50E8685CCCF4230F24A5F4DC8E44E
SHA-512:	8F07791DE5796B418FFD8945AE13BAB1C9842B8DDC073ED64E12EA8985619B93472C39DD44DA8FAEF5614F4E6B4A9D96E0F52B4ECA11B2CCA9806D2F8DDF2778
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Prague)]} {. LoadTimeZoneFile Europe/Prague.}.set TZData(:Europe/Bratislava) $TZData(:Europe/Prague).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-2H0V9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	178
Entropy (8bit):	4.830450830776494
Encrypted:	false
SSDEEP:
MD5:	DC2B3CAC4AF70A61D0F4C53288CC8D11
SHA1:	A423E06F88FDEED1960AF3C46A67F1CB9F293CAF
SHA-256:	9CB6E6FEC9461F94897F0310BFC3682A1134E284A56C729E7F4BCE726C2E2380
SHA-512:	8B455DA1D1A7AA1259E6E5A5CF90E62BA8073F769DCB8EB82503F2DFB70AA4539A688DC798880339A2722AA1871E8C8F16D8827064A2D7D8F2F232880359C78D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/London)]} {. LoadTimeZoneFile Europe/London.}.set TZData(:Europe/Guernsey) $TZData(:Europe/London).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-2HECB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	174
Entropy (8bit):	4.73570159193188
Encrypted:	false
SSDEEP:
MD5:	47C275C076A278CA8E1FF24E9E46CC22
SHA1:	55992974C353552467C2B57E3955E4DD86BBFAD2
SHA-256:	34B61E78EF15EA98C056C1AC8C6F1FA0AE87BD6BC85C58BE8DA44D017B2CA387
SHA-512:	1F74FC0B452C0BE35360D1C9EC8347063E8480CA37BE893FD4FF7FC2279B7D0C0909A26763C7755DFB19BE9736340D3FB00D39E9F6BF23C1D2F0015372139847
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Nicosia)]} {. LoadTimeZoneFile Asia/Nicosia.}.set TZData(:Europe/Nicosia) $TZData(:Asia/Nicosia).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-2K8O4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	184
Entropy (8bit):	4.890934294125181
Encrypted:	false
SSDEEP:
MD5:	5C12CEEDB17515260E2E143FB8F867F5
SHA1:	51B9CDF922BFBA52BF2618B63435EC510DEAE423
SHA-256:	7C45DFD5F016982F01589FD2D1BAF97898D5716951A4E08C3540A76E8D56CEB1
SHA-512:	7A6B7FDFD6E5CFEB2D1AC136922304B0A65362E19307E0F1E20DBF48BED95A262FAC9CBCDB015C3C744D57118A85BD47A57636A05144430BF6707404F8E53E8C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Belgrade)]} {. LoadTimeZoneFile Europe/Belgrade.}.set TZData(:Europe/Sarajevo) $TZData(:Europe/Belgrade).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-2LFPD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3974
Entropy (8bit):	3.7140382290341214
Encrypted:	false
SSDEEP:
MD5:	5F2F14127F11060A57C53565A24CB8F8
SHA1:	E79FC982C018CC7E3C29A956048ED3D0CFFE3311
SHA-256:	EAD62B6D04AA7623B9DF94D41E04C9E30C7BA8EB2CE3504105A0496A66EB87AE
SHA-512:	E709849DEF7F7CDAE3CA44F1939DF49D6FE5DE9C89F541343256FC0F7B9E55390AC496FF599D94B7F594D6BAE724AE4608A43F5870C18210525B061E801CC36B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Istanbul) {. {-9223372036854775808 6952 0 LMT}. {-2840147752 7016 0 IMT}. {-1869875816 7200 0 EET}. {-1693706400 10800 1 EEST}. {-1680490800 7200 0 EET}. {-1570413600 10800 1 EEST}. {-1552186800 7200 0 EET}. {-1538359200 10800 1 EEST}. {-1522551600 7200 0 EET}. {-1507514400 10800 1 EEST}. {-1490583600 7200 0 EET}. {-1440208800 10800 1 EEST}. {-1428030000 7200 0 EET}. {-1409709600 10800 1 EEST}. {-1396494000 7200 0 EET}. {-931140000 10800 1 EEST}. {-922762800 7200 0 EET}. {-917834400 10800 1 EEST}. {-892436400 7200 0 EET}. {-875844000 10800 1 EEST}. {-857358000 7200 0 EET}. {-781063200 10800 1 EEST}. {-764737200 7200 0 EET}. {-744343200 10800 1 EEST}. {-733806000 7200 0 EET}. {-716436000 10800 1 EEST}. {-701924400 7200 0 EET}. {-684986400 10800 1 EEST}. {-670474800 7200 0 EET}. {-654141600 10800 1 EEST}. {-639025200 7200 0 EET}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-33JHU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7055
Entropy (8bit):	3.732572949993817
Encrypted:	false
SSDEEP:
MD5:	D9A3FAE7D9B5C9681D7A98BFACB6F57A
SHA1:	11268DFEE6D2472B3D8615ED6D70B361521854A2
SHA-256:	C920B4B7C160D8CEB8A08E33E5727B14ECD347509CABB1D6CDC344843ACF009A
SHA-512:	7709778B82155FBF35151F9D436F3174C057EBF7927C48F841B1D8AF008EEA9BC181D862A57C436EC69A528FB8B9854D9E974FC9EEC4FFDFE983299102BCDFB1
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Zurich) {. {-9223372036854775808 2048 0 LMT}. {-3675198848 1786 0 BMT}. {-2385246586 3600 0 CET}. {-904435200 7200 1 CEST}. {-891129600 3600 0 CET}. {-872985600 7200 1 CEST}. {-859680000 3600 0 CET}. {347151600 3600 0 CET}. {354675600 7200 1 CEST}. {370400400 3600 0 CET}. {386125200 7200 1 CEST}. {401850000 3600 0 CET}. {417574800 7200 1 CEST}. {433299600 3600 0 CET}. {449024400 7200 1 CEST}. {465354000 3600 0 CET}. {481078800 7200 1 CEST}. {496803600 3600 0 CET}. {512528400 7200 1 CEST}. {528253200 3600 0 CET}. {543978000 7200 1 CEST}. {559702800 3600 0 CET}. {575427600 7200 1 CEST}. {591152400 3600 0 CET}. {606877200 7200 1 CEST}. {622602000 3600 0 CET}. {638326800 7200 1 CEST}. {654656400 3600 0 CET}. {670381200 7200 1 CEST}. {686106000 3600 0 CET}. {701830800 7200 1 CEST}. {717555600 3600 0 CET}. {733280400 7200 1 CEST}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-3JG90.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	184
Entropy (8bit):	4.85845283098493
Encrypted:	false
SSDEEP:
MD5:	743453106E8CD7AE48A2F575255AF700
SHA1:	7CD6F6DCA61792B4B2CBF6645967B9349ECEACBE
SHA-256:	C28078D4B42223871B7E1EB42EEB4E70EA0FED638288E9FDA5BB5F954D403AFB
SHA-512:	458072C7660BEAFEB9AE5A2D3AEA6DA582574D80193C89F08A57B17033126E28A175F5B6E2990034660CAE3BC1E837F8312BC4AA365F426BD54588D0C5A12EB8
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Chisinau)]} {. LoadTimeZoneFile Europe/Chisinau.}.set TZData(:Europe/Tiraspol) $TZData(:Europe/Chisinau).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-3LILK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7706
Entropy (8bit):	3.6365022673390808
Encrypted:	false
SSDEEP:
MD5:	79AAB44507DD6D06FA673CA20D4CF223
SHA1:	A2F1AA0E3F38EF24CD953C6B5E1EC29EA3EDB8C0
SHA-256:	C40DC0C9EE5FFF9F329823325A71F3F38BE940F159E64E0B0CED27B280C1F318
SHA-512:	BBEBB29FFD35A1F8B9D906795032976B3F69A0097ED7D764E3EB45574E66641C35F9006B3295FB090472FF5C09FC4D88D9249E924011A178EFB68D050AA6F871
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Bucharest) {. {-9223372036854775808 6264 0 LMT}. {-2469404664 6264 0 BMT}. {-1213148664 7200 0 EET}. {-1187056800 10800 1 EEST}. {-1175479200 7200 0 EET}. {-1159754400 10800 1 EEST}. {-1144029600 7200 0 EET}. {-1127700000 10800 1 EEST}. {-1111975200 7200 0 EET}. {-1096250400 10800 1 EEST}. {-1080525600 7200 0 EET}. {-1064800800 10800 1 EEST}. {-1049076000 7200 0 EET}. {-1033351200 10800 1 EEST}. {-1017626400 7200 0 EET}. {-1001901600 10800 1 EEST}. {-986176800 7200 0 EET}. {-970452000 10800 1 EEST}. {-954727200 7200 0 EET}. {296604000 10800 1 EEST}. {307486800 7200 0 EET}. {323816400 10800 1 EEST}. {338940000 7200 0 EET}. {354672000 10800 0 EEST}. {370396800 7200 0 EET}. {386121600 10800 1 EEST}. {401846400 7200 0 EET}. {417571200 10800 1 EEST}. {433296000 7200 0 EET}. {449020800 10800 1 EEST}. {465350400 7200 0 EET}. {481075200

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-4N88V.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	185
Entropy (8bit):	4.86256001696314
Encrypted:	false
SSDEEP:
MD5:	4F430ECF91032E40457F2D2734887860
SHA1:	D1C099523C34ED0BD48C24A511377B232548591D
SHA-256:	F5AB2E253CA0AB7A9C905B720B19F713469877DE1874D5AF81A8F3E74BA17FC8
SHA-512:	2E6E73076A18F1C6C8E89949899F81F232AE66FEB8FFA2A5CE5447FFF581A0D5E0E88DABEAA3C858CC5544C2AE9C6717E590E846CBFD58CEF3B7558F677334FB
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Belgrade)]} {. LoadTimeZoneFile Europe/Belgrade.}.set TZData(:Europe/Podgorica) $TZData(:Europe/Belgrade).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-6GI16.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2102
Entropy (8bit):	3.8519171770148932
Encrypted:	false
SSDEEP:
MD5:	E5ECB372FF8F5ED274597551ED2C35F0
SHA1:	6792E2676C59F43B9F260AF2F33E4C2484E71D64
SHA-256:	78A57D601978869FCAA2737BEC4FDAB72025BC5FDDF7188CCC89034FA767DA6C
SHA-512:	261FFB4C7974C5F1C0AECA49D9B26F3BC2998C63CEF9CB168B1060E9EC12F7057DB5376128AFD8A31AF2CC9EF79577E96CD9863AA46AC330A5F057F72E43B7B9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Minsk) {. {-9223372036854775808 6616 0 LMT}. {-2840147416 6600 0 MMT}. {-1441158600 7200 0 EET}. {-1247536800 10800 0 MSK}. {-899780400 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-804646800 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 14400 1 MSD}. {622594800 10800 0 MSK}. {631141200 10800 0 MSK}. {670374000 7200 0 EEMMTT}. {670377600 10800 1 EEST}. {686102400 7200 0 EET}. {7018272

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-70G2E.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2021
Entropy (8bit):	3.5806689351967527
Encrypted:	false
SSDEEP:
MD5:	DFC3D37284F1DCFE802539DB1E684399
SHA1:	67778FFE4326B1391C3CFE991B3C84C1E9ACA2D2
SHA-256:	AAFA26F7ED5733A2E45E77D67D7E4E521918CBDC19DAB5BA7774C60B9FDC203F
SHA-512:	B5A63E363CF9814C6E530840D9BB5A78C36493BAD54060781BACDF10DFA8C95988081DE3364E56D3FDFDBB5A6489E549D8CB1C0B5D1C57F53A1B1915B291A0D9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Volgograd) {. {-9223372036854775808 10660 0 LMT}. {-1577761060 10800 0 +03}. {-1247540400 14400 0 +04}. {-256881600 14400 0 +05}. {354916800 18000 1 +05}. {370724400 14400 0 +04}. {386452800 18000 1 +05}. {402260400 14400 0 +04}. {417988800 18000 1 +05}. {433796400 14400 0 +04}. {449611200 18000 1 +05}. {465343200 14400 0 +04}. {481068000 18000 1 +05}. {496792800 14400 0 +04}. {512517600 18000 1 +05}. {528242400 14400 0 +04}. {543967200 18000 1 +05}. {559692000 14400 0 +04}. {575416800 10800 0 +04}. {575420400 14400 1 +04}. {591145200 10800 0 +03}. {606870000 14400 1 +04}. {622594800 10800 0 +03}. {638319600 14400 1 +04}. {654649200 10800 0 +03}. {670374000 14400 0 +04}. {701820000 10800 0 +04}. {701823600 14400 1 +04}. {717548400 10800 0 +03}. {733273200 14400 1 +04}. {748998000 10800 0 +03}. {764722800 14400 1 +04}. {780447

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-83765.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7233
Entropy (8bit):	3.682695131194103
Encrypted:	false
SSDEEP:
MD5:	CF7967CD882413C1423CCD5A1EDC8B2E
SHA1:	72F5F5D280530A67591FC0F88BF272E2975E173C
SHA-256:	1E13055C7BF8D7469AFC28B0ED91171D203B382B62F78D140C1CB12CF968637C
SHA-512:	777B7418FFB8DFE4E6A2B1057BB3CFF2358269044F0E5887260663790D0344BDFD8BF5C220987E30B2D8D391BB96C17C8C5EE86DA83EC4874F7EC3172477DFB6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Vilnius) {. {-9223372036854775808 6076 0 LMT}. {-2840146876 5040 0 WMT}. {-1672536240 5736 0 KMT}. {-1585100136 3600 0 CET}. {-1561251600 7200 0 EET}. {-1553565600 3600 0 CET}. {-928198800 10800 0 MSK}. {-900126000 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-802141200 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 7200 0 EEMMTT}. {606873600 10800 1 EEST}. {622598400 7200 0 EET}. {638

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-8G976.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8366
Entropy (8bit):	3.731361496484662
Encrypted:	false
SSDEEP:
MD5:	5F72F26A78BECD6702560DE8C7CCB850
SHA1:	A14E10DCC128B88B3E9C5D2A86DAC7D254CEB123
SHA-256:	054C1CDABAD91C624A4007D7594C30BE96906D5F29B54C292E0B721F8CB03830
SHA-512:	564A575EA2FBDB1D262CF55D55BEFC0BF6EF2081D88DE25712B742F5800D2FBE155EDEF0303F62D497BA0E849174F235D8599E09E1C997789E24FE5583F4B0FC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Warsaw) {. {-9223372036854775808 5040 0 LMT}. {-2840145840 5040 0 WMT}. {-1717032240 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618696800 7200 0 EET}. {-1600473600 10800 1 EEST}. {-1587168000 7200 0 EET}. {-931734000 7200 0 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796870800 7200 0 CEST}. {-796608000 3600 0 CET}. {-778726800 7200 1 CEST}. {-762660000 3600 0 CET}. {-748486800 7200 1 CEST}. {-733273200 3600 0 CET}. {-715215600 7200 1 CEST}. {-701910000 3600 0 CET}. {-684975600 7200 1 CEST}. {-670460400 3600 0 CET}. {-654130800 7200 1 CEST}. {-639010800 3600 0 CET}. {-397094400 7200 1 CEST}. {-386812800 3600 0 CET}. {-371088000 7200 1 CEST}. {-355363200 3600 0

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-8N6V3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7058
Entropy (8bit):	3.730067397634837
Encrypted:	false
SSDEEP:
MD5:	7F6C45358FC5E91125ACBDD46BBD93FE
SHA1:	C07A80D3C136679751D64866B725CC390D73B750
SHA-256:	119E9F7B1284462EB8E920E7216D1C219B09A73B323796BBF843346ECD71309A
SHA-512:	585AE0B1DE1F5D31E45972169C831D837C19D05E21F65FAD3CB84BEF8270C31BF2F635FB803CB70C569FAC2C8AA6ABDE057943F4B51BF1D73B72695FE95ECFD2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Stockholm) {. {-9223372036854775808 4332 0 LMT}. {-2871681132 3614 0 SET}. {-2208992414 3600 0 CET}. {-1692496800 7200 1 CEST}. {-1680483600 3600 0 CET}. {315529200 3600 0 CET}. {323830800 7200 1 CEST}. {338950800 3600 0 CET}. {354675600 7200 1 CEST}. {370400400 3600 0 CET}. {386125200 7200 1 CEST}. {401850000 3600 0 CET}. {417574800 7200 1 CEST}. {433299600 3600 0 CET}. {449024400 7200 1 CEST}. {465354000 3600 0 CET}. {481078800 7200 1 CEST}. {496803600 3600 0 CET}. {512528400 7200 1 CEST}. {528253200 3600 0 CET}. {543978000 7200 1 CEST}. {559702800 3600 0 CET}. {575427600 7200 1 CEST}. {591152400 3600 0 CET}. {606877200 7200 1 CEST}. {622602000 3600 0 CET}. {638326800 7200 1 CEST}. {654656400 3600 0 CET}. {670381200 7200 1 CEST}. {686106000 3600 0 CET}. {701830800 7200 1 CEST}. {717555600 3600 0 CET}. {733280400 7200 1 CEST

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-90DLI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	182
Entropy (8bit):	4.906520812033373
Encrypted:	false
SSDEEP:
MD5:	BB062D4D5D6EA9BA172AC0555227A09C
SHA1:	75CCA7F75CEB77BE5AFB02943917DB048051F396
SHA-256:	51820E2C5938CEF89A6ED2114020BD32226EF92102645526352E1CB7995B7D0A
SHA-512:	8C6AD79DD225C566D2D93606575A1BF8DECF091EDFEED1F10CB41C5464A6A9F1C15BEB4957D76BD1E03F5AE430319480A3FDACEF3116EA2AF0464427468BC855
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Belgrade)]} {. LoadTimeZoneFile Europe/Belgrade.}.set TZData(:Europe/Skopje) $TZData(:Europe/Belgrade).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-AHEJ3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	182
Entropy (8bit):	4.851218990240677
Encrypted:	false
SSDEEP:
MD5:	445F589A26E47F9D7BDF1A403A96108E
SHA1:	B119D93796DA7C793F9ED8C5BB8BB65C8DDBFC81
SHA-256:	6E3ED84BC34D90950D267230661C2EC3C32BA190BD57DDC255F4BE901678B208
SHA-512:	F45AF9AC0AF800FDCC74DBED1BDFA106A6A58A15308B5B62B4CB6B091FCFD321F156618BE2C157A1A6CAFAAAC399E4C6B590AF7CE7176F757403B55F09842FD2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Belgrade)]} {. LoadTimeZoneFile Europe/Belgrade.}.set TZData(:Europe/Zagreb) $TZData(:Europe/Belgrade).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-AS19G.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7686
Entropy (8bit):	3.635151038354021
Encrypted:	false
SSDEEP:
MD5:	D64695F05822EF0DF9E3762A1BC440A0
SHA1:	F17F03CFD908753E28F2C67D2C8649B8E24C35F7
SHA-256:	118289C1754C06024B36AE81FEE96603D182CB3B8D0FE0A7FD16AD34DB81374D
SHA-512:	3C5BDE2004D6499B46D9BAB8DBFDCC1FC2A729EEA4635D8C6CB4279AEE9B5655CE93D2E3F09B3E7295468007FFB5BE6FEC5429501E8FB4D3C2BCC05177C2158A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Athens) {. {-9223372036854775808 5692 0 LMT}. {-2344642492 5692 0 AMT}. {-1686101632 7200 0 EET}. {-1182996000 10800 1 EEST}. {-1178161200 7200 0 EET}. {-906861600 10800 1 EEST}. {-904878000 7200 0 CEST}. {-857257200 3600 0 CET}. {-844477200 7200 1 CEST}. {-828237600 3600 0 CET}. {-812422800 7200 0 EET}. {-552362400 10800 1 EEST}. {-541652400 7200 0 EET}. {166485600 10800 1 EEST}. {186184800 7200 0 EET}. {198028800 10800 1 EEST}. {213753600 7200 0 EET}. {228873600 10800 1 EEST}. {244080000 7200 0 EET}. {260323200 10800 1 EEST}. {275446800 7200 0 EET}. {291798000 10800 1 EEST}. {307407600 7200 0 EET}. {323388000 10800 1 EEST}. {338936400 7200 0 EET}. {347148000 7200 0 EET}. {354675600 10800 1 EEST}. {370400400 7200 0 EET}. {386125200 10800 1 EEST}. {401850000 7200 0 EET}. {417574800 10800 1 EEST}. {433299600 7200 0 EET}. {4490

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-ATO9F.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7763
Entropy (8bit):	3.7367850410615597
Encrypted:	false
SSDEEP:
MD5:	D04290286789AB05490A7DE8569D80AB
SHA1:	B65938E29CBFB65D253E041EE1CD92FE75C3C663
SHA-256:	60494447C38C67E8173D4A9CDBA8D16AF90545FA83F3558DB8C9B7D0D052DD45
SHA-512:	B0897CD4785D737B7C5E5CE717B55AEE8689F83105DDB8A0DA2B4977961124AFA5AF573D57AA4467E5DB68FC5F927D7B58AEE7280238392C5666CC090476EC91
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Prague) {. {-9223372036854775808 3464 0 LMT}. {-3786829064 3464 0 PMT}. {-2469401864 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-938905200 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-781052400 7200 1 CEST}. {-777862800 7200 0 CEST}. {-765327600 3600 0 CET}. {-746578800 7200 1 CEST}. {-733359600 3600 0 CET}. {-728517600 0 1 GMT}. {-721260000 0 0 CET}. {-716425200 7200 1 CEST}. {-701910000 3600 0 CET}. {-684975600 7200 1 CEST}. {-670460400 3600 0 CET}. {-654217200 7200 1 CEST}. {-639010800 3600 0 CET}. {283993200 3600 0 CET}. {291776400 7200 1 CEST}. {307501200 3600 0 CET}. {323830800 7200 1 CEST}. {338

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-B663P.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2307
Entropy (8bit):	3.8673720237532523
Encrypted:	false
SSDEEP:
MD5:	F745F2F2FDEA14C70EA27BA35D4E3051
SHA1:	C4F01A629E6BAFB31F722FA65DC92B36D4E61E43
SHA-256:	EAE97716107B2BF4A14A08DD6197E0542B6EE27C3E12C726FC5BAEF16A144165
SHA-512:	0E32BE79C2576943D3CB684C2E25EE3970BE7F490FF8FD41BD897249EA560F280933B26B3FBB841C67915A3427CB009A1BFC3DACD70C4F77E33664104E32033E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Simferopol) {. {-9223372036854775808 8184 0 LMT}. {-2840148984 8160 0 SMT}. {-1441160160 7200 0 EET}. {-1247536800 10800 0 MSK}. {-888894000 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-811645200 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 14400 1 MSD}. {622594800 10800 0 MSK}. {631141200 10800 0 MSK}. {646786800 7200 0 EET}. {694216800 7200 0 EET}. {701820000 10800 1 EEST}. {71754

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-BOGJ7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6690
Entropy (8bit):	3.730744509734253
Encrypted:	false
SSDEEP:
MD5:	13F10BC59FB9DBA47750CA0B3BFA25E9
SHA1:	992E50F4111D55FEBE3CF8600F0B714E22DD2B16
SHA-256:	E4F684F28AD24B60E21707820C40A99E83431A312D26E6093A198CB344C249DC
SHA-512:	DA5255BDE684BE2C306C6782A61DE38BFCF9CFF5FD117EBDE5EF364A5ED76B5AB88E6F7E08337EEB2CEC9CB03238D9592941BDAA01DFB061F21085D386451AFA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Andorra) {. {-9223372036854775808 364 0 LMT}. {-2177453164 0 0 WET}. {-733881600 3600 0 CET}. {481078800 7200 0 CEST}. {496803600 3600 0 CET}. {512528400 7200 1 CEST}. {528253200 3600 0 CET}. {543978000 7200 1 CEST}. {559702800 3600 0 CET}. {575427600 7200 1 CEST}. {591152400 3600 0 CET}. {606877200 7200 1 CEST}. {622602000 3600 0 CET}. {638326800 7200 1 CEST}. {654656400 3600 0 CET}. {670381200 7200 1 CEST}. {686106000 3600 0 CET}. {701830800 7200 1 CEST}. {717555600 3600 0 CET}. {733280400 7200 1 CEST}. {749005200 3600 0 CET}. {764730000 7200 1 CEST}. {780454800 3600 0 CET}. {796179600 7200 1 CEST}. {811904400 3600 0 CET}. {828234000 7200 1 CEST}. {846378000 3600 0 CET}. {859683600 7200 1 CEST}. {877827600 3600 0 CET}. {891133200 7200 1 CEST}. {909277200 3600 0 CET}. {922582800 7200 1 CEST}. {941331600 3600 0 CET}. {9540

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-BP15I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9452
Entropy (8bit):	3.675115548319436
Encrypted:	false
SSDEEP:
MD5:	D9787AD03D1A020F01FFF1F9AB346C09
SHA1:	C194A0A7F218ABBEB7DB53E3B2062DC349A8C739
SHA-256:	E1DCBC878C8937FBE378033AEE6B0D8C72827BE3D9C094815BFA47AF92130792
SHA-512:	4C596C9BDE55605381C9B6F90837BA8C9EA2992EBC7F3ACDC207CFAE7612E8B13415FD4962DC8D3FD2A75D98025D0E052B8B8486F6C31742D791C6A2C1D1827F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Dublin) {. {-9223372036854775808 -1500 0 LMT}. {-2821649700 -1521 0 DMT}. {-1691962479 2079 1 IST}. {-1680471279 0 0 GMT}. {-1664143200 3600 1 BST}. {-1650146400 0 0 GMT}. {-1633903200 3600 1 BST}. {-1617487200 0 0 GMT}. {-1601848800 3600 1 BST}. {-1586037600 0 0 GMT}. {-1570399200 3600 1 BST}. {-1552168800 0 0 GMT}. {-1538344800 3600 1 BST}. {-1522533600 0 0 GMT}. {-1517011200 0 0 IST}. {-1507500000 3600 1 IST}. {-1490565600 0 0 IST}. {-1473631200 3600 1 IST}. {-1460930400 0 0 IST}. {-1442786400 3600 1 IST}. {-1428876000 0 0 IST}. {-1410732000 3600 1 IST}. {-1396216800 0 0 IST}. {-1379282400 3600 1 IST}. {-1364767200 0 0 IST}. {-1348437600 3600 1 IST}. {-1333317600 0 0 IST}. {-1315778400 3600 1 IST}. {-1301263200 0 0 IST}. {-1284328800 3600 1 IST}. {-1269813600 0 0 IST}. {-1253484000 3600 1 IST}. {-1238364000 0 0 IST}. {-

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-CA74P.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8511
Entropy (8bit):	3.729257183076779
Encrypted:	false
SSDEEP:
MD5:	3E209874EA8830B8436F897B0B7682B1
SHA1:	FC9AB2212C10C25850ACE69DC3BE125FD0912092
SHA-256:	626E7F8389382108E323B8447416BAC420A29442D852817024A39A97D556F365
SHA-512:	24C1A7890E076C4D58426D62726BC21FA6F70F16B5E9797405B7404AACB1CB2FC283483018418EF0CEE43720838864E01427C60269D98866A48F35CAF0483EFA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Rome) {. {-9223372036854775808 2996 0 LMT}. {-3259097396 2996 0 RMT}. {-2403565200 3600 0 CET}. {-1690765200 7200 1 CEST}. {-1680487200 3600 0 CET}. {-1664758800 7200 1 CEST}. {-1648951200 3600 0 CET}. {-1635123600 7200 1 CEST}. {-1616896800 3600 0 CET}. {-1604278800 7200 1 CEST}. {-1585533600 3600 0 CET}. {-1571014800 7200 1 CEST}. {-1555293600 3600 0 CET}. {-932432400 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-830307600 7200 0 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-807152400 7200 0 CEST}. {-798073200 3600 0 CET}. {-781052400 7200 1 CEST}. {-766717200 3600 0 CET}. {-750898800 7200 1 CEST}. {-733359600 3600 0 CET}. {-719456400 7200 1 CEST}. {-701917200 3600 0 CET}. {-689209200 7200 1 CEST}. {-670460400 3600 0 CET}. {-114051600 7200 1 CEST}. {-103168800 3600 0 CET}. {-81997200 7200 1 C

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-DK21E.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	185
Entropy (8bit):	4.913470013356756
Encrypted:	false
SSDEEP:
MD5:	CFB0DE2E11B8AF400537BD0EF493C004
SHA1:	32E8FCB8571575E9DFE09A966F88C7D3EBCD183E
SHA-256:	5F82A28F1FEE42693FD8F3795F8E0D7E8C15BADF1FD9EE4D45794C4C0F36108C
SHA-512:	9E36B2EACA06F84D56D9A9A0A83C7C106D26A6A55CBAA696729F105600F5A0105F193899D5996C416EFAABC4649E91BA0ED90D38E8DF7B305C6D951A31C80718
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Helsinki)]} {. LoadTimeZoneFile Europe/Helsinki.}.set TZData(:Europe/Mariehamn) $TZData(:Europe/Helsinki).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-DRN4M.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	177
Entropy (8bit):	4.827362756219521
Encrypted:	false
SSDEEP:
MD5:	19134F27463DEDF7E25BC72E031B856F
SHA1:	40D9E60D26C592ED79747D1253A9094FCDE5FD33
SHA-256:	5D31D69F259B5B2DFE016EB1B2B811BD51A1ED93011CBB34D2CF65E4806EB819
SHA-512:	B80202194A9D547AEC3B845D267736D831FB7E720E171265AC3F0074C8B511518952BF686A235E6DDEFC11752C3BD8A48A184930879B68980AC60E9FAECBFB44
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/London)]} {. LoadTimeZoneFile Europe/London.}.set TZData(:Europe/Belfast) $TZData(:Europe/London).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-EU5VF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7202
Entropy (8bit):	3.6738341956502953
Encrypted:	false
SSDEEP:
MD5:	4E693AC10DD3FC66700A878B94D3701D
SHA1:	692200B78A3EA482577D13BE5588FEB0BF94DF01
SHA-256:	3AAC94E73BB4C803BBB4DE14826DAA0AC82BAE5C0841FD7C58B62A5C155C064D
SHA-512:	9B68D418B98DDF855C257890376AEC300FC6024E08C85AF5CFFE70BE9AC39D75293C35D841DB8A7BE5574FD185D736F5CB72205531736A202D25305744A2DD15
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Kiev) {. {-9223372036854775808 7324 0 LMT}. {-2840148124 7324 0 KMT}. {-1441159324 7200 0 EET}. {-1247536800 10800 0 MSK}. {-892522800 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-825382800 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 14400 1 MSD}. {622594800 10800 0 MSK}. {638319600 14400 1 MSD}. {646786800 10800 1 EEST}. {686102400 7200 0 EET}. {701820000 10800 1 EEST}. {717541200 7200 0 EET}. {733269600 1

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-FA5G2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8871
Entropy (8bit):	3.7700564621466666
Encrypted:	false
SSDEEP:
MD5:	B2BA91B2CDD19E255B68EA35E033C061
SHA1:	246E377E815FFC11BBAF898E952194FBEDAE9AA2
SHA-256:	768E3D45DB560777C8E13ED9237956CFE8630D840683FAD065A2F6948FD797BE
SHA-512:	607383524C478F1CB442679F6DE0964F8916EE1A8B0EF6806BDF7652E4520B0E842A611B432FB190C30C391180EA1867268BBBF6067310F70D5E72CB3E4D789F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Monaco) {. {-9223372036854775808 1772 0 LMT}. {-2486680172 561 0 PMT}. {-1855958961 0 0 WET}. {-1689814800 3600 1 WEST}. {-1680397200 0 0 WET}. {-1665363600 3600 1 WEST}. {-1648342800 0 0 WET}. {-1635123600 3600 1 WEST}. {-1616893200 0 0 WET}. {-1604278800 3600 1 WEST}. {-1585443600 0 0 WET}. {-1574038800 3600 1 WEST}. {-1552266000 0 0 WET}. {-1539997200 3600 1 WEST}. {-1520557200 0 0 WET}. {-1507510800 3600 1 WEST}. {-1490576400 0 0 WET}. {-1470618000 3600 1 WEST}. {-1459126800 0 0 WET}. {-1444006800 3600 1 WEST}. {-1427677200 0 0 WET}. {-1411952400 3600 1 WEST}. {-1396227600 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364778000 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333328400 0 0 WET}. {-1316394000 3600 1 WEST}. {-1301274000 0 0 WET}. {-1284339600 3600 1 WEST}. {-1269824400 0 0 WET}. {-1253494800 3600 1 WEST}. {-1238374800 0 0

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-FP07A.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7400
Entropy (8bit):	3.686652767751974
Encrypted:	false
SSDEEP:
MD5:	5F71EBD41FC26CA6FAA0A26CE83FA618
SHA1:	0FC66EEB374A2930A7F6E2BB5B7D6C4FD00A258C
SHA-256:	6F63E58F355EF6C4CF8F954E01544B0E152605A72B400C731E3100B422A567D0
SHA-512:	20B730949A4967C49D259D4D00D8020579580F7FAA0278FBCEBDF8A8173BBF63846DDBF26FFFBBADB0FAF3FD0EB427DBB8CF18A4A80F7B023D2027CC952A773F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Riga) {. {-9223372036854775808 5794 0 LMT}. {-2840146594 5794 0 RMT}. {-1632008194 9394 1 LST}. {-1618702594 5794 0 RMT}. {-1601681794 9394 1 LST}. {-1597275394 5794 0 RMT}. {-1377308194 7200 0 EET}. {-928029600 10800 0 MSK}. {-899521200 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-795834000 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 10800 1 EEST}. {622598

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-FVP6B.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8826
Entropy (8bit):	3.7634145613638657
Encrypted:	false
SSDEEP:
MD5:	804A17ED0B32B9751C38110D28EB418B
SHA1:	24235897E163D33970451C48C4260F6C10C56ADD
SHA-256:	00E8152B3E5CD216E4FD8A992250C46E600E2AD773EEDDD87DAD31012BE55693
SHA-512:	53AFDDE8D516CED5C6CF0A906DBF72AF09A62278D1FC4D5C1562BBCE853D322457A6346C3DE8F112FCF665102E19A2E677972E941D0C80D0AB7C8DD0B694628E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Luxembourg) {. {-9223372036854775808 1476 0 LMT}. {-2069713476 3600 0 CET}. {-1692496800 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1662343200 7200 1 CEST}. {-1650157200 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-1612659600 0 0 WET}. {-1604278800 3600 1 WEST}. {-1585519200 0 0 WET}. {-1574038800 3600 1 WEST}. {-1552258800 0 0 WET}. {-1539997200 3600 1 WEST}. {-1520550000 0 0 WET}. {-1507510800 3600 1 WEST}. {-1490572800 0 0 WET}. {-1473642000 3600 1 WEST}. {-1459119600 0 0 WET}. {-1444006800 3600 1 WEST}. {-1427673600 0 0 WET}. {-1411866000 3600 1 WEST}. {-1396224000 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364774400 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333324800 0 0 WET}. {-1316394000 3600 1 WEST}. {-1301270400 0 0 WET}. {-1284339600 3600 1 WEST}. {-1269813600 0 0 WET}. {-1253484000 3600 1 WEST}. {-

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-G0DUK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	174
Entropy (8bit):	4.908962717024613
Encrypted:	false
SSDEEP:
MD5:	C50388AD7194924572FA470761DD09C7
SHA1:	EF0A2223B06BE12EFE55EE72BF2C941B7BFB2FFE
SHA-256:	7F89757BAE3C7AE59200DCEEEE5C38A7F74EBAA4AA949F54AFD5E9BB64B13123
SHA-512:	0CE5FF2F839CD64A2C9A5AE6BBE122C91342AE44BDECDB9A3BA9F08578BC0B474BC0AF0E773868B273423289254909A38902B225A0092D048AC44BCF883AB4B0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Rome)]} {. LoadTimeZoneFile Europe/Rome.}.set TZData(:Europe/San_Marino) $TZData(:Europe/Rome).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-GE2UJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7651
Entropy (8bit):	3.7309855254369766
Encrypted:	false
SSDEEP:
MD5:	2A3F771DD9EAE2E9C1D8394C12C0ED71
SHA1:	541DCF144EFFE2DFF27B81A50D245C7385CC0871
SHA-256:	8DDFB0296622E0BFDBEF4D0C2B4EA2522DE26A16D05340DFECA320C0E7B2B1F7
SHA-512:	E1526BD21E379F8B2285481E3E12C1CF775AE43E205D3E7E4A1906B87821D5E15B101B24463A055B6013879CD2777112C7F27B5C5220F280E3C48240367AA663
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Oslo) {. {-9223372036854775808 2580 0 LMT}. {-2366757780 3600 0 CET}. {-1691884800 7200 1 CEST}. {-1680573600 3600 0 CET}. {-927511200 7200 0 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-781052400 7200 0 CEST}. {-765327600 3600 0 CET}. {-340844400 7200 1 CEST}. {-324514800 3600 0 CET}. {-308790000 7200 1 CEST}. {-293065200 3600 0 CET}. {-277340400 7200 1 CEST}. {-261615600 3600 0 CET}. {-245890800 7200 1 CEST}. {-230166000 3600 0 CET}. {-214441200 7200 1 CEST}. {-198716400 3600 0 CET}. {-182991600 7200 1 CEST}. {-166662000 3600 0 CET}. {-147913200 7200 1 CEST}. {-135212400 3600 0 CET}. {315529200 3600 0 CET}. {323830800 7200 1 CEST}. {338950800 3600 0 CET}. {354675600 7200 1 CEST}. {370400400 3600 0 CET}. {386125200 7200 1 CEST}. {40185

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-GQ0BN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2347
Entropy (8bit):	3.859849674605335
Encrypted:	false
SSDEEP:
MD5:	AB2CB4A38196852883272148B4A14085
SHA1:	ED22233A615B775DB528053807858A0B69E9D4FB
SHA-256:	D9814005CB99F2275A4356A8B226E16C7C823ADC940F3A7BBB909D4C01BF44E3
SHA-512:	F2179FC1C15954FD7F7B824C5310183C96EDC630880E1C8C85DF4423ECC5994B8A9CA826745CC8BCA77945A36BCADAA87620C31FFBD40071438695A610EBF045
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Moscow) {. {-9223372036854775808 9017 0 LMT}. {-2840149817 9017 0 MMT}. {-1688265017 9079 0 MMT}. {-1656819079 12679 1 MST}. {-1641353479 9079 0 MMT}. {-1627965079 16279 1 MDST}. {-1618716679 12679 1 MST}. {-1596429079 16279 1 MDST}. {-1593820800 14400 0 MSD}. {-1589860800 10800 0 MSK}. {-1542427200 14400 1 MSD}. {-1539493200 18000 1 +05}. {-1525323600 14400 1 MSD}. {-1491188400 7200 0 EET}. {-1247536800 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 14400 1

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-HNBMT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8225
Entropy (8bit):	3.745589534746728
Encrypted:	false
SSDEEP:
MD5:	795CAAE9AECE3900DEA1F5EBD0ED668B
SHA1:	61F1745E7B60E19F1286864B7A4285E8CCF11202
SHA-256:	4BE326DD950DDAD6FB9C392A31CEED1CB1525D043F1F7C14332FEB226AEA1859
SHA-512:	BBBABBE86A757D3EE9267128E7DA810346E74FD9CD3EF37192A831958FF0EDBBE47F14DA63669F6799056081D0365194E22D64D14B97490E4333504DFE22D151
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Madrid) {. {-9223372036854775808 -884 0 LMT}. {-2177452800 0 0 WET}. {-1631926800 3600 1 WEST}. {-1616889600 0 0 WET}. {-1601168400 3600 1 WEST}. {-1585353600 0 0 WET}. {-1442451600 3600 1 WEST}. {-1427673600 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364774400 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333324800 0 0 WET}. {-1316390400 3600 1 WEST}. {-1301270400 0 0 WET}. {-1284339600 3600 1 WEST}. {-1269820800 0 0 WET}. {-1026954000 3600 1 WEST}. {-1017619200 0 0 WET}. {-1001898000 3600 1 WEST}. {-999482400 7200 1 WEMT}. {-986090400 3600 1 WEST}. {-954115200 0 0 WET}. {-940208400 3600 0 CET}. {-873079200 7200 1 CEST}. {-862621200 3600 0 CET}. {-842839200 7200 1 CEST}. {-828320400 3600 0 CET}. {-811389600 7200 1 CEST}. {-796870800 3600 0 CET}. {-779940000 7200 1 CEST}. {-765421200 3600 0 CET}. {-748490400 7200 1 CEST}. {-733971600

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-HPQ63.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8838
Entropy (8bit):	3.7637328221887567
Encrypted:	false
SSDEEP:
MD5:	153CA0EF3813D91C5E23B34ADFE7A318
SHA1:	F7F18CB34424A9B62172F00374853F1D4A89BEE4
SHA-256:	092BF010A1CF3819B102C2A70340F4D67C87BE2E6A8154716241012B5DFABD88
SHA-512:	E2D418D43D9DFD169238DDB0E790714D3B88D16398FA041A9646CB35F24EF79EE48DA4B6201E6A598E89D4C651F8A2FB9FB874B2010A51B3CD35A86767BAF4D2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Paris) {. {-9223372036854775808 561 0 LMT}. {-2486678901 561 0 PMT}. {-1855958901 0 0 WET}. {-1689814800 3600 1 WEST}. {-1680397200 0 0 WET}. {-1665363600 3600 1 WEST}. {-1648342800 0 0 WET}. {-1635123600 3600 1 WEST}. {-1616893200 0 0 WET}. {-1604278800 3600 1 WEST}. {-1585443600 0 0 WET}. {-1574038800 3600 1 WEST}. {-1552266000 0 0 WET}. {-1539997200 3600 1 WEST}. {-1520557200 0 0 WET}. {-1507510800 3600 1 WEST}. {-1490576400 0 0 WET}. {-1470618000 3600 1 WEST}. {-1459126800 0 0 WET}. {-1444006800 3600 1 WEST}. {-1427677200 0 0 WET}. {-1411952400 3600 1 WEST}. {-1396227600 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364778000 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333328400 0 0 WET}. {-1316394000 3600 1 WEST}. {-1301274000 0 0 WET}. {-1284339600 3600 1 WEST}. {-1269824400 0 0 WET}. {-1253494800 3600 1 WEST}. {-1238374800 0 0 W

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-HU908.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	176
Entropy (8bit):	4.831245786685746
Encrypted:	false
SSDEEP:
MD5:	F43ABA235B8B98F5C64181ABD1CEEC3A
SHA1:	A4A7D71ED148FBE53C2DF7497A89715EB24E84B7
SHA-256:	8E97798BE473F535816D6D9307B85102C03CC860D3690FE59E0B7EEF94D62D54
SHA-512:	B0E0FC97F08CB656E228353594FC907FC94A998859BB22648BF78043063932D0FC7282D31F63FCB79216218695B5DCDF298C37F0CB206160798CF3CA2C7598E1
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/London)]} {. LoadTimeZoneFile Europe/London.}.set TZData(:Europe/Jersey) $TZData(:Europe/London).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-I193N.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	175
Entropy (8bit):	4.906311228352029
Encrypted:	false
SSDEEP:
MD5:	C1817BA53C7CD6BF007A7D1E17FBDFF1
SHA1:	C72DCD724E24BBE7C22F9279B05EE03924603348
SHA-256:	E000C8E2A27AE8494DC462D486DC28DAFA502F644FC1540B7B6050EABE4712DC
SHA-512:	E48C1E1E60233CEC648004B6441F4A49D18D07904F88670A6F9A3DACC3006F7D7CE4A9ACB6C9B6DB8F45CB324EA1BCF6CC3DA8C1FFB40A948BB2231AC4B57EEB
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Zurich)]} {. LoadTimeZoneFile Europe/Zurich.}.set TZData(:Europe/Vaduz) $TZData(:Europe/Zurich).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-IAO6I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	171
Entropy (8bit):	4.8663121336740405
Encrypted:	false
SSDEEP:
MD5:	0652C9CF19CCF5C8210330B22F200D47
SHA1:	052121E14825CDF98422CAA2CDD20184F184A446
SHA-256:	3BC0656B5B52E3C3C6B7BC5A53F9228AAFA3EB867982CFD9332B7988687D310B
SHA-512:	1880524DCA926F4BFD1972E53D5FE616DE18E4A29E9796ABEAEE4D7CD10C6FE79C0D731B305BD4DAA6FC3917B286543D622F2291B76DABA231B9B22A784C7475
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Rome)]} {. LoadTimeZoneFile Europe/Rome.}.set TZData(:Europe/Vatican) $TZData(:Europe/Rome).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-IJLPQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9181
Entropy (8bit):	3.7982744899840535
Encrypted:	false
SSDEEP:
MD5:	F8AEFE8F561ED7E1DC81117676F7D0E0
SHA1:	1148176C2766B205B5D459A620D736B1D28283AA
SHA-256:	FB771A01326E1756C4026365BEE44A6B0FEF3876BF5463EFAB7CF4B97BF87CFC
SHA-512:	7C06CB215B920911E0DC9D24F0DD6E24DEC3D75FB2D0F175A9B4329304C9761FFFEE329DD797FF4343B41119397D7772D1D3DFC8F90C1DE205380DE463F42854
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Gibraltar) {. {-9223372036854775808 -1284 0 LMT}. {-2821649916 0 0 GMT}. {-1691964000 3600 1 BST}. {-1680472800 0 0 GMT}. {-1664143200 3600 1 BST}. {-1650146400 0 0 GMT}. {-1633903200 3600 1 BST}. {-1617487200 0 0 GMT}. {-1601848800 3600 1 BST}. {-1586037600 0 0 GMT}. {-1570399200 3600 1 BST}. {-1552168800 0 0 GMT}. {-1538344800 3600 1 BST}. {-1522533600 0 0 GMT}. {-1507500000 3600 1 BST}. {-1490565600 0 0 GMT}. {-1473631200 3600 1 BST}. {-1460930400 0 0 GMT}. {-1442786400 3600 1 BST}. {-1428876000 0 0 GMT}. {-1410732000 3600 1 BST}. {-1396216800 0 0 GMT}. {-1379282400 3600 1 BST}. {-1364767200 0 0 GMT}. {-1348437600 3600 1 BST}. {-1333317600 0 0 GMT}. {-1315778400 3600 1 BST}. {-1301263200 0 0 GMT}. {-1284328800 3600 1 BST}. {-1269813600 0 0 GMT}. {-1253484000 3600 1 BST}. {-1238364000 0 0 GMT}. {-1221429600 3600 1 BST}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-J8KBP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7975
Entropy (8bit):	3.7352769955376464
Encrypted:	false
SSDEEP:
MD5:	25864F8E5372B8E45B71D08667ED093C
SHA1:	83463D25C839782E2619CD5BE613DA1BD08ACBB5
SHA-256:	EF5CF8C9B3CA3F772A9C757A2CC1D561E00CB277A58E43ED583A450BBA654BF1
SHA-512:	0DAB3CA0C82AA80A4F9CC04C191BE180EB41CCF87ADB31F26068D1E6A3A2F121678252E36E387B589552E6F7BA965F7E3F4633F1FD066FC7849B1FD554F39EC7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Budapest) {. {-9223372036854775808 4580 0 LMT}. {-2500938980 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1640998800 3600 0 CET}. {-1633212000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-1600466400 7200 1 CEST}. {-1581202800 3600 0 CET}. {-906771600 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-788922000 3600 0 CET}. {-778471200 7200 1 CEST}. {-762660000 3600 0 CET}. {-749689200 7200 1 CEST}. {-733359600 3600 0 CET}. {-717634800 7200 1 CEST}. {-701910000 3600 0 CET}. {-686185200 7200 1 CEST}. {-670460400 3600 0 CET}. {-654130800 7200 1 CEST}. {-639010800 3600 0 CET}. {-621990000 7200 1 CEST}. {-605660400 3600 0 CET}. {-492656400 7200 1 CEST}. {-481168800 3600 0

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-JVICU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7659
Entropy (8bit):	3.7322931990772257
Encrypted:	false
SSDEEP:
MD5:	E8D0D78179D1E9D738CEEC1D0D4943E5
SHA1:	E0469B86F545FFFA81CE9694C96FE30F33F745DD
SHA-256:	44FF42A100EA0EB448C3C00C375F1A53614B0B5D468ADF46F2E5EAFF44F7A64C
SHA-512:	FACA076F44A64211400910E4A7CAD475DD24745ECCE2FE608DD47B0D5BB9221FF15B9D58A767A90FF8D25E0545C3E50B3E464FF80B1D23E934489420640F5C8A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Vienna) {. {-9223372036854775808 3921 0 LMT}. {-2422055121 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-1577926800 3600 0 CET}. {-1569711600 7200 1 CEST}. {-1555801200 3600 0 CET}. {-938905200 7200 0 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-781052400 7200 1 CEST}. {-780188400 3600 0 CET}. {-757386000 3600 0 CET}. {-748479600 7200 1 CEST}. {-733359600 3600 0 CET}. {-717634800 7200 1 CEST}. {-701910000 3600 0 CET}. {-684975600 7200 1 CEST}. {-670460400 3600 0 CET}. {323823600 7200 1 CEST}. {338940000 3600 0 CET}. {347151600 3600 0 CET}. {354675600 7200 1 CEST}. {370400400 3600 0 CET}. {386125200 7200 1 CEST}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-K4773.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9839
Entropy (8bit):	3.737361476589814
Encrypted:	false
SSDEEP:
MD5:	2A53A87C26A5D2AF62ECAAD8CECBF0D7
SHA1:	025D31C1D32F1100C1B00858929FD29B4E66E8F6
SHA-256:	2A69A7C9A2EE3057EBDB2615DBE5CB08F5D334210449DC3E42EA88564C29583A
SHA-512:	81EFA13E4AB30A9363E80EC1F464CC51F8DF3C492771494F3624844E074BA9B84FE50EF6C32F9467E6DAB41BD5159B492B752D0C97F3CB2F4B698C04E68C0255
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/London) {. {-9223372036854775808 -75 0 LMT}. {-3852662325 0 0 GMT}. {-1691964000 3600 1 BST}. {-1680472800 0 0 GMT}. {-1664143200 3600 1 BST}. {-1650146400 0 0 GMT}. {-1633903200 3600 1 BST}. {-1617487200 0 0 GMT}. {-1601848800 3600 1 BST}. {-1586037600 0 0 GMT}. {-1570399200 3600 1 BST}. {-1552168800 0 0 GMT}. {-1538344800 3600 1 BST}. {-1522533600 0 0 GMT}. {-1507500000 3600 1 BST}. {-1490565600 0 0 GMT}. {-1473631200 3600 1 BST}. {-1460930400 0 0 GMT}. {-1442786400 3600 1 BST}. {-1428876000 0 0 GMT}. {-1410732000 3600 1 BST}. {-1396216800 0 0 GMT}. {-1379282400 3600 1 BST}. {-1364767200 0 0 GMT}. {-1348437600 3600 1 BST}. {-1333317600 0 0 GMT}. {-1315778400 3600 1 BST}. {-1301263200 0 0 GMT}. {-1284328800 3600 1 BST}. {-1269813600 0 0 GMT}. {-1253484000 3600 1 BST}. {-1238364000 0 0 GMT}. {-1221429600 3600 1 BST}. {-120

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-KAT78.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8907
Entropy (8bit):	3.75854119398076
Encrypted:	false
SSDEEP:
MD5:	FA802B103E8829C07AE7E05DE7F3CD1F
SHA1:	46AFB26E3E9102F0544C5294DA67DC41E8B2E8FC
SHA-256:	AEB5860C2F041842229353E3F83CC2FEBC9518B115F869128E94A1605FB4A759
SHA-512:	488CE6B524071D2B72F8AD73C2DC00F5F4C1C3C93F91165BDA0BCCB2B2C644B792C4220B785E84835ABE81584FDC87A1DCDA7679A69318052C3854167CB43C61
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Brussels) {. {-9223372036854775808 1050 0 LMT}. {-2840141850 1050 0 BMT}. {-2450953050 0 0 WET}. {-1740355200 3600 0 CET}. {-1693702800 7200 0 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-1613826000 0 0 WET}. {-1604278800 3600 1 WEST}. {-1585530000 0 0 WET}. {-1574038800 3600 1 WEST}. {-1552266000 0 0 WET}. {-1539997200 3600 1 WEST}. {-1520557200 0 0 WET}. {-1507510800 3600 1 WEST}. {-1490576400 0 0 WET}. {-1473642000 3600 1 WEST}. {-1459126800 0 0 WET}. {-1444006800 3600 1 WEST}. {-1427677200 0 0 WET}. {-1411952400 3600 1 WEST}. {-1396227600 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364778000 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333328400 0 0 WET}. {-1316394000 3600 1 WEST}. {-1301263200 0 0 WET}. {-1284328800 3600 1 WEST}. {-126

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-L0IBS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	185
Entropy (8bit):	4.901869793666386
Encrypted:	false
SSDEEP:
MD5:	5F2AEC41DECD9E26955876080C56B247
SHA1:	4FDEC0926933AE5651DE095C519A2C4F9E567691
SHA-256:	88146DA16536CCF587907511FB0EDF40E392E6F6A6EFAB38260D3345CF2832E1
SHA-512:	B71B6C21071DED75B9B36D49EB5A779C5F74817FF070F70FEAB9E3E719E5F1937867547852052AA7BBAE8B842493FBC7DFAFD3AC47B70D36893541419DDB2D74
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Belgrade)]} {. LoadTimeZoneFile Europe/Belgrade.}.set TZData(:Europe/Ljubljana) $TZData(:Europe/Belgrade).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-LLJ9Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7059
Entropy (8bit):	3.733102701717456
Encrypted:	false
SSDEEP:
MD5:	841E21EED6229503BF41A858601453B0
SHA1:	6F5632B23F2C710106211FBCD2C17DC40B026BFB
SHA-256:	813B4B4F13401D4F92B0F08FC1540936CCFF91EFD8B8D1A2C5429B23715C2748
SHA-512:	85863B12F17A4F7FAC14DF4D3AB50CE33C7232A519F7F10CC521AC0F695CD645857BD0807F0A9B45C169DD7C1240E026C567B35D1D157EE3DB3C80A57063E8FE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Belgrade) {. {-9223372036854775808 4920 0 LMT}. {-2713915320 3600 0 CET}. {-905824800 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-788922000 3600 0 CET}. {-777942000 7200 1 CEST}. {-766623600 3600 0 CET}. {407199600 3600 0 CET}. {417574800 7200 1 CEST}. {433299600 3600 0 CET}. {449024400 7200 1 CEST}. {465354000 3600 0 CET}. {481078800 7200 1 CEST}. {496803600 3600 0 CET}. {512528400 7200 1 CEST}. {528253200 3600 0 CET}. {543978000 7200 1 CEST}. {559702800 3600 0 CET}. {575427600 7200 1 CEST}. {591152400 3600 0 CET}. {606877200 7200 1 CEST}. {622602000 3600 0 CET}. {638326800 7200 1 CEST}. {654656400 3600 0 CET}. {670381200 7200 1 CEST}. {686106000 3600 0 CET}. {701830800 7200 1 CEST}. {717555600 3600 0 CET}. {733280400 7200 1 CES

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-NJ8PB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1959
Entropy (8bit):	3.5751912319178496
Encrypted:	false
SSDEEP:
MD5:	249037A8019D3A5244DD59D8C3316403
SHA1:	2DABDE83753CE65D1A2D3949FF9B94401A2DD8C3
SHA-256:	5FE8535DD9A4729B68BF5EC178C6F978753A4A01BDC6F5529C2F8A3872B470D1
SHA-512:	4180DE17FDDA1417DD24229F775DD45FDE99078E71F2A583E6629D022DCD1B30CEB1ABCEEC78286CAE286E8CBAFC5A7AB20464D53B8BE2615B4681302C05B120
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Kirov) {. {-9223372036854775808 11928 0 LMT}. {-1593820800 10800 0 +03}. {-1247540400 14400 0 +05}. {354916800 18000 1 +05}. {370724400 14400 0 +04}. {386452800 18000 1 +05}. {402260400 14400 0 +04}. {417988800 18000 1 +05}. {433796400 14400 0 +04}. {449611200 18000 1 +05}. {465343200 14400 0 +04}. {481068000 18000 1 +05}. {496792800 14400 0 +04}. {512517600 18000 1 +05}. {528242400 14400 0 +04}. {543967200 18000 1 +05}. {559692000 14400 0 +04}. {575416800 18000 1 +05}. {591141600 14400 0 +04}. {606866400 10800 0 +04}. {606870000 14400 1 +04}. {622594800 10800 0 +03}. {638319600 14400 1 +04}. {654649200 10800 0 +03}. {670374000 14400 0 +04}. {701820000 10800 0 +04}. {701823600 14400 1 +04}. {717548400 10800 0 +03}. {733273200 14400 1 +04}. {748998000 10800 0 +03}. {764722800 14400 1 +04}. {780447600 10800 0 +03}. {796172400 1

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-OIL1Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	178
Entropy (8bit):	4.905738881351689
Encrypted:	false
SSDEEP:
MD5:	811B7E0B0EDD151E52DF369B9017E7C0
SHA1:	3C17D157A626F3AD7859BC0F667E0AB60E821D05
SHA-256:	221C8BA73684ED7D8CD92978ED0A53A930500A2727621CE1ED96333787174E82
SHA-512:	7F980E34BBCBC65BBF04526BF68684B3CE780611090392560569B414978709019D55F69368E98ADADC2C47116818A437D5C83F4E6CD40F4A1674D1CF90307CB5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Zurich)]} {. LoadTimeZoneFile Europe/Zurich.}.set TZData(:Europe/Busingen) $TZData(:Europe/Zurich).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-OKMPN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1992
Entropy (8bit):	3.5867428099003957
Encrypted:	false
SSDEEP:
MD5:	103F48F9DDAC5D94F2BECDA949DE5E50
SHA1:	0582454439DD4E8D69E7E8EE9B8A3F041F062E89
SHA-256:	823A0A0DBA01D9B34794EB276F9ABB9D2EC1E60660B20EAA2BA097884E3934F2
SHA-512:	7419A8F5CF49BE76D7CD7D070FF4467CED851EC76E38A07BD590ED64B96DA446968195096DE2F8298C448778E0A40CAE717C8F234CCDBDF5C3C21B7D056EA4C1
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Astrakhan) {. {-9223372036854775808 11532 0 LMT}. {-1441249932 10800 0 +03}. {-1247540400 14400 0 +05}. {354916800 18000 1 +05}. {370724400 14400 0 +04}. {386452800 18000 1 +05}. {402260400 14400 0 +04}. {417988800 18000 1 +05}. {433796400 14400 0 +04}. {449611200 18000 1 +05}. {465343200 14400 0 +04}. {481068000 18000 1 +05}. {496792800 14400 0 +04}. {512517600 18000 1 +05}. {528242400 14400 0 +04}. {543967200 18000 1 +05}. {559692000 14400 0 +04}. {575416800 18000 1 +05}. {591141600 14400 0 +04}. {606866400 10800 0 +04}. {606870000 14400 1 +04}. {622594800 10800 0 +03}. {638319600 14400 1 +04}. {654649200 10800 0 +03}. {670374000 14400 0 +04}. {701820000 10800 0 +04}. {701823600 14400 1 +04}. {717548400 10800 0 +03}. {733273200 14400 1 +04}. {748998000 10800 0 +03}. {764722800 14400 1 +04}. {780447600 10800 0 +03}. {7961724

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-P5ILO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7746
Entropy (8bit):	3.733442486698092
Encrypted:	false
SSDEEP:
MD5:	D1E45A4660E00A361729FCD7413361C1
SHA1:	BCC709103D07748E909DD999A954DFF7034F065F
SHA-256:	EAD23E3F58706F79584C1F3F9944A48670F428CACBE9A344A52E19B541AB4F66
SHA-512:	E3A0E6B4FC80A8D0215C81E95F9D3F71C0D9371EE0F6B2B7E966744C42FC64055370D322918EEA2917BFBA07030629C4493ADA257F9BD9C9BF6AD3C4A7FB1E70
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Berlin) {. {-9223372036854775808 3208 0 LMT}. {-2422054408 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-938905200 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-781052400 7200 1 CEST}. {-776559600 10800 0 CEMT}. {-765936000 7200 1 CEST}. {-761180400 3600 0 CET}. {-757386000 3600 0 CET}. {-748479600 7200 1 CEST}. {-733273200 3600 0 CET}. {-717631200 7200 1 CEST}. {-714610800 10800 1 CEMT}. {-710380800 7200 1 CEST}. {-701910000 3600 0 CET}. {-684975600 7200 1 CEST}. {-670460400 3600 0 CET}. {-654130800 7200 1 CEST}. {-639010800 3600 0 CET}. {315529200 3600 0 CET}. {323830800 7200 1 CEST}. {338950800 3600 0 CET

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-PENJR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7238
Entropy (8bit):	3.6787190163584103
Encrypted:	false
SSDEEP:
MD5:	4AC1F6AB26F3869C757247346BCB72B5
SHA1:	CB0880906DC630F3C2B934998853CD05AAA1FE39
SHA-256:	3E9F843F5C6DDBE8E6431BE28ACB95507DDDCA6C521E2FD3355A103BF38F3CB7
SHA-512:	C4A3AB7B5BA3BC371285654159CB1767ECD52DEDAA61BF69586F6ED61F9F1E877796C28438FF582962C12780484214B5EA670654C87240E01EDD2A4B271EDEEF
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Zaporozhye) {. {-9223372036854775808 8440 0 LMT}. {-2840149240 8400 0 +0220}. {-1441160400 7200 0 EET}. {-1247536800 10800 0 MSK}. {-894769200 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-826419600 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 14400 1 MSD}. {622594800 10800 0 MSK}. {638319600 14400 1 MSD}. {654649200 10800 0 MSK}. {670374000 10800 0 EEST}. {686091600 7200 0 EET}. {701820000 10800 1 EEST}. {71

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-PKJ5D.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7287
Entropy (8bit):	3.681086026612126
Encrypted:	false
SSDEEP:
MD5:	E1088083B0D5570AF8FBE54A4C553AFB
SHA1:	A6EC8636A0092737829B873C4879E9D4C1B0A288
SHA-256:	19D87DB3DAB942037935FEC0A9A5E5FE24AFEB1E5F0F1922AF2AF2C2E186621D
SHA-512:	C58AA37111AE29F85C9C3F1E52DB3C9B2E2DCEFBBB9ACA4C61AD9B00AA7F3A436E754D2285774E882614B16D5DB497ED370A06EE1AFC513579E1E5F1475CA160
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Uzhgorod) {. {-9223372036854775808 5352 0 LMT}. {-2500939752 3600 0 CET}. {-946774800 3600 0 CET}. {-938905200 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796870800 7200 1 CEST}. {-794714400 3600 0 CET}. {-773456400 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 14400 1 MSD}. {622594800 10800 0 MSK}. {631141200 10800 0 MSK}. {646786800 3600 0 CET}. {670384800 7200 0 EET}. {694216800

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-R2U5C.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7458
Entropy (8bit):	3.736544358182077
Encrypted:	false
SSDEEP:
MD5:	8FBF425E5833012C0A6276222721A106
SHA1:	78C5788ED4184A62E0E2986CC0F39EED3801AD76
SHA-256:	D2D091740C425C72C46ADDC23799FC431B699B80D244E4BCD7F42E31C1238EEB
SHA-512:	6DF08142EEBC7AF8A575DD7510B83DBD0E15DDA13801777684355937338CDA3D09E37527912F4EBBCC1B8758E3D65185E6006EB5C1349D1DC3AE7B6131105691
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Copenhagen) {. {-9223372036854775808 3020 0 LMT}. {-2524524620 3020 0 CMT}. {-2398294220 3600 0 CET}. {-1692496800 7200 1 CEST}. {-1680490800 3600 0 CET}. {-935110800 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-781052400 7200 0 CEST}. {-769388400 3600 0 CET}. {-747010800 7200 1 CEST}. {-736383600 3600 0 CET}. {-715215600 7200 1 CEST}. {-706748400 3600 0 CET}. {-683161200 7200 1 CEST}. {-675298800 3600 0 CET}. {315529200 3600 0 CET}. {323830800 7200 1 CEST}. {338950800 3600 0 CET}. {354675600 7200 1 CEST}. {370400400 3600 0 CET}. {386125200 7200 1 CEST}. {401850000 3600 0 CET}. {417574800 7200 1 CEST}. {433299600 3600 0 CET}. {449024400 7200 1 CEST}. {465354000 3600 0 CET}. {481078800 7200 1 CEST}. {496803600 3600 0 CET}. {512528

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-R9PK6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7824
Entropy (8bit):	3.674889638637008
Encrypted:	false
SSDEEP:
MD5:	92966EE642028D4C44C90F86CA1440AA
SHA1:	95F286585FF3A880F2F909E82F4C22C8F1D12BE3
SHA-256:	E92FFABF4705F93C2A4AD675555AEBC3C9418AC71EEB487AF0F7CD4EAB0431CE
SHA-512:	1D6018C83CA5998C590448FE98C59F3FCD0D5D7688B679B7F3C82B6F3209F25323BB302BF847FCCBD950F08A79AF36CA83DBDD4DB8A3557A682152A6B731B663
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Chisinau) {. {-9223372036854775808 6920 0 LMT}. {-2840147720 6900 0 CMT}. {-1637114100 6264 0 BMT}. {-1213148664 7200 0 EET}. {-1187056800 10800 1 EEST}. {-1175479200 7200 0 EET}. {-1159754400 10800 1 EEST}. {-1144029600 7200 0 EET}. {-1127700000 10800 1 EEST}. {-1111975200 7200 0 EET}. {-1096250400 10800 1 EEST}. {-1080525600 7200 0 EET}. {-1064800800 10800 1 EEST}. {-1049076000 7200 0 EET}. {-1033351200 10800 1 EEST}. {-1017626400 7200 0 EET}. {-1001901600 10800 1 EEST}. {-986176800 7200 0 EET}. {-970452000 10800 1 EEST}. {-954727200 7200 0 EET}. {-927165600 10800 1 EEST}. {-898138800 7200 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-800154000 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {4179

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-REBEU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8425
Entropy (8bit):	3.728789296531475
Encrypted:	false
SSDEEP:
MD5:	5F73FCB70E5B27E540C1A5133F3B791C
SHA1:	406A2FB6439A3532150D69E711F253665F000B3C
SHA-256:	5E3BB07FD3592163A756596A25060683CDA7930C7F4411A406B3E1506F9B901C
SHA-512:	5263ABBE91D95BDD359B666BCDDAA6B4C8B810E986B9A94A80AF2B28E48C9C949EC5D5F21158AD306F7AF5BB6A47408C9AA5C5BB6D0053A9B9DA89E76E126FB1
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Malta) {. {-9223372036854775808 3484 0 LMT}. {-2403478684 3600 0 CET}. {-1690765200 7200 1 CEST}. {-1680487200 3600 0 CET}. {-1664758800 7200 1 CEST}. {-1648951200 3600 0 CET}. {-1635123600 7200 1 CEST}. {-1616896800 3600 0 CET}. {-1604278800 7200 1 CEST}. {-1585533600 3600 0 CET}. {-1571014800 7200 1 CEST}. {-1555293600 3600 0 CET}. {-932432400 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812588400 7200 1 CEST}. {-798073200 3600 0 CET}. {-781052400 7200 1 CEST}. {-766717200 3600 0 CET}. {-750898800 7200 1 CEST}. {-733359600 3600 0 CET}. {-719456400 7200 1 CEST}. {-701917200 3600 0 CET}. {-689209200 7200 1 CEST}. {-670460400 3600 0 CET}. {-114051600 7200 1 CEST}. {-103168800 3600 0 CET}. {-81997200 7200 1 CEST}. {-71715600 3600 0 CET}. {-50547600 7200 1 CEST}. {-40266000 3600 0 CET}

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-RTE1C.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2045
Entropy (8bit):	3.5710319343050183
Encrypted:	false
SSDEEP:
MD5:	30271DF851CE290256FA0BE793F3A918
SHA1:	307BF37BD5110537B023A648AAC41F86E3D34ACB
SHA-256:	11400A62327FB9DEFB2D16EBD8E759F94C37EF4F12C49AC97DA2E5031FFA0079
SHA-512:	3E86BDF258BA23AFF9E1BDCDFE7853D5413A589160F67AF7424CE014B7A77A948B8BF973EB02A0FFFE47D5D0EA4464D851DF294C04AF685C0AF7A0EB08DD9067
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Samara) {. {-9223372036854775808 12020 0 LMT}. {-1593820800 10800 0 +03}. {-1247540400 14400 0 +04}. {-1102305600 14400 0 +05}. {354916800 18000 1 +05}. {370724400 14400 0 +04}. {386452800 18000 1 +05}. {402260400 14400 0 +04}. {417988800 18000 1 +05}. {433796400 14400 0 +04}. {449611200 18000 1 +05}. {465343200 14400 0 +04}. {481068000 18000 1 +05}. {496792800 14400 0 +04}. {512517600 18000 1 +05}. {528242400 14400 0 +04}. {543967200 18000 1 +05}. {559692000 14400 0 +04}. {575416800 18000 1 +05}. {591141600 14400 0 +04}. {606866400 10800 0 +04}. {606870000 14400 1 +04}. {622594800 10800 0 +03}. {638319600 14400 1 +04}. {654649200 10800 0 +03}. {670374000 7200 0 +03}. {670377600 10800 1 +03}. {686102400 10800 0 +03}. {687916800 14400 0 +04}. {701820000 18000 1 +05}. {717544800 14400 0 +04}. {733269600 18000 1 +05}. {748994400

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-SUURS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1990
Entropy (8bit):	3.5705804674707893
Encrypted:	false
SSDEEP:
MD5:	EEA55E1788265CCC7B3BDB775AF3DD38
SHA1:	E327A5965114AB8BF6E479989E43786F0B74CFB1
SHA-256:	0031D4DEC64866DEB1B5E566BB957F2C0E46E5751B31DF9C8A3DA1912AEC4CB2
SHA-512:	21EF7D364814259F23319D4BC0E4F7F0653D35C1DD03D22ACD8E9A540EE8A9E651BEE22501E4150F6C74901AC2ED750CE08AAE0551DF5A44AB11FD4A3DB49D59
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Saratov) {. {-9223372036854775808 11058 0 LMT}. {-1593820800 10800 0 +03}. {-1247540400 14400 0 +05}. {354916800 18000 1 +05}. {370724400 14400 0 +04}. {386452800 18000 1 +05}. {402260400 14400 0 +04}. {417988800 18000 1 +05}. {433796400 14400 0 +04}. {449611200 18000 1 +05}. {465343200 14400 0 +04}. {481068000 18000 1 +05}. {496792800 14400 0 +04}. {512517600 18000 1 +05}. {528242400 14400 0 +04}. {543967200 18000 1 +05}. {559692000 14400 0 +04}. {575416800 10800 0 +04}. {575420400 14400 1 +04}. {591145200 10800 0 +03}. {606870000 14400 1 +04}. {622594800 10800 0 +03}. {638319600 14400 1 +04}. {654649200 10800 0 +03}. {670374000 14400 0 +04}. {701820000 10800 0 +04}. {701823600 14400 1 +04}. {717548400 10800 0 +03}. {733273200 14400 1 +04}. {748998000 10800 0 +03}. {764722800 14400 1 +04}. {780447600 10800 0 +03}. {796172400

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-UA6IS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9471
Entropy (8bit):	3.738653060534981
Encrypted:	false
SSDEEP:
MD5:	AD82B05F966F0EAD5B2F4FD7B6D56718
SHA1:	DE5A9BB8B0FCA79C38DD35905FF074503D5AAF13
SHA-256:	EE61A08BED392B75FBE67666BDCF7CE26DFA570FC2D1DEC9FFEF51E5D8CD8DF7
SHA-512:	68DC078090E2AF1EAF0150BBCF63E52E4675BF22E2FF6BBA4B4D0B244BFF23C73310A3E63365A4217B8466F2C2E7A4384D05D778F70513183B3A59016A55DDB0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Lisbon) {. {-9223372036854775808 -2205 0 LMT}. {-2713908195 -2205 0 LMT}. {-1830384000 0 0 WET}. {-1689555600 3600 1 WEST}. {-1677801600 0 0 WET}. {-1667437200 3600 1 WEST}. {-1647738000 0 0 WET}. {-1635814800 3600 1 WEST}. {-1616202000 0 0 WET}. {-1604365200 3600 1 WEST}. {-1584666000 0 0 WET}. {-1572742800 3600 1 WEST}. {-1553043600 0 0 WET}. {-1541206800 3600 1 WEST}. {-1521507600 0 0 WET}. {-1442451600 3600 1 WEST}. {-1426813200 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364778000 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333328400 0 0 WET}. {-1316394000 3600 1 WEST}. {-1301274000 0 0 WET}. {-1284339600 3600 1 WEST}. {-1269824400 0 0 WET}. {-1221440400 3600 1 WEST}. {-1206925200 0 0 WET}. {-1191200400 3600 1 WEST}. {-1175475600 0 0 WET}. {-1127696400 3600 1 WEST}. {-1111971600 0 0 WET}. {-1096851600 3600 1 WEST}. {-1080522000

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-V4KRR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7120
Entropy (8bit):	3.635790220811118
Encrypted:	false
SSDEEP:
MD5:	E7A6AA8962067EF71174CD5AE79A8624
SHA1:	1250689DF0DFCCDD4B6B21C7867C4AA515D19ECD
SHA-256:	5FDBE427BC604FAC03316FD08138F140841C8CF2537CDF4B4BB20F2A9DFC4ECB
SHA-512:	5C590164499C4649D555F30054ECB5CF627CCCA8A9F94842328E90DD40477CADB1042D07EA4C368ABB7094D7A59A8C2EE7619E5B3458A0FAC066979B14AF44A6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Helsinki) {. {-9223372036854775808 5989 0 LMT}. {-2890258789 5989 0 HMT}. {-1535938789 7200 0 EET}. {-875671200 10800 1 EEST}. {-859773600 7200 0 EET}. {354672000 10800 1 EEST}. {370396800 7200 0 EET}. {386121600 10800 1 EEST}. {401846400 7200 0 EET}. {410220000 7200 0 EET}. {417574800 10800 1 EEST}. {433299600 7200 0 EET}. {449024400 10800 1 EEST}. {465354000 7200 0 EET}. {481078800 10800 1 EEST}. {496803600 7200 0 EET}. {512528400 10800 1 EEST}. {528253200 7200 0 EET}. {543978000 10800 1 EEST}. {559702800 7200 0 EET}. {575427600 10800 1 EEST}. {591152400 7200 0 EET}. {606877200 10800 1 EEST}. {622602000 7200 0 EET}. {638326800 10800 1 EEST}. {654656400 7200 0 EET}. {670381200 10800 1 EEST}. {686106000 7200 0 EET}. {701830800 10800 1 EEST}. {717555600 7200 0 EET}. {733280400 10800 1 EEST}. {749005200 7200 0 EET}. {764730000

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-VRLSO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8792
Entropy (8bit):	3.8152682180965747
Encrypted:	false
SSDEEP:
MD5:	C107BB0AC411789418982B201FF1F857
SHA1:	71691B3E9FCC3503943BAFD872A881C1F1EE8451
SHA-256:	2794B605AE149FFB58D88508A663BB54034FD542BF14B56DAE62801971612F5B
SHA-512:	BFC79B3245526ED54615F613D3158DC4CF44DAF3DB758DBA65977EC91263CEFFA628D36E7CA536E140AF727EC321D9047C36D56303718D1EC5B49F5A8BCAE2E9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Amsterdam) {. {-9223372036854775808 1172 0 LMT}. {-4260212372 1172 0 AMT}. {-1693700372 4772 1 NST}. {-1680484772 1172 0 AMT}. {-1663453172 4772 1 NST}. {-1650147572 1172 0 AMT}. {-1633213172 4772 1 NST}. {-1617488372 1172 0 AMT}. {-1601158772 4772 1 NST}. {-1586038772 1172 0 AMT}. {-1569709172 4772 1 NST}. {-1554589172 1172 0 AMT}. {-1538259572 4772 1 NST}. {-1523139572 1172 0 AMT}. {-1507501172 4772 1 NST}. {-1490566772 1172 0 AMT}. {-1470176372 4772 1 NST}. {-1459117172 1172 0 AMT}. {-1443997172 4772 1 NST}. {-1427667572 1172 0 AMT}. {-1406672372 4772 1 NST}. {-1396217972 1172 0 AMT}. {-1376950772 4772 1 NST}. {-1364768372 1172 0 AMT}. {-1345414772 4772 1 NST}. {-1333318772 1172 0 AMT}. {-1313792372 4772 1 NST}. {-1301264372 1172 0 AMT}. {-1282256372 4772 1 NST}. {-1269814772 1172 0 AMT}. {-1250720372 4772 1 NST}. {-123836517

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Europe\is-VUJS0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7412
Entropy (8bit):	3.7216700074911437
Encrypted:	false
SSDEEP:
MD5:	872AB00046280F53657A47D41FBA5EFE
SHA1:	311BF2342808BD9DC8AB2C2856A1F91F50CFB740
SHA-256:	D02C2CD894AE4D3C2619A4249088A566B02517FA3BF65DEFAF4280C407E5B5B3
SHA-512:	2FF901990FA8D6713D875F90FE611E54B35A2216C380E88D408C4FB5BD06916EE804DC6331C117C3AC643731BEADB5BDEDEA0F963B89FAEDB07CA3FFD0B3A535
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Tirane) {. {-9223372036854775808 4760 0 LMT}. {-1767230360 3600 0 CET}. {-932346000 7200 0 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-843519600 3600 0 CET}. {136854000 7200 1 CEST}. {149896800 3600 0 CET}. {168130800 7200 1 CEST}. {181432800 3600 0 CET}. {199839600 7200 1 CEST}. {213141600 3600 0 CET}. {231894000 7200 1 CEST}. {244591200 3600 0 CET}. {263257200 7200 1 CEST}. {276040800 3600 0 CET}. {294706800 7200 1 CEST}. {307490400 3600 0 CET}. {326156400 7200 1 CEST}. {339458400 3600 0 CET}. {357087600 7200 1 CEST}. {370389600 3600 0 CET}. {389142000 7200 1 CEST}. {402444000 3600 0 CET}. {419468400 7200 1 CEST}. {433807200 3600 0 CET}. {449622000 7200 1 CEST}. {457480800 7200 0 CEST}. {465354000 3600 0 CET}. {481078800 7200 1 CEST}. {496803600 3600 0 CET}. {512528400 7200 1 CEST}. {528253200 3600 0 CET}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Indian\is-0M8GH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	143
Entropy (8bit):	4.822244827214297
Encrypted:	false
SSDEEP:
MD5:	5223EC10BCFBC18A9FA392340530E164
SHA1:	A59B4F19A3F052B2A3EB57E0D2652E81FB665B50
SHA-256:	17750D6A9B8ED41809D8DC976777A5252CCB70F39C3BF396B55557A8E504CB09
SHA-512:	2B2EFC470FE4461F82B1F1909C2A953934938D5DC8B54B2DA3A48678CF23ECD7874187E0FA4F6241FC02AEE0AF29B861C3FEEC15BB90E5C7D3A609DBB50EDC2C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Kerguelen) {. {-9223372036854775808 0 0 -00}. {-631152000 18000 0 +05}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Indian\is-28D8L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	179
Entropy (8bit):	4.775639640601132
Encrypted:	false
SSDEEP:
MD5:	DAD21C1CD103E6FF24ECB26ECC6CC783
SHA1:	FBCCCF55EDFC882B6CB003E66B0B7E52A3E0EFDE
SHA-256:	DA2F64ADC2674BE934C13992652F285927D8A44504327950678AD3B3EC285DCE
SHA-512:	EA3B155D39D34AFB789F486FAA5F2B327ADB62E43FE5757D353810F9287D9E706773A034D3B2E5F050CCC2A24B31F28A8C44109CCCF43509F2B8547D107FD4A4
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Indian/Comoro) $TZData(:Africa/Nairobi).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Indian\is-B18SC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.802684724729281
Encrypted:	false
SSDEEP:
MD5:	4618C8D4F26C02A3A303DD1FB5DCFE46
SHA1:	857D376F5AFE75784E7F578C83E111B2EE18F74E
SHA-256:	94262B5A1E3423CD26BFFB3E36F63C1A6880304D00EE5B05985072D82032C765
SHA-512:	3F5CDDE3D2D5C8BC3DD6423888D7DB6A8EA3D4881ABE9E3857B9D0DDF756D0ECD9CAB7EF66343B0636D32E5CCF0ECEC1F56B9F4BC521CD24B3DB1D935F994AF0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Chagos) {. {-9223372036854775808 17380 0 LMT}. {-1988167780 18000 0 +05}. {820436400 21600 0 +06}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Indian\is-EPLL3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	143
Entropy (8bit):	4.873998321422911
Encrypted:	false
SSDEEP:
MD5:	F8D00BD4AD23557FB4FC8EB095842C26
SHA1:	AD4AE41D0AD49E80FCF8CADE6889459EA30B57F7
SHA-256:	997C33DBCEA54DE671A4C4E0E6F931623BF4F39A821F9F15075B9ECCCCA3F1B8
SHA-512:	F67D348ECCCA244681EE7B70F7815593CFB2D7D4502832B2EB653EBF01AC66ACED29F7EA2E223D295C4D4F64287D372070EF863CCB201ACD8DF470330812013D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Mahe) {. {-9223372036854775808 13308 0 LMT}. {-2006653308 14400 0 +04}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Indian\is-FVJ18.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	148
Entropy (8bit):	4.911693487750565
Encrypted:	false
SSDEEP:
MD5:	5026A59BD9CCD6ABA665B4895EDB0171
SHA1:	8361778F615EFDDAA660E49545249005B6FC66C3
SHA-256:	37E1DAD2B019CCD6F8927602B079AD6DB7D71F55CBDA165B0A3EEF580B86DACF
SHA-512:	E081BDE3FC0D07E75C83C308A662C3A1837A387137BFA8D8E4A59797159F465654BAFFCE6B1458602255BD784CEE0BF70F542C3E893BC87A566630D54084CDCC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Christmas) {. {-9223372036854775808 25372 0 LMT}. {-2364102172 25200 0 +07}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Indian\is-NEE71.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	262
Entropy (8bit):	4.450791926516311
Encrypted:	false
SSDEEP:
MD5:	040680E086764FC47EEBE039358E223C
SHA1:	4D10E6F69835533748DD5FD2E7409F9732221210
SHA-256:	C4054D56570F9362AB8FF7E4DBA7F8032720289AE01C03A861CCD8DEC9D2ABB2
SHA-512:	FC00B4AD7328EBC3025A482B3D6A0B176F3430BD3D06B918974EAC5BD30AD8551E0C6BE1DC03BE18A9BC6DD0919ED2A3717E20749ABECBFBD202764047D0D292
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Mauritius) {. {-9223372036854775808 13800 0 LMT}. {-1988164200 14400 0 +04}. {403041600 18000 1 +04}. {417034800 14400 0 +04}. {1224972000 18000 1 +04}. {1238274000 14400 0 +04}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Indian\is-P6NU7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	176
Entropy (8bit):	4.833774224054436
Encrypted:	false
SSDEEP:
MD5:	EC0C456538BE81FA83AF440948EED55E
SHA1:	11D7BA32A38547AF88F4182B6C1C3373AD89D75C
SHA-256:	18A4B14CD05E4B25431BAF7BFCF2049491BF4E36BB31846D7F18F186C9ECD019
SHA-512:	FF57F9EDFAD16E32B6A0BA656C5949A0A664D22001D5149BF036C322AEC1682E8B523C8E64E5A49B7EFA535A13459234C16237C09FC5B40F08AC22D56681C4BE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Maldives) {. {-9223372036854775808 17640 0 LMT}. {-2840158440 17640 0 MMT}. {-315636840 18000 0 +05}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Indian\is-RNRRB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	180
Entropy (8bit):	4.778847657463255
Encrypted:	false
SSDEEP:
MD5:	D89C649468B3C22CF5FA659AE590DE53
SHA1:	83DF2C14F1E51F5B89DCF6B833E421389F9F23DC
SHA-256:	071D17F347B4EB9791F4929803167497822E899761654053BD774C5A899B4B9C
SHA-512:	68334E11AAB0F8DCEEB787429832A60F4F0169B6112B7F74048EACFDE78F9C4D100E1E2682D188C3965E41A83477D3AECC80B73A2A8A1A80A952E59B431576A8
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Indian/Mayotte) $TZData(:Africa/Nairobi).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Indian\is-RQHBK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	185
Entropy (8bit):	4.75703014401897
Encrypted:	false
SSDEEP:
MD5:	1E84F531F7992BFBD53B87831FE349E9
SHA1:	E46777885945B7C151C6D46C8F7292FC332A5576
SHA-256:	F4BDCAE4336D22F7844BBCA933795063FA1BCA9EB228C7A4D8222BB07A706427
SHA-512:	545D6DEB94B7A13D69F387FE758C9FC474DC02703F2D485FD42539D3CE03975CDEEFB985E4AA7742957952AF9E9F1E2DB84389277C3864C32C31D890BD399FB9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Indian/Antananarivo) $TZData(:Africa/Nairobi).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Indian\is-T5VA5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	146
Entropy (8bit):	4.933616581218054
Encrypted:	false
SSDEEP:
MD5:	C50A592BB886F2FA48657900AE10789F
SHA1:	16D73BFFDAD18E751968E100BB391AABB29169E1
SHA-256:	3775EA8EBF5CBBD240E363FB62AEF8D2865A9D9969E40A15731DCC0AC03107EB
SHA-512:	F875F287E6C3A7B7325DB038CF419AA34FD0072FD3FCD138102008959F397026B647D8D339CB01362330905382FE7DCF5F8EC98C9B8C4FFF59A6FF4E78678BB7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Reunion) {. {-9223372036854775808 13312 0 LMT}. {-1848886912 14400 0 +04}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Indian\is-UVKFU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	146
Entropy (8bit):	4.811431467315532
Encrypted:	false
SSDEEP:
MD5:	4C9502EC642E813E7B699281DD9809DF
SHA1:	98804A95F13CF4EED983AC019CD1A9EFC01AF719
SHA-256:	E8C591860DD42374C64E30850A3626017989CF16DDB85FDCC111AD92BD311425
SHA-512:	8BD7718055789FA7CFB2D50270C563E4D69E16283745701B07073A1CDA271F95B1884F297C2F22CB36EC9983BC759F03B05B39DFD0604CD3278DBCBFB6E12CA6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Cocos) {. {-9223372036854775808 23260 0 LMT}. {-2209012060 23400 0 +0630}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Mexico\is-08MCI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	195
Entropy (8bit):	4.8300311016675606
Encrypted:	false
SSDEEP:
MD5:	E771850BA5A1C218EB1B31FDC564DF02
SHA1:	3675838740B837A96FF32694D1FA56DE01DE064F
SHA-256:	06A45F534B35538F32A77703C6523CE947D662D136C5EC105BD6616922AEEB44
SHA-512:	BD7AF307AD61C310EDAF01E618BE9C1C79239E0C8CDEC85792624A7CCE1B6251B0ADE066B8610AFDB0179F3EF474503890642284800B81E599CB830EC6C7C9AA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Mexico_City)]} {. LoadTimeZoneFile America/Mexico_City.}.set TZData(:Mexico/General) $TZData(:America/Mexico_City).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Mexico\is-B903F.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	186
Entropy (8bit):	4.841665860441288
Encrypted:	false
SSDEEP:
MD5:	89A5ED35215BA46C76BF2BD5ED620031
SHA1:	26F134644023A2D0DA4C8997C54E36C053AA1060
SHA-256:	D624945E20F30CCB0DB2162AD3129301E5281B8868FBC05ACA3AA8B6FA05A9DF
SHA-512:	C2563867E830F7F882E393080CE16A62A0CDC5841724E0D507CBA362DB8363BB75034986107C2428243680FE930BAC226E11FE6BA99C31E0C1A35D6DD1C14676
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Mazatlan)]} {. LoadTimeZoneFile America/Mazatlan.}.set TZData(:Mexico/BajaSur) $TZData(:America/Mazatlan).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Mexico\is-SOL2G.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	185
Entropy (8bit):	4.836487818373659
Encrypted:	false
SSDEEP:
MD5:	C3AEEA7B991B609A1CB253FDD5057D11
SHA1:	0212056C2A20DD899FA4A26B10C261AB19D20AA4
SHA-256:	599F79242382ED466925F61DD6CE59192628C7EAA0C5406D3AA98EC8A5162824
SHA-512:	38094FD29B1C31FC9D894B8F38909DD9ED3A76B2A27F6BC250ACD7C1EFF4529CD0B29B66CA7CCBEB0146DFF3FF0AC4AEEEC422F7A93422EF70BF723D12440A93
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Tijuana)]} {. LoadTimeZoneFile America/Tijuana.}.set TZData(:Mexico/BajaNorte) $TZData(:America/Tijuana).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-0436I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8487
Entropy (8bit):	3.8173754903771018
Encrypted:	false
SSDEEP:
MD5:	6C008D6437C7490EE498605B5B096FDB
SHA1:	D7F6E7B3920C54EFE02A44883DBCD0A75C7FC46A
SHA-256:	B5BD438B748BA911E0E1201A83B623BE3F8130951C1377D278A7E7BC9CB7F672
SHA-512:	DA6992D257B1BA6124E39F90DDEE17DC3E2F3B38C3A68B77A93065E3E5873D28B8AE5D21CEC223BAADFBDD1B3A735BF1CEC1BDEB0C4BEAB72AAA23433A707207
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Auckland) {. {-9223372036854775808 41944 0 LMT}. {-3192435544 41400 0 NZMT}. {-1330335000 45000 1 NZST}. {-1320057000 41400 0 NZMT}. {-1300699800 43200 1 NZST}. {-1287396000 41400 0 NZMT}. {-1269250200 43200 1 NZST}. {-1255946400 41400 0 NZMT}. {-1237800600 43200 1 NZST}. {-1224496800 41400 0 NZMT}. {-1206351000 43200 1 NZST}. {-1192442400 41400 0 NZMT}. {-1174901400 43200 1 NZST}. {-1160992800 41400 0 NZMT}. {-1143451800 43200 1 NZST}. {-1125914400 41400 0 NZMT}. {-1112607000 43200 1 NZST}. {-1094464800 41400 0 NZMT}. {-1081157400 43200 1 NZST}. {-1063015200 41400 0 NZMT}. {-1049707800 43200 1 NZST}. {-1031565600 41400 0 NZMT}. {-1018258200 43200 1 NZST}. {-1000116000 41400 0 NZMT}. {-986808600 43200 1 NZST}. {-968061600 41400 0 NZMT}. {-955359000 43200 1 NZST}. {-936612000 41400 0 NZMT}. {-923304600 43200 1 NZST}. {-757425600 43200

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-0TOD2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	175
Entropy (8bit):	4.865414495402954
Encrypted:	false
SSDEEP:
MD5:	3282C08FE7BC3A5F4585E97906904AE1
SHA1:	09497114D1EC149FB5CF167CBB4BE2B5E7FFA982
SHA-256:	DC6263DCC96F0EB1B6709693B9455CB229C8601A9A0B96A4594A03AF42515633
SHA-512:	077924E93AC9F610CD9FE158655B631186198BD96995428EB9EE2082449BD36CBF6C214D86E51A6D9A83329FCD5E931C343AA14DBB286C53071D46692B81BC0D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Chuuk)]} {. LoadTimeZoneFile Pacific/Chuuk.}.set TZData(:Pacific/Truk) $TZData(:Pacific/Chuuk).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-19C3E.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	211
Entropy (8bit):	4.684652862044272
Encrypted:	false
SSDEEP:
MD5:	E22A2C0F847601F128986A48A4B72F90
SHA1:	4E1D047DC64AA57C311A22FB1DA8497CD7022192
SHA-256:	88260F34784960C229B2B282F8004FD1AF4BE1BC2883AAEE7D041A622933C3FE
SHA-512:	A80DAC1A2A3376A47E2A542DE92CCC733E440AF2F05A70823DA52A2490FC9D1762F35CE256E6D1F7CCD435EEFBD6B0FBC533459CD3AD79ACD52C7CA78C29317C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Kiritimati) {. {-9223372036854775808 -37760 0 LMT}. {-2177415040 -38400 0 -1040}. {307622400 -36000 0 -10}. {788868000 50400 0 +14}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-1PP76.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	436
Entropy (8bit):	4.271209640478309
Encrypted:	false
SSDEEP:
MD5:	C32CDBF9C696134870351ABB80920E08
SHA1:	43918B7BF46EF2B574D684D36901592E43A45A8A
SHA-256:	8FE5EF266C660C4A25827BE9C2C4081A206D946DD46EBC1095F8D18F41536399
SHA-512:	1E10C548659A9CE0A9F0C7E6FD86EAD8627C07A8C9842933E7C6CD28EACDE3735DBFDCF7DD1DE5DDE7F2F102F7D584B3C44B1350AFDF7E1621FE9F565CD32362
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Tongatapu) {. {-9223372036854775808 44360 0 LMT}. {-2177497160 44400 0 +1220}. {-915193200 46800 0 +13}. {915102000 46800 0 +13}. {939214800 50400 1 +13}. {953384400 46800 0 +13}. {973342800 50400 1 +13}. {980596800 46800 0 +13}. {1004792400 50400 1 +13}. {1012046400 46800 0 +13}. {1478350800 50400 1 +13}. {1484398800 46800 0 +13}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-2RTOI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	907
Entropy (8bit):	3.848488423299009
Encrypted:	false
SSDEEP:
MD5:	19F22E22F7B136EFCB45E83BC765E871
SHA1:	500CC7EA47902856727C2B6D23BF4DAFF6817EB4
SHA-256:	B1235ED60A50282E14F4B2B477F9936D15CAF91495CBB81971A2C9580209C420
SHA-512:	2FD667F105E57A62821B2BB301A1A31BB56FA6670AADC94F41337445335262FE40DA5DAE7113328E54379E45246B5419B94F8C8AFB73B1F2405E7F08F5D6FBCC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Rarotonga) {. {-9223372036854775808 -38344 0 LMT}. {-2177414456 -37800 0 -1030}. {279714600 -34200 0 -10}. {289387800 -36000 0 -10}. {309952800 -34200 1 -10}. {320837400 -36000 0 -10}. {341402400 -34200 1 -10}. {352287000 -36000 0 -10}. {372852000 -34200 1 -10}. {384341400 -36000 0 -10}. {404906400 -34200 1 -10}. {415791000 -36000 0 -10}. {436356000 -34200 1 -10}. {447240600 -36000 0 -10}. {467805600 -34200 1 -10}. {478690200 -36000 0 -10}. {499255200 -34200 1 -10}. {510139800 -36000 0 -10}. {530704800 -34200 1 -10}. {541589400 -36000 0 -10}. {562154400 -34200 1 -10}. {573643800 -36000 0 -10}. {594208800 -34200 1 -10}. {605093400 -36000 0 -10}. {625658400 -34200 1 -10}. {636543000 -36000 0 -10}. {657108000 -34200 1 -10}. {667992600 -36000 0 -10}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-3D48V.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5505
Entropy (8bit):	3.545141446818078
Encrypted:	false
SSDEEP:
MD5:	67BE85DD77F7B520FD5705A4412157E3
SHA1:	04FA33692B8DBB8DDF89EF790646A0535943953D
SHA-256:	2FE87FF4AEBB58506B4E2552D3CB66AAC1D038D8C62F8C70B0EAF1CC508EC9FA
SHA-512:	35D4C46D187912D2B39C07A50DB0C56427ACF3755AD4B563B734BE26CA9C441AA0C2836266C803919786BF6DA9118A880CCF221FE9F9A9E30D610BE8E4913A9F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Fiji) {. {-9223372036854775808 42944 0 LMT}. {-1709985344 43200 0 +12}. {909842400 46800 1 +12}. {920124000 43200 0 +12}. {941896800 46800 1 +12}. {951573600 43200 0 +12}. {1259416800 46800 1 +12}. {1269698400 43200 0 +12}. {1287842400 46800 1 +12}. {1299333600 43200 0 +12}. {1319292000 46800 1 +12}. {1327154400 43200 0 +12}. {1350741600 46800 1 +12}. {1358604000 43200 0 +12}. {1382796000 46800 1 +12}. {1390050000 43200 0 +12}. {1414850400 46800 1 +12}. {1421503200 43200 0 +12}. {1446300000 46800 1 +12}. {1452952800 43200 0 +12}. {1478354400 46800 1 +12}. {1484402400 43200 0 +12}. {1509804000 46800 1 +12}. {1515852000 43200 0 +12}. {1541253600 46800 1 +12}. {1547301600 43200 0 +12}. {1572703200 46800 1 +12}. {1579356000 43200 0 +12}. {1604152800 46800 1 +12}. {1610805600 43200 0 +12}. {1636207200 46800 1 +12}. {1642255200 43200

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-5154I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	153
Entropy (8bit):	4.930595315407702
Encrypted:	false
SSDEEP:
MD5:	B41251BE6A78B9BA4F7859D344517738
SHA1:	8C0DFDD40B8AE1DFA6C3C1BDD44E8452F5EE49E1
SHA-256:	FC06B45FB8C5ED081BAFA999301354722AEF17DB2A9C58C6CDF81C758E63D899
SHA-512:	96D302EAA274BEE26325B8334DA8C3782B8DC0E279DDF464D281AF2B0CEE19E9254837A4B1D08F9B777BE892F639D205F6AB85C37C8F8B58A4867EA082FF054B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Marquesas) {. {-9223372036854775808 -33480 0 LMT}. {-1806676920 -34200 0 -0930}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-58C0M.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	174
Entropy (8bit):	4.8048918219164065
Encrypted:	false
SSDEEP:
MD5:	BE50B3EE2BD083842CFFB7698DD04CDE
SHA1:	0B8C8AFC5F94E33226F148202EFFBD0787D61FA2
SHA-256:	74DD6FE03E3061CE301FF3E8E309CF1B10FC0216EEC52839D48B210BCBD8CF63
SHA-512:	136BCF692251B67CD3E6922AD0A200F0807018DC191CAE853F2192FD385F8150D5CCF36DF641ED9C09701E4DBBB105BF97C7540D7FA9D9FFC440682B770DF5BA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Guam)]} {. LoadTimeZoneFile Pacific/Guam.}.set TZData(:Pacific/Saipan) $TZData(:Pacific/Guam).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-67T6S.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	145
Entropy (8bit):	4.989695428683993
Encrypted:	false
SSDEEP:
MD5:	61C075090B025E69800B23E0AD60459F
SHA1:	F847CA6D35BD4AF2C70B318D4EE4A2FB5C77D449
SHA-256:	3237743592D8719D0397FA278BB501E6F403985B643D1DE7E2DA91DD11BE215B
SHA-512:	5D07FB2FEAA9110D62CFD95BC729AA57F2A176C977D2E2C00374AF36EE84C4FB9416ECBEF179298928AAE9634B69C5FE889C5C9D2DFF290CAC0F6E53EDEC1A48
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Chuuk) {. {-9223372036854775808 36428 0 LMT}. {-2177489228 36000 0 +10}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-6TJF7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	146
Entropy (8bit):	4.932023172694197
Encrypted:	false
SSDEEP:
MD5:	9FBFA7A7556A081F2352250B44EB0CB6
SHA1:	CB16A38A9E51FEFC803C4E119395B9BCDBA1CF95
SHA-256:	29ABBA5D792FB1D754347DED8E17423D12E07231015D5A65A5873BFC0CE474C7
SHA-512:	CD0FA19597D7188F1D05E8FE9DD9B650DDD30CBBEF3F16646715D5DEF5A261C1E92ADE781DEA609B163808D7A59A0F7AF168332D0134D87DADE42447ABE7E431
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Wallis) {. {-9223372036854775808 44120 0 LMT}. {-2177496920 43200 0 +12}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-897O4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7935
Entropy (8bit):	3.4518545894421475
Encrypted:	false
SSDEEP:
MD5:	9B0B358E33E33FEFE38BEF73232919F3
SHA1:	7164F24730A37875128BE3F2FB4E9BC076AB9F39
SHA-256:	E02B71C59DF59109D12EBE60ED153922F1DFF3F5C4AD207E267AB025792C51F4
SHA-512:	A0C4A98B0B40FDE690A8EEE7A2C2F16C3E70C6F406FF0699B98CB837C72C6A1259395167795F2CFBBD2943E602AC0483C62B9D6209B8258018F7D78E103BBB15
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Easter) {. {-9223372036854775808 -26248 0 LMT}. {-2524495352 -26248 0 EMT}. {-1178124152 -25200 0 -07}. {-36619200 -21600 1 -07}. {-23922000 -25200 0 -07}. {-3355200 -21600 1 -07}. {7527600 -25200 0 -07}. {24465600 -21600 1 -07}. {37767600 -25200 0 -07}. {55915200 -21600 1 -07}. {69217200 -25200 0 -07}. {87969600 -21600 1 -07}. {100666800 -25200 0 -07}. {118209600 -21600 1 -07}. {132116400 -25200 0 -07}. {150868800 -21600 1 -07}. {163566000 -25200 0 -07}. {182318400 -21600 1 -07}. {195620400 -25200 0 -07}. {213768000 -21600 1 -07}. {227070000 -25200 0 -07}. {245217600 -21600 1 -07}. {258519600 -25200 0 -07}. {277272000 -21600 1 -07}. {289969200 -25200 0 -07}. {308721600 -21600 1 -07}. {321418800 -25200 0 -07}. {340171200 -21600 1 -07}. {353473200 -25200 0 -07}. {371620800 -21600 1 -07}. {384922800 -21600 0 -06}. {403070400 -180

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-8BBFV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	174
Entropy (8bit):	4.887747451136248
Encrypted:	false
SSDEEP:
MD5:	63594F45385660A04D21C11B5F203FF4
SHA1:	CEEC55B952B8EBA952E0965D92220C8EF001E59E
SHA-256:	4418559478B5881DFAF3FE3246A4BFE2E62C46C1D3D452EE4CF5D9651C4F92B5
SHA-512:	B9B55B027EFB7E87D44E89191C03A8409A16FA19A52032E29210161AE8FED528A6504B7B487181847125AF2C7C129A0687323CDDC6D5454199229897F97F0AB0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Chuuk)]} {. LoadTimeZoneFile Pacific/Chuuk.}.set TZData(:Pacific/Yap) $TZData(:Pacific/Chuuk).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-8PN00.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	238
Entropy (8bit):	4.63034174284777
Encrypted:	false
SSDEEP:
MD5:	307B016C9E6A915B1760D9A6AD8E63C1
SHA1:	26B797811821C09CF6BAB76E05FF612359DF7318
SHA-256:	F1CB2B1EBD4911857F5F183E446A22E731BD57925AD07B15CA78A7BDDFED611F
SHA-512:	F7AAAEE32CAC84F7D54C29E07CB8952D61585B85CB4FFFB93DD824A71403FDF356EC0761E5EEE19D9F8139F11A9CAB0A7DAEADBD13B6DD4C0CDF9FB573794542
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Galapagos) {. {-9223372036854775808 -21504 0 LMT}. {-1230746496 -18000 0 -05}. {504939600 -21600 0 -06}. {722930400 -18000 1 -06}. {728888400 -21600 0 -06}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-8PS67.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	183
Entropy (8bit):	4.735143778298082
Encrypted:	false
SSDEEP:
MD5:	C963ECC06914E8E42F0B96504C1F041C
SHA1:	82D256793B22E9C07362708EE262A6B46AC13ACD
SHA-256:	86593D3A9DC648370A658D82DA7C410E26D818DB2749B79F57A802F8CED76BD3
SHA-512:	0F3691977F992A3FF281AD1577BA0BD4AAF7DB3F167E1A1FF139374C14B14F1A456BE7E7D362D698A8294A6AB906E69AC56E1EE0DAF77C13050553299FB6DAF5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Pohnpei)]} {. LoadTimeZoneFile Pacific/Pohnpei.}.set TZData(:Pacific/Ponape) $TZData(:Pacific/Pohnpei).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-A77E8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	209
Entropy (8bit):	4.680590339435768
Encrypted:	false
SSDEEP:
MD5:	54FD41634DDEAA58F9F9770DC82B3E5F
SHA1:	E5296ACE7239C4CD7E13D391676F910376556ACC
SHA-256:	9D4E202A1ED8609194A97ED0F58B3C36DF83F46AE92EAF09F8337317DCACA75F
SHA-512:	9A2192C1232368FA5D382062A2C48869155B727C970F5D5BCD5FE424FC9D15417394E637D77FCA793B633517A1BFED8D93E74F239A3BC1A6716615B6D877ADC6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Niue) {. {-9223372036854775808 -40780 0 LMT}. {-2177412020 -40800 0 -1120}. {-599575200 -41400 0 -1130}. {276089400 -39600 0 -11}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-A7HO8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	332
Entropy (8bit):	4.582125163058844
Encrypted:	false
SSDEEP:
MD5:	17ACB888B597247CB0CA3CA191E51640
SHA1:	9C2668BF0288D277ED2FE5DBCD5C34F5931004A6
SHA-256:	719EA0BC1762078A405936791C65E4255B4250FB2B305342FE768A21D6AF34BE
SHA-512:	9D02F784F0CD2195AEDEAA59E3ECD64B27928D48DCBC3EA2651B36B3BE7F8C6D9CBB66ACDC76DC02D94DF19C0A29306DD8C2A15AD89C24188FC3E4BCFBE6D456
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Honolulu) {. {-9223372036854775808 -37886 0 LMT}. {-2334101314 -37800 0 HST}. {-1157283000 -34200 1 HDT}. {-1155436200 -34200 0 HST}. {-880201800 -34200 1 HWT}. {-769395600 -34200 1 HPT}. {-765376200 -37800 0 HST}. {-712150200 -36000 0 HST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-AE73Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	147
Entropy (8bit):	4.9618148014469705
Encrypted:	false
SSDEEP:
MD5:	0D8489972CBD248971C83DA074C79030
SHA1:	3E390EDC1A2F678918220026F03E914BB6E8ED4B
SHA-256:	A85364C6E79EA16FD0C86A5CF74CCB84843009A6738AAED3B13A709F1BDF0DF7
SHA-512:	A43E459BAB47F133E27A67CFA448E94FBE796DDC23A2D6C3400437D3BC8F31AC2EF3541C4588CF494E1BBD55856C5FA8553A6CD92534E2243EFA31BE2BF5A4CC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Pohnpei) {. {-9223372036854775808 37972 0 LMT}. {-2177490772 39600 0 +11}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-AVK9M.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	188
Entropy (8bit):	4.729839728044672
Encrypted:	false
SSDEEP:
MD5:	843BBE96C9590D69B09FD885B68DE65A
SHA1:	25BF176717A4578447E1D77F9BF0140AFF18625A
SHA-256:	4F031CB2C27A3E311CA4450C20FB5CF4211A168C39591AB02EEEC80A5A8BFB93
SHA-512:	B50301CFC8E5CF8C257728999B0D91C06E2F7C040D30F71B90BBC612959B519E8D27EE2DA9B8B9002483D3F4F173BB341A07898B4E4C98A146B3D988CA3BD5B2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Pago_Pago)]} {. LoadTimeZoneFile Pacific/Pago_Pago.}.set TZData(:Pacific/Samoa) $TZData(:Pacific/Pago_Pago).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-B3FEO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	270
Entropy (8bit):	4.659789664861683
Encrypted:	false
SSDEEP:
MD5:	A85F8A9502E818ADE7759166B9C7A9AD
SHA1:	5E706E5491AFE1A8399D7815158924381A1F6D27
SHA-256:	C910696B4CC7CA3E713EE08A024D26C1E4E4003058DECD5B54B92A0B2F8A17E0
SHA-512:	682BDC7DA0C9BFFD98992973295E180FB3FAACEA514760211B5291AEE26CABF200B68CA0EA80D9083C52F32C2EE3D0A5E84141363D1784C2A6A9FD24C2CF38E9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Bougainville) {. {-9223372036854775808 37336 0 LMT}. {-2840178136 35312 0 PMMT}. {-2366790512 36000 0 +10}. {-868010400 32400 0 +09}. {-768906000 36000 0 +10}. {1419696000 39600 0 +11}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-D4NAT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	181
Entropy (8bit):	4.94008377236012
Encrypted:	false
SSDEEP:
MD5:	7ABD13E51C01A85468F6511B6710E4B5
SHA1:	9DC80A7BFD7028DB672A20EF32C31B11F083BA99
SHA-256:	AEE9D8FBCB7413536DA1CBDC4F28B7863B3DDD5E6A5AB2A90CE32038AC0EA2B8
SHA-512:	6F6BBEBB10FD6B3987D3076D93DC06F5F765FAC22A90C4184AAF33C1FFD4CBD98464C8A0B4C0C38808AA6D08F91F5060BCEC83E278B8BEF21124C7FE427A09AF
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Pago_Pago) {. {-9223372036854775808 45432 0 LMT}. {-2445424632 -40968 0 LMT}. {-1861879032 -39600 0 SST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-DPANT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	148
Entropy (8bit):	4.900317309402027
Encrypted:	false
SSDEEP:
MD5:	DDF599B7659B88603DF80E390471CB10
SHA1:	80FF5E0E99483CB8952EC137A261D034B6759D07
SHA-256:	B8282EC1E5BFA5E116C7DC5DC974B0605C85D423519F124754126E8F8FE439EC
SHA-512:	28F15CB6310190066936B7B21024205EC87A54D081415B1E46E72982814E1E2A41A2CE8B808D02E705100CE5ACBB1E69F1859E40A04F629B7004FBD89DD37899
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Tahiti) {. {-9223372036854775808 -35896 0 LMT}. {-1806674504 -36000 0 -10}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-EP9F6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5431
Entropy (8bit):	3.5627170055641306
Encrypted:	false
SSDEEP:
MD5:	6718CD07DCEBD2CA85FC1764BE45E46C
SHA1:	0BCD2E4267F2BDB499EA613C17B9C38CCFC2177A
SHA-256:	5D3D1B4180482099119383DC160520DCDA5D4E3EEC87F22EA20B7D4B599F5249
SHA-512:	95C16BC92B9B3C80F9FA10F5B49DAEB472D45C2489A455A31177A8679E21EF668F85450E1770CFB77CA43477B68EF11B3A4090C11CE6F7FA518040EA7B502855
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Apia) {. {-9223372036854775808 45184 0 LMT}. {-2445424384 -41216 0 LMT}. {-1861878784 -41400 0 -1130}. {-631110600 -39600 0 -11}. {1285498800 -36000 1 -11}. {1301752800 -39600 0 -11}. {1316872800 -36000 1 -11}. {1325239200 50400 0 +13}. {1333202400 46800 0 +13}. {1348927200 50400 1 +13}. {1365256800 46800 0 +13}. {1380376800 50400 1 +13}. {1396706400 46800 0 +13}. {1411826400 50400 1 +13}. {1428156000 46800 0 +13}. {1443276000 50400 1 +13}. {1459605600 46800 0 +13}. {1474725600 50400 1 +13}. {1491055200 46800 0 +13}. {1506175200 50400 1 +13}. {1522504800 46800 0 +13}. {1538229600 50400 1 +13}. {1554559200 46800 0 +13}. {1569679200 50400 1 +13}. {1586008800 46800 0 +13}. {1601128800 50400 1 +13}. {1617458400 46800 0 +13}. {1632578400 50400 1 +13}. {1648908000 46800 0 +13}. {1664028000 50400 1 +13}. {1680357600 46800 0 +13}. {169

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-FKC7O.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	189
Entropy (8bit):	4.763101291800624
Encrypted:	false
SSDEEP:
MD5:	A5A67AC85621952E16528DD73C94346E
SHA1:	FB3D1AD833CD77B8FE68AC37FAA39FF4A9A69815
SHA-256:	B4C19E4D05CCBC73ABE5389EBCFCC5586036C1D2275434003949E1CF634B9C26
SHA-512:	5BB96561582BA3E9F2973322BCF76BD3F9023EC965A0CB504DFE13C127CA2ED562D040EC033DDB946FBB17E9FDD2EAB7532F88B2B0F1182CE880E41C920CFD36
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Pago_Pago)]} {. LoadTimeZoneFile Pacific/Pago_Pago.}.set TZData(:Pacific/Midway) $TZData(:Pacific/Pago_Pago).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-FM982.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	178
Entropy (8bit):	4.865240332098143
Encrypted:	false
SSDEEP:
MD5:	6CC11F5FAA361F69262AB8E7F4DB4F90
SHA1:	EA7ED940C0A3B5941972439DE1D735B4DC4AE0AA
SHA-256:	21C4C35919A24CD9C80BE1BD51C6714AA7EBF447396B3A2E63D330D905FA9945
SHA-512:	152709462F29EE14A727BE625E7ABD59625B6C4D4B36A2CE76B68D96CD176EDECA91DF26DAC553346ED360F2CA0F6C62981F50B088AE7BE1B998B425D91EF3B5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Fakaofo) {. {-9223372036854775808 -41096 0 LMT}. {-2177411704 -39600 0 -11}. {1325242800 46800 0 +13}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-GDS1L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	205
Entropy (8bit):	4.788662012960935
Encrypted:	false
SSDEEP:
MD5:	885C86BCE6B3D83D9CD715D75170AA81
SHA1:	9607AC6B1756FEBF2BEC2A78138AF12C11FD46F6
SHA-256:	2E636A3576119F2976D2029E75F26A060A5C0800BF7B719F1CB4562D896A6432
SHA-512:	410D32CBAB0C1B9D948C2C1416B6D158650600748F1C96D16121DB5F0A9D8384A14067E8603576ED1101BD62F6529C6E7A129428B77CBA1D185214D051F2C6B2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Kwajalein) {. {-9223372036854775808 40160 0 LMT}. {-2177492960 39600 0 +11}. {-7988400 -43200 0 -12}. {745848000 43200 0 +12}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-IVU3V.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	235
Entropy (8bit):	4.6089214752758965
Encrypted:	false
SSDEEP:
MD5:	CBC3FE6B512B0A3E96B7F47E4CD830EB
SHA1:	A1962DF38BED723F8F747B8931B57FAAC2E8291C
SHA-256:	8118062E25736A4672B11D6A603B5A8FE2ED1A82E1814261DF087EA3071A7DD7
SHA-512:	18E0975189794068033AD000D6A3DA8859EDAAE9D546969AB683399031888307D3F52909DCFEB637CF719782D4F5E87D49A73D6D4B53DEF6FD98041B7A046686
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Nauru) {. {-9223372036854775808 40060 0 LMT}. {-1545131260 41400 0 +1130}. {-877347000 32400 0 +09}. {-800960400 41400 0 +1130}. {294323400 43200 0 +12}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-J455O.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	188
Entropy (8bit):	4.795254976384326
Encrypted:	false
SSDEEP:
MD5:	FA20CE420C5370C228EB169BBC083EFB
SHA1:	5B4C221AC97292D5002F6ABEB6BC66D7B8E2F01B
SHA-256:	83A14BF52D181B3229603393EA90B9535A2FF05E3538B8C9AD19F483E6447C09
SHA-512:	7E385FEBD148368F192FC6B1D5E4B8DD31F58EC4329BF9820D554E97402D0A582AB2EBCF46A5151D0167333349A83476BEB11C49BC0EBAADE5A297C42879E0C3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Honolulu)]} {. LoadTimeZoneFile Pacific/Honolulu.}.set TZData(:Pacific/Johnston) $TZData(:Pacific/Honolulu).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-JQK7I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	183
Entropy (8bit):	4.8981931494123065
Encrypted:	false
SSDEEP:
MD5:	AF14EE836FE5D358C83568C5ACFA88C0
SHA1:	22026C7FE440E466193E6B6935C2047BD321F76B
SHA-256:	33E0A5DD919E02B7311A35E24DB37F86A20A394A195FE01F5A3BE7336F276665
SHA-512:	BEF151E1198D57328BA0FC01BB6F00AD51ADEEE99A97C30E0D08FFB3CFCB9E99B34DBAD03FCB3B19F17D60590FA0E6C5F2978954A3585CDFD31E32C93B05154D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Port_Moresby) {. {-9223372036854775808 35320 0 LMT}. {-2840176120 35312 0 PMMT}. {-2366790512 36000 0 +10}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-KKJR3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	201
Entropy (8bit):	4.763096849699127
Encrypted:	false
SSDEEP:
MD5:	96235B4DD81BA681216B74046A5A8780
SHA1:	24D682CE5D7C4A3DF8C860CB80ED262085CB965C
SHA-256:	BE400ED502FA7EC34B8DE44B2A3D0AF3033292EF08FD1F5F276147E15460CFF6
SHA-512:	4B30A0A1806D5D96FE5F9B1208490E23EABB498B634C98D89553059E68292AAAB6B182FE367E2923DBE0BC03D023D9EFC0EC25F5DD19AB8AE878B32478FF4B55
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Kosrae) {. {-9223372036854775808 39116 0 LMT}. {-2177491916 39600 0 +11}. {-7988400 43200 0 +12}. {915105600 39600 0 +11}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-KM9NN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	144
Entropy (8bit):	4.9366125478034935
Encrypted:	false
SSDEEP:
MD5:	AD4044C0F87566AA5265DA84CD3DABBA
SHA1:	15ED1B5960B3E70B23C430B0281B108506BBE76C
SHA-256:	2C273BA8F8324E1B414B40DC356C78E0FD3C02D5E8158EA5753CA51E1185FC11
SHA-512:	AD4758B01038BCAA519776226B43D90CED89292BA47988F639D45FD5B5436ED4E3B16C27F9145EC973DCC242FF6ADC514D7CDD6660E7CE8DD8E92A96CDACD947
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Wake) {. {-9223372036854775808 39988 0 LMT}. {-2177492788 43200 0 +12}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-ME4EQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	151
Entropy (8bit):	4.934129846149006
Encrypted:	false
SSDEEP:
MD5:	193872CE34E69F8B499203BC70C2639B
SHA1:	7A2B8E346E3BF3BE48AAA330C3EEE47332E994AB
SHA-256:	F1D21C339E8155711AA7EF9F4059A738A8A4CE7A6B78FFDD8DCC4AC0DB5A0010
SHA-512:	D2114AD27922799B8C38B0486D1FAE838EC94A461388960A6F2D19F7763E09FF75A9C4619C52BE2626E8EA2275794B694C1A76E2711D10B77CE6E34259DBF2BE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Guadalcanal) {. {-9223372036854775808 38388 0 LMT}. {-1806748788 39600 0 +11}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-MQSL4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	208
Entropy (8bit):	4.767926806075848
Encrypted:	false
SSDEEP:
MD5:	D7EE7623A410715B1F34DC06F5400996
SHA1:	1ADD299AB66A0BCC32D92EAFBC2CA3B277E1FA3D
SHA-256:	8CAF3AE352EC168BC0C948E788BB3CBFE3991F36A678A24B47711543D450AED8
SHA-512:	356C3ECC40211B36FA1ECF8601AA8FAAE8080606F55AA4E706D239B8EE35ADE3987708716376D73053DB7A59B9A9B7A267EEDA6ED2A80A558FABA48E851C0EB1
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Enderbury) {. {-9223372036854775808 -41060 0 LMT}. {-2177411740 -43200 0 -12}. {307627200 -39600 0 -11}. {788871600 46800 0 +13}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-O3IFU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	145
Entropy (8bit):	4.920441332270432
Encrypted:	false
SSDEEP:
MD5:	4070C7A615EF7977537641B01FA46AD6
SHA1:	E80FF2BBD448B2399DBE56D279858D7D06EBA691
SHA-256:	F12CB444E9BA91385BED20E60E7DF1A0DB0CE76C6FC7ACA59EEF029BC56D5EA3
SHA-512:	5DD3FD1D0AA4D6DA3F274BEEC283A72B4532804AA9901AB4B1616D36C13CB8F5CC51DB8A6B89C019FAD875ABB567EFC8BD894AADC1E63E94A8CAC79F3E82CB6C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Palau) {. {-9223372036854775808 32276 0 LMT}. {-2177485076 32400 0 +09}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-O9KJP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.868505550342842
Encrypted:	false
SSDEEP:
MD5:	5664FAB6368844F8139F48C32A1486B9
SHA1:	55826443FB44D44B5331082568E2C46257A0F726
SHA-256:	CBBB814CE6E9F2FA1C8F485BBDB0B759FDA8C859BC989EC28D4756CC10B21A82
SHA-512:	1BD1D6C2224E0DCC7A1887ECEB38C64E8DEABF44BE52FE29C5A302BAD95C0EB9DBD20E5738F3916B8902FA084606E07BE3723C1BE62416EB1E6DC4AD215A56F0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Majuro) {. {-9223372036854775808 41088 0 LMT}. {-2177493888 39600 0 +11}. {-7988400 43200 0 +12}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-OMNTE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	149
Entropy (8bit):	4.931482658662627
Encrypted:	false
SSDEEP:
MD5:	98754C9D99442282F5C911725764C5D1
SHA1:	7E679DC38A7C7873695E10814B04E3919D1BFB41
SHA-256:	7D09014BE33CB2B50554B6937B3E870156FDCB5C36E9F8E8925711E79C12FC74
SHA-512:	2044AEEDFEF948E502667D1C60E22814202E4BA657DE89A962B6E9E160A93B3B77BF0AC4F5159FC45D43B2038E624D90A4589FB87F3449CA10D350EF60373D17
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Gambier) {. {-9223372036854775808 -32388 0 LMT}. {-1806678012 -32400 0 -09}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-ON5NC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	181
Entropy (8bit):	4.757588870650609
Encrypted:	false
SSDEEP:
MD5:	AB8D0D9514FA6C5E995AE76D2DAEA6D4
SHA1:	3775349B3BE806AA005174D91597D6F2C54E8EC5
SHA-256:	3BB856B2C966211D7689CD303DFDDACB3C323F3C2DA0FF47148A8C5B7BC0E1C4
SHA-512:	AB5D2E00C820D36A2A8B198AAC9350BEFA235EA848A11B16B042EE8124975DCAFC737D30D7C1A01D874B0937E469C2364441FCA686B5EB66A48251F587F55DC5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Pitcairn) {. {-9223372036854775808 -31220 0 LMT}. {-2177421580 -30600 0 -0830}. {893665800 -28800 0 -08}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-QAENS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7907
Entropy (8bit):	3.5670394561999235
Encrypted:	false
SSDEEP:
MD5:	5DF25A6A6E7322528FE41B6FD5FE5119
SHA1:	E84915BA27443F01243050D648DF6388A1E8EDBA
SHA-256:	B6727010950418F6FC142658C74EE1D717E7FD2B46267FC215E53CA3D55E894E
SHA-512:	842ABE39AB26713D523A36895D7435DC2058846431CB2A0B7B47E204F8C315ADB855F95EC2852D57B73ECA0576CB1A49BB104C0D7BB9DE2E96143DA9C77F9A58
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Chatham) {. {-9223372036854775808 44028 0 LMT}. {-3192437628 44100 0 +1215}. {-757426500 45900 0 +1245}. {152632800 49500 1 +1245}. {162309600 45900 0 +1245}. {183477600 49500 1 +1245}. {194968800 45900 0 +1245}. {215532000 49500 1 +1245}. {226418400 45900 0 +1245}. {246981600 49500 1 +1245}. {257868000 45900 0 +1245}. {278431200 49500 1 +1245}. {289317600 45900 0 +1245}. {309880800 49500 1 +1245}. {320767200 45900 0 +1245}. {341330400 49500 1 +1245}. {352216800 45900 0 +1245}. {372780000 49500 1 +1245}. {384271200 45900 0 +1245}. {404834400 49500 1 +1245}. {415720800 45900 0 +1245}. {436284000 49500 1 +1245}. {447170400 45900 0 +1245}. {467733600 49500 1 +1245}. {478620000 45900 0 +1245}. {499183200 49500 1 +1245}. {510069600 45900 0 +1245}. {530632800 49500 1 +1245}. {541519200 45900 0 +1245}. {562082400 49500 1 +1245}. {5735736

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-S8IT0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	204
Entropy (8bit):	4.833752908914461
Encrypted:	false
SSDEEP:
MD5:	AD14439D9E27F2D3545E17082150DC75
SHA1:	43DE1D4A90ABE54320583FAB46E6F9B428C0B577
SHA-256:	CE4D3D493E625DA15A8B4CD3008D9CBDF20C73101C82F4D675F5B773F4A5CF70
SHA-512:	77800323ED5AF49DA5E6314E94938BEAAEDD69BB61E338FAF024C3A22747310307A13C6CBBAFE5A48164855B238C2CAD354426F0EE7201B4FB5C129D68CB0E3B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Guam) {. {-9223372036854775808 -51660 0 LMT}. {-3944626740 34740 0 LMT}. {-2177487540 36000 0 GST}. {977493600 36000 0 ChST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-SU458.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	146
Entropy (8bit):	4.924466748251822
Encrypted:	false
SSDEEP:
MD5:	AE5E0FFFEEFD0A8E77233CB0E59DE352
SHA1:	7B7CC1095FB919946F3315C4A28994AEB1ECD51A
SHA-256:	1FCC6C0CC48538EDB5B8290465156B2D919DFA487C740EB85A1DF472C460B0E6
SHA-512:	1693FA5DE78FDCF79993CB137EE0568A4B8245D0177DF845356B3C2418641C8AA23CAA7069707C0E180FF9F5345D380A3575EEFFE0C8BC08E18E40ED0E1F6FA3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Tarawa) {. {-9223372036854775808 41524 0 LMT}. {-2177494324 43200 0 +12}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-TEVOO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	148
Entropy (8bit):	4.974991227981989
Encrypted:	false
SSDEEP:
MD5:	23994D1C137B8BC2BA6E97739B38E7BD
SHA1:	36772677B3C869C49A829AF08486923321ADD50A
SHA-256:	F274C6CD08E5AA46FDEA219095DA8EA60DA0E95E5FD1CBCB9E6611DE47980F9E
SHA-512:	CB2DB35960D11322AD288912C5D82C8C579791E40E510A90D34AAB20136B17AA019EFD55D1C4A2D9E88F7AF79F15779AF7EC6856F3085161AC84C93872C61176
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Funafuti) {. {-9223372036854775808 43012 0 LMT}. {-2177495812 43200 0 +12}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-USABO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	314
Entropy (8bit):	4.468119357525684
Encrypted:	false
SSDEEP:
MD5:	A966877A1BEBFE5125460233A5C26728
SHA1:	721103E2BFC0991CE80708D77C3FBEDCC2B3C9D3
SHA-256:	8C282AC6DA722858D8B1755C710BE3EC4BD8EFEF4832A415E772EED287899315
SHA-512:	51B5BD7834D4B3BAEEF3E1A2E6F469F6FFC354407182CA87AF67C4F4F26D4CB116A60BBB08BC178950CA3CFF978E2809EFC73002A4F8883B454024A2FFCBD732
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Noumea) {. {-9223372036854775808 39948 0 LMT}. {-1829387148 39600 0 +11}. {250002000 43200 1 +11}. {257342400 39600 0 +11}. {281451600 43200 1 +11}. {288878400 39600 0 +11}. {849366000 43200 1 +11}. {857228400 39600 0 +11}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-V4FDJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	705
Entropy (8bit):	4.002147979275868
Encrypted:	false
SSDEEP:
MD5:	48DEC5B1A9AADA4F09D03FEB037A2FE8
SHA1:	6D25E80F0570236565F098DD0A637F546957F117
SHA-256:	4F9AC8B0FE89990E8CF841EED9C05D92D53568DE772247F70A70DC11CBD78532
SHA-512:	0FA4693F3FDAB12DB04B6D50E0782A352CF95A7C2765CF1906BAA35355755E324E1B17005DF3748DBE42743FE824AE983316958B2EC0A9B0B7D136BEC06AB983
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Efate) {. {-9223372036854775808 40396 0 LMT}. {-1829387596 39600 0 +11}. {433256400 43200 1 +11}. {448977600 39600 0 +11}. {467298000 43200 1 +11}. {480427200 39600 0 +11}. {496760400 43200 1 +11}. {511876800 39600 0 +11}. {528210000 43200 1 +11}. {543931200 39600 0 +11}. {559659600 43200 1 +11}. {575380800 39600 0 +11}. {591109200 43200 1 +11}. {606830400 39600 0 +11}. {622558800 43200 1 +11}. {638280000 39600 0 +11}. {654008400 43200 1 +11}. {669729600 39600 0 +11}. {686062800 43200 1 +11}. {696340800 39600 0 +11}. {719931600 43200 1 +11}. {727790400 39600 0 +11}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\Pacific\is-VKDJV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	269
Entropy (8bit):	4.580350938236725
Encrypted:	false
SSDEEP:
MD5:	147E5FF4670F8551895B7B0EC1A66D46
SHA1:	83F0D4DC817ED61E7985CC7AB3268B3EBAD657A3
SHA-256:	A56472811F35D70F95E74A7366297BFAAFBC034CD10E9C0F3C59EFFA21A74223
SHA-512:	FE183CA00E7D2B79F8E81E1FAF5E8CE103E430B7159C14CA915FD2BFE6D4381BF42EDB217E9D99C13D728CD09BB0E67562E84D957E9606F6B6C1AB08657DDBF9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Norfolk) {. {-9223372036854775808 40312 0 LMT}. {-2177493112 40320 0 +1112}. {-599656320 41400 0 +1130}. {152029800 45000 1 +1230}. {162912600 41400 0 +1130}. {1443882600 39600 0 +11}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\SystemV\is-5R0C6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	181
Entropy (8bit):	4.911352504536709
Encrypted:	false
SSDEEP:
MD5:	01215B5D234C433552A3BF0A440B38F6
SHA1:	B3A469977D38E1156B81A93D90E638693CFDBEEF
SHA-256:	2199E7DD20502C4AF25D57A58B11B16BA3173DB47EFA7AD2B33FDB72793C4DDB
SHA-512:	35D3BDE235FF40C563C7CEDD8A2CCBB4BAC2E2AA24A8E072EA0572BB231295D705EA9F84EEAA9FD2C735B1203332D8D97C3592A2B702BCFE9C81828D4F635205
Malicious:	false
Preview:	# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Regina)]} {. LoadTimeZoneFile America/Regina.}.set TZData(:SystemV/CST6) $TZData(:America/Regina).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\SystemV\is-6U5FI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	184
Entropy (8bit):	4.953801751537501
Encrypted:	false
SSDEEP:
MD5:	2B415F2251BE08F1035962CE2A04149F
SHA1:	EFF5CE7CD0A0CBCF366AC531D168CCB2B7C46734
SHA-256:	569819420F44D127693C6E536CAC77410D751A331268D0C059A1898C0E219CF4
SHA-512:	971F1763558D8AC17753C01B7BB64E947C448AA29951064ED7C5997D4B4A652C7F5D7C2CB4F8040F73AD83D7E49B491B93047A06D8C699F33B08F4A064BE0DCC
Malicious:	false
Preview:	# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Phoenix)]} {. LoadTimeZoneFile America/Phoenix.}.set TZData(:SystemV/MST7) $TZData(:America/Phoenix).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\SystemV\is-78H3A.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	187
Entropy (8bit):	4.782387645904801
Encrypted:	false
SSDEEP:
MD5:	67AE3FD76B2202F3B1CF0BBC664DE8D0
SHA1:	4603DE0753B684A8D7ACB78A6164D5686542EE8E
SHA-256:	30B3FC95A7CB0A6AC586BADF47E9EFA4498995C58B80A03DA2F1F3E8A2F3553B
SHA-512:	BF45D0CA674DD631D3E8442DFB333812B5B31DE61576B8BE33B94E0433936BC1CD568D9FC522C84551E770660BE2A98F45FE3DB4B6577968DF57071795B53AD9
Malicious:	false
Preview:	# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Pitcairn)]} {. LoadTimeZoneFile Pacific/Pitcairn.}.set TZData(:SystemV/PST8) $TZData(:Pacific/Pitcairn).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\SystemV\is-9L04L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	190
Entropy (8bit):	5.071686349792137
Encrypted:	false
SSDEEP:
MD5:	5C43C828D9460B9DF370F0D155B03A5C
SHA1:	92F92CD64937703D4829C42FE5656C7CCBA22F4E
SHA-256:	3F833E2C2E03EF1C3CC9E37B92DBFBA429E73449E288BEBE19302E23EB07C78B
SHA-512:	A88EAA9DAAD9AC622B75BC6C89EB44A2E4855261A2F7077D8D4018F00FC82E5E1EA364E3D1C08754701A545F5EC74752B9F3657BF589CF76E5A3931F81E99BBF
Malicious:	false
Preview:	# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/New_York)]} {. LoadTimeZoneFile America/New_York.}.set TZData(:SystemV/EST5EDT) $TZData(:America/New_York).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\SystemV\is-IBBRR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	184
Entropy (8bit):	4.905971098884841
Encrypted:	false
SSDEEP:
MD5:	CED0A343EF3A316902A10467B2F66B9B
SHA1:	5884E6BA28FD71A944CA2ED9CB118B9E108EF7CB
SHA-256:	1BB5A98B80989539135EAB3885BBA20B1E113C19CB664FB2DA6B150DD1F44F68
SHA-512:	903D1DC6D1E192D4A98B84247037AE171804D250BB5CB84D2C5E145A0BDC50FCD543B70BAFF8440AFF59DA14084C8CEEFB2F912A02B36B7571B0EEEC154983B3
Malicious:	false
Preview:	# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Gambier)]} {. LoadTimeZoneFile Pacific/Gambier.}.set TZData(:SystemV/YST9) $TZData(:Pacific/Gambier).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\SystemV\is-K7SA6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	199
Entropy (8bit):	4.959254419324467
Encrypted:	false
SSDEEP:
MD5:	DFB48E0E2CE5D55DC60B3E95B7D12813
SHA1:	535E0BF050E41DCFCE08686AFDFAFF9AAFEF220C
SHA-256:	74096A41C38F6E0641934C84563277EBA33C5159C7C564C7FF316D050083DD6D
SHA-512:	3ECDF3950ED3FB3123D6C1389A2A877842B90F677873A0C106C4CA6B180EEC38A26C74E21E8A3036DA8980FF7CA9E1578B0E1D1A3EA364A4175772F468747425
Malicious:	false
Preview:	# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Los_Angeles)]} {. LoadTimeZoneFile America/Los_Angeles.}.set TZData(:SystemV/PST8PDT) $TZData(:America/Los_Angeles).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\SystemV\is-LHGC2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	196
Entropy (8bit):	4.951561086936219
Encrypted:	false
SSDEEP:
MD5:	A1D42EC950DE9178058EAA95CCFBAA09
SHA1:	55BE1FAF85F0D5D5604685F9AC19286142FC7133
SHA-256:	888A93210241F6639FB9A1DB0519407047CB7F5955F0D5382F2A85C0C473D9A5
SHA-512:	3C6033D1C84B75871B8E37E71BFEE26549900C555D03F8EC20A31076319E2FEBB0240EC075C2CAFC948D629A32023281166A7C69AFEA3586DEE7A2F585CB5E82
Malicious:	false
Preview:	# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Puerto_Rico)]} {. LoadTimeZoneFile America/Puerto_Rico.}.set TZData(:SystemV/AST4) $TZData(:America/Puerto_Rico).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\SystemV\is-LLN0D.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	193
Entropy (8bit):	4.949109665596263
Encrypted:	false
SSDEEP:
MD5:	D588930E34CF0A03EFEE7BFBC5022BC3
SHA1:	0714C6ECAAF7B4D23272443E5E401CE141735E78
SHA-256:	4D1CAE3C453090667549AB83A8DE6F9B654AAC5F540192886E5756A01D21A253
SHA-512:	ABE69BEF808D7B0BEF9F49804D4A753E033D7C99A7EA57745FE4C3CBE2C26114A8845A219ED6DEAB8FA009FDB86E384687068C1BCF8B704CCF24DA7029455802
Malicious:	false
Preview:	# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Anchorage)]} {. LoadTimeZoneFile America/Anchorage.}.set TZData(:SystemV/YST9YDT) $TZData(:America/Anchorage).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\SystemV\is-OE27R.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	187
Entropy (8bit):	4.929669998131187
Encrypted:	false
SSDEEP:
MD5:	CDE40B5897D89E19A3F2241912B96826
SHA1:	00DE53DC7AA97F26B1A8BF83315635FBF634ABB3
SHA-256:	3C83D3DB23862D9CA221109975B414555809C27D45D1ED8B9456919F8BA3BF25
SHA-512:	69DFC06ACF544B7F95DEF2928C1DFE4D95FAD48EE753AD994921E1967F27A3AF891A9F31DDEA547E1BED81C5D2ECF5FC93E75019F2327DE1E73A009422BE52EC
Malicious:	false
Preview:	# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Chicago)]} {. LoadTimeZoneFile America/Chicago.}.set TZData(:SystemV/CST6CDT) $TZData(:America/Chicago).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\SystemV\is-PCQVV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	184
Entropy (8bit):	4.909831110037175
Encrypted:	false
SSDEEP:
MD5:	895E9BAF5EDF0928D4962C3E6650D843
SHA1:	52513BFA267CA2E84FDDF3C252A4E8FD059F2847
SHA-256:	465A4DE93F2B103981A54827CDEBB10350A385515BB8648D493FD376AABD40AF
SHA-512:	CAF19320F0F507160E024C37E26987A99F2276622F2A6D8D1B7E3068E5459960840F4202FF8A98738B9BCA0F42451304FC136CBD36BBFE39F616622217AD89A3
Malicious:	false
Preview:	# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Denver)]} {. LoadTimeZoneFile America/Denver.}.set TZData(:SystemV/MST7MDT) $TZData(:America/Denver).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\SystemV\is-Q57LU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	188
Entropy (8bit):	4.927529755640769
Encrypted:	false
SSDEEP:
MD5:	1A50997B6F22E36D2E1849D1D95D0882
SHA1:	F4AC3ABBEA4A67013F4DC52A04616152C4C639A9
SHA-256:	C94C64BF06FDE0A88F24C435A52BDDE0C5C70F383CD09C62D7E42EAB2C54DD2C
SHA-512:	CCBD66449983844B3DB440442892004D070E5F0DFF454B25C681E13EB2F25F6359D0221CE5FF7800AC794A32D4474FE1126EA2465DB83707FF7496A1B39E6E1A
Malicious:	false
Preview:	# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Honolulu)]} {. LoadTimeZoneFile Pacific/Honolulu.}.set TZData(:SystemV/HST10) $TZData(:Pacific/Honolulu).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\SystemV\is-UKH6E.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	199
Entropy (8bit):	4.881715127736134
Encrypted:	false
SSDEEP:
MD5:	87FEA19F6D7D08F44F93870F7CBBD456
SHA1:	EB768ECB0B1B119560D2ACBB10017A8B3DC77FDD
SHA-256:	2B5887460D6FB393DED5273D1AA87A6A9E1F9E7196A8FA11B4DEB31FAD8922C8
SHA-512:	00DA47594E80D2DB6F2BE6E482A1140780B71F8BBE966987821249984627C5D8C31AA1F2F6251B4D5084C33C66C007A47AFF4F379FA5DA4A112BA028B982A85A
Malicious:	false
Preview:	# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Indianapolis)]} {. LoadTimeZoneFile America/Indianapolis.}.set TZData(:SystemV/EST5) $TZData(:America/Indianapolis).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\SystemV\is-UNGHM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	187
Entropy (8bit):	4.900537547414888
Encrypted:	false
SSDEEP:
MD5:	CFDB782F87A616B89203623B9D6E3DBF
SHA1:	1BB9F75215A172B25D3AE27AAAD6F1D74F837FE6
SHA-256:	62C72CF0A80A5821663EC5923B3F17C12CE5D6BE1E449874744463BF64BCC3D7
SHA-512:	085E5B6E81E65BC781B5BC635C6FA1E7BF5DC69295CF739C739F6361BF9EB67F36F7124A2D3E5ADA5F854149C84B9C8A7FB22E5C6E8FF57576EBDEA0E4D6560B
Malicious:	false
Preview:	# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Halifax)]} {. LoadTimeZoneFile America/Halifax.}.set TZData(:SystemV/AST4ADT) $TZData(:America/Halifax).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\US\is-45P5U.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	183
Entropy (8bit):	4.789322986138067
Encrypted:	false
SSDEEP:
MD5:	E883D478518F6DAF8173361A8D308D34
SHA1:	ABD97858655B0069BFD5E11DD95BF6D7C2109AEA
SHA-256:	DD4B1812A309F90ABBD001C3C73CC2AF1D4116128787DE961453CCBE53EC9B6A
SHA-512:	DA1FE6D92424404111CBB18CA39C8E29FA1F9D2FD262D46231FB7A1A78D79D00F92F5D1DEBB9B92565D1E3BA03EF20D2A44B76BA0FC8B257A601EED5976386CC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Pago_Pago)]} {. LoadTimeZoneFile Pacific/Pago_Pago.}.set TZData(:US/Samoa) $TZData(:Pacific/Pago_Pago).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\US\is-ARJKG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	195
Entropy (8bit):	4.931883193402467
Encrypted:	false
SSDEEP:
MD5:	01CD3EBFDB7715805572CDA3F81AC78A
SHA1:	C013C38D2FB9E649EE43FED6910382150C2B3DF5
SHA-256:	DEFE67C520303EF85B381EBEAED4511C0ACF8C49922519023C525E6A1B09B9DD
SHA-512:	266F35C34001CD4FF00F51F5CDF05E1F4D0B037F276EFD2D124C8AE3391D00128416D16D886B3ECDF9E9EFC81C66B2FD4ED55F154437ED5AA32876B855289190
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Los_Angeles)]} {. LoadTimeZoneFile America/Los_Angeles.}.set TZData(:US/Pacific-New) $TZData(:America/Los_Angeles).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\US\is-EM0LF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	179
Entropy (8bit):	4.886225611026426
Encrypted:	false
SSDEEP:
MD5:	090DC30F7914D5A5B0033586F3158384
SHA1:	2F526A63A1C47F88E320BE1C12CA8887DA2DC989
SHA-256:	47D25266ABBD752D61903C903ED3E9CB485A7C01BD2AA354C5B50DEBC253E01A
SHA-512:	5FE75328595B5DECDAC8D318BEE89EAD744A881898A4B45DD2ABB5344B13D8AFB180E4A8F8D098A9589488D9379B0153CBC5CF638AF7011DE89C57B554F42757
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Phoenix)]} {. LoadTimeZoneFile America/Phoenix.}.set TZData(:US/Arizona) $TZData(:America/Phoenix).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\US\is-IH9P5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	181
Entropy (8bit):	4.832149382727646
Encrypted:	false
SSDEEP:
MD5:	347E51049A05224D18F264D08F360CBB
SHA1:	A801725A9B01B5E08C63BD2568C8F5D084F0EB02
SHA-256:	EA5D18E4A7505406D6027AD34395297BCF5E3290283C7CC28B4A34DB8AFBDD97
SHA-512:	C9B96C005D90DD8F317A697F59393D20663DE74D6E4D0B45BCE109B31A328D7AA62C51FAA8D00C728C0342940EF3B0F0921814B31BD7FE128A6E95F92CF50E06
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Honolulu)]} {. LoadTimeZoneFile Pacific/Honolulu.}.set TZData(:US/Hawaii) $TZData(:Pacific/Honolulu).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\US\is-JFPBH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	177
Entropy (8bit):	4.84430947557215
Encrypted:	false
SSDEEP:
MD5:	13D6C7CF459995691E37741ACAF0A18D
SHA1:	A0626763930C282DF21ED3AA8F1B35033BA2F9DC
SHA-256:	223B5C8E34F459D7B221B83C45DBB2827ABE376653BAA1BC56D09D50DF136B08
SHA-512:	9076DFECC5D02DB38ECE3D2512D52566675D98A857711676E891D8741EA588153954357FE19F4C69305FF05D0F99286F1D496DF0C7FDBC8D59803D1B1CFA5F07
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Denver)]} {. LoadTimeZoneFile America/Denver.}.set TZData(:US/Mountain) $TZData(:America/Denver).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\US\is-JQ9KD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	184
Entropy (8bit):	4.864166947846424
Encrypted:	false
SSDEEP:
MD5:	0763082FF8721616592350D8372D59FF
SHA1:	CEBB03EB7F44530CF52DCA7D55DC912015604D94
SHA-256:	94FDFE2901596FC5DCE74A5560431F3E777AE1EBEEE59712393AE2323F17ADFA
SHA-512:	DFE8AAA009C28C209A925BBE5509589C0087F6CC78F94763BFA9F1F311427E3FF2E377EB340590383D790D3578C1BB37D41525408D027763EA96ECB3A3AAD65D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Anchorage)]} {. LoadTimeZoneFile America/Anchorage.}.set TZData(:US/Alaska) $TZData(:America/Anchorage).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\US\is-MQDNL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	191
Entropy (8bit):	4.885594237758327
Encrypted:	false
SSDEEP:
MD5:	EBF51CD015BD387FA2BB30DE8806BDDA
SHA1:	63C2E2F4CD8BC719A06D59EF4CE4C31F17F53EA0
SHA-256:	B7AD78FB955E267C0D75B5F7279071EE17B6DD2842DAD61ADA0165129ADE6A86
SHA-512:	22BECE2AEAD66D921F38B04FDC5A41F2627FCC532A171EA1C9C9457C22CD79EFD1EC3C7CC62BC016751208AD1D064B0F03C2185F096982F73740D8426495F5ED
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Los_Angeles)]} {. LoadTimeZoneFile America/Los_Angeles.}.set TZData(:US/Pacific) $TZData(:America/Los_Angeles).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\US\is-NHLJF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	179
Entropy (8bit):	4.854450230853601
Encrypted:	false
SSDEEP:
MD5:	E0801B5A57F40D42E8AF6D48C2A41467
SHA1:	A49456A1BF1B73C6B284E0764AEAFD1464E70DDC
SHA-256:	16C7FFCE60495E5B0CB65D6D5A0C3C5AA9E62BD6BC067ABD3CD0F691DA41C952
SHA-512:	3DE6A41B88D6485FD1DED2DB9AB9DAD87B9F9F95AA929D38BF6498FC0FD76A1048CE1B68F24CD22C487073F59BD955AFCB9B7BF3B20090F81FA250A5E7674A53
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Chicago)]} {. LoadTimeZoneFile America/Chicago.}.set TZData(:US/Central) $TZData(:America/Chicago).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\US\is-QALAN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	171
Entropy (8bit):	4.839824852896375
Encrypted:	false
SSDEEP:
MD5:	01142938A2E5F30FADE20294C829C116
SHA1:	8F9317E0D3836AF916ED5530176C2BF7A929C3C7
SHA-256:	1DD79263FB253217C36A9E7DDCB2B3F35F208E2CE812DCDE5FD924593472E4FE
SHA-512:	2C47FE8E8ED0833F4724EF353A9A6DFCE3B6614DA744E64364E9AB423EC92565FEF1E8940CB12A0BCCFE0BD6B44583AF230A4ABCC0BAE3D9DC43FBB2C7941CFF
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Adak)]} {. LoadTimeZoneFile America/Adak.}.set TZData(:US/Aleutian) $TZData(:America/Adak).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\US\is-RHRT8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	182
Entropy (8bit):	4.990255962392122
Encrypted:	false
SSDEEP:
MD5:	3FE03D768F8E535506D92A6BC3C03FD2
SHA1:	F82BF149CE203B5A4A1E106A495D3409AF7A07AC
SHA-256:	9F46C0E46F6FE26719E2CF1FA05C7646530B65FB17D4101258D357568C489D77
SHA-512:	ADFDBB270113A192B2378CC347DD8A57FDBDC776B06F9E16033EE8D5EAB49E16234CA2523580EEBB4DCDD27F33222EDD5514F0D7D85723597F059C5D6131E1B0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/New_York)]} {. LoadTimeZoneFile America/New_York.}.set TZData(:US/Eastern) $TZData(:America/New_York).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\US\is-RQJIN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	223
Entropy (8bit):	4.715837665658945
Encrypted:	false
SSDEEP:
MD5:	1A27644D1BF2299B7CDDED7F405D6570
SHA1:	BD03290A6E7A967152E2E4F95A82E01E7C35F63C
SHA-256:	1C46FAEDFACEB862B2E4D5BD6AC63E5182E1E2CFD2E1CDFA2661D698CC8B0072
SHA-512:	9D6F3E945656DD97A7E956886C1123B298A87704D4F5671E4D1E94531C01F8BE377D83239D8BE78E2B3E1C0C20E5779BA3978F817A6982FE607A18A7FDCF57FB
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Indiana/Indianapolis)]} {. LoadTimeZoneFile America/Indiana/Indianapolis.}.set TZData(:US/East-Indiana) $TZData(:America/Indiana/Indianapolis).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\US\is-ULC8T.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	201
Entropy (8bit):	4.825742972037525
Encrypted:	false
SSDEEP:
MD5:	E111813F4C9B888427B8363949C87C72
SHA1:	96B6692DCD932DCC856804BE0C2145538C4B2B33
SHA-256:	4E896634F3A400786BBD996D1FE0D5C9A346E337027B240F1671A7E4B38C8F69
SHA-512:	97726D7EDB7D7A1F6E815A0B875CAF9E2D2D27F50ECC866FBC6CB1B88836E8C2D64A9C108CD917C9D641B30822397664A2AC8010EADF0FF2A6C205AE4D5E7A2F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Indiana/Knox)]} {. LoadTimeZoneFile America/Indiana/Knox.}.set TZData(:US/Indiana-Starke) $TZData(:America/Indiana/Knox).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\US\is-UOICV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	180
Entropy (8bit):	4.7846496799669405
Encrypted:	false
SSDEEP:
MD5:	80A9A00EC1C5904A67DC3E8B2FDC3150
SHA1:	8E79FBEB49D9620E793E4976D0B9085E32C57E83
SHA-256:	8DB76FC871DD334DA87297660B145F8692AD053B352A19C2EFCD74AF923D762D
SHA-512:	0A5662E33C60030265ECAD1FF683B18F6B99543CA5FE22F88BCE597702FBEA20358BCB9A568D7F8B32158D9E6A3D294081D183644AD49C22AC3512F97BE480D4
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Detroit)]} {. LoadTimeZoneFile America/Detroit.}.set TZData(:US/Michigan) $TZData(:America/Detroit).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-1DQSK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	184
Entropy (8bit):	4.759848173726549
Encrypted:	false
SSDEEP:
MD5:	A9C8CA410CA3BD4345BF6EAB53FAB97A
SHA1:	57AE7E6D3ED855B1FBF6ABF2C9846DFA9B3FFF47
SHA-256:	A63A99F0E92F474C4AA99293C4F4182336520597A86FCDD91DAE8B25AFC30B98
SHA-512:	C97CF1301DCEEE4DE26BCEEB60545BB70C083CD2D13ED89F868C7856B3532473421599ED9E7B166EA53A9CF44A03245192223D47BC1104CEBD1BF0AC6BF10898
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Kwajalein)]} {. LoadTimeZoneFile Pacific/Kwajalein.}.set TZData(:Kwajalein) $TZData(:Pacific/Kwajalein).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-23PDC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	157
Entropy (8bit):	4.851755466867201
Encrypted:	false
SSDEEP:
MD5:	48E7BE02E802A47C0D2F87E633010F38
SHA1:	A547853A7ED03CE9C07FC3BAA0F57F5ABB4B636B
SHA-256:	2F362169FD628D6E0CB32507F69AD64177BC812E7E961E5A738F4F492B105128
SHA-512:	BCBE9BC1C08CFF97B09F8D566EC3B42B9CE8442FA4BECE37A18446CBBF0ECEDA66BA18ABFA5E52E7677B18FB5DABF00DF9E28DE17B094A690B097AFC7130EA89
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Seoul)]} {. LoadTimeZoneFile Asia/Seoul.}.set TZData(:ROK) $TZData(:Asia/Seoul).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-2UQNR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	170
Entropy (8bit):	4.8073098952422395
Encrypted:	false
SSDEEP:
MD5:	BA8EE8511A2013E791A3C50369488588
SHA1:	03BF30F56FB604480A9F5ECD8FB13E3CF82F4524
SHA-256:	2F9DFE275B62EFBCD5F72D6A13C6BB9AFD2F67FDDD8843013D128D55373CD677
SHA-512:	29C9E9F4B9679AFD688A90A605CFC1D7B86514C4966E2196A4A5D48D4F1CF16775DFBDF1C9793C3BDAA13B6986765531B2E11398EFE5662EEDA7B37110697832
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Havana)]} {. LoadTimeZoneFile America/Havana.}.set TZData(:Cuba) $TZData(:America/Havana).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-34CGQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	106
Entropy (8bit):	4.856431808856169
Encrypted:	false
SSDEEP:
MD5:	FF6BDAC2C77D8287B46E966480BFEACC
SHA1:	4C90F910C74E5262A27CC65C3433D34B5D885243
SHA-256:	FB6D9702FC9FB82779B4DA97592546043C2B7D068F187D0F79E23CB5FE76B5C2
SHA-512:	CA197B25B36DD47D86618A4D39BFFB91FEF939BC02EEB96679D7EA88E5D38737D3FE6BD4FD9D16C31CA5CF77D17DC31E5333F4E28AB777A165050EA5A4D106BA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:MST) {. {-9223372036854775808 -25200 0 MST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-3T60U.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	148
Entropy (8bit):	4.792993822845485
Encrypted:	false
SSDEEP:
MD5:	1921CC58408AD2D7ED3B5308C71B1A28
SHA1:	12F832D7B3682DC28A49481B8FBA8C55DCDC60D0
SHA-256:	92FC6E3AA418F94C486CE5BF6861FAA4E85047189E98B90DA78D814810E88CE7
SHA-512:	EB134E2E7F7A811BFA8223EB4E98A94905EA24891FD95AB29B52DE2F683C97E086AA2F7B2EA93FBA2451AAEDD22F01219D700812DABC7D6670028ACF9AAB8367
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/UCT)]} {. LoadTimeZoneFile Etc/UCT.}.set TZData(:UCT) $TZData(:Etc/UCT).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-4H163.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	171
Entropy (8bit):	4.779409803819657
Encrypted:	false
SSDEEP:
MD5:	C4739F7B58073CC7C72EF2D261C05C5E
SHA1:	12FE559CA2FEA3F8A6610B1D4F43E299C9FB7BA5
SHA-256:	28A94D9F1A60980F8026409A65F381EDB7E5926A79D07562D28199B6B63AF9B4
SHA-512:	B2DC5CB1AD7B6941F498FF3D5BD6538CAF0ED19A2908DE645190A5C5F40AF5B34752AE8A83E6C50D370EA619BA969C9AB7F797F171192200CDA1657FFFB7F05A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Tripoli)]} {. LoadTimeZoneFile Africa/Tripoli.}.set TZData(:Libya) $TZData(:Africa/Tripoli).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-4H6EM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8227
Entropy (8bit):	3.755606924782105
Encrypted:	false
SSDEEP:
MD5:	2AB5643D8EF9FD9687A5C67AEB04AF98
SHA1:	2E8F1DE5C8113C530E5E6C10064DEA4AE949AAE6
SHA-256:	97028B43406B08939408CB1DD0A0C63C76C9A352AEA5F400CE6D4B8D3C68F500
SHA-512:	72A8863192E14A4BD2E05C508F8B376DD75BB4A3625058A97BBB33F7200B2012D92D445982679E0B7D11C978B80F7128B3A79B77938CEF6315AA6C4B1E0AC09C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:MST7MDT) {. {-9223372036854775808 -25200 0 MST}. {-1633273200 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1601823600 -21600 1 MDT}. {-1583683200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-52930800 -21600 1 MDT}. {-37209600 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {9968400 -21600 1 MDT}. {25689600 -25200 0 MST}. {41418000 -21600 1 MDT}. {57744000 -25200 0 MST}. {73472400 -21600 1 MDT}. {89193600 -25200 0 MST}. {104922000 -21600 1 MDT}. {120643200 -25200 0 MST}. {126694800 -21600 1 MDT}. {152092800 -25200 0 MST}. {162378000 -21600 1 MDT}. {183542400 -25200 0 MST}. {199270800 -21600 1 MDT}. {215596800 -25200 0 MST}. {230720400 -21600 1 MDT}. {247046400 -25200 0 MST}. {262774800 -21600 1 MDT}. {278496000 -252

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-5K9E8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	169
Entropy (8bit):	4.89278153269951
Encrypted:	false
SSDEEP:
MD5:	975F22C426CE931547D50A239259609A
SHA1:	77D68DF6203E3A2C1A2ADD6B6F8E573EF849AE2E
SHA-256:	309DE0FBCCDAE21114322BD4BE5A8D1375CD95F5FC5A998B3F743E904DC1A131
SHA-512:	ABDF01FCD0D34B5A8E97C604F3976E199773886E87A13B3CDD2319A92BD34D76533D4BA41978F8AAA134D200B6E87F26CB8C223C2760A4D7A78CD7D889DB79BE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Warsaw)]} {. LoadTimeZoneFile Europe/Warsaw.}.set TZData(:Poland) $TZData(:Europe/Warsaw).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-5VD1L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	106
Entropy (8bit):	4.860812879108152
Encrypted:	false
SSDEEP:
MD5:	3D99F2C6DADF5EEEA4965A04EB17B1BB
SHA1:	8DF607A911ADF6A9DD67D786FC9198262F580312
SHA-256:	2C83D64139BFB1115DA3F891C26DD53B86436771A30FB4DD7C8164B1C0D5BCDE
SHA-512:	EDA863F3A85268BA7A8606E3DCB4D7C88B0681AD8C4CFA1249A22B184F83BFDE9855DD4E5CFC3A4692220E5BEFBF99ED10E13BD98DBCA37D6F29A10AB660EBE2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:HST) {. {-9223372036854775808 -36000 0 HST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-6LH3L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	172
Entropy (8bit):	4.778464205793726
Encrypted:	false
SSDEEP:
MD5:	B9D1F6BD0B0416791036C0E3402C8438
SHA1:	E1A7471062C181B359C06804420091966B809957
SHA-256:	E6EC28F69447C3D3DB2CB68A51EDCEF0F77FF4B563F7B65C9C71FF82771AA3E1
SHA-512:	A5981FD91F6A9A84F44A6C9A3CF247F9BE3AB52CE5FE8EE1A7BE19DD63D0B22818BC15287FE73A5EEC8BCE6022B9EAF54A10AA719ADF31114E188F31EA273E92
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Jerusalem)]} {. LoadTimeZoneFile Asia/Jerusalem.}.set TZData(:Israel) $TZData(:Asia/Jerusalem).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-AFMS8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	150
Entropy (8bit):	4.868642878112439
Encrypted:	false
SSDEEP:
MD5:	B5065CD8B1CB665DACDB501797AF5104
SHA1:	0DB4E9AC6E38632302D9689A0A39632C2592F5C7
SHA-256:	6FC1D3C727CD9386A11CAF4983A2FC06A22812FDC7752FBFA7A5252F92BB0E70
SHA-512:	BBA1793CA3BBC768EC441210748098140AE820910036352F5784DD8B2DABA8303BA2E266CB923B500E8F90494D426E8BF115ACD0C000CD0C65896CE7A6AD9D66
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:GMT+0) $TZData(:Etc/GMT).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-BA722.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	148
Entropy (8bit):	4.817383285510599
Encrypted:	false
SSDEEP:
MD5:	D19DC8277A68AA289A361D28A619E0B0
SHA1:	27F5F30CC2603E1BCB6270AF84E9512DADEEB055
SHA-256:	5B90891127A65F7F3C94B44AA0204BD3F488F21326E098B197FB357C51845B66
SHA-512:	B5DD9C2D55BDB5909A29FD386CF107B83F56CD9B9F979A5D3854B4112B7F8950F4E91FB86AF6556DCF583EE469470810F3F8FB6CCF04FDBD6625A4346D3CD728
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:GMT) $TZData(:Etc/GMT).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-BLRS7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	171
Entropy (8bit):	4.887895128079745
Encrypted:	false
SSDEEP:
MD5:	31202B87B7352110A03D740D66DCD967
SHA1:	439A3700721D4304FA81282E70F6305BB3706C8D
SHA-256:	8288E9E5FC25549D6240021BFB569ED8EB07FF8610AAA2D39CD45A025EBD2853
SHA-512:	AB95D3990DC99F6A06BF3384D98D42481E198B2C4D1B2C85E869A2F95B651DDF64406AB15C485698E24F26D1A081E22371CE74809915A7CCA02F2946FB8607BF
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Lisbon)]} {. LoadTimeZoneFile Europe/Lisbon.}.set TZData(:Portugal) $TZData(:Europe/Lisbon).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-C7FPM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7471
Entropy (8bit):	3.7115445412724797
Encrypted:	false
SSDEEP:
MD5:	2F62D867C8605730BC8E43D300040D54
SHA1:	06AD982DF03C7309AF01477749BAB9F7ED8935A7
SHA-256:	D6C70E46A68B82FFC7A4D96FDA925B0FAAF973CB5D3404A55DFF2464C3009173
SHA-512:	0D26D622511635337E5C03D82435A9B4A9BCA9530F940A70A24AE67EA4794429A5D68B59197B978818BEF0799C3D5FA792F5720965291661ED067570BC56226B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:MET) {. {-9223372036854775808 3600 0 MET}. {-1693706400 7200 1 MEST}. {-1680483600 3600 0 MET}. {-1663455600 7200 1 MEST}. {-1650150000 3600 0 MET}. {-1632006000 7200 1 MEST}. {-1618700400 3600 0 MET}. {-938905200 7200 1 MEST}. {-857257200 3600 0 MET}. {-844556400 7200 1 MEST}. {-828226800 3600 0 MET}. {-812502000 7200 1 MEST}. {-796777200 3600 0 MET}. {-781052400 7200 1 MEST}. {-766623600 3600 0 MET}. {228877200 7200 1 MEST}. {243997200 3600 0 MET}. {260326800 7200 1 MEST}. {276051600 3600 0 MET}. {291776400 7200 1 MEST}. {307501200 3600 0 MET}. {323830800 7200 1 MEST}. {338950800 3600 0 MET}. {354675600 7200 1 MEST}. {370400400 3600 0 MET}. {386125200 7200 1 MEST}. {401850000 3600 0 MET}. {417574800 7200 1 MEST}. {433299600 3600 0 MET}. {449024400 7200 1 MEST}. {465354000 3600 0 MET}. {481078800 7200 1 MEST}. {496803600 3600 0 MET

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-CFLD3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	160
Entropy (8bit):	4.743612967973961
Encrypted:	false
SSDEEP:
MD5:	A0C5022166493D766E827B88F806CA32
SHA1:	2A679A391C810122DDD6A7EF722C35328FC09D9C
SHA-256:	537EA39AFBA7CFC059DE58D484EF450BEE73C7903D36F09A16CA983CB5B8F686
SHA-512:	85FEF0A89087D2196EC817A6444F9D94A8D315A64EAE9615C615DBB79B30320CED0D49A1A6C2CD566C722971FA8908A675B1C8F7E64D6875505C60400219F938
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Taipei)]} {. LoadTimeZoneFile Asia/Taipei.}.set TZData(:ROC) $TZData(:Asia/Taipei).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-CJJ42.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	165
Entropy (8bit):	4.812476042768195
Encrypted:	false
SSDEEP:
MD5:	3708D7ED7044DE74B8BE5EBD7314371B
SHA1:	5DDC75C6204D1A2A59C8441A8CAF609404472895
SHA-256:	07F4B09FA0A1D0BA63E17AD682CAD9535592B372815AB8FD4884ACD92EC3D434
SHA-512:	A8761601CD9B601E0CE8AC35B6C7F02A56B07DC8DE31DEB99F60CB3013DEAD900C74702031B5F5F9C2738BA48A8420603D46C3AE0E0C87D40B9D9D44CE0EAE81
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Cairo)]} {. LoadTimeZoneFile Africa/Cairo.}.set TZData(:Egypt) $TZData(:Africa/Cairo).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-CTFLP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	159
Entropy (8bit):	4.791469556628492
Encrypted:	false
SSDEEP:
MD5:	338A18DEDF5A813466644B2AAE1A7CF5
SHA1:	BB76CE671853780F4971D2E173AE71E82EA24690
SHA-256:	535AF1A79CD01735C5D6FC6DB08C5B0EAFB8CF0BC89F7E943CF419CFA745CA26
SHA-512:	4D44CC28D2D0634200FEA0537EBC5DD50E639365B89413C6BF911DC2B95B78E27F1B92733FB859C794A8C027EA89E45E8C2D6E1504FF315AF68DB02526226AD2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Tokyo)]} {. LoadTimeZoneFile Asia/Tokyo.}.set TZData(:Japan) $TZData(:Asia/Tokyo).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-D2EPP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	167
Entropy (8bit):	4.85316662399069
Encrypted:	false
SSDEEP:
MD5:	AA0DEB998177EB5208C4D207D46ECCE3
SHA1:	DD8C7CE874EE12DD77F467B74A9C8FC74C7045FF
SHA-256:	16A42F07DE5233599866ECC1CBB1FC4CD4483AC64E286387A0EED1AFF919717D
SHA-512:	D93A66A62304D1732412CAAAB2F86CE5BCD07D07C1315714D81754827D5EFD30E36D06C0DC3CF4A8C86B750D7D6A144D609D05E241FADC7FF78D3DD2044E4CBB
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Dublin)]} {. LoadTimeZoneFile Europe/Dublin.}.set TZData(:Eire) $TZData(:Europe/Dublin).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-D9FHQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8227
Entropy (8bit):	3.723178863172678
Encrypted:	false
SSDEEP:
MD5:	1A7BDED5B0BADD36F76E1971562B3D3B
SHA1:	CF5BB82484C4522B178E25D14A42B3DBE02D987D
SHA-256:	AFD2F12E50370610EA61BA9DD3838129785DFDEE1EBCC4E37621B54A4CF2AE3F
SHA-512:	4803A906E2C18A2792BF812B8D26C936C71D8A9DD9E87F7DA06630978FCB5DE1094CD20458D37973AA9967D51B97F94A5785B7B15F807E526C13D018688F16D9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:EST5EDT) {. {-9223372036854775808 -18000 0 EST}. {-1633280400 -14400 1 EDT}. {-1615140000 -18000 0 EST}. {-1601830800 -14400 1 EDT}. {-1583690400 -18000 0 EST}. {-880218000 -14400 1 EWT}. {-769395600 -14400 1 EPT}. {-765396000 -18000 0 EST}. {-84387600 -14400 1 EDT}. {-68666400 -18000 0 EST}. {-52938000 -14400 1 EDT}. {-37216800 -18000 0 EST}. {-21488400 -14400 1 EDT}. {-5767200 -18000 0 EST}. {9961200 -14400 1 EDT}. {25682400 -18000 0 EST}. {41410800 -14400 1 EDT}. {57736800 -18000 0 EST}. {73465200 -14400 1 EDT}. {89186400 -18000 0 EST}. {104914800 -14400 1 EDT}. {120636000 -18000 0 EST}. {126687600 -14400 1 EDT}. {152085600 -18000 0 EST}. {162370800 -14400 1 EDT}. {183535200 -18000 0 EST}. {199263600 -14400 1 EDT}. {215589600 -18000 0 EST}. {230713200 -14400 1 EDT}. {247039200 -18000 0 EST}. {262767600 -14400 1 EDT}. {278488800 -180

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-DUHAB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	161
Entropy (8bit):	4.757854680369306
Encrypted:	false
SSDEEP:
MD5:	848663FD5F685FE1E14C655A0ABA7D6A
SHA1:	59A1BEE5B3BE01FB9D2C73777B7B4F1615DCE034
SHA-256:	DB6D0019D3B0132EF8B8693B1AB2B325D77DE3DD371B1AFDAE4904BE610BA2A6
SHA-512:	B1F8C08AF68C919DB332E6063647AF15CB9FED4046C16BEF9A58203044E36A0D1E69BD1B8703B15003B929409A8D83238B5AA67B910B920F0674C8A0EB5CF125
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Tehran)]} {. LoadTimeZoneFile Asia/Tehran.}.set TZData(:Iran) $TZData(:Asia/Tehran).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-E1MV9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	174
Entropy (8bit):	4.865313867650324
Encrypted:	false
SSDEEP:
MD5:	D828C0668A439FEB9779589A646793F8
SHA1:	1509415B72E2155725FB09615B3E0276F3A46E87
SHA-256:	CF8BFEC73D36026955FA6F020F42B6360A64ED870A88C575A5AA0CD9756EF51B
SHA-512:	0F864B284E48B993DD13296AF05AEB14EBE26AF32832058C1FC32FCCE78E85925A25D980052834035D37935FAAF1CB0A9579AECBE6ADCDB2791A134D88204EBF
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Hong_Kong)]} {. LoadTimeZoneFile Asia/Hong_Kong.}.set TZData(:Hongkong) $TZData(:Asia/Hong_Kong).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-EH3NC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	172
Entropy (8bit):	4.80475858956378
Encrypted:	false
SSDEEP:
MD5:	38C56298E75306F39D278F60B50711A6
SHA1:	8FD9CEAD17CCD7D981CEF4E782C3916BFEF2D11F
SHA-256:	E10B8574DD83C93D3C49E9E2226148CBA84538802316846E74DA6004F1D1534D
SHA-512:	F6AA67D78A167E553B97F092CC3791B591F800A6D286BE37C06F7ECABDFBCF43A397AEDC6E3EB9EB6A1CB95E8883D4D4F97890CA1877930AFCD5643B0C8548E9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Denver)]} {. LoadTimeZoneFile America/Denver.}.set TZData(:Navajo) $TZData(:America/Denver).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-EMKB6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7189
Entropy (8bit):	3.6040923024580884
Encrypted:	false
SSDEEP:
MD5:	9AE4C7EC014649393D354B02DF00F8B9
SHA1:	D82195DEF49CFFEAB3791EA70E6D1BB8BC113155
SHA-256:	4CB6582052BE7784DD08CE7FD97ACC56234F07BCF80B69E57111A8F88454908E
SHA-512:	6F0C138AF98A4D4A1028487C29267088BD4C0EC9E7C1DB9818FA31A61C9584B67B3F5909C6E6FDB0F7183629E892A77BA97654D39FCE7DDEF6908F8146B7BE72
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:EET) {. {-9223372036854775808 7200 0 EET}. {228877200 10800 1 EEST}. {243997200 7200 0 EET}. {260326800 10800 1 EEST}. {276051600 7200 0 EET}. {291776400 10800 1 EEST}. {307501200 7200 0 EET}. {323830800 10800 1 EEST}. {338950800 7200 0 EET}. {354675600 10800 1 EEST}. {370400400 7200 0 EET}. {386125200 10800 1 EEST}. {401850000 7200 0 EET}. {417574800 10800 1 EEST}. {433299600 7200 0 EET}. {449024400 10800 1 EEST}. {465354000 7200 0 EET}. {481078800 10800 1 EEST}. {496803600 7200 0 EET}. {512528400 10800 1 EEST}. {528253200 7200 0 EET}. {543978000 10800 1 EEST}. {559702800 7200 0 EET}. {575427600 10800 1 EEST}. {591152400 7200 0 EET}. {606877200 10800 1 EEST}. {622602000 7200 0 EET}. {638326800 10800 1 EEST}. {654656400 7200 0 EET}. {670381200 10800 1 EEST}. {686106000 7200 0 EET}. {701830800 10800 1 EEST}. {717555600 7200 0 EET}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-G38LM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8227
Entropy (8bit):	3.751820462019181
Encrypted:	false
SSDEEP:
MD5:	DB5250A28A3853951AF00231677AACAC
SHA1:	1FC1DA1121B9F5557D246396917205B97F6BC295
SHA-256:	4DFC264F4564957F333C0208DA52DF03301D2FD07943F53D8B51ECCDD1CB8153
SHA-512:	72594A17B1E29895A6B4FC636AAE1AB28523C9C8D50118FA5A7FDFD3944AD3B742B17B260A69B44756F4BA1671268DD3E8223EF314FF7850AFB81202BA2BBF44
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:PST8PDT) {. {-9223372036854775808 -28800 0 PST}. {-1633269600 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-1601820000 -25200 1 PDT}. {-1583679600 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-84376800 -25200 1 PDT}. {-68655600 -28800 0 PST}. {-52927200 -25200 1 PDT}. {-37206000 -28800 0 PST}. {-21477600 -25200 1 PDT}. {-5756400 -28800 0 PST}. {9972000 -25200 1 PDT}. {25693200 -28800 0 PST}. {41421600 -25200 1 PDT}. {57747600 -28800 0 PST}. {73476000 -25200 1 PDT}. {89197200 -28800 0 PST}. {104925600 -25200 1 PDT}. {120646800 -28800 0 PST}. {126698400 -25200 1 PDT}. {152096400 -28800 0 PST}. {162381600 -25200 1 PDT}. {183546000 -28800 0 PST}. {199274400 -25200 1 PDT}. {215600400 -28800 0 PST}. {230724000 -25200 1 PDT}. {247050000 -28800 0 PST}. {262778400 -25200 1 PDT}. {278499600 -288

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-GSGAN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	185
Entropy (8bit):	4.840758003302018
Encrypted:	false
SSDEEP:
MD5:	18DEAAAC045B4F103F2D795E0BA77B00
SHA1:	F3B3FE5029355173CD5BA626E075BA73F3AC1DC6
SHA-256:	9BB28A38329767A22CD073DF34E46D0AA202172A4116FBF008DDF802E60B743B
SHA-512:	18140274318E913F0650D21107B74C07779B832C9906F1A2E98433B96AAEADF70D07044EB420A2132A6833EF7C3887B8927CFD40D272A13E69C74A63904F43C9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Atlantic/Reykjavik)]} {. LoadTimeZoneFile Atlantic/Reykjavik.}.set TZData(:Iceland) $TZData(:Atlantic/Reykjavik).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-HBUAF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	176
Entropy (8bit):	4.668645988954937
Encrypted:	false
SSDEEP:
MD5:	EA38E93941E21CB08AA49A023DCC06FB
SHA1:	1AD77CAC25DC6D1D04320FF2621DD8E7D227ECBF
SHA-256:	21908F008F08C55FB48F1C3D1A1B2016BDB10ED375060329451DE4E487CF0E5F
SHA-512:	D6F0684A757AD42B8010B80B4BE6542ADE96D140EC486B4B768E167502C776B8D289622FBC48BD19EB3D0B3BC4156715D5CCFC7952A479A990B07935B15D26DC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Jamaica)]} {. LoadTimeZoneFile America/Jamaica.}.set TZData(:Jamaica) $TZData(:America/Jamaica).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-IB830.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	174
Entropy (8bit):	4.8398862338201765
Encrypted:	false
SSDEEP:
MD5:	7B274C782E9FE032AC4B3E137BF147BB
SHA1:	8469D17EC75D0580667171EFC9DE3FDF2C1E0968
SHA-256:	2228231C1BEF0173A639FBC4403B6E5BF835BF5918CC8C16757D915A392DBF75
SHA-512:	AE72C1F244D9457C70A120FD00F2C0FC2BDC467DBD5C203373291E00427499040E489F2B1358757EA281BA8143E28FB54D03EDE67970F74DACFCB308AC7F74CE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Auckland)]} {. LoadTimeZoneFile Pacific/Auckland.}.set TZData(:NZ) $TZData(:Pacific/Auckland).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-IMTTF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	170
Entropy (8bit):	4.860435123210029
Encrypted:	false
SSDEEP:
MD5:	51335479044A047F5597F0F06975B839
SHA1:	234CD9635E61E7D429C70E886FF9C9F707FEAF1F
SHA-256:	FAC3B11B1F4DA9D68CCC193526C4E369E3FAA74F95C8BEE8BB9FAE014ACD5900
SHA-512:	4E37EFDFBAFA5C517BE86195373D083FF4370C5031B35A735E3225E7B17A75899FAFFBDF0C8BCFCBC5DC2D037EE9465AD3ED7C0FA55992027DFD69618DC9918F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/London)]} {. LoadTimeZoneFile Europe/London.}.set TZData(:GB-Eire) $TZData(:Europe/London).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-JL112.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	175
Entropy (8bit):	4.882090609090058
Encrypted:	false
SSDEEP:
MD5:	41703ED241199F0588E1FC6FF0F33E90
SHA1:	08B4785E21E21DFE333766A7198C325CD062347B
SHA-256:	4B8A8CE69EE94D7E1D49A2E00E2944675B66BD16302FE90E9020845767B0509B
SHA-512:	F90F6B0002274AF57B2749262E1530E21906162E4D1F3BE89639B5449269F3026A7F710C24765E913BC23DEC5A6BF97FC0DD465972892D851B6EAEEF025846CA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Istanbul)]} {. LoadTimeZoneFile Europe/Istanbul.}.set TZData(:Turkey) $TZData(:Europe/Istanbul).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-JV50S.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	149
Entropy (8bit):	4.843152601955343
Encrypted:	false
SSDEEP:
MD5:	FE666CDF1E9AA110A7A0AE699A708927
SHA1:	0E7FCDA9B47BC1D5F4E0DFAD8A9E7B73D71DC9E3
SHA-256:	0A883AFE54FAE0ED7D6535BDAB8A767488A491E6F6D3B7813CF76BB32FED4382
SHA-512:	763591A47057D67E47906AD22270D589100A7380B6F9EAA9AFD9D6D1EE254BCB1471FEC43531C4196765B15F2E27AF9AAB5A688D1C88B45FE7EEA67B6371466E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:GMT0) $TZData(:Etc/GMT).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-KFOFG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	150
Entropy (8bit):	4.8553095447791055
Encrypted:	false
SSDEEP:
MD5:	E71CDE5E33573E78E01F4B7AB19F5728
SHA1:	C296752C449ED90AE20F5AEC3DC1D8F329C2274F
SHA-256:	78C5044C723D21375A1154AE301F29D13698C82B3702042C8B8D1EFF20954078
SHA-512:	6EBB39EF85DA70833F8B6CCD269346DC015743BC049F6F1B385625C5498F4E953A0CEDE76C60314EE671FE0F6EEB56392D62E0128F5B04BC68681F71718FE2BB
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:GMT-0) $TZData(:Etc/GMT).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-KQVUG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	176
Entropy (8bit):	4.832832776993659
Encrypted:	false
SSDEEP:
MD5:	C8D83C210169F458683BB35940E11DF6
SHA1:	278546F4E33AD5D0033AF6768EFAB0DE247DA74F
SHA-256:	CECF81746557F6F957FEF12DBD202151F614451F52D7F6A35C72B830075C478D
SHA-512:	4539AE6F7AF7579C3AA5AE4DEB97BD14ED83569702D3C4C3945DB06A2D8FFF260DA1DB21FF21B0BED91EE9C993833D471789B3A99C9A2986B7AC8ABFBBE5A8B7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Chatham)]} {. LoadTimeZoneFile Pacific/Chatham.}.set TZData(:NZ-CHAT) $TZData(:Pacific/Chatham).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-KT6RN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	149
Entropy (8bit):	4.830292555237936
Encrypted:	false
SSDEEP:
MD5:	6C7C2CE174DB462A3E66D9A8B67A28EB
SHA1:	73B74BEBCDAEBDA4F46748BCA149BC4C7FE82722
SHA-256:	4472453E5346AAA1E1D4E22B87FDC5F3170AA013F894546087D0DC96D4B6EC43
SHA-512:	07209059E5E5EB5EE12821C1AC46922DA2715EB7D7196A478F0FA6866594D3C69F4C50006B0EE517CBF6DB07164915F976398EBBD88717A070D750D5D106BA5D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/UTC)]} {. LoadTimeZoneFile Etc/UTC.}.set TZData(:Zulu) $TZData(:Etc/UTC).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-L4A4I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	106
Entropy (8bit):	4.879680803636454
Encrypted:	false
SSDEEP:
MD5:	33221E0807873CC5E16A55BF4450B6D4
SHA1:	A01FD9D1B8E554EE7A25473C2FBECA3B08B7FD02
SHA-256:	5AA7D9865554BCE546F1846935C5F68C9CA806B29B6A45765BA55E09B14363E4
SHA-512:	54A33B239BBFCFC645409FBC8D9DDBFCAE56067FA0427D0BE5F49CB32EB8EEC8E43FC22CE1C083FDC17DD8591BE9DB28A2D5006AFA473F10FB17EF2CE7AED305
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:EST) {. {-9223372036854775808 -18000 0 EST}.}.

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-L9UNK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	154
Entropy (8bit):	4.829496870339919
Encrypted:	false
SSDEEP:
MD5:	60878BB8E8BE290911CAB2A16AAFAEF7
SHA1:	15C01523EDA134D3E38ECC0A5909A4579BD2A00D
SHA-256:	9324B6C871AC55771C44B82BF4A92AE0BE3B2CC64EBA9FE878571225FD38F818
SHA-512:	C697401F1C979F5A4D33E1026DCE5C77603E56A48405511A09D8CE178F1BF47D60F217E7897061F71CFEA63CC041E64340EF6BAEE0EB037AFD34C71BF0591E3E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/UTC)]} {. LoadTimeZoneFile Etc/UTC.}.set TZData(:Universal) $TZData(:Etc/UTC).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-N3P31.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8227
Entropy (8bit):	3.723597525146651
Encrypted:	false
SSDEEP:
MD5:	B5AC3FA83585957217CA04384171F0FF
SHA1:	827FF1FBDADDDE3754453E680B4E719A50499AE6
SHA-256:	17CBE2F211973F827E0D5F9F2B4365951164BC06DA065F6F38F45CB064B29457
SHA-512:	A56485813C47758F988A250FFA97E2DBD7A69DDD16034E9EF2834AF895E8A374EEB4DA3F36E6AD80285AC10F84543ECF5840670805082E238F822F85D635651F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:CST6CDT) {. {-9223372036854775808 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-84384000 -18000 1 CDT}. {-68662800 -21600 0 CST}. {-52934400 -18000 1 CDT}. {-37213200 -21600 0 CST}. {-21484800 -18000 1 CDT}. {-5763600 -21600 0 CST}. {9964800 -18000 1 CDT}. {25686000 -21600 0 CST}. {41414400 -18000 1 CDT}. {57740400 -21600 0 CST}. {73468800 -18000 1 CDT}. {89190000 -21600 0 CST}. {104918400 -18000 1 CDT}. {120639600 -21600 0 CST}. {126691200 -18000 1 CDT}. {152089200 -21600 0 CST}. {162374400 -18000 1 CDT}. {183538800 -21600 0 CST}. {199267200 -18000 1 CDT}. {215593200 -21600 0 CST}. {230716800 -18000 1 CDT}. {247042800 -21600 0 CST}. {262771200 -18000 1 CDT}. {278492400 -216

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-NT0TC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	148
Entropy (8bit):	4.792993822845485
Encrypted:	false
SSDEEP:
MD5:	530F5381F9CD8542ED5690E47FC83358
SHA1:	29A065F004F23A5E3606C2DB50DC0AB28CAFC785
SHA-256:	AC0FF734DA267E5F20AB573DBD8C0BD7613B84D86FDA3C0809832F848E142BC8
SHA-512:	4328BDFD6AA935FD539EE2D4A3EBA8DD2A1BD9F44BA0CF30AA0C4EA57B0A58E3CDFAA312366A0F93766AE445E6E210EE57CD5ED60F74173EDF67C1C5CB987C68
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/UTC)]} {. LoadTimeZoneFile Etc/UTC.}.set TZData(:UTC) $TZData(:Etc/UTC).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-OAB74.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	175
Entropy (8bit):	4.80663340464643
Encrypted:	false
SSDEEP:
MD5:	9E2902F20F33CA25B142B6AA51D4D54F
SHA1:	C1933081F30ABB7780646576D7D0F54DC6F1BC51
SHA-256:	FCF394D598EC397E1FFEED5282874408D75A9C3FFB260C55EF00F30A80935CA4
SHA-512:	D56AF44C4E4D5D3E6FC31D56B9BA36BD8499683D1A3C9BC48EEE392C4AC5ACAA10E3E82282F5BDA9586AF26F4B6C0C5649C454399144F040CC94EA35BBB53B48
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Singapore)]} {. LoadTimeZoneFile Asia/Singapore.}.set TZData(:Singapore) $TZData(:Asia/Singapore).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-PTF3I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6694
Entropy (8bit):	3.6896780927557495
Encrypted:	false
SSDEEP:
MD5:	CD86A6ED164FEB33535D74DF52DC49A5
SHA1:	89843BF23AB113847DCC576990A4FF2CABCA03FE
SHA-256:	AF28754C77BA41712E9C49EF3C9E08F7D43812E3317AD4E2192E971AD2C9B02D
SHA-512:	80C0A7C3BDD458CA4C1505B2144A3AD969F7B2F2732CCBE4E773FBB6ED446C2961E0B5AFFBC124D43CE9AB530C42C8AEC7100E7817566629CE9D01AC057E3549
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:WET) {. {-9223372036854775808 0 0 WET}. {228877200 3600 1 WEST}. {243997200 0 0 WET}. {260326800 3600 1 WEST}. {276051600 0 0 WET}. {291776400 3600 1 WEST}. {307501200 0 0 WET}. {323830800 3600 1 WEST}. {338950800 0 0 WET}. {354675600 3600 1 WEST}. {370400400 0 0 WET}. {386125200 3600 1 WEST}. {401850000 0 0 WET}. {417574800 3600 1 WEST}. {433299600 0 0 WET}. {449024400 3600 1 WEST}. {465354000 0 0 WET}. {481078800 3600 1 WEST}. {496803600 0 0 WET}. {512528400 3600 1 WEST}. {528253200 0 0 WET}. {543978000 3600 1 WEST}. {559702800 0 0 WET}. {575427600 3600 1 WEST}. {591152400 0 0 WET}. {606877200 3600 1 WEST}. {622602000 0 0 WET}. {638326800 3600 1 WEST}. {654656400 0 0 WET}. {670381200 3600 1 WEST}. {686106000 0 0 WET}. {701830800 3600 1 WEST}. {717555600 0 0 WET}. {733280400 3600 1 WEST}. {749005200 0 0 WET}. {764730000 36

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-QKEU8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	166
Entropy (8bit):	4.854287452296565
Encrypted:	false
SSDEEP:
MD5:	AF9DD8961DB652EE1E0495182D99820D
SHA1:	979602E3C59719A67DE3C05633242C12E0693C43
SHA-256:	9A6109D98B35518921E4923B50053E7DE9B007372C5E4FFF75654395D6B56A82
SHA-512:	F022C3EFABFC3B3D3152C345ACD28387FFEA4B61709CBD42B2F3684D33BED469C4C25F2328E5E7D9D74D968E25A0419E7BCFF0EB55650922906B9D3FF57B06C8
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Shanghai)]} {. LoadTimeZoneFile Asia/Shanghai.}.set TZData(:PRC) $TZData(:Asia/Shanghai).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-RVSVA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7471
Entropy (8bit):	3.710275786382764
Encrypted:	false
SSDEEP:
MD5:	AE72690EF7063F0B9F640096204E2ECE
SHA1:	4F815B51DA9BCA97DFF71D191B74D0190890F946
SHA-256:	BB2C5E587EE9F9BF85C1D0B6F57197985663D4DFF0FED13233953C1807A1F11C
SHA-512:	F7F0911251BC7191754AF0BA2C455E825BF16EA9202A740DC1E07317B1D74CDAF680E161155CC1BD5E862DCEE2A58101F419D8B5E0E24C4BA7134999D9B55C48
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:CET) {. {-9223372036854775808 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-938905200 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-781052400 7200 1 CEST}. {-766623600 3600 0 CET}. {228877200 7200 1 CEST}. {243997200 3600 0 CET}. {260326800 7200 1 CEST}. {276051600 3600 0 CET}. {291776400 7200 1 CEST}. {307501200 3600 0 CET}. {323830800 7200 1 CEST}. {338950800 3600 0 CET}. {354675600 7200 1 CEST}. {370400400 3600 0 CET}. {386125200 7200 1 CEST}. {401850000 3600 0 CET}. {417574800 7200 1 CEST}. {433299600 3600 0 CET}. {449024400 7200 1 CEST}. {465354000 3600 0 CET}. {481078800 7200 1 CEST}. {496803600 3600 0 CET

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-TE287.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	165
Entropy (8bit):	4.848987525932415
Encrypted:	false
SSDEEP:
MD5:	2639233BCD0119FD601F55F2B6279443
SHA1:	AADF9931DF78F5BC16ED4638947E77AE52E80CA1
SHA-256:	846E203E4B40EA7DC1CB8633BF950A8173D7AA8073C186588CC086BC7C4A2BEE
SHA-512:	8F571F2BBE4C60E240C4EBBB81D410786D1CB8AD0761A99ABB61DDB0811ACC92DCC2F765A7962B5C560B86732286356357D3F408CAC32AC1B2C1F8EAD4AEAEA6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/London)]} {. LoadTimeZoneFile Europe/London.}.set TZData(:GB) $TZData(:Europe/London).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-TOKVC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	167
Entropy (8bit):	4.9534620854837295
Encrypted:	false
SSDEEP:
MD5:	58FBF79D86DBCFF53F74BF7FE5C12DD6
SHA1:	EA8B3317B012A661B3BA4A1FAE0DC5DEDC03BC26
SHA-256:	0DECFEACCE2E2D88C29CB696E7974F89A687084B3DB9564CDED6FC97BCD74E1F
SHA-512:	083B449DE987A634F7199666F9C685EADD643C2C2DD9C8F6C188388266729CE0179F9DC0CD432D713E5FB1649D0AA1A066FE616FC43DA65C4CD787D8E0DE00A6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Moscow)]} {. LoadTimeZoneFile Europe/Moscow.}.set TZData(:W-SU) $TZData(:Europe/Moscow).

C:\Users\user\AppData\Local\Namang\tcl\tzdata\is-UH2E2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	154
Entropy (8bit):	4.869510201987464
Encrypted:	false
SSDEEP:
MD5:	F989F3DB0290B2126DA85D78B74E2061
SHA1:	43A0A1737E1E3EF0501BB65C1E96CE4D0B5635FC
SHA-256:	41A45FCB805DB6054CD1A4C7A5CFBF82668B3B1D0E44A6F54DFB819E4C71F68A
SHA-512:	3EDB8D901E04798B566E6D7D72841C842803AE761BEF3DEF37B8CA481E79915A803F61360FA2F317D7BDCD913AF8F5BB14F404E80CFA4A34E4310055C1DF39F2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:Greenwich) $TZData(:Etc/GMT).

C:\Users\user\AppData\Local\Namang\tk\images\is-0EVNT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	32900
Entropy (8bit):	5.235207715374815
Encrypted:	false
SSDEEP:
MD5:	45175418859AF67FE417BD0A053DB6E5
SHA1:	2B499B7C4EBC8554ECC07B8408632CAF407FB6D5
SHA-256:	F3E77FD94198EC4783109355536638E9162F9C579475383074D024037D1797D3
SHA-512:	114A59FD6B99FFD628BA56B8E14FB3B59A0AB6E752E18DEA038F85DBC072BF98492CE9369D180C169EDE9ED2BD521D8C0D607C5E4988F2C83302FC413C6D6A4C
Malicious:	false
Preview:	%!PS-Adobe-3.0 EPSF-3.0.%%Creator: Adobe Illustrator(TM) 5.5.%%For: (Bud Northern) (Mark Anderson Design).%%Title: (TCL/TK LOGO.ILLUS).%%CreationDate: (8/1/96) (4:58 PM).%%BoundingBox: 251 331 371 512.%%HiResBoundingBox: 251.3386 331.5616 370.5213 511.775.%%DocumentProcessColors: Cyan Magenta Yellow.%%DocumentSuppliedResources: procset Adobe_level2_AI5 1.0 0.%%+ procset Adobe_IllustratorA_AI5 1.0 0.%AI5_FileFormat 1.2.%AI3_ColorUsage: Color.%%DocumentCustomColors: (TCL RED).%%CMYKCustomColor: 0 0.45 1 0 (Orange).%%+ 0 0.25 1 0 (Orange Yellow).%%+ 0 0.79 0.91 0 (TCL RED).%AI3_TemplateBox: 306 396 306 396.%AI3_TileBox: 12 12 600 780.%AI3_DocumentPreview: Macintosh_ColorPic.%AI5_ArtSize: 612 792.%AI5_RulerUnits: 0.%AI5_ArtFlags: 1 0 0 1 0 0 1 1 0.%AI5_TargetResolution: 800.%AI5_NumLayers: 1.%AI5_OpenToView: 90 576 2 938 673 18 1 1 2 40.%AI5_OpenViewLayers: 7.%%EndComments.%%BeginProlog.%%BeginResource: procset Adobe_level2_AI5 1.0 0.%%Title: (Adobe Illustrator (R) Version 5.0 Level 2 Emul

C:\Users\user\AppData\Local\Namang\tk\images\is-2IE9E.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3491
Entropy (8bit):	7.790611381196208
Encrypted:	false
SSDEEP:
MD5:	A5E4284D75C457F7A33587E7CE0D1D99
SHA1:	FA98A0FD8910DF2EFB14EDAEC038B4E391FEAB3C
SHA-256:	BAD9116386343F4A4C394BDB87146E49F674F687D52BB847BD9E8198FDA382CC
SHA-512:	4448664925D1C1D9269567905D044BBA48163745646344E08203FCEF5BA1524BA7E03A8903A53DAF7D73FE0D9D820CC9063D4DA2AA1E08EFBF58524B1D69D359
Malicious:	false
Preview:	GIF89a................................f.................f...ff.f3.f..33.3............f..ff.3f.33.3.f..ff.ff.ffff3ff333f.3f.33.33f.3...................................................................!.. -dl-.!.......,...........@.pH,...r.l:..T..F$XIe..V$.x..V.Z.z..F.pxd~..........{....o....l..{.b...hi[}P.k...y.....y.f.._R.\...............m.....y.....x......^.Q...j.....\S.....^.......l......]...[.......).....{....7...`..<...`..">..i.?/..@............>..Z.z@....0B..r...j.V.I.@..;%R......J.p.A.t...$A...>`.....@g5BP.A..p.x.............q..8...... ...(.Q..#..@...F..YSK..M..#o.....D.m..-.....k}...BT..V......'.....`.d..~;..9+..6...<b.eZ..y^0]0..I...=.6.....}.0<.Z...M...Y135.e.....b...U0F~.-.HT......l2.s.q`-....y...e....dPZ....~.zT.M.... "r.E/k. .....Lj@'........Pcd&.(..mxF_w.."K..x!..--Y`..A.....Be.jH.A..\..j.....du#.....]^...>......].i.FMO..].9n1",Y...F...EW.9.....0TY.T...Cv!i`%...Hz@.]..U.!Y...#Dv&pi.z(.mn.A....@Q.0.%...&.4.v.cw(.`cd'\|..M9..."...,.......

C:\Users\user\AppData\Local\Namang\tk\images\is-329H8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	27809
Entropy (8bit):	5.331778921404698
Encrypted:	false
SSDEEP:
MD5:	BA1051DBED2B8676CAA24593B88C91B2
SHA1:	8A58FC19B20BFDC8913515D9B32CCBF8ACF92344
SHA-256:	2944EBC4AF1894951BF9F1250F4E6EDF811C2183745950EA9A8A926715882CF7
SHA-512:	4260CEBA7DA9463F32B0C76A2AC19D2B20C8FE48CFBA3DC7AF748AAE15FA25DCBDA085072DF7EFC8F4B4F304C7ED166FE9F93DC903E32FA1874E82D59E544DEF
Malicious:	false
Preview:	%!PS-Adobe-3.0 EPSF-3.0.%%Creator: Adobe Illustrator(TM) 5.5.%%For: (Bud Northern) (Mark Anderson Design).%%Title: (TCL PWRD LOGO.ILLUS).%%CreationDate: (8/1/96) (4:59 PM).%%BoundingBox: 242 302 377 513.%%HiResBoundingBox: 242.0523 302.5199 376.3322 512.5323.%%DocumentProcessColors: Cyan Magenta Yellow.%%DocumentSuppliedResources: procset Adobe_level2_AI5 1.0 0.%%+ procset Adobe_IllustratorA_AI5 1.0 0.%AI5_FileFormat 1.2.%AI3_ColorUsage: Color.%%CMYKCustomColor: 0 0.45 1 0 (Orange).%%+ 0 0.25 1 0 (Orange Yellow).%%+ 0 0.79 0.91 0 (PANTONE Warm Red CV).%%+ 0 0.79 0.91 0 (TCL RED).%AI3_TemplateBox: 306 396 306 396.%AI3_TileBox: 12 12 600 780.%AI3_DocumentPreview: Macintosh_ColorPic.%AI5_ArtSize: 612 792.%AI5_RulerUnits: 0.%AI5_ArtFlags: 1 0 0 1 0 0 1 1 0.%AI5_TargetResolution: 800.%AI5_NumLayers: 1.%AI5_OpenToView: 102 564 2 938 673 18 1 1 2 40.%AI5_OpenViewLayers: 7.%%EndComments.%%BeginProlog.%%BeginResource: procset Adobe_level2_AI5 1.0 0.%%Title: (Adobe Illustrator (R) Version 5.0 Le

C:\Users\user\AppData\Local\Namang\tk\images\is-361SH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2489
Entropy (8bit):	7.708754027741608
Encrypted:	false
SSDEEP:
MD5:	711F4E22670FC5798E4F84250C0D0EAA
SHA1:	1A1582650E218B0BE6FFDEFFD64D27F4B9A9870F
SHA-256:	5FC25C30AEE76477F1C4E922931CC806823DF059525583FF5705705D9E913C1C
SHA-512:	220C36010208A87D0F674DA06D6F5B4D6101D196544ABCB4EE32378C46C781589DB1CE7C7DFE6471A8D8E388EE6A279DB237B18AF1EB9130FF9D0222578F1589
Malicious:	false
Preview:	GIF89aa...............................f.................f...ff.f3.f..33.3............f..ff.f3.33.3.f..ff.ff.ffff3ff333f.3f.33.33f.3...................................................................!.. -dl-.!.......,....a......@.pH,...r.l:..TB.T..V..z..H.j..h...&.......t"....F...d..gN~Y...g....}..r....g.....o...g.......Y.w..W......N....Z....W....f...tL.~.f....New............W.M.r.........O.q........W-./i.*...`..z..F9.../9..-.......$6..G..S...........zB.,nw.64...e4.......HOt......f.....)..OX..C.eU.(.Qh.....T..<Q.Y.P.L.YxT....2........ji..3.^)zz..O.a..6 ...TZ........^...7.....>\|P.....w$...k.ZF.\R.u....F.]Z.--(v+)[Y....=.!.W..+.]..]._.....&..../Ap...j...!..b.:...{.^.=.`...U.....@Hf..\?.(..Lq@.........0..L...a...&.!.....]#..]G \..q...A.H.X[...(.W......,...1a..B...W(.t.8.AdG.)..(P=...Uu.u..A.KM\...'r.R./.W..d2a.0..G...?...B......#H........1Q.0...R....%+...0.I..{.<......QV.tz'.yn.E.p..0i.I.g......L....%....K...A.l.ph.Q.1e...Z....g..2e...smU&d;.J..

C:\Users\user\AppData\Local\Namang\tk\images\is-79VDD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11000
Entropy (8bit):	7.88559092427108
Encrypted:	false
SSDEEP:
MD5:	45D9B00C4CF82CC53723B00D876B5E7E
SHA1:	DDD10E798AF209EFCE022E97448E5EE11CEB5621
SHA-256:	0F404764D07A6AE2EF9E1E0E8EAAC278B7D488D61CF1C084146F2F33B485F2ED
SHA-512:	6E89DACF2077E1307DA05C16EF8FDE26E92566086346085BE10A7FD88658B9CDC87A3EC4D17504AF57D5967861B1652FA476B2DDD4D9C6BCFED9C60BB2B03B6F
Malicious:	false
Preview:	GIF89ab.................f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3.............f..3..........f.3...f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3.............f..3............f..3.............f..3....f..f.f..ff.f3.f..3..3.3..3f.33.3...........f..3...f..f..f..f.ff.3f..f..f..f.f.ff.3f..f..f..f..f.ff.3f..ff.ff.ff.fffff3ff.f3.f3.f3.f3ff33f3.f..f..f..f.ff.3f..3..3..3..3.f3.33..3..3..3.3.f3.33..3..3..3..3.f3.33..3f.3f.3f.3ff3f33f.33.33.33.33f33333.3..3..3..3.f3.33.............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3...............w..U..D..".....................w..U..D..".....................w..U..D..".................wwwUUUDDD"""......,....b..........H......\....#J.H....3j.... '.;p....(.8X..^.0c.I...z8O.\.....:....$..Fu<8`...P.>%I.gO.C.h-..+.`....@..h....dJ.?...K...H.,U.._.#...g..[.^.x.....J.L.!.'........=+eZ..i..ynF.8...].y\|..m.

C:\Users\user\AppData\Local\Namang\tk\images\is-C5C7J.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5473
Entropy (8bit):	7.754239979431754
Encrypted:	false
SSDEEP:
MD5:	048AFE69735F6974D2CA7384B879820C
SHA1:	267A9520C4390221DCE50177E789A4EBD590F484
SHA-256:	E538F8F4934CA6E1CE29416D292171F28E67DA6C72ED9D236BA42F37445EA41E
SHA-512:	201DA67A52DADA3AE7C533DE49D3C08A9465F7AA12317A0AE90A8C9C04AA69A85EC00AF2D0069023CD255DDA8768977C03C73516E4848376250E8D0D53D232CB
Malicious:	false
Preview:	GIF89ad.d...................RJJ...B99.......RBB..B11ZBB!....R991!!...)....{{B!!R)).JJ.ss.ZZ.BB.kk.RR.JJ.BB9...JJR!!.ZZ.BB.11.99.{s.sk.kc.cZ.ZR.JB.ZR.JB.JB.RJ.B9.91.B9...{.JB.91.B9.B9.1){)!.)!.9)..ZR.JB{91.cR{1).ZJ.ZJ.RB.J9.B1.B1.9).1!....{B9.{k.scc1).kZZ)!c)!.9).B1.9).9).1!.1!.1!.B).9!.9!.1..).....{.sZ1)R)!.B1.B1.ZBR!..9).ZB.9).R9.R9.1!.J1.J1.B).B).9!.9!.1..1..).....sZ.J9.ZB.cJJ!.{1!.B).9!{)..9!.J).B!.B!.9..R1).kJ)!.B1{9).R9.cB.Z9.Z9.B).Z9.B).R1.9!.R1.J).J).B!.1..9....{.s.J9.{Z.ZB.sR.kJk1!.cB.cB.R1.R).1..B!.J!.B.....R91.J1).c.kJ.J).Z1.B!.B!..9!..{R.sJ.Z9.R1{9!..s.R9.Z...J91Z9){B)...............B91..1)!..............................RJR............B)1......R19........BJ.9B..{..s{......!.......,....d.d.@............0@PHa.....p...7.8.y...C.s6Z.%Q.#s.`:B.N....4jd.K.0..\|y....F@.......1~ ......'Y.B"C&R.V.R.4$k.3...D.......EfY3..M........BDV._.....\..).]..>s..$H\%y0WL...d.......D..'..v..1Kz.Zp$;S

C:\Users\user\AppData\Local\Namang\tk\images\is-CD67F.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	322
Entropy (8bit):	4.341180398587801
Encrypted:	false
SSDEEP:
MD5:	FC8A86E10C264D42D28E23D9C75E7EE5
SHA1:	F1BA322448D206623F8FE734192F383D8F7FA198
SHA-256:	2695ADFF8E900C31B4D86414D22B8A49D6DD865CA3DD99678FA355CDC46093A8
SHA-512:	29C2DF0D516B5FC8E52CB61CFCD07AF9C90B40436DFE64CEFDB2813C0827CE65BA50E0828141256E2876D4DC251E934A6854A8E0B02CDAF466D0389BD778AEF0
Malicious:	false
Preview:	README - images directory..This directory includes images for the Tcl Logo and the Tcl Powered.Logo. Please feel free to use the Tcl Powered Logo on any of your.products that employ the use of Tcl or Tk. The Tcl logo may also be.used to promote Tcl in your product documentation, web site or other.places you so desire..

C:\Users\user\AppData\Local\Namang\tk\images\is-CPUPT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1615
Entropy (8bit):	7.461273815456419
Encrypted:	false
SSDEEP:
MD5:	DBFAE61191B9FADD4041F4637963D84F
SHA1:	BD971E71AE805C2C2E51DD544D006E92363B6C0C
SHA-256:	BCC0E6458249433E8CBA6C58122B7C0EFA9557CBC8FB5F9392EED5D2579FC70B
SHA-512:	ACEAD81CC1102284ED7D9187398304F21B8287019EB98B0C4EC7398DD8B5BA8E7D19CAA891AA9E7C22017B73D734110096C8A7B41A070191223B5543C39E87AF
Malicious:	false
Preview:	GIF89a@.d.............................f.................f...ff.f3.f..33.3.........f..ff.f3.33.3.f..f..ff.ff.ffff3ff333f.3f.33.33f.3...................................................................!.. -dl-.!.......,....@.d....@.pH,..E.... ..(...H$..v..j....K....q..5L......^).3.Y7..r..u.v\|g..om...\iHl..p...`G..\~....fn[q...P.g.Z.l....y...\.l......f.Z.g...%%....e...e...)....O.f..e. ....O..qf..%..(.H.u..]..&....#4.......@.).....u!.M..2. ..PJ..#..T..a.....P.Gi... <Hb....x..z.3.X.O..f.........].Bt..lB.Q.r...9pP....&...L. ..,`[.....E6.Q.....?.#L......\|g........N....[.._........."4......b....G6.........m.zI].....I.@.......I.9...glew...2.B..c>./..2....x.....<...{...7;.....y.I.....4G.Qj0..7..%.W.V...?!..[...X..=..k.h..[Q<.....0.B....(P.x.,.......8OZ.8P!.$....u.c..Ea!..eC....CB.. .H..E..#..C..E...z..&.Nu........c.0..#.T.M.U........l.p @..s.\|..pf!..&.......8.#.8.......J>. .t..h6(........#..0.A...!..)...x..u.Z....%..H............`......\|.....1.......&.....T...f.l...

C:\Users\user\AppData\Local\Namang\tk\images\is-IAPU0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2341
Entropy (8bit):	6.9734417899888665
Encrypted:	false
SSDEEP:
MD5:	FF04B357B7AB0A8B573C10C6DA945D6A
SHA1:	BCB73D8AF2628463A1B955581999C77F09F805B8
SHA-256:	72F6B34D3C8F424FF0A290A793FCFBF34FD5630A916CD02E0A5DDA0144B5957F
SHA-512:	10DFE631C5FC24CF239D817EEFA14329946E26ED6BCFC1B517E2F9AF81807977428BA2539AAA653A89A372257D494E8136FD6ABBC4F727E6B199400DE05ACCD5
Malicious:	false
Preview:	GIF89aD.d...............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3.............f..3..........f.3...f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3.............f..3............f..3.............f..3....f..f.f..ff.f3.f..3..3.3..3f.33.3...........f..3...f..f..f..f.ff.3f..f..f..f.f.ff.3f..f..f..f..f.ff.3f..ff.ff.ff.fffff3ff.f3.f3.f3.f3ff33f3.f..f..f..f.ff.3f..3..3..3..3.f3.33..3..3..3.3.f3.33..3..3..3..3.f3.33..3f.3f.3f.3ff3f33f.33.33.33.33f33333.3..3..3..3.f3.33.............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3...............w..U..D..".....................w..U..D..".....................w..U..D..".................wwwUUUDDD"""......,....D.d........H......\...z..Ht@Q...92.p...z.$.@@.E..u.Y.2..0c..q.cB.,[..... ..1..qbM.2~].....s...S.@.L.j..#..\......h..........].D(..m......@.Z....oO...3=.c...G".(..pL...q]..%....[...#...+...X.h....^.....

C:\Users\user\AppData\Local\Namang\tk\images\is-JEKTQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2981
Entropy (8bit):	7.758793907956808
Encrypted:	false
SSDEEP:
MD5:	DA5FB10F4215E9A1F4B162257972F9F3
SHA1:	8DB7FB453B79B8F2B4E67AC30A4BA5B5BDDEBD3B
SHA-256:	62866E95501C436B329A15432355743C6EFD64A37CFB65BCECE465AB63ECF240
SHA-512:	990CF306F04A536E4F92257A07DA2D120877C00573BD0F7B17466D74E797D827F6C127E2BEAADB734A529254595918C3A5F54FDBD859BC325A162C8CD8F6F5BE
Malicious:	false
Preview:	GIF89aq...............................f.................f...ff.f3.f..33.3............f..ff.f3.3f.33.3.f..ff.ff.ffff3ff333f.3f.33.33f.3................................................................!.. -dl-.!.......,....q......@.pH,...r.l:....A}H...v..R......D.VF..,%M....^.....fyzU.P..f...i.....t..Uqe..N..Z..i......~....g......u.....g......\...h.....P...h.....Q..g....Z..h......]......\...M...[..s...c2.+R.$. ......#.....)v..4....MO.b.....9......[.M.........h'..<-..=.....HQD....D?.~......W7. ..V.W0..l....0p}..KP?c.\@KW.S(..M..B.....-q...S2....,..P.{....F..._MAn ....i.Y3............zh.y.j@...a876...ui.i..;K.........p...`.,}w....tv.m...Y..........;.;.e).e&.......-.NC.4..(..........F........[,w....f......E....h..a3.T.^.........)...C.N8.h\T...+&.z....g]H..B..#.t6..Z.....j.-..N......TI....A........M?..Q&V'...Mb.f.x...h.$r.U .9..Ci. ].4.Zb..@...X....%..<..b)V!........Y)x......T.....h.p.d..h..(........]@.**J.M.U.Jf...Y.:....F..g:..d..6q.-..

C:\Users\user\AppData\Local\Namang\tk\images\is-MBTUM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1670
Entropy (8bit):	6.326462043862671
Encrypted:	false
SSDEEP:
MD5:	B226CC3DA70AAB2EBB8DFFD0C953933D
SHA1:	EA52219A37A140FD98AEA66EA54685DD8158D9B1
SHA-256:	138C240382304F350383B02ED56C69103A9431C0544EB1EC5DCD7DEC7A555DD9
SHA-512:	3D043F41B887D54CCADBF9E40E48D7FFF99B02B6FAF6B1DD0C6C6FEF0F8A17630252D371DE3C60D3EFBA80A974A0670AF3747E634C59BDFBC78544D878D498D4
Malicious:	false
Preview:	GIF89a+.@...............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3.............f..3..........f.3...f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3.............f..3............f..3.............f..3....f..f.f..ff.f3.f..3..3.3..3f.33.3...........f..3...f..f..f..f.ff.3f..f..f..f.f.ff.3f..f..f..f..f.ff.3f..ff.ff.ff.fffff3ff.f3.f3.f3.f3ff33f3.f..f..f..f.ff.3f..3..3..3..3.f3.33..3..3..3.3.f3.33..3..3..3..3.f3.33..3f.3f.3f.3ff3f33f.33.33.33.33f33333.3..3..3..3.f3.33.............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3...............w..U..D..".....................w..U..D..".....................w..U..D..".................wwwUUUDDD"""......,....+.@........H. .z..(tp......@...92....#. A.......C.\.%...)Z..1a.8s..W/..@....3..C...y$.GW.....5.FU..j..;.F(Pc+W.-..X.D-[.*g....F..`.:mkT...Lw...A/.....u.7p..a..9P.....q2..Xg..G....3}AKv.\.d..yL.>..1.#

C:\Users\user\AppData\Local\Namang\tk\images\is-MENTT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1171
Entropy (8bit):	7.289201491091023
Encrypted:	false
SSDEEP:
MD5:	7013CFC23ED23BFF3BDA4952266FA7F4
SHA1:	E5B1DED49095332236439538ECD9DD0B1FD4934B
SHA-256:	462A8FF8FD051A8100E8C6C086F497E4056ACE5B20B44791F4AAB964B010A448
SHA-512:	A887A5EC33B82E4DE412564E86632D9A984E8498F02D8FE081CC4AC091A68DF6CC1A82F4BF99906CFB6EA9D0EF47ADAC2D1B0778DCB997FB24E62FC7A6D77D41
Malicious:	false
Preview:	GIF89a0.K.............................f.................f...ff.f3.f..33.3.........f..ff.f3.3f.33.3.f..ff.ff.f3ff333f.3f.33.33f.3......................................................................!.. -dl-.!.......,....0.K....@.pH,...GD.<:..%SR.Z......<.V.$l.....z......:.. .\|v[D..f...z.W.G.Vr...NgsU.yl..qU..`.......`fe`.......Fg....(.&...g.Y.. .."..q.V.$.'.Ez.W....y...Y.U...(#Xrf.........Xux.U..........(U.4...X....G.B..t..1S...R..Y. ...l ..".>.h......,%K....A.....<s....#..8.iK.....a.y$h..DQh.PE)....6.....MyL.qzF..... ."..Y0..a......2..*t..Ma..b...M..R.....\..st..=....Q......,>s`....Qt.,..B.R.....!.$..%.....(...s...B.T...`,".h(. D....8..dC..\Q.p.......x.#A.....:..du..(D.XV......7....S.#n8a....2`...f.:G,...==(......`!..$...t....b..../N\|...f..J.x... P&.\|.d._!N...].1w.3D.0!....@o&H...N.B.J....pz8..w.i....=r.............@5.-!.......H."..[.j.AB<..p....h...V.D..6.h...ab1F.g...I !.V~.H..V.........:.G..\|c...,.....TD5..c[.W.....LC.....FJ..71[..lH.M.....8.:$......

C:\Users\user\AppData\Local\Namang\tk\images\is-ODHF5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3889
Entropy (8bit):	7.425138719078912
Encrypted:	false
SSDEEP:
MD5:	BD12B645A9B0036A9C24298CD7A81E5A
SHA1:	13488E4F28676F1E0CE383F80D13510F07198B99
SHA-256:	4D0BD3228AB4CC3E5159F4337BE969EC7B7334E265C99B7633E3DAF3C3FCFB62
SHA-512:	F62C996857CA6AD28C9C938E0F12106E0DF5A20D1B4B0B0D17F6294A112359BA82268961F2A054BD040B5FE4057F712206D02F2E668675BBCF6DA59A4DA0A1BB
Malicious:	false
Preview:	GIF87ax............................................................................z.....{..o.....m..b...`{.X....vy...hk.Um.N...I`.D..Z^.LP.?R.;!....?C.5C.3#.l..,6.&.15...`..#(.If.y.....l...._..#/...Hm.>_.y..4R.k..#6..._......w..K.^.."<.....G{.w..3_."C.Q..F....v..!K...v.2m.)_.[..!R.u.1t.g..)f. X.O..E..1z.g. _.Z..D..:..0..Z.. f.D..0..'z..m.N..C../.z.svC.q/.m.ze7.\..P..I..1%.,...............................................................................................................................................................................................................................................................................................................................................................................................,....x..........H.......D..!...7.PAQ...._l8.... C.<.a...*.x....0q.. ..M.%.<.HBe.@.....Q..7..XC..P..<z3..X...P.jA.%'@.J.lV.......R.,..+....t....7h.....(..a...+^.'..7..L.....V...s..$....a.....8`.9..}K......

C:\Users\user\AppData\Local\Namang\tk\is-0N0KB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	21432
Entropy (8bit):	4.987740767386718
Encrypted:	false
SSDEEP:
MD5:	E5E462E0EE0C57B31DAEECB07D038488
SHA1:	E67B3410A7BCECE8B5159AB5327910038096A67B
SHA-256:	823F6E4BAF5D10185D990B3FBCB8BFB4D5F4B6ED62203EE229922B6B32FE39D4
SHA-512:	F8442F21E389FF9A3FC5BECCE8811F8554DEF94FBB8F184026396A87AEA37E8108A3E1B3C76FEA2CFBE4E81B2C5FC2BB8A60BE2B9831CC96CB25DAB177616238
Malicious:	false
Preview:	# clrpick.tcl --.#.#.Color selection dialog for platforms that do not support a.#.standard color selection dialog..#.# Copyright (c) 1996 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#.# ToDo:.#.#.(1): Find out how many free colors are left in the colormap and.#. don't allocate too many colors..#.(2): Implement HSV color selection..#..# Make sure namespaces exist.namespace eval ::tk {}.namespace eval ::tk::dialog {}.namespace eval ::tk::dialog::color {. namespace import ::tk::msgcat::*.}..# ::tk::dialog::color:: --.#.#.Create a color dialog and let the user choose a color. This function.#.should not be called directly. It is called by the tk_chooseColor.#.function when a native color selector widget does not exist.#.proc ::tk::dialog::color:: {args} {. variable ::tk::Priv. set dataName __tk__color. upvar ::tk::dialog::color::$dataName data. set w .$dataName.

C:\Users\user\AppData\Local\Namang\tk\is-0UIME.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8229
Entropy (8bit):	5.0540566175865
Encrypted:	false
SSDEEP:
MD5:	427CCBD25BB1559B9B21A80131658140
SHA1:	B675C0C1B02A527B13AA5DE2AE5A1AA754E9815D
SHA-256:	586CB7A3C32566EFEB46036A19D07E91194CE8EDAF0D47F3C93BCC974E6EE3E1
SHA-512:	FEA82D6D7DBAF52EE1883241170BA95396EC282CDD4F682077A238B4FD9A47C4CE6F84B1B4829A86580A4AB794820E6CD4C1E98CFB7BDCE23E09B54566BD6443
Malicious:	false
Preview:	# comdlg.tcl --.#.#.Some functions needed for the common dialog boxes. Probably need to go.#.in a different file..#.# Copyright (c) 1996 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# tclParseConfigSpec --.#.#.Parses a list of "-option value" pairs. If all options and.#.values are legal, the values are stored in.#.$data($option). Otherwise an error message is returned. When.#.an error happens, the data() array may have been partially.#.modified, but all the modified members of the data(0 array are.#.guaranteed to have valid values. This is different than.#.Tk_ConfigureWidget() which does not modify the value of a.#.widget record if any error occurs..#.# Arguments:.#.# w = widget record to modify. Must be the pathname of a widget..#.# specs = {.# {-commandlineswitch resourceName ResourceClass defaultValue verifier}.# {....}.# }.#.# flags = currently unused..#.# argList

C:\Users\user\AppData\Local\Namang\tk\is-2KPLO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	20642
Entropy (8bit):	4.903366631227966
Encrypted:	false
SSDEEP:
MD5:	309AB5B70F664648774453BCCBE5D3CE
SHA1:	51BF685DEDD21DE3786FE97BC674AB85F34BD061
SHA-256:	0D95949CFACF0DF135A851F7330ACC9480B965DAC7361151AC67A6C667C6276D
SHA-512:	D5139752BD7175747A5C912761916EFB63B3C193DD133AD25D020A28883A1DEA6B04310B751F5FCBE579F392A8F5F18AE556116283B3E137B4EA11A2C536EC6B
Malicious:	false
Preview:	# button.tcl --.#.# This file defines the default bindings for Tk label, button,.# checkbutton, and radiobutton widgets and provides procedures.# that help in implementing those bindings..#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1996 Sun Microsystems, Inc..# Copyright (c) 2002 ActiveState Corporation..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# The code below creates the default class bindings for buttons..#-------------------------------------------------------------------------..if {[tk windowingsystem] eq "aqua"} {.. bind Radiobutton <Enter> {..tk::ButtonEnter %W. }. bind Radiobutton <1> {..tk::ButtonDown %W. }. bind Radiobutton <ButtonRelease-1> {..tk::ButtonUp %W. }. bind Checkbutton <Enter> {..tk::ButtonEnter %W. }. bind Checkbutton <1

C:\Users\user\AppData\Local\Namang\tk\is-2U6IF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10252
Entropy (8bit):	5.02143730499245
Encrypted:	false
SSDEEP:
MD5:	C832FDF24CA1F5C5E9B33FA5ECD11CAC
SHA1:	8082FDE50C428D2511B05F529FCCF02651D5AC93
SHA-256:	E34D828E740F151B96022934AAEC7BB8343E23D040FB54C04641888F51767EB8
SHA-512:	58BEB05778271D4C91527B1CB23491962789D95ACCBC6C28E25D05BD3D6172AAC9A90E7741CD606C69FB8CECC29EE515DA7C7D4E6098BF67F08F18DFB7983323
Malicious:	false
Preview:	# unsupported.tcl --.#.# Commands provided by Tk without official support. Use them at your.# own risk. They may change or go away without notice..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES...# ----------------------------------------------------------------------.# Unsupported compatibility interface for folks accessing Tk's private.# commands and variable against recommended usage..# ----------------------------------------------------------------------..namespace eval ::tk::unsupported {.. # Map from the old global names of Tk private commands to their. # new namespace-encapsulated names... variable PrivateCommands. array set PrivateCommands {..tkButtonAutoInvoke..::tk::ButtonAutoInvoke..tkButtonDown...::tk::ButtonDown..tkButtonEnter...::tk::ButtonEnter..tkButtonInvoke...::tk::ButtonInvoke..tkButtonLeave...::tk::ButtonLeave..tkButtonUp...::tk::ButtonUp..tkCancelRepeat...::tk::Cance

C:\Users\user\AppData\Local\Namang\tk\is-36SPB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	26075
Entropy (8bit):	4.9212533677507535
Encrypted:	false
SSDEEP:
MD5:	F863B7C5680017EE9F744900CC6C3834
SHA1:	155E6E8752F6D48EF8D32CE2228E17EE58C2768E
SHA-256:	9C78A976BBC933863FB0E4C23EE62B26F8EB3D7F101D7D32E6768579499E43B1
SHA-512:	34F5B51EA1A2EFCD53B51A74E7E9B69FB154E017527BBD1CB3961F1619E74BE9D49D0583D193DBA7E8A3904F6C7446F278BC7977011DCCDAEBBE42D71FA5630C
Malicious:	false
Preview:	# xmfbox.tcl --.#.#.Implements the "Motif" style file selection dialog for the.#.Unix platform. This implementation is used only if the.#."::tk_strictMotif" flag is set..#.# Copyright (c) 1996 Sun Microsystems, Inc..# Copyright (c) 1998-2000 Scriptics Corporation.#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES...namespace eval ::tk::dialog {}.namespace eval ::tk::dialog::file {}...# ::tk::MotifFDialog --.#.#.Implements a file dialog similar to the standard Motif file.#.selection box..#.# Arguments:.#.type.."open" or "save".#.args..Options parsed by the procedure..#.# Results:.#.When -multiple is set to 0, this returns the absolute pathname.#.of the selected file. (NOTE: This is not the same as a single.#.element list.).#.#.When -multiple is set to > 0, this returns a Tcl list of absolute.# pathnames. The argument for -multiple is ignored, but for consistency.# with Windows it defines the max

C:\Users\user\AppData\Local\Namang\tk\is-4LKGV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	38373
Entropy (8bit):	5.143151103117394
Encrypted:	false
SSDEEP:
MD5:	21985684C432CB918A3E862517842F75
SHA1:	4DBACAEEF8454C1B08993D76857C5F09AA75405A
SHA-256:	AE448DF6FDBBA45D450ABEFEF12799F8362177B0B9FE06F3CA3CB0EDA5E6AA58
SHA-512:	AFEA6C47001455D7E40A5A7728FA4DFAD7BB66B02191E807BB15355847F5B265DEEE6015516807B10E1273710A3D03FAAC7856CB16EFA773813105B23A11960F
Malicious:	false
Preview:	# tkfbox.tcl --.#.#.Implements the "TK" standard file selection dialog box. This dialog.#.box is used on the Unix platforms whenever the tk_strictMotif flag is.#.not set..#.#.The "TK" standard file selection dialog box is similar to the file.#.selection dialog box on Win95(TM). The user can navigate the.#.directories by clicking on the folder icons or by selecting the.#."Directory" option menu. The user can select files by clicking on the.#.file icons or by entering a filename in the "Filename:" entry..#.# Copyright (c) 1994-1998 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..namespace eval ::tk::dialog {}.namespace eval ::tk::dialog::file {. namespace import -force ::tk::msgcat::*. variable showHiddenBtn 0. variable showHiddenVar 1.. # Create the images if they did not already exist.. if {![info exists ::tk::Priv(updirImage)]} {..set ::tk::Priv(updirImage)

C:\Users\user\AppData\Local\Namang\tk\is-4M37M.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15840
Entropy (8bit):	4.7139053935905535
Encrypted:	false
SSDEEP:
MD5:	9324DBBE37502E149474E05A3448B6E3
SHA1:	5584B4EE3BF25E95EE6919437D066586060B6E36
SHA-256:	CEB558FB76A2C85924CD5F7D3A64E77582E1D461DD9A3C10FEDB4608AD440F5B
SHA-512:	C688676452F89EC432E93A64AC369CC0B82B19D8D38D2C4034888551591F59D87548FAE12A98EE7735540779566DEB400C27BEAD2C141A9F971BAF9E61C218C6
Malicious:	false
Preview:	# fontchooser.tcl -.#.#.A themeable Tk font selection dialog. See TIP #324..#.# Copyright (C) 2008 Keith Vetter.# Copyright (C) 2008 Pat Thoyts <patthoyts@users.sourceforge.net>.#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES...namespace eval ::tk::fontchooser {. variable S.. set S(W) .__tk__fontchooser. set S(fonts) [lsort -dictionary [font families]]. set S(styles) [list \. [::msgcat::mc "Regular"] \. [::msgcat::mc "Italic"] \. [::msgcat::mc "Bold"] \. [::msgcat::mc "Bold Italic"] \. ].. set S(sizes) {8 9 10 11 12 14 16 18 20 22 24 26 28 36 48 72}. set S(strike) 0. set S(under) 0. set S(first) 1. set S(sampletext) [::msgcat::mc "AaBbYyZz01"]. set S(-parent) .. set S(-title) [::msgcat::mc "Font"]. set S(-command) "". set S(-font) TkDefaultFont.}..proc ::tk:

C:\Users\user\AppData\Local\Namang\tk\is-4NHVH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5142
Entropy (8bit):	4.672280480827932
Encrypted:	false
SSDEEP:
MD5:	214FA0731A27E33826F2303750B64784
SHA1:	C2DA41761FB7BAE38DDDEFA22AB57B337F54F5D8
SHA-256:	FB6B35ECB1438BB8A2D816B86FB0C55500C6EA8D24AECB359CC3C7D3B3C54DE0
SHA-512:	2E2A2412CBB090C0728333480B0E07C85087ED932974A235D5BC8C9725DE937520205D988872E1B5BEFA1E80201E046C500BC875A5CBD584A5099930EBBD115A
Malicious:	false
Preview:	# tearoff.tcl --.#.# This file contains procedures that implement tear-off menus..#.# Copyright (c) 1994 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# ::tk::TearoffMenu --.# Given the name of a menu, this procedure creates a torn-off menu.# that is identical to the given menu (including nested submenus)..# The new torn-off menu exists as a toplevel window managed by the.# window manager. The return value is the name of the new menu..# The window is created at the point specified by x and y.#.# Arguments:.# w -...The menu to be torn-off (duplicated)..# x -...x coordinate where window is created.# y -...y coordinate where window is created..proc ::tk::TearOffMenu {w {x 0} {y 0}} {. # Find a unique name to use for the torn-off menu. Find the first. # ancestor of w that is a toplevel but not a menu,

C:\Users\user\AppData\Local\Namang\tk\is-4R7C6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	32784
Entropy (8bit):	4.906598115585926
Encrypted:	false
SSDEEP:
MD5:	8B5B8B6D49F4CA36B8662923DCF9A46C
SHA1:	BCD6CA7451BDFB22311D9D54FBABB116D4A7A687
SHA-256:	7E1EAA998B1D661E9B4B72A4598A534B8311AB75D444525DD613EC73F8126750
SHA-512:	D7E20377E2FBD147A68E4B647D4F09A1894A203F2FA5435B09AD2B6998FFC2F70222BD2808B6A1D1B6A96271F04E7C7A4E6AB0EAE4C97C7C728A6645C499391F
Malicious:	false
Preview:	# console.tcl --.#.# This code constructs the console window for an application. It.# can be used by non-unix systems that do not have built-in support.# for shells..#.# Copyright (c) 1995-1997 Sun Microsystems, Inc..# Copyright (c) 1998-2000 Ajuba Solutions..# Copyright (c) 2007-2008 Daniel A. Steffen <das@users.sourceforge.net>.#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# TODO: history - remember partially written command..namespace eval ::tk::console {. variable blinkTime 500 ; # msecs to blink braced range for. variable blinkRange 1 ; # enable blinking of the entire braced range. variable magicKeys 1 ; # enable brace matching and proc/var recognition. variable maxLines 600 ; # maximum # of lines buffered in console. variable showMatches 1 ; # show multiple expand matches. variable useFontchooser [llength [info command ::tk::fontchooser]]. variable inPlugi

C:\Users\user\AppData\Local\Namang\tk\is-5TB2E.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8174
Entropy (8bit):	4.9180898441277705
Encrypted:	false
SSDEEP:
MD5:	ABE618A0891CD6909B945A2098C77D75
SHA1:	A322CCFB33FF73E4A4730B5B21DE4290F9D94622
SHA-256:	60B8579368BB3063F16D25F007385111E0EF8D97BB296B03656DC176E351E3CA
SHA-512:	2DF5A50F3CA7D21F43651651879BCAE1433FF44B0A7ECE349CCF73BECC4780160125B21F69348C97DCD60503FC79A6525DB723962197E8550B42D0AE257FD8E7
Malicious:	false
Preview:	# palette.tcl --.#.# This file contains procedures that change the color palette used.# by Tk..#.# Copyright (c) 1995-1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# ::tk_setPalette --.# Changes the default color scheme for a Tk application by setting.# default colors in the option database and by modifying all of the.# color options for existing widgets that have the default value..#.# Arguments:.# The arguments consist of either a single color name, which.# will be used as the new background color (all other colors will.# be computed from this) or an even number of values consisting of.# option names and values. The name for an option is the one used.# for the option database, such as activeForeground, not -activeforeground...proc ::tk_setPalette {args} {. if {[winfo depth .] == 1} {..# Just return on monochrome displays, otherwise errors will occur..return. }.

C:\Users\user\AppData\Local\Namang\tk\is-6J8OA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	23142
Entropy (8bit):	5.097142507145225
Encrypted:	false
SSDEEP:
MD5:	3250EC5B2EFE5BBE4D3EC271F94E5359
SHA1:	6A0FE910041C8DF4F3CDC19871813792E8CC4E4C
SHA-256:	E1067A0668DEBB2D8E8EC3B7BC1AEC3723627649832B20333F9369F28E4DFDBF
SHA-512:	F8E403F3D59D44333BCE2AA7917E6D8115BEC0FE5AE9A1306F215018B05056467643B7AA228154DDCED176072BC903DFB556CB2638F5C55C1285C376079E8FE3
Malicious:	false
Preview:	# tk.tcl --.#.# Initialization script normally executed in the interpreter for each Tk-based.# application. Arranges class bindings for widgets..#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1996 Sun Microsystems, Inc..# Copyright (c) 1998-2000 Ajuba Solutions..#.# See the file "license.terms" for information on usage and redistribution of.# this file, and for a DISCLAIMER OF ALL WARRANTIES...# Verify that we have Tk binary and script components from the same release.package require -exact Tk 8.6.9...# Create a ::tk namespace.namespace eval ::tk {. # Set up the msgcat commands. namespace eval msgcat {..namespace export mc mcmax. if {[interp issafe] \|\| [catch {package require msgcat}]} {. # The msgcat package is not available. Supply our own. # minimal replacement.. proc mc {src args} {. return [format $src {*}$args]. }. proc mcmax {args} {.

C:\Users\user\AppData\Local\Namang\tk\is-8SKFQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	38077
Entropy (8bit):	4.872052715667624
Encrypted:	false
SSDEEP:
MD5:	181ED74919F081EEB34269500E228470
SHA1:	953EB429F6D98562468327858ED0967BDC21B5AD
SHA-256:	564AC0040176CC5744E3860ABC36B5FFBC648DA20B26A710DC3414EAE487299B
SHA-512:	220E496B464575115BAF1DEDE838E70D5DDD6D199B5B8ACC1763E66D66801021B2D7CD0E1E1846868782116AD8A1F127682073D6EACD7E73F91BCED89F620109
Malicious:	false
Preview:	# menu.tcl --.#.# This file defines the default bindings for Tk menus and menubuttons..# It also implements keyboard traversal of menus and implements a few.# other utility procedures related to menus..#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..# Copyright (c) 1998-1999 by Scriptics Corporation..# Copyright (c) 2007 Daniel A. Steffen <das@users.sourceforge.net>.#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# Elements of tk::Priv that are used in this file:.#.# cursor -..Saves the -cursor option for the posted menubutton..# focus -..Saves the focus during a menu selection operation..#...Focus gets restored here when the menu is unposted..# grabGlobal -..Used in conjunction with tk::Priv(oldGrab): if.#...tk::Priv(oldGrab) is non-empty, then tk::Pr

C:\Users\user\AppData\Local\Namang\tk\is-9N53C.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8246
Entropy (8bit):	4.8180558683809425
Encrypted:	false
SSDEEP:
MD5:	11D758CEF126C5C2EDFC911237DF80F2
SHA1:	7911EAA0A8B6630D016D15730310935909632389
SHA-256:	DA84D32D1B447F7FFE7BBCAC0F7586B0B6DD204717C7AE1F182C6A91510EC77B
SHA-512:	9E2A767FBC62622C34F468958C861EE3AFE2A63005BAD80F1637045D045E1A82FB1D2698D948D375222EBD0B92514ACE99C12DF6D9CACF75ACD03EC8057494A7
Malicious:	false
Preview:	# bgerror.tcl --.#.#.Implementation of the bgerror procedure. It posts a dialog box with.#.the error message and gives the user a chance to see a more detailed.#.stack trace, and possible do something more interesting with that.#.trace (like save it to a log). This is adapted from work done by.#.Donal K. Fellows..#.# Copyright (c) 1998-2000 by Ajuba Solutions..# Copyright (c) 2007 by ActiveState Software Inc..# Copyright (c) 2007 Daniel A. Steffen <das@users.sourceforge.net>.# Copyright (c) 2009 Pat Thoyts <patthoyts@users.sourceforge.net>..namespace eval ::tk::dialog::error {. namespace import -force ::tk::msgcat::. namespace export bgerror. option add ErrorDialog.function.text [mc "Save To Log"] \..widgetDefault. option add ErrorDialog.function.command [namespace code SaveToLog]. option add ErrorDialogLabel.font TkCaptionFont widgetDefault. if {[tk windowingsystem] eq "aqua"} {..option add ErrorDialog*background systemAlertBackgroundActive \...widgetDefault.

C:\Users\user\AppData\Local\Namang\tk\is-A6F5Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5594
Entropy (8bit):	4.9941618573215525
Encrypted:	false
SSDEEP:
MD5:	7763C90F811620A6C1F0A36BAF9B89CA
SHA1:	30E24595DD683E470FE9F12814D27D6D266B511E
SHA-256:	F6929A5E0D18BC4C6666206C63AC4AAA66EDC4B9F456DFC083300CFA95A44BCD
SHA-512:	2E2887392C67D05EA85DB2E6BFD4AA27779BC82D3B607A7DD221A99EFF0D2A21A6BA47A4F2D2CDFC7CFECD7E93B2B38064C4D5A51406471AE142EC9CC71F5C48
Malicious:	false
Preview:	# obsolete.tcl --.#.# This file contains obsolete procedures that people really shouldn't.# be using anymore, but which are kept around for backward compatibility..#.# Copyright (c) 1994 The Regents of the University of California..# Copyright (c) 1994 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# The procedures below are here strictly for backward compatibility with.# Tk version 3.6 and earlier. The procedures are no longer needed, so.# they are no-ops. You should not use these procedures anymore, since.# they may be removed in some future release...proc tk_menuBar args {}.proc tk_bindForTraversal args {}..# ::tk::classic::restore --.#.# Restore the pre-8.5 (Tk classic) look as the widget defaults for classic.# Tk widgets..#.# The value following an 'option add' call is the new 8.5 value..#.namespace eval ::tk::classic {. # This may need to be adjusted for some windo

C:\Users\user\AppData\Local\Namang\tk\is-AHFVC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	20270
Entropy (8bit):	4.749624735829406
Encrypted:	false
SSDEEP:
MD5:	4AD192C43972A6A4834D1D5A7C511750
SHA1:	09CA39647AA1C14DB16014055E48A9B0237639BA
SHA-256:	8E8ECECFD6046FE413F37A91933EEA086E31959B3FBEB127AFDD05CD9141BE9A
SHA-512:	287FAADBC6F65FCC3EA9C1EC10B190712BB36A06D28E59F8D268EA585B4E6B13494BA111DFF6AC2EBF998578999C9C36965C714510FC21A9ACB65FF9B75097CB
Malicious:	false
Preview:	# Tcl autoload index file, version 2.0.# This file is generated by the "auto_mkindex" command.# and sourced to set up indexing information for one or.# more commands. Typically each line is a command that.# sets an element in the auto_index array, where the.# element name is the name of a command and the value is.# a script that loads the command...set auto_index(::tk::dialog::error::Return) [list source [file join $dir bgerror.tcl]].set auto_index(::tk::dialog::error::Details) [list source [file join $dir bgerror.tcl]].set auto_index(::tk::dialog::error::SaveToLog) [list source [file join $dir bgerror.tcl]].set auto_index(::tk::dialog::error::Destroy) [list source [file join $dir bgerror.tcl]].set auto_index(::tk::dialog::error::bgerror) [list source [file join $dir bgerror.tcl]].set auto_index(bgerror) [list source [file join $dir bgerror.tcl]].set auto_index(::tk::ButtonInvoke) [list source [file join $dir button.tcl]].set auto_index(::tk::ButtonAutoInvoke) [list source [file join

C:\Users\user\AppData\Local\Namang\tk\is-EE2KJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15640
Entropy (8bit):	5.001694129885997
Encrypted:	false
SSDEEP:
MD5:	9971530F110AC2FB7D7EC91789EA2364
SHA1:	AB553213C092EF077524ED56FC37DA29404C79A7
SHA-256:	5D6E939B44F630A29C4FCB1E2503690C453118607FF301BEF3C07FA980D5075A
SHA-512:	81B4CEC39B03FBECA59781AA54960F0A10A09733634F401D5553E1AAA3EBF12A110C9D555946FCDD70A9CC897514663840745241AD741DC440BB081A12DCF411
Malicious:	false
Preview:	# spinbox.tcl --.#.# This file defines the default bindings for Tk spinbox widgets and provides.# procedures that help in implementing those bindings. The spinbox builds.# off the entry widget, so it can reuse Entry bindings and procedures..#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..# Copyright (c) 1999-2000 Jeffrey Hobbs.# Copyright (c) 2000 Ajuba Solutions.#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# Elements of tk::Priv that are used in this file:.#.# afterId -..If non-null, it means that auto-scanning is underway.#...and it gives the "after" id for the next auto-scan.#...command to be executed..# mouseMoved -..Non-zero means the mouse has moved a significant.#...amount since the button went down (so, for example,.#...start dragging out a

C:\Users\user\AppData\Local\Namang\tk\is-EMO4U.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	16527
Entropy (8bit):	4.679051291122852
Encrypted:	false
SSDEEP:
MD5:	C93F295967350F7010207874992E01A5
SHA1:	CAE8EF749F7618326B3307DA7ED6DEBB380286DD
SHA-256:	52C5B87C99C142D5FC77E0C22B78B7CD63A4861756FD6B39648A2E9A8EDDE953
SHA-512:	F7E60211C0BC1ECEDE03022D622C5B9AAEAE3C203A60B6B034E1886F857C8FAD6BA6B1F7BA1EE7D733720775E7108F1BFD4C5B54A0F4919CE4EB43851D1190F8
Malicious:	false
Preview:	# msgbox.tcl --.#.#.Implements messageboxes for platforms that do not have native.#.messagebox support..#.# Copyright (c) 1994-1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# Ensure existence of ::tk::dialog namespace.#.namespace eval ::tk::dialog {}..image create bitmap ::tk::dialog::b1 -foreground black \.-data "#define b1_width 32\n#define b1_height 32.static unsigned char q1_bits[] = {. 0x00, 0xf8, 0x1f, 0x00, 0x00, 0x07, 0xe0, 0x00, 0xc0, 0x00, 0x00, 0x03,. 0x20, 0x00, 0x00, 0x04, 0x10, 0x00, 0x00, 0x08, 0x08, 0x00, 0x00, 0x10,. 0x04, 0x00, 0x00, 0x20, 0x02, 0x00, 0x00, 0x40, 0x02, 0x00, 0x00, 0x40,. 0x01, 0x00, 0x00, 0x80, 0x01, 0x00, 0x00, 0x80, 0x01, 0x00, 0x00, 0x80,. 0x01, 0x00, 0x00, 0x80, 0x01, 0x00, 0x00, 0x80, 0x01, 0x00, 0x00, 0x80,. 0x01, 0x00, 0x00, 0x80, 0x02, 0x00, 0x00, 0x40, 0x02, 0x00, 0x00, 0x40,. 0x04, 0x00, 0x00, 0x20, 0x08, 0x00,

C:\Users\user\AppData\Local\Namang\tk\is-ET87I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1586
Entropy (8bit):	4.733749898743743
Encrypted:	false
SSDEEP:
MD5:	D17FE676A057F373B44C9197114F5A69
SHA1:	9745C83EEC8565602F8D74610424848009FFA670
SHA-256:	76DBDBF9216678D48D1640F8FD1E278E7140482E1CAC7680127A9A425CC61DEE
SHA-512:	FF7D9EB64D4367BB11C567E64837CB1DAAA9BE0C8A498CAD00BF63AF45C1826632BC3A09E65D6F51B26EBF2D07285802813ED55C5D697460FC95AF30A943EF8F
Malicious:	false
Preview:	# optMenu.tcl --.#.# This file defines the procedure tk_optionMenu, which creates.# an option button and its associated menu..#.# Copyright (c) 1994 The Regents of the University of California..# Copyright (c) 1994 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# ::tk_optionMenu --.# This procedure creates an option button named $w and an associated.# menu. Together they provide the functionality of Motif option menus:.# they can be used to select one of many values, and the current value.# appears in the global variable varName, as well as in the text of.# the option menubutton. The name of the menu is returned as the.# procedure's result, so that the caller can use it to change configuration.# options on the menu or otherwise manipulate it..#.# Arguments:.# w -...The name to use for the menubutton..# varName -..Global variable to hold the currently selected value..# first

C:\Users\user\AppData\Local\Namang\tk\is-G729D.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2267
Entropy (8bit):	5.097909341674822
Encrypted:	false
SSDEEP:
MD5:	C88F99DECEC11AFA967AD33D314F87FE
SHA1:	58769F631EB2C8DED0C274AB1D399085CC7AA845
SHA-256:	2CDE822B93CA16AE535C954B7DFE658B4AD10DF2A193628D1B358F1765E8B198
SHA-512:	4CD59971A2614891B2F0E24FD8A42A706AE10A2E54402D774E5DAA5F6A37DE186F1A45B1722A7C0174F9F80625B13D7C9F48FDB03A7DDBC6E6881F56537B5478
Malicious:	false
Preview:	This software is copyrighted by the Regents of the University of.California, Sun Microsystems, Inc., Scriptics Corporation, ActiveState.Corporation, Apple Inc. and other parties. The following terms apply to.all files associated with the software unless explicitly disclaimed in.individual files...The authors hereby grant permission to use, copy, modify, distribute,.and license this software and its documentation for any purpose, provided.that existing copyright notices are retained in all copies and that this.notice is included verbatim in any distributions. No written agreement,.license, or royalty fee is required for any of the authorized uses..Modifications to this software may be copyrighted by their authors.and need not follow the licensing terms described here, provided that.the new terms are clearly indicated on the first page of each file where.they apply...IN NO EVENT SHALL THE AUTHORS OR DISTRIBUTORS BE LIABLE TO ANY PARTY.FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQ

C:\Users\user\AppData\Local\Namang\tk\is-GFK3F.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12748
Entropy (8bit):	5.026700023745507
Encrypted:	false
SSDEEP:
MD5:	4CBFFC4E6B3F56A5890E3F7C31C6C378
SHA1:	75DB5205B311F55D1CA1D863B8688A628BF6012A
SHA-256:	6BA3E2D62BD4856D7D7AE87709FCAA23D81EFC38C375C6C5D91639555A84C35D
SHA-512:	65DF7AE09E06C200A8456748DC89095BB8417253E01EC4FDAFB28A84483147DDC77AAF6B49BE9E18A326A94972086A99044BEE3CE5CF8026337DFC6972C92C04
Malicious:	false
Preview:	# scrlbar.tcl --.#.# This file defines the default bindings for Tk scrollbar widgets..# It also provides procedures that help in implementing the bindings..#.# Copyright (c) 1994 The Regents of the University of California..# Copyright (c) 1994-1996 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# The code below creates the default class bindings for scrollbars..#-------------------------------------------------------------------------..# Standard Motif bindings:.if {[tk windowingsystem] eq "x11" \|\| [tk windowingsystem] eq "aqua"} {..bind Scrollbar <Enter> {. if {$tk_strictMotif} {..set tk::Priv(activeBg) [%W cget -activebackground]..%W configure -activebackground [%W cget -background]. }. %W activate [%W identify %x %y].}.bind Scrollbar <Motion> {. %W activate [%W identify %x %y].}..# The

C:\Users\user\AppData\Local\Namang\tk\is-GHT2V.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	16950
Entropy (8bit):	4.934745561122632
Encrypted:	false
SSDEEP:
MD5:	BE28D16510EE78ECC048B2446EE9A11A
SHA1:	4829D6E8AB8A283209FB4738134B03B7BD768BAD
SHA-256:	8F57A23C5190B50FAD00BDEE9430A615EBEBFC47843E702374AE21BEB2AD8B06
SHA-512:	F56AF7020531249BC26D88B977BAFFC612B6566146730A681A798FF40BE9EBC04D7F80729BAFE0B9D4FAC5B0582B76F9530F3FE376D42A738C9BC4B3B442DF1F
Malicious:	false
Preview:	# entry.tcl --.#.# This file defines the default bindings for Tk entry widgets and provides.# procedures that help in implementing those bindings..#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# Elements of tk::Priv that are used in this file:.#.# afterId -..If non-null, it means that auto-scanning is underway.#...and it gives the "after" id for the next auto-scan.#...command to be executed..# mouseMoved -..Non-zero means the mouse has moved a significant.#...amount since the button went down (so, for example,.#...start dragging out a selection)..# pressX -..X-coordinate at which the mouse button was pressed..# selectMode -..The style of selection currently underway:.#...char, word, or line..# x, y -..La

C:\Users\user\AppData\Local\Namang\tk\is-H4VQI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4857
Entropy (8bit):	4.7675047842795895
Encrypted:	false
SSDEEP:
MD5:	7EA007F00BF194722FF144BE274C2176
SHA1:	6835A515E85A9E55D5A27073DAE1F1A5D7424513
SHA-256:	40D4E101A64B75361F763479B01207AE71535337E79CE6E162265842F6471EED
SHA-512:	E2520EB065296C431C71DBBD5503709CF61F93E74FE324F4F8F3FE13131D62435B1E124D38E2EC84939B92198A54B8A71DFC0A8D32F0DD94139C54068FBCAAF2
Malicious:	false
Preview:	# focus.tcl --.#.# This file defines several procedures for managing the input.# focus..#.# Copyright (c) 1994-1995 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# ::tk_focusNext --.# This procedure returns the name of the next window after "w" in.# "focus order" (the window that should receive the focus next if.# Tab is typed in w). "Next" is defined by a pre-order search.# of a top-level and its non-top-level descendants, with the stacking.# order determining the order of siblings. The "-takefocus" options.# on windows determine whether or not they should be skipped..#.# Arguments:.# w -..Name of a window...proc ::tk_focusNext w {. set cur $w. while {1} {...# Descend to just before the first child of the current widget....set parent $cur..set children [winfo children $cur]..set i -1...# Look for the next sibling that isn't a top-level....while {1} {.. incr i..

C:\Users\user\AppData\Local\Namang\tk\is-HUT45.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5176
Entropy (8bit):	4.933519639131517
Encrypted:	false
SSDEEP:
MD5:	2DA0A23CC9D6FD970FE00915EA39D8A2
SHA1:	DFE3DC663C19E9A50526A513043D2393869D8F90
SHA-256:	4ADF738B17691489C71C4B9D9A64B12961ADA8667B81856F7ADBC61DFFEADF29
SHA-512:	B458F3D391DF9522D4E7EAE8640AF308B4209CE0D64FD490BFC0177FDE970192295C1EA7229CE36D14FC3E582C7649460B8B7B0214E0FF5629B2B430A99307D4
Malicious:	false
Preview:	# panedwindow.tcl --.#.# This file defines the default bindings for Tk panedwindow widgets and.# provides procedures that help in implementing those bindings...bind Panedwindow <Button-1> { ::tk::panedwindow::MarkSash %W %x %y 1 }.bind Panedwindow <Button-2> { ::tk::panedwindow::MarkSash %W %x %y 0 }..bind Panedwindow <B1-Motion> { ::tk::panedwindow::DragSash %W %x %y 1 }.bind Panedwindow <B2-Motion> { ::tk::panedwindow::DragSash %W %x %y 0 }..bind Panedwindow <ButtonRelease-1> {::tk::panedwindow::ReleaseSash %W 1}.bind Panedwindow <ButtonRelease-2> {::tk::panedwindow::ReleaseSash %W 0}..bind Panedwindow <Motion> { ::tk::panedwindow::Motion %W %x %y }..bind Panedwindow <Leave> { ::tk::panedwindow::Leave %W }..# Initialize namespace.namespace eval ::tk::panedwindow {}..# ::tk::panedwindow::MarkSash --.#.# Handle marking the correct sash for possible dragging.#.# Arguments:.# w..the widget.# x..widget local x coord.# y..widget local y coord.# proxy.whether this should be a prox

C:\Users\user\AppData\Local\Namang\tk\is-KLM0Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	29352
Entropy (8bit):	5.110577585375791
Encrypted:	false
SSDEEP:
MD5:	5F3793E7E582111C17C85E23194AEFD5
SHA1:	925D973B70252384D1DE9B388C6C2038E646FDDF
SHA-256:	0AC9D11D4046EF4D8E6D219F6941BF69C6AE448C6A1C2F7FC382F84B5786F660
SHA-512:	2922546BA69232DBC205FE83EF54916E334E7AC93B7A26A208341F9C101209DA84C73F48C52BDB8E63E71A545853652B86378EBEB88F000BC16FCFB0EF5D8517
Malicious:	false
Preview:	# mkpsenc.tcl --.#.# This file generates the postscript prolog used by Tk...namespace eval ::tk {. # Creates Postscript encoding vector for ISO-8859-1 (could theoretically. # handle any 8-bit encoding, but Tk never generates characters outside. # ASCII).. #. proc CreatePostscriptEncoding {} {..variable psglyphs..# Now check for known. Even if it is known, it can be other than we..# need. GhostScript seems to be happy with such approach..set result "\[\n"..for {set i 0} {$i<256} {incr i 8} {.. for {set j 0} {$j<8} {incr j} {...set enc [encoding convertfrom "iso8859-1" \....[format %c [expr {$i+$j}]]]...catch {... set hexcode {}... set hexcode [format %04X [scan $enc %c]]...}...if {[info exists psglyphs($hexcode)]} {... append result "/$psglyphs($hexcode)"...} else {... append result "/space"...}.. }.. append result "\n"..}..append result "\]"..return $result. }.. # List of adobe glyph names. Converted from glyphlist.txt, downloaded from. # Ad

C:\Users\user\AppData\Local\Namang\tk\is-KNKGH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10883
Entropy (8bit):	6.026473720997027
Encrypted:	false
SSDEEP:
MD5:	2652AAD862E8FE06A4EEDFB521E42B75
SHA1:	ED22459AD3D192AB05A01A25AF07247B89DC6440
SHA-256:	A78388D68600331D06BB14A4289BC1A46295F48CEC31CEFF5AE783846EA4D161
SHA-512:	6ECFBB8D136444A5C0DBBCE2D8A4206F1558BDD95F111D3587B095904769AC10782A9EA125D85033AD6532EDF3190E86E255AC0C0C81DC314E02D95CCA86B596
Malicious:	false
Preview:	# icons.tcl --.#.#.A set of stock icons for use in Tk dialogs. The icons used here.#.were provided by the Tango Desktop project which provides a.#.unified set of high quality icons licensed under the.#.Creative Commons Attribution Share-Alike license.#.(http://creativecommons.org/licenses/by-sa/3.0/).#.#.See http://tango.freedesktop.org/Tango_Desktop_Project.#.# Copyright (c) 2009 Pat Thoyts <patthoyts@users.sourceforge.net>..namespace eval ::tk::icons {}..image create photo ::tk::icons::warning -data {. iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAABHNCSVQICAgIfAhkiAAABSZJREFU. WIXll1toVEcYgL+Zc87u2Yu7MYmrWRuTJuvdiMuqiJd4yYKXgMQKVkSjFR80kFIVJfWCWlvpg4h9. 8sXGWGof8iKNICYSo6JgkCBEJRG8ImYThNrNxmaTeM7pQ5IlJkabi0/9YZhhZv7///4z/8zPgf+7. KCNRLgdlJijXwRyuDTlcxV9hbzv8nQmxMjg+XDtiOEplkG9PSfkztGmTgmFQd+FCVzwa3fYN/PHZ. AcpBaReicW5xcbb64IEQqko8Lc26d/58cxS+/BY6hmJvyEfQBoUpwWCmW1FErKaGWHU13uRk4QkE. UtxQNFR7QwIoB4eiKD9PWbVKbb10CZmaCqmpxCormRYO26QQx85B0mcD+AeK0xYvHqu1tNDx+DH6. g

C:\Users\user\AppData\Local\Namang\tk\is-LEJK3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7766
Entropy (8bit):	4.933555104215445
Encrypted:	false
SSDEEP:
MD5:	1CE32CDAEB04C75BFCEEA5FB94B8A9F0
SHA1:	CC7614C9EADE999963EE78B422157B7B0739894C
SHA-256:	58C662DD3D2C653786B05AA2C88831F4E971B9105E4869D866FB6186E83ED365
SHA-512:	1EE5A187615AE32F17936931B30FEA9551F9E3022C1F45A2BCA81624404F4E68022FCF0B03FBD61820EC6958983A8F2FBFC3AD2EC158433F8E8DE9B8FCF48476
Malicious:	false
Preview:	# scale.tcl --.#.# This file defines the default bindings for Tk scale widgets and provides.# procedures that help in implementing the bindings..#.# Copyright (c) 1994 The Regents of the University of California..# Copyright (c) 1994-1995 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# The code below creates the default class bindings for entries..#-------------------------------------------------------------------------..# Standard Motif bindings:..bind Scale <Enter> {. if {$tk_strictMotif} {..set tk::Priv(activeBg) [%W cget -activebackground]..%W configure -activebackground [%W cget -background]. }. tk::ScaleActivate %W %x %y.}.bind Scale <Motion> {. tk::ScaleActivate %W %x %y.}.bind Scale <Leave> {. if {$tk_strictMotif} {..%W configure -activebackground $tk::Priv(activeBg). }.

C:\Users\user\AppData\Local\Namang\tk\is-LVEIF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7381
Entropy (8bit):	4.833263771361282
Encrypted:	false
SSDEEP:
MD5:	EFC567E407C48BF2BE4E09CB18DEFC11
SHA1:	EDEDB6776963B7D629C6ACE9440D24EB78DEA878
SHA-256:	9708F5A1E81E1C3FEAF189020105BE28D27AA8808FF9FB2DCCA040500CF2642A
SHA-512:	BDA5F92BD2F7B9CD29C5A732EC77A71291778A0EC3EABE81575C55DE3E207F663BA28DA4C95174045A74EFFF71B95D907C9D056BAA9E585E6F6DC14A133760BC
Malicious:	false
Preview:	# safetk.tcl --.#.# Support procs to use Tk in safe interpreters..#.# Copyright (c) 1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES...# see safetk.n for documentation..#.#.# Note: It is now ok to let untrusted code being executed.# between the creation of the interp and the actual loading.# of Tk in that interp because the C side Tk_Init will.# now look up the master interp and ask its safe::TkInit.# for the actual parameters to use for it's initialization (if allowed),.# not relying on the slave state..#..# We use opt (optional arguments parsing).package require opt 0.4.1;..namespace eval ::safe {.. # counter for safe toplevels. variable tkSafeId 0.}..#.# tkInterpInit : prepare the slave interpreter for tk loading.# most of the real job is done by loadTk.# returns the slave name (tkInterpInit does).#.proc ::safe::tkInterpIni

C:\Users\user\AppData\Local\Namang\tk\is-PH0JK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	33155
Entropy (8bit):	4.908284262811967
Encrypted:	false
SSDEEP:
MD5:	03CC27E28E0CFCE1B003C3E936797AB0
SHA1:	C7FE5AE7F35C86EC3724F6A111EAAF2C1A18ABE9
SHA-256:	BCCC1039F0EB331C4BB6BD5848051BB745F242016952723478C93B009F63D254
SHA-512:	5091B10EE8446E6853EF7060EC13AB8CADA0D6448F9081FEBD07546C061F69FC273BBF23BA7AF05D8359E618DD68A5C27F0453480FE3F26E744DB19BFCD115C7
Malicious:	false
Preview:	# text.tcl --.#.# This file defines the default bindings for Tk text widgets and provides.# procedures that help in implementing the bindings..#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..# Copyright (c) 1998 by Scriptics Corporation..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# Elements of ::tk::Priv that are used in this file:.#.# afterId -..If non-null, it means that auto-scanning is underway.#...and it gives the "after" id for the next auto-scan.#...command to be executed..# char -..Character position on the line; kept in order.#...to allow moving up or down past short lines while.#...still remembering the desired position..# mouseMoved -..Non-zero means the mouse has moved a significant.#...amount since the button went down (so, for exampl

C:\Users\user\AppData\Local\Namang\tk\is-Q38TK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15978
Entropy (8bit):	4.8947909611129905
Encrypted:	false
SSDEEP:
MD5:	105529990CEE968AA5EE3BC827A81A0F
SHA1:	559BD1AABD1D4719EDB60448CF111F78365A57A9
SHA-256:	DE0195CCFB6482CCA390C94E91B7877F47742E7A9468CAF362B39AA36305D33C
SHA-512:	03CB42DFF7AC4F801AA7FFE8A4F07555CCE6874AA1B7F568ACF0299E4DD7F440179838485777F15183EE7C057CCB35868672B1783FBFE67B51D97DBBDAC85281
Malicious:	false
Preview:	# iconlist.tcl.#.#.Implements the icon-list megawidget used in the "Tk" standard file.#.selection dialog boxes..#.# Copyright (c) 1994-1998 Sun Microsystems, Inc..# Copyright (c) 2009 Donal K. Fellows.#.# See the file "license.terms" for information on usage and redistribution of.# this file, and for a DISCLAIMER OF ALL WARRANTIES..#.# API Summary:.#.tk::IconList <path> ?<option> <value>? ....#.<path> add <imageName> <itemList>.#.<path> cget <option>.#.<path> configure ?<option>? ?<value>? ....#.<path> deleteall.#.<path> destroy.#.<path> get <itemIndex>.#.<path> index <index>.#.<path> invoke.#.<path> see <index>.#.<path> selection anchor ?<int>?.#.<path> selection clear <first> ?<last>?.#.<path> selection get.#.<path> selection includes <item>.#.<path> selection set <first> ?<last>?...package require Tk 8.6..::tk::Megawidget create ::tk::IconList ::tk::FocusableWidget {. variable w canvas sbar accel accelCB fill font index \..itemList itemsPerColumn list maxIH maxIW maxTH maxTW noSc

C:\Users\user\AppData\Local\Namang\tk\is-R6I91.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	14594
Entropy (8bit):	4.895853767062079
Encrypted:	false
SSDEEP:
MD5:	C33963D3A512F2E728F722E584C21552
SHA1:	75499CFA62F2DA316915FADA2580122DC3318BAD
SHA-256:	39721233855E97BFA508959B6DD91E1924456E381D36FDFC845E589D82B1B0CC
SHA-512:	EA01D8CB36D446ACE31C5D7E50DFAE575576FD69FD5D413941EEBBA7CCC1075F6774AF3C69469CD7BAF6E1068AA5E5B4C560F550EDD2A8679124E48C55C8E8D7
Malicious:	false
Preview:	# listbox.tcl --.#.# This file defines the default bindings for Tk listbox widgets.# and provides procedures that help in implementing those bindings..#.# Copyright (c) 1994 The Regents of the University of California..# Copyright (c) 1994-1995 Sun Microsystems, Inc..# Copyright (c) 1998 by Scriptics Corporation..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES...#--------------------------------------------------------------------------.# tk::Priv elements used in this file:.#.# afterId -..Token returned by "after" for autoscanning..# listboxPrev -.The last element to be selected or deselected.#...during a selection operation..# listboxSelection -.All of the items that were selected before the.#...current selection operation (such as a mouse.#...drag) started; used to cancel an operation..#--------------------------------------------------------------------------..#-------------------------------------

C:\Users\user\AppData\Local\Namang\tk\is-SB1N9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9569
Entropy (8bit):	4.736161258754494
Encrypted:	false
SSDEEP:
MD5:	7176A4FE8EC3EA648854F1FC1BB2EA89
SHA1:	28D96419585881C6222BC917EDB9A5863E7C519B
SHA-256:	D454FC4E25D9DFC704556A689A17AA6F3D726F99592995952BC6492FC8F19F6E
SHA-512:	8C33E1CD3490945DDC5DA0585E655A7FC78C9950886F68C096D103AE510C1024632AB3D41E9573937BB4359D365FFB8F5A10B1CA7BFBD37442F40985107C1C8D
Malicious:	false
Preview:	# megawidget.tcl.#.#.Basic megawidget support classes. Experimental for any use other than.#.the ::tk::IconList megawdget, which is itself only designed for use in.#.the Unix file dialogs..#.# Copyright (c) 2009-2010 Donal K. Fellows.#.# See the file "license.terms" for information on usage and redistribution of.# this file, and for a DISCLAIMER OF ALL WARRANTIES..#..package require Tk 8.6...::oo::class create ::tk::Megawidget {. superclass ::oo::class. method unknown {w args} {..if {[string match .* $w]} {.. [self] create $w {}$args.. return $w..}..next $w {}$args. }. unexport new unknown. self method create {name superclasses body} {..next $name [list \...superclass ::tk::MegawidgetClass {*}$superclasses]\;$body. }.}..::oo::class create ::tk::MegawidgetClass {. variable w hull options IdleCallbacks. constructor args {..# Extract the "widget name" from the object name..set w [namespace tail [self]]...# Configure things..tclParseConfigSpec [my varname op

C:\Users\user\AppData\Local\Namang\tk\is-TI5DV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9652
Entropy (8bit):	4.750454352074374
Encrypted:	false
SSDEEP:
MD5:	E703C16058E7F783E9BB4357F81B564D
SHA1:	1EDA07870078FC4C3690B54BB5330A722C75AA05
SHA-256:	30CE631CB1CCCD20570018162C6FFEF31BAD378EF5B2DE2D982C96E65EB62EF6
SHA-512:	28617F8553766CA7A66F438624AFA5FD7780F93DC9EBDF9BEE865B5649228AA56A69189218FC436CEDF2E5FE3162AD88839CBF49C9CC051238A7559B5C3BA726
Malicious:	false
Preview:	# choosedir.tcl --.#.#.Choose directory dialog implementation for Unix/Mac..#.# Copyright (c) 1998-2000 by Scriptics Corporation..# All rights reserved...# Make sure the tk::dialog namespace, in which all dialogs should live, exists.namespace eval ::tk::dialog {}.namespace eval ::tk::dialog::file {}..# Make the chooseDir namespace inside the dialog namespace.namespace eval ::tk::dialog::file::chooseDir {. namespace import -force ::tk::msgcat::*.}..# ::tk::dialog::file::chooseDir:: --.#.#.Implements the TK directory selection dialog..#.# Arguments:.#.args..Options parsed by the procedure..#.proc ::tk::dialog::file::chooseDir:: {args} {. variable ::tk::Priv. set dataName __tk_choosedir. upvar ::tk::dialog::file::$dataName data. Config $dataName $args.. if {$data(-parent) eq "."} {. set w .$dataName. } else {. set w $data(-parent).$dataName. }.. # (re)create the dialog box if necessary. #. if {![winfo exists $w]} {..::tk::dialog::file::Create

C:\Users\user\AppData\Local\Namang\tk\is-UFIL0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	363
Entropy (8bit):	4.977735142707899
Encrypted:	false
SSDEEP:
MD5:	A6448AF2C8FAFC9A4F42EACA6BF6AB2E
SHA1:	0B295B46B6DF906E89F40A907022068BC6219302
SHA-256:	CD44EE7F76C37C0C522BD0CFCA41C38CDEDDC74392B2191A3AF1A63D9D18888E
SHA-512:	5B1A8CA5B09B7281DE55460D21D5195C4EE086BEBDC35FA561001181490669FFC67D261F99EAA900467FE97E980EB733C5FFBF9D8C541EDE18992BF4A435C749
Malicious:	false
Preview:	if {[catch {package present Tcl 8.6.0}]} { return }.if {($::tcl_platform(platform) eq "unix") && ([info exists ::env(DISPLAY)]..\|\| ([info exists ::argv] && ("-display" in $::argv)))} {. package ifneeded Tk 8.6.9 [list load [file join $dir .. .. bin libtk8.6.dll] Tk].} else {. package ifneeded Tk 8.6.9 [list load [file join $dir .. .. bin tk86t.dll] Tk].}.

C:\Users\user\AppData\Local\Namang\tk\is-VFQH3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6025
Entropy (8bit):	4.79563398407639
Encrypted:	false
SSDEEP:
MD5:	EAC165BD7EA915B44FAEC016250E0B06
SHA1:	7D205F2720E00FBDA5C0AA908CAC3F66BBC84E56
SHA-256:	6D7BD4A280272E7A2748555CFFFF4FCA7CC57CE611AEB2382E3C80CDD1868D22
SHA-512:	22D5794E1FF3B94365C560A310CC17B4A27BEA87DBF423DFB44273443477372013B19ED33E170EAB15A1F06BA9186BA2FC184A3751449E7EDC760D23A12B1666
Malicious:	false
Preview:	# dialog.tcl --.#.# This file defines the procedure tk_dialog, which creates a dialog.# box containing a bitmap, a message, and one or more buttons..#.# Copyright (c) 1992-1993 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#.# ::tk_dialog:.#.# This procedure displays a dialog box, waits for a button in the dialog.# to be invoked, then returns the index of the selected button. If the.# dialog somehow gets destroyed, -1 is returned..#.# Arguments:.# w -..Window to use for dialog top-level..# title -.Title to display in dialog's decorative frame..# text -.Message to display in dialog..# bitmap -.Bitmap to display in dialog (empty string means none)..# default -.Index of button that is to display the default ring.#..(-1 means none)..# args -.One or more strings to display in buttons across the.#..bottom of t

C:\Users\user\AppData\Local\Namang\tk\msgs\is-5AF7M.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3286
Entropy (8bit):	4.214322279125194
Encrypted:	false
SSDEEP:
MD5:	64725ED622DBF1CB3F00479BA84157D7
SHA1:	575429AEABAF6640425AC1BC397B3382C1ED1122
SHA-256:	673C76A48ADA09A154CB038534BF90E3B9C0BA5FD6B1619DB33507DE65553362
SHA-512:	4EBDCAB20D095789BB8D94476CCFD29DEE8DFCF96F1C2030387F0521827A140E22BBB0DAD4B73EABE26D70E1642C9981BC5CBBF0045FEABB9EF98C7CDB67795E
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset en "&Abort". ::msgcat::mcset en "&About...". ::msgcat::mcset en "All Files". ::msgcat::mcset en "Application Error". ::msgcat::mcset en "&Apply". ::msgcat::mcset en "Bold". ::msgcat::mcset en "Bold Italic". ::msgcat::mcset en "&Blue". ::msgcat::mcset en "Cancel". ::msgcat::mcset en "&Cancel". ::msgcat::mcset en "Cannot change to the directory \"%1\$s\".\nPermission denied.". ::msgcat::mcset en "Choose Directory". ::msgcat::mcset en "Cl&ear". ::msgcat::mcset en "&Clear Console". ::msgcat::mcset en "Color". ::msgcat::mcset en "Console". ::msgcat::mcset en "&Copy". ::msgcat::mcset en "Cu&t". ::msgcat::mcset en "&Delete". ::msgcat::mcset en "Details >>". ::msgcat::mcset en "Directory \"%1\$s\" does not exist.". ::msgcat::mcset en "&Directory:". ::msgcat::mcset en "&Edit". ::msgcat::mcset en "Effects". ::msgcat::mcset en "Error: %1\$s". ::msgcat::mcset en "E&xit". ::msgcat

C:\Users\user\AppData\Local\Namang\tk\msgs\is-6H2K8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8698
Entropy (8bit):	4.296709418881547
Encrypted:	false
SSDEEP:
MD5:	C802EA5388476451CD76934417761AA6
SHA1:	25531DF6262E3B1170055735C5A874B9124FEA83
SHA-256:	1D56D0A7C07D34BB8165CBA47FA49351B8BC5A9DB244290B9601C5885D16155C
SHA-512:	251FABBE8B596C74BC1231823C60F5F99CF55A29212327723F5DBE604F678E8E464F2D604D1049754B7C02350712B83BCF4D9542D8167F3CAB9C9B7E5C88EC7D
Malicious:	false
Preview:	## Messages for the Greek (Hellenic - "el") language..## Please report any changes/suggestions to:.## petasis@iit.demokritos.gr..namespace eval ::tk {. ::msgcat::mcset el "&Abort" "\u03a4\u03b5\u03c1\u03bc\u03b1\u03c4\u03b9\u03c3\u03bc\u03cc\u03c2". ::msgcat::mcset el "About..." "\u03a3\u03c7\u03b5\u03c4\u03b9\u03ba\u03ac...". ::msgcat::mcset el "All Files" "\u038c\u03bb\u03b1 \u03c4\u03b1 \u0391\u03c1\u03c7\u03b5\u03af\u03b1". ::msgcat::mcset el "Application Error" "\u039b\u03ac\u03b8\u03bf\u03c2 \u0395\u03c6\u03b1\u03c1\u03bc\u03bf\u03b3\u03ae\u03c2". ::msgcat::mcset el "&Blue" "\u039c\u03c0\u03bb\u03b5". ::msgcat::mcset el "&Cancel" "\u0391\u03ba\u03cd\u03c1\u03c9\u03c3\u03b7". ::msgcat::mcset el \."Cannot change to the directory \"%1\$s\".\nPermission denied." \."\u0394\u03b5\u03bd \u03b5\u03af\u03bd\u03b1\u03b9 \u03b4\u03c5\u03bd\u03b1\u03c4\u03ae \u03b7 \u03b1\u03bb\u03bb\u03b1\u03b3\u03ae \u03ba\u

C:\Users\user\AppData\Local\Namang\tk\msgs\is-7BFL3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3832
Entropy (8bit):	4.609382297476727
Encrypted:	false
SSDEEP:
MD5:	DB1712B1C1FF0E3A46F8E86FBB78AA4D
SHA1:	28D9DB9CBEE791C09BD272D9C2A6C3DA80EB89EA
SHA-256:	B76EBFA21BC1E937A04A04E5122BE64B5CDEE1F47C7058B71D8B923D70C3B17B
SHA-512:	F79CD72DCD6D1B4212A5058DA5A020E8A157E72E6D84CAFB96463E76C1CED5AC367A2295EF743FDE70C9AB1CF2F4D88A4A73300DFD4F799AA3ECDA6FBF04E588
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset sv "&Abort" "&Avsluta". ::msgcat::mcset sv "&About..." "&Om...". ::msgcat::mcset sv "All Files" "Samtliga filer". ::msgcat::mcset sv "Application Error" "Programfel". ::msgcat::mcset sv "&Blue" "&Bl\u00e5". ::msgcat::mcset sv "Cancel" "Avbryt". ::msgcat::mcset sv "&Cancel" "&Avbryt". ::msgcat::mcset sv "Cannot change to the directory \"%1\$s\".\nPermission denied." "Kan ej n\u00e5 mappen \"%1\$s\".\nSaknar r\u00e4ttigheter.". ::msgcat::mcset sv "Choose Directory" "V\u00e4lj mapp". ::msgcat::mcset sv "Cl&ear" "&Radera". ::msgcat::mcset sv "&Clear Console" "&Radera konsollen". ::msgcat::mcset sv "Color" "F\u00e4rg". ::msgcat::mcset sv "Console" "Konsoll". ::msgcat::mcset sv "&Copy" "&Kopiera". ::msgcat::mcset sv "Cu&t" "Klipp u&t". ::msgcat::mcset sv "&Delete" "&Radera". ::msgcat::mcset sv "Details >>" "Detaljer >>". ::msgcat::mcset sv "Directory \"%1\$s\" does not exist." "Mappen \"%1\$s\" finns

C:\Users\user\AppData\Local\Namang\tk\msgs\is-8JOUP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4841
Entropy (8bit):	4.754441208797498
Encrypted:	false
SSDEEP:
MD5:	17B63EFE0A99F44D27DD41C4CC0A8A7B
SHA1:	3E45C0102B287908D770A31D1906678E785088C2
SHA-256:	1993B4EC2DC009D2E6CA185D0BD565D3F33A4EFA79BACA39E4F97F574D63F305
SHA-512:	F8B9E7BC76A4ED5F948A9E505F3B1A321E322DD57CF88BEF36B6A9AF793462E45432709402151B4BB520B12B089A043CA23FF86106ED7B5C73DFBB6E233907F4
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset pl "&Abort" "&Przerwij". ::msgcat::mcset pl "&About..." "O programie...". ::msgcat::mcset pl "All Files" "Wszystkie pliki". ::msgcat::mcset pl "Application Error" "B\u0142\u0105d w programie". ::msgcat::mcset pl "&Apply" "Zastosuj". ::msgcat::mcset pl "Bold" "Pogrubienie". ::msgcat::mcset pl "Bold Italic" "Pogrubiona kursywa". ::msgcat::mcset pl "&Blue" "&Niebieski". ::msgcat::mcset pl "Cancel" "Anuluj". ::msgcat::mcset pl "&Cancel" "&Anuluj". ::msgcat::mcset pl "Cannot change to the directory \"%1\$s\".\nPermission denied." "Nie mo\u017cna otworzy\u0107 katalogu \"%1\$s\".\nOdmowa dost\u0119pu.". ::msgcat::mcset pl "Choose Directory" "Wybierz katalog". ::msgcat::mcset pl "Cl&ear" "&Wyczy\u015b\u0107". ::msgcat::mcset pl "&Clear Console" "&Wyczy\u015b\u0107 konsol\u0119". ::msgcat::mcset pl "Color" "Kolor". ::msgcat::mcset pl "Console" "Konsola". ::msgcat::mcset pl "&Copy" "&Kopiuj". ::msgcat::

C:\Users\user\AppData\Local\Namang\tk\msgs\is-96R99.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4466
Entropy (8bit):	4.472386382725933
Encrypted:	false
SSDEEP:
MD5:	B628EAFD489335ED620014B56821B792
SHA1:	8F6AFF68B42B747D30870D6DA7E058294921406A
SHA-256:	D3D07AAD792C0E83F4704B304931EA549D12CBB3D99A573D9815E954A5710707
SHA-512:	C33D097D2897D20F75A197E30B859DC83C8B4E42F260150BC7205918779D77A8C2390BE65376622F6705C38ECDF6F14B6ABAD29EDE3DE79603025BBBC39BEBC7
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset nl "&Abort" "&Afbreken". ::msgcat::mcset nl "&About..." "Over...". ::msgcat::mcset nl "All Files" "Alle Bestanden". ::msgcat::mcset nl "Application Error" "Toepassingsfout". ::msgcat::mcset nl "&Apply" "Toepassen". ::msgcat::mcset nl "Bold" "Vet". ::msgcat::mcset nl "Bold Italic" "Vet Cursief". ::msgcat::mcset nl "&Blue" "&Blauw". ::msgcat::mcset nl "Cancel" "Annuleren". ::msgcat::mcset nl "&Cancel" "&Annuleren". ::msgcat::mcset nl "Cannot change to the directory \"%1\$s\".\nPermission denied." "Kan niet naar map \"%1\$s\" gaan.\nU heeft hiervoor geen toestemming.". ::msgcat::mcset nl "Choose Directory" "Kies map". ::msgcat::mcset nl "Cl&ear" "Wissen". ::msgcat::mcset nl "&Clear Console" "&Wis Console". ::msgcat::mcset nl "Color" "Kleur". ::msgcat::mcset nl "Console". ::msgcat::mcset nl "&Copy" "Kopi\u00ebren". ::msgcat::mcset nl "Cu&t" "Knippen". ::msgcat::mcset nl "&Delete" "Wissen". ::

C:\Users\user\AppData\Local\Namang\tk\msgs\is-BMI2Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3692
Entropy (8bit):	4.444986253861924
Encrypted:	false
SSDEEP:
MD5:	ADB80EC5B23FC906A1A3313A30D789E6
SHA1:	5FB163BC1086D3366228204078F219FE4BB67CB3
SHA-256:	9F83DD0309ED621100F3187FFCDAE50B75F5973BBE74AF550A78EF0010495DED
SHA-512:	BA6E0C165561CDAEAB565EF1FED4087AB3B41EC3C18432C1BDA9B011E5C7C2E12F6B2CFC9F5C0CFAC1134AE53D80459D8E5B638739C61A851232047DEA7F3BA2
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset it "&Abort" "&Interrompi". ::msgcat::mcset it "&About..." "Informazioni...". ::msgcat::mcset it "All Files" "Tutti i file". ::msgcat::mcset it "Application Error" "Errore dell' applicazione". ::msgcat::mcset it "&Blue" "&Blu". ::msgcat::mcset it "Cancel" "Annulla". ::msgcat::mcset it "&Cancel" "&Annulla". ::msgcat::mcset it "Cannot change to the directory \"%1\$s\".\nPermission denied." "Impossibile accedere alla directory \"%1\$s\".\nPermesso negato.". ::msgcat::mcset it "Choose Directory" "Scegli una directory". ::msgcat::mcset it "Cl&ear" "Azzera". ::msgcat::mcset it "&Clear Console" "Azzera Console". ::msgcat::mcset it "Color" "Colore". ::msgcat::mcset it "Console". ::msgcat::mcset it "&Copy" "Copia". ::msgcat::mcset it "Cu&t" "Taglia". ::msgcat::mcset it "Delete" "Cancella". ::msgcat::mcset it "Details >>" "Dettagli >>". ::msgcat::mcset it "Directory \"%1\$s\" does not exist." "La director

C:\Users\user\AppData\Local\Namang\tk\msgs\is-F38RV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4600
Entropy (8bit):	4.752507976327236
Encrypted:	false
SSDEEP:
MD5:	E1BA9C40A350BAD78611839A59065BF0
SHA1:	1A148D230C9F8D748D96A79CD4E261AF264D6524
SHA-256:	C8134EAD129E44E9C5043E1DAD81A6A900F0DE71DB3468E2603840038687F1D8
SHA-512:	17EC7F14C708C4D8C77731C26D0CE8AF6EBAB3D1CA878FB9682F15F0546031E39EF601683832631CA329549A630F2C9A3A69B1CC6E3CC927353605834FC62CAE
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset hu "&Abort" "&Megszak\u00edt\u00e1s". ::msgcat::mcset hu "&About..." "N\u00e9vjegy...". ::msgcat::mcset hu "All Files" "Minden f\u00e1jl". ::msgcat::mcset hu "Application Error" "Alkalmaz\u00e1s hiba". ::msgcat::mcset hu "&Blue" "&K\u00e9k". ::msgcat::mcset hu "Cancel" "M\u00e9gsem". ::msgcat::mcset hu "&Cancel" "M\u00e9g&sem". ::msgcat::mcset hu "Cannot change to the directory \"%1\$s\".\nPermission denied." "A k\u00f6nyvt\u00e1rv\u00e1lt\u00e1s nem siker\u00fclt: \"%1\$s\".\nHozz\u00e1f\u00e9r\u00e9s megtagadva.". ::msgcat::mcset hu "Choose Directory" "K\u00f6nyvt\u00e1r kiv\u00e1laszt\u00e1sa". ::msgcat::mcset hu "Cl&ear" "T\u00f6rl\u00e9s". ::msgcat::mcset hu "&Clear Console" "&T\u00f6rl\u00e9s Konzol". ::msgcat::mcset hu "Color" "Sz\u00edn". ::msgcat::mcset hu "Console" "Konzol". ::msgcat::mcset hu "&Copy" "&M\u00e1sol\u00e1s". ::msgcat::mcset hu "Cu&t" "&Kiv\u00e1g\u00e1s". ::msgcat::mcset hu "

C:\Users\user\AppData\Local\Namang\tk\msgs\is-HVAFI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3948
Entropy (8bit):	4.486102294561867
Encrypted:	false
SSDEEP:
MD5:	93FFA957E3DCF851DD7EBE587A38F2D5
SHA1:	8C3516F79FB72F32848B40091DA67C81E40FDEFE
SHA-256:	91DC4718DC8566C36E4BCD0C292C01F467CA7661EFF601B870ABCDFE4A94ECBB
SHA-512:	8EC7048DDFF521DE444F697EAB305777BAC24AEA37716DA4FE5374E93CEF66DDD58D535BE8FCBCD2636D623337643B1242798BB8AC7292EA2D81AE030C3A605C
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset es "&Abort" "&Abortar". ::msgcat::mcset es "&About..." "&Acerca de ...". ::msgcat::mcset es "All Files" "Todos los archivos". ::msgcat::mcset es "Application Error" "Error de la aplicaci\u00f3n". ::msgcat::mcset es "&Blue" "&Azul". ::msgcat::mcset es "Cancel" "Cancelar". ::msgcat::mcset es "&Cancel" "&Cancelar". ::msgcat::mcset es "Cannot change to the directory \"%1\$s\".\nPermission denied." "No es posible acceder al directorio \"%1\$s\".\nPermiso denegado.". ::msgcat::mcset es "Choose Directory" "Elegir directorio". ::msgcat::mcset es "Cl&ear" "&Borrar". ::msgcat::mcset es "&Clear Console" "&Borrar consola". ::msgcat::mcset es "Color". ::msgcat::mcset es "Console" "Consola". ::msgcat::mcset es "&Copy" "&Copiar". ::msgcat::mcset es "Cu&t" "Cor&tar". ::msgcat::mcset es "&Delete" "&Borrar". ::msgcat::mcset es "Details >>" "Detalles >>". ::msgcat::mcset es "Directory \"%1\$s\" does not exist." "

C:\Users\user\AppData\Local\Namang\tk\msgs\is-IMFF8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3805
Entropy (8bit):	4.582498923493114
Encrypted:	false
SSDEEP:
MD5:	9FC55235C334F6F6026D5B38AFFB9E10
SHA1:	CAD3805900E860B9491E3EE5C2C0F52ADCA67065
SHA-256:	0A8BBB4D1FD87BF7A90DDFA50F4724994C9CE78D1F3E91CF40C1177DB7941DC5
SHA-512:	FBB5E72BC376DDB9F43B8C79398CA287AFAAAF8292A8CB3AF63241973B1748FD578D49075A1287DA054BA81D3ED61A723F3DE9E10855D5E85620B371D70D9BBD
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset fr "&Abort" "&Annuler". ::msgcat::mcset fr "About..." "\u00c0 propos...". ::msgcat::mcset fr "All Files" "Tous les fichiers". ::msgcat::mcset fr "Application Error" "Erreur d'application". ::msgcat::mcset fr "&Blue" "&Bleu". ::msgcat::mcset fr "Cancel" "Annuler". ::msgcat::mcset fr "&Cancel" "&Annuler". ::msgcat::mcset fr "Cannot change to the directory \"%1\$s\".\nPermission denied." "Impossible d'acc\u00e9der au r\u00e9pertoire \"%1\$s\".\nPermission refus\u00e9e.". ::msgcat::mcset fr "Choose Directory" "Choisir r\u00e9pertoire". ::msgcat::mcset fr "Cl&ear" "Effacer". ::msgcat::mcset fr "Color" "Couleur". ::msgcat::mcset fr "Console". ::msgcat::mcset fr "Copy" "Copier". ::msgcat::mcset fr "Cu&t" "Couper". ::msgcat::mcset fr "Delete" "Effacer". ::msgcat::mcset fr "Details >>" "D\u00e9tails >>". ::msgcat::mcset fr "Directory \"%1\$s\" does not exist." "Le r\u00e9pertoire \"%1\$s\" n'existe pas.".

C:\Users\user\AppData\Local\Namang\tk\msgs\is-JFT30.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4823
Entropy (8bit):	4.5738552657551566
Encrypted:	false
SSDEEP:
MD5:	07DF877A1166E81256273F1183B5BDC9
SHA1:	CB455F910208E2E55B27A96ABD845FEEDA88711A
SHA-256:	06DD7572626DF5CB0A8D3AFFBAC9BB74CB12469076836D66FD19AE5B5FAB42C7
SHA-512:	197B09F37647D1D5130A084EA1D99D0CC16C815EC0AC31EC07875BEB2DFAE2197E2AF3E323FE8CB35F90912D76D3EB88D1E56F6E026F87AEDFADB7534BA2675A
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset de "&Abort" "&Abbruch". ::msgcat::mcset de "&About..." "&\u00dcber...". ::msgcat::mcset de "All Files" "Alle Dateien". ::msgcat::mcset de "Application Error" "Applikationsfehler". ::msgcat::mcset de "&Apply" "&Anwenden". ::msgcat::mcset de "Bold" "Fett". ::msgcat::mcset de "Bold Italic" "Fett kursiv". ::msgcat::mcset de "&Blue" "&Blau". ::msgcat::mcset de "Cancel" "Abbruch". ::msgcat::mcset de "&Cancel" "&Abbruch". ::msgcat::mcset de "Cannot change to the directory \"%1\$s\".\nPermission denied." "Kann nicht in das Verzeichnis \"%1\$s\" wechseln.\nKeine Rechte vorhanden.". ::msgcat::mcset de "Choose Directory" "W\u00e4hle Verzeichnis". ::msgcat::mcset de "Cl&ear" "&R\u00fccksetzen". ::msgcat::mcset de "&Clear Console" "&Konsole l\u00f6schen". ::msgcat::mcset de "Color" "Farbe". ::msgcat::mcset de "Console" "Konsole". ::msgcat::mcset de "&Copy" "&Kopieren". ::msgcat::mcset de "Cu&t" "Aus&schneid

C:\Users\user\AppData\Local\Namang\tk\msgs\is-MABNS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3916
Entropy (8bit):	4.556739397782912
Encrypted:	false
SSDEEP:
MD5:	09EF4B30B49A71FD4DEA931E334896E1
SHA1:	6C2366CE5961CFDA53259A43E087A813CEE41841
SHA-256:	5DE113DC4CE0DF0D8C54D4812C15EC31387127BF9AFEA028D20C6A5AA8E3AB85
SHA-512:	9DB3BB6B76B1299AE4612DF2A2872ECEE6642FC7DF971BE3A22437154AD25E81E1B1F3E1AA7A281CB3F48F8F8198A846BCB008CCFF91A9720440AFE5BAB7DE84
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset eo "&Abort" "&\u0108esigo". ::msgcat::mcset eo "&About..." "Pri...". ::msgcat::mcset eo "All Files" "\u0108ioj dosieroj". ::msgcat::mcset eo "Application Error" "Aplikoerraro". ::msgcat::mcset eo "&Blue" "&Blua". ::msgcat::mcset eo "Cancel" "Rezignu". ::msgcat::mcset eo "&Cancel" "&Rezignu". ::msgcat::mcset eo "Cannot change to the directory \"%1\$s\".\nPermission denied." "Neeble \u0109angi al dosierulon \"%1\$s\".\nVi ne rajtas tion.". ::msgcat::mcset eo "Choose Directory" "Elektu Dosierujo". ::msgcat::mcset eo "Cl&ear" "&Klaru". ::msgcat::mcset eo "&Clear Console" "&Klaru konzolon". ::msgcat::mcset eo "Color" "Farbo". ::msgcat::mcset eo "Console" "Konzolo". ::msgcat::mcset eo "&Copy" "&Kopiu". ::msgcat::mcset eo "Cu&t" "&Enpo\u015digu". ::msgcat::mcset eo "&Delete" "&Forprenu". ::msgcat::mcset eo "Details >>" "Detaloj >>". ::msgcat::mcset eo "Directory \"%1\$s\" does not exist." "La dosieruj

C:\Users\user\AppData\Local\Namang\tk\msgs\is-MSE8D.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3909
Entropy (8bit):	4.6030170761850915
Encrypted:	false
SSDEEP:
MD5:	C414C6972F0AAD5DFA31297919D0587F
SHA1:	529AE0B0CB9D1DBC7F8844F346149E151DE0A36B
SHA-256:	85E6CEE6001927376725F91EAA55D17B3D9E38643E17755A42C05FE491C63BDE
SHA-512:	0F2A777B9C3D6C525097E19D1CC4525E9BAF78E0CABF54DD693C64BC1FD4EA75402D906A8302489997BA83ABA5AFD7CA1DE30FFE0888CD19950F56A9D38B018A
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset da "&Abort" "&Afbryd". ::msgcat::mcset da "&About..." "&Om...". ::msgcat::mcset da "All Files" "Alle filer". ::msgcat::mcset da "Application Error" "Programfejl". ::msgcat::mcset da "&Blue" "&Bl\u00E5". ::msgcat::mcset da "Cancel" "Annuller". ::msgcat::mcset da "&Cancel" "&Annuller". ::msgcat::mcset da "Cannot change to the directory \"%1\$s\".\nPermission denied." "Kan ikke skifte til katalog \"%1\$s\".\nIngen rettigheder.". ::msgcat::mcset da "Choose Directory" "V\u00E6lg katalog". ::msgcat::mcset da "Cl&ear" "&Ryd". ::msgcat::mcset da "&Clear Console" "&Ryd konsolen". ::msgcat::mcset da "Color" "Farve". ::msgcat::mcset da "Console" "Konsol". ::msgcat::mcset da "&Copy" "&Kopier". ::msgcat::mcset da "Cu&t" "Kli&p". ::msgcat::mcset da "&Delete" "&Slet". ::msgcat::mcset da "Details >>" "Detailer". ::msgcat::mcset da "Directory \"%1\$s\" does not exist." "Katalog \"%1\$s\" findes ikke.". ::msg

C:\Users\user\AppData\Local\Namang\tk\msgs\is-NMAPB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4158
Entropy (8bit):	4.744283779865612
Encrypted:	false
SSDEEP:
MD5:	EBAFA3EE899EBB06D52C204493CEE27A
SHA1:	95E6C71E4525A8DD91E488B952665AE9C5FBDDED
SHA-256:	D1B0FED0BEA51B3FAF08D8634034C7388BE7148F9B807460B7D185706DB8416F
SHA-512:	ADDE3C85A7A4148BAFD6C8B8902FC8C229F1D1AAF118BE85F44E4667237E66938864E2B7B4486B7C68C89EB4559F1D8367F9F563B9C6C8BCAB66118B36E670B8
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset cs "&Abort" "&P\u0159eru\u0161it". ::msgcat::mcset cs "&About..." "&O programu...". ::msgcat::mcset cs "All Files" "V\u0161echny soubory". ::msgcat::mcset cs "Application Error" "Chyba programu". ::msgcat::mcset cs "Bold Italic". ::msgcat::mcset cs "&Blue" "&Modr\341". ::msgcat::mcset cs "Cancel" "Zru\u0161it". ::msgcat::mcset cs "&Cancel" "&Zru\u0161it". ::msgcat::mcset cs "Cannot change to the directory \"%1\$s\".\nPermission denied." "Nemohu zm\u011bnit atku\341ln\355 adres\341\u0159 na \"%1\$s\".\nP\u0159\355stup odm\355tnut.". ::msgcat::mcset cs "Choose Directory" "V\375b\u011br adres\341\u0159e". ::msgcat::mcset cs "Cl&ear" "Sma&zat". ::msgcat::mcset cs "&Clear Console" "&Smazat konzolu". ::msgcat::mcset cs "Color" "Barva". ::msgcat::mcset cs "Console" "Konzole". ::msgcat::mcset cs "&Copy" "&Kop\355rovat". ::msgcat::mcset cs "Cu&t" "V&y\u0159\355znout". ::msgcat::mcset cs "&Delete" "&Smazat"

C:\Users\user\AppData\Local\Namang\tk\msgs\is-PJGKJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7214
Entropy (8bit):	4.358559144448363
Encrypted:	false
SSDEEP:
MD5:	D7C27DBDF7B349BE13E09F35BA61A5F8
SHA1:	40A52544B557F19736EA1767BFBF5708A9BBC318
SHA-256:	C863DEBAB79F9682FD0D52D864E328E7333D03F4E9A75DBB342C30807EFDCFFB
SHA-512:	DAF10336096B0574F060757CB6DD24049692F81B969B01BB8FA212035D955B8DA53F5ECDE3613E6AEF3C47165F075CC14363E4B854B2407EA452EAB4D4D31955
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset ru "&Abort" "&\u041e\u0442\u043c\u0435\u043d\u0438\u0442\u044c". ::msgcat::mcset ru "&About..." "\u041f\u0440\u043e...". ::msgcat::mcset ru "All Files" "\u0412\u0441\u0435 \u0444\u0430\u0439\u043b\u044b". ::msgcat::mcset ru "Application Error" "\u041e\u0448\u0438\u0431\u043a\u0430 \u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0435". ::msgcat::mcset ru "&Blue" " &\u0413\u043e\u043b\u0443\u0431\u043e\u0439". ::msgcat::mcset ru "Cancel" "\u041e\u0442&\u043c\u0435\u043d\u0430". ::msgcat::mcset ru "&Cancel" "\u041e\u0442&\u043c\u0435\u043d\u0430". ::msgcat::mcset ru "Cannot change to the directory \"%1\$s\".\nPermission denied." \...."\u041d\u0435 \u043c\u043e\u0433\u0443 \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433 \"%1\$s\".\n\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043f\u0440\u0430\u0432 \u0434\u043e\u0441\u0442\u0443\u043f\u0430".

C:\Users\user\AppData\Local\Namang\tk\msgs\is-PR3KH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3913
Entropy (8bit):	4.5841256573492135
Encrypted:	false
SSDEEP:
MD5:	236356817E391D8871EA59667F47DA0C
SHA1:	948EE95F4549DA8C7D412911D17B4B62CBA22ADD
SHA-256:	AD0E466131D3789DE321D9D0588E19E4647BA82EDE41EEE6EBEF464786F8BDBE
SHA-512:	3AB10D1980D4C1367EA0BB54E50709DF32A870E851EDE80F30F66DA4B09C1ACFFF4E77C462BD815DD67F485DDFF77FEBD09CA29D77EEE55FE8A00D115D600C32
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset pt "&Abort" "&Abortar". ::msgcat::mcset pt "About..." "Sobre ...". ::msgcat::mcset pt "All Files" "Todos os arquivos". ::msgcat::mcset pt "Application Error" "Erro de aplica\u00e7\u00e3o". ::msgcat::mcset pt "&Blue" "&Azul". ::msgcat::mcset pt "Cancel" "Cancelar". ::msgcat::mcset pt "&Cancel" "&Cancelar". ::msgcat::mcset pt "Cannot change to the directory \"%1\$s\".\nPermission denied." "N\u00e3o foi poss\u00edvel mudar para o diret\u00f3rio \"%1\$s\".\nPermiss\u00e3o negada.". ::msgcat::mcset pt "Choose Directory" "Escolha um diret\u00f3rio". ::msgcat::mcset pt "Cl&ear" "Apagar". ::msgcat::mcset pt "&Clear Console" "Apagar Console". ::msgcat::mcset pt "Color" "Cor". ::msgcat::mcset pt "Console". ::msgcat::mcset pt "&Copy" "Copiar". ::msgcat::mcset pt "Cu&t" "Recortar". ::msgcat::mcset pt "&Delete" "Excluir". ::msgcat::mcset pt "Details >>" "Detalhes >>". ::msgcat::mcset pt "Directory \"%1\$s\"

C:\Users\user\AppData\Local\Namang\tk\msgs\is-VGAR6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	63
Entropy (8bit):	4.185724027617087
Encrypted:	false
SSDEEP:
MD5:	EC6A7E69AB0B8B767367DB54CC0499A8
SHA1:	6C2D6B622429AB8C17E07C2E0F546469823ABE57
SHA-256:	FB93D455A9D9CF3F822C968DFB273ED931E433F2494D71D6B5F8D83DDE7EACC2
SHA-512:	72077EAB988979EB2EE292ACDB72537172A5E96B4262CE7278B76F0FEBD7E850D18221DB551D1DE3C6EB520985B5E9642936BEEB66032F920593276784525702
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset en_gb Color Colour.}.

C:\Users\user\AppData\Local\Namang\tk\ttk\is-5D4IJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2245
Entropy (8bit):	4.988082031411997
Encrypted:	false
SSDEEP:
MD5:	6466DBA5F7DDB28F280A24E2397DD875
SHA1:	060C504D08B014EB388EFAF48E3720CE5D7F0132
SHA-256:	CBC17D1C434CACD0AB42CDCC4D62ED193F926447189AD258C13738D4EC154A80
SHA-512:	5FAAC1C5FC868DCE8B7A9431BEAEB8117ADDE5C752306CAD7B6FA8123758F2CF37FB1CF18CAC2934F7D07B14FAFCE01581BAD0CA952BFECFCBD9E1E26FF9A64C
Malicious:	false
Preview:	#.# Aqua theme (OSX native look and feel).#..namespace eval ttk::theme::aqua {. ttk::style theme settings aqua {...ttk::style configure . \.. -font TkDefaultFont \.. -background systemWindowBody \.. -foreground systemModelessDialogActiveText \.. -selectbackground systemHighlight \.. -selectforeground systemModelessDialogActiveText \.. -selectborderwidth 0 \.. -insertwidth 1...ttk::style map . \.. -foreground {disabled systemModelessDialogInactiveText... background systemModelessDialogInactiveText} \.. -selectbackground {background systemHighlightSecondary... !focus systemHighlightSecondary} \.. -selectforeground {background systemModelessDialogInactiveText... !focus systemDialogActiveText}...# Workaround for #1100117:..# Actually, on Aqua we probably shouldn't stipple images in..# disabled buttons even if it did work.....ttk::style configure . -stipple {}...ttk::style configure TButton -anchor center -width -6..ttk::style configure Toolbutton -

C:\Users\user\AppData\Local\Namang\tk\ttk\is-5NPA9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5576
Entropy (8bit):	4.956417003071239
Encrypted:	false
SSDEEP:
MD5:	7017B5C1D53F341F703322A40C76C925
SHA1:	57540C56C92CC86F94B47830A00C29F826DEF28E
SHA-256:	0EB518251FBE9CF0C9451CC1FEF6BB6AEE16D62DA00B0050C83566DA053F68D0
SHA-512:	FD18976A8FBB7E59B12944C2628DBD66D463B2F7342661C8F67160DF37A393FA3C0CE7FDDA31073674B7A46E0A0A7D0A7B29EBE0D9488AFD9EF8B3A39410B5A8
Malicious:	false
Preview:	#.# Font specifications..#.# This file, [source]d at initialization time, sets up the following.# symbolic fonts based on the current platform:.#.# TkDefaultFont.-- default for GUI items not otherwise specified.# TkTextFont.-- font for user text (entry, listbox, others).# TkFixedFont.-- standard fixed width font.# TkHeadingFont.-- headings (column headings, etc).# TkCaptionFont -- dialog captions (primary text in alert dialogs, etc.).# TkTooltipFont.-- font to use for tooltip windows.# TkIconFont.-- font to use for icon captions.# TkMenuFont.-- used to use for menu items.#.# In Tk 8.5, some of these fonts may be provided by the TIP#145 implementation.# (On Windows and Mac OS X as of Oct 2007)..#.# +++ Platform notes:.#.# Windows:.#.The default system font changed from "MS Sans Serif" to "Tahoma".# .in Windows XP/Windows 2000..#.#.MS documentation says to use "Tahoma 8" in Windows 2000/XP,.#.although many MS programs still use "MS Sans Serif 8".#.#.Should use SystemParametersInfo() inst

C:\Users\user\AppData\Local\Namang\tk\ttk\is-6IVJJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4007
Entropy (8bit):	4.827479665184231
Encrypted:	false
SSDEEP:
MD5:	74596004DFDBF2ECF6AF9C851156415D
SHA1:	933318C992B705BF9F8511621B4458ECB8772788
SHA-256:	7BDFFA1C2692C5D1CF67B518F9ACB32FA4B4D9936ED076F4DB835943BC1A00D6
SHA-512:	0D600B21DB67BF9DADBDD49559573078EFB41E473E94124AC4D2551BC10EC764846DC1F7674DAA79F8D2A8AEB4CA27A5E11C2F30EDE47E3ECEE77D60D7842262
Malicious:	false
Preview:	#.# Map symbolic cursor names to platform-appropriate cursors..#.# The following cursors are defined:.#.#.standard.-- default cursor for most controls.#.""..-- inherit cursor from parent window.#.none..-- no cursor.#.#.text..-- editable widgets (entry, text).#.link..-- hyperlinks within text.#.crosshair.-- graphic selection, fine control.#.busy..-- operation in progress.#.forbidden.-- action not allowed.#.#.hresize..-- horizontal resizing.#.vresize..-- vertical resizing.#.# Also resize cursors for each of the compass points,.# {nw,n,ne,w,e,sw,s,se}resize..#.# Platform notes:.#.# Windows doesn't distinguish resizing at the 8 compass points,.# only horizontal, vertical, and the two diagonals..#.# OSX doesn't have resize cursors for nw, ne, sw, or se corners..# We use the Tk-defined X11 fallbacks for these..#.# X11 doesn't have a "forbidden" cursor (usually a slashed circle);.# "pirate" seems to be the conventional cursor for this purpose..#.# Windows has an IDC_HELP cursor, but it's not

C:\Users\user\AppData\Local\Namang\tk\ttk\is-9L1SH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	16408
Entropy (8bit):	4.974125903666712
Encrypted:	false
SSDEEP:
MD5:	F9B29AB14304F18E32821A29233BE816
SHA1:	6D0253274D777E081FA36CC38E51C2ABB9259D0E
SHA-256:	62D1DF52C510A83103BADAB4F3A77ABB1AA3A0E1E21F68ECE0CECCA2CA2F1341
SHA-512:	698DB665E29B29864F9FE65934CCA83A5092D81D5130FFD1EAC68C51327AE9EBC007A60A60E1AF37063017E448CE84A4024D4A412990A1078287B605DF344C70
Malicious:	false
Preview:	#.# DERIVED FROM: tk/library/entry.tcl r1.22.#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..# Copyright (c) 2004, Joe English.#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..namespace eval ttk {. namespace eval entry {..variable State...set State(x) 0..set State(selectMode) none..set State(anchor) 0..set State(scanX) 0..set State(scanIndex) 0..set State(scanMoved) 0...# Button-2 scan speed is (scanNum/scanDen) characters..# per pixel of mouse movement...# The standard Tk entry widget uses the equivalent of..# scanNum = 10, scanDen = average character width...# I don't know why that was chosen...#..set State(scanNum) 1..set State(scanDen) 1..set State(deadband) 3.;# #pixels for mouse-moved deadband.. }.}..### Option database settings..#.option add *TEntry.cursor [ttk::cursor text] widgetDefault..### Bindings..#.# Removed

C:\Users\user\AppData\Local\Namang\tk\ttk\is-CHH7U.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12493
Entropy (8bit):	5.024195855137721
Encrypted:	false
SSDEEP:
MD5:	FBCAA6A08D9830114248F91E10D4C918
SHA1:	FA63C94824BEBD3531086816650D3F3FA73FE434
SHA-256:	9D80AA9701E82862467684D3DFF1A9EC5BBC2BBBA4F4F070518BBDE7E38499BB
SHA-512:	B377C31CC9137851679CBA0560EFE4265792D1576BD781DD42C22014A7A8F3D10D9D48A1154BB88A2987197594C8B728B71FA689CE1B32928F8513796A6A0AA3
Malicious:	false
Preview:	#.# Combobox bindings..#.# <<NOTE-WM-TRANSIENT>>:.#.#.Need to set [wm transient] just before mapping the popdown.#.instead of when it's created, in case a containing frame.#.has been reparented [#1818441]..#.#.On Windows: setting [wm transient] prevents the parent.#.toplevel from becoming inactive when the popdown is posted.#.(Tk 8.4.8+).#.#.On X11: WM_TRANSIENT_FOR on override-redirect windows.#.may be used by compositing managers and by EWMH-aware.#.window managers (even though the older ICCCM spec says.#.it's meaningless)..#.#.On OSX: [wm transient] does utterly the wrong thing..#.Instead, we use [MacWindowStyle "help" "noActivates hideOnSuspend"]..#.The "noActivates" attribute prevents the parent toplevel.#.from deactivating when the popdown is posted, and is also.#.necessary for "help" windows to receive mouse events..#."hideOnSuspend" makes the popdown disappear (resp. reappear).#.when the parent toplevel is deactivated (resp. reactivated)..#.(see [#1814778]). Also set [wm resiz

C:\Users\user\AppData\Local\Namang\tk\ttk\is-EK1KL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3828
Entropy (8bit):	4.892728136244756
Encrypted:	false
SSDEEP:
MD5:	7DBF35F3F0F9FB68626019FF94EFBCD3
SHA1:	213F18224BF0573744836CD3BEDC83D5E443A406
SHA-256:	30E6766E9B8292793395324E412B0F5A8888512B84B080E247F95BF6EFB11A9D
SHA-512:	9081E5C89ECDE8337C5A52531DEF24924C0BCB3A1F0596D3B986CC59E635F67A78327ABF26209BF71A9BA370A93174298E6ABD11586382D7D70ADEA7E5CCF854
Malicious:	false
Preview:	#.# "classic" Tk theme..#.# Implements Tk's traditional Motif-like look and feel..#..namespace eval ttk::theme::classic {.. variable colors; array set colors {..-frame.."#d9d9d9"..-window.."#ffffff"..-activebg."#ececec"..-troughbg."#c3c3c3"..-selectbg."#c3c3c3"..-selectfg."#000000"..-disabledfg."#a3a3a3"..-indicator."#b03060"..-altindicator."#b05e5e". }.. ttk::style theme settings classic {..ttk::style configure "." \.. -font..TkDefaultFont \.. -background..$colors(-frame) \.. -foreground..black \.. -selectbackground.$colors(-selectbg) \.. -selectforeground.$colors(-selectfg) \.. -troughcolor.$colors(-troughbg) \.. -indicatorcolor.$colors(-frame) \.. -highlightcolor.$colors(-frame) \.. -highlightthickness.1 \.. -selectborderwidth.1 \.. -insertwidth.2 \.. ;...# To match pre-Xft X11 appearance, use:..#.ttk::style configure . -font {Helvetica 12 bold}...ttk::style map "." -background \.. [list disabled $colors(-frame) active $colors(-activeb

C:\Users\user\AppData\Local\Namang\tk\ttk\is-FHEHU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2978
Entropy (8bit):	4.8919006418640265
Encrypted:	false
SSDEEP:
MD5:	EA7CF40852AFD55FFDA9DB29A0E11322
SHA1:	B7B42FAC93E250B54EB76D95048AC3132B10E6D8
SHA-256:	391B6E333D16497C4B538A7BDB5B16EF11359B6E3B508D470C6E3703488E3B4D
SHA-512:	123D78D6AC34AF4833D05814220757DCCF2A9AF4761FE67A8FE5F67A0D258B3C8D86ED346176FFB936AB3717CFD75B4FAB7373F7853D44FA356BE6E3A75E51B9
Malicious:	false
Preview:	#.# Bindings for Buttons, Checkbuttons, and Radiobuttons..#.# Notes: <Button1-Leave>, <Button1-Enter> only control the "pressed".# state; widgets remain "active" if the pointer is dragged out..# This doesn't seem to be conventional, but it's a nice way.# to provide extra feedback while the grab is active..# (If the button is released off the widget, the grab deactivates and.# we get a <Leave> event then, which turns off the "active" state).#.# Normally, <ButtonRelease> and <ButtonN-Enter/Leave> events are .# delivered to the widget which received the initial <ButtonPress>.# event. However, Tk [grab]s (#1223103) and menu interactions.# (#1222605) can interfere with this. To guard against spurious.# <Button1-Enter> events, the <Button1-Enter> binding only sets.# the pressed state if the button is currently active..#..namespace eval ttk::button {}..bind TButton <Enter> ..{ %W instate !disabled {%W state active} }.bind TButton <Leave>..{ %W state !active }.bind TButton <Key-space>.{ ttk:

C:\Users\user\AppData\Local\Namang\tk\ttk\is-GJA6B.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4913
Entropy (8bit):	4.841521491900473
Encrypted:	false
SSDEEP:
MD5:	DB24841643CEBD38D5FFD1D42B42E7F4
SHA1:	E394AF7FAF83FAD863C7B13D855FCF3705C4F1C7
SHA-256:	81B0B7818843E293C55FF541BD95168DB51FE760941D32C7CDE9A521BB42E956
SHA-512:	380272D003D5F90C13571952D0C73F5FCE2A22330F98F29707F3D5BFC29C99D9BF11A947CF2CA64CF7B8DF5E4AFE56FFA00F9455BB30D15611FC5C86130346BE
Malicious:	false
Preview:	#.# Bindings for Menubuttons..#.# Menubuttons have three interaction modes:.#.# Pulldown: Press menubutton, drag over menu, release to activate menu entry.# Popdown: Click menubutton to post menu.# Keyboard: <Key-space> or accelerator key to post menu.#.# (In addition, when menu system is active, "dropdown" -- menu posts.# on mouse-over. Ttk menubuttons don't implement this)..#.# For keyboard and popdown mode, we hand off to tk_popup and let .# the built-in Tk bindings handle the rest of the interaction..#.# ON X11:.#.# Standard Tk menubuttons use a global grab on the menubutton..# This won't work for Ttk menubuttons in pulldown mode,.# since we need to process the final <ButtonRelease> event,.# and this might be delivered to the menu. So instead we.# rely on the passive grab that occurs on <ButtonPress> events,.# and transition to popdown mode when the mouse is released.# or dragged outside the menubutton..# .# ON WINDOWS:.#.# I'm not sure what the hell is going on here. [$menu pos

C:\Users\user\AppData\Local\Namang\tk\ttk\is-HR3AR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4742
Entropy (8bit):	4.859511673200619
Encrypted:	false
SSDEEP:
MD5:	AA2987DC061DAA998B73A1AD937EE4BB
SHA1:	33FE9DFA76FB08B9D8D5C3554D13482D330C2DB1
SHA-256:	4ED0ACDD29FC1FB45C6BDC9EFB2CBADE34B93C45D5DBB269A4A4A3044CF4CB7A
SHA-512:	5A83B1FC88E42BB1DAD60D89CD5F2193E6AB59C4902A6C727E0090D1F395C2F122521FDFF250A14109EE5113D5034319199FB260129416EA962559350F217A03
Malicious:	false
Preview:	#.# "Clam" theme..#.# Inspired by the XFCE family of Gnome themes..#..namespace eval ttk::theme::clam {. variable colors . array set colors {..-disabledfg.."#999999"..-frame .."#dcdad5"..-window .."#ffffff"..-dark..."#cfcdc8"..-darker .."#bab5ab"..-darkest.."#9e9a91"..-lighter.."#eeebe7"..-lightest .."#ffffff"..-selectbg.."#4a6984"..-selectfg.."#ffffff"..-altindicator.."#5895bc"..-disabledaltindicator."#a0a0a0". }.. ttk::style theme settings clam {...ttk::style configure "." \.. -background $colors(-frame) \.. -foreground black \.. -bordercolor $colors(-darkest) \.. -darkcolor $colors(-dark) \.. -lightcolor $colors(-lighter) \.. -troughcolor $colors(-darker) \.. -selectbackground $colors(-selectbg) \.. -selectforeground $colors(-selectfg) \.. -selectborderwidth 0 \.. -font TkDefaultFont \.. ;...ttk::style map "." \.. -background [list disabled $colors(-frame) \.... active $colors(-lighter)] \.. -foreground [list disabled $colors(

C:\Users\user\AppData\Local\Namang\tk\ttk\is-P18OV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3683
Entropy (8bit):	4.872530668776095
Encrypted:	false
SSDEEP:
MD5:	8FF9D357AF3806D997BB8654E95F530C
SHA1:	62292163299CC229031BB4EAFBE900323056561A
SHA-256:	E36864B33D7C2B47FE26646377BE86FB341BBF2B6DF13E33BD799E87D24FC193
SHA-512:	ECDC47E7D1F0F9C0C052ACA2EB2DE10E78B2256E8DB85D7B52F365C1074A4E24CDB1C7A2780B36DFA36F174FF87B6A31C49F61CC0AC3D2412B3915234D911C9C
Malicious:	false
Preview:	#.# Ttk widget set: Alternate theme.#..namespace eval ttk::theme::alt {.. variable colors. array set colors {..-frame .."#d9d9d9"..-window.."#ffffff"..-darker ."#c3c3c3"..-border.."#414141"..-activebg ."#ececec"..-disabledfg."#a3a3a3"..-selectbg."#4a6984"..-selectfg."#ffffff"..-altindicator."#aaaaaa". }.. ttk::style theme settings alt {...ttk::style configure "." \.. -background .$colors(-frame) \.. -foreground .black \.. -troughcolor.$colors(-darker) \.. -bordercolor.$colors(-border) \.. -selectbackground .$colors(-selectbg) \.. -selectforeground .$colors(-selectfg) \.. -font ..TkDefaultFont \.. ;...ttk::style map "." -background \.. [list disabled $colors(-frame) active $colors(-activebg)] ;..ttk::style map "." -foreground [list disabled $colors(-disabledfg)] ;. ttk::style map "." -embossed [list disabled 1] ;...ttk::style configure TButton \.. -anchor center -width -11 -padding "1 1" \.. -relief raised -shiftrelief 1 \.. -highl

C:\Users\user\AppData\Local\Namang\tk\ttk\is-UJH67.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4490
Entropy (8bit):	4.888203318286333
Encrypted:	false
SSDEEP:
MD5:	0E03292F7678540CB4F3440859863B0C
SHA1:	909849894B02F2C213BDE0FBCED8C1378EB9B81E
SHA-256:	304FF31FC82F6086C93AAA594D83D8DA25866CE1C2AF1208F9E7585D74CA9A51
SHA-512:	87E5D2484E5E7E3C00B319219028B012576B7D73B84A9A13ED15551C9431BF216C0B96376AE5A7070B5A391D9887E55ABF9FA4AFEE971177408B7969363D9302
Malicious:	false
Preview:	#.# Settings for default theme..#..namespace eval ttk::theme::default {. variable colors. array set colors {..-frame..."#d9d9d9"..-foreground.."#000000"..-window..."#ffffff"..-text .."#000000"..-activebg.."#ececec"..-selectbg.."#4a6984"..-selectfg.."#ffffff"..-darker .."#c3c3c3"..-disabledfg.."#a3a3a3"..-indicator.."#4a6984"..-disabledindicator."#a3a3a3"..-altindicator.."#9fbdd8"..-disabledaltindicator."#c0c0c0". }.. ttk::style theme settings default {...ttk::style configure "." \.. -borderwidth .1 \.. -background .$colors(-frame) \.. -foreground .$colors(-foreground) \.. -troughcolor .$colors(-darker) \.. -font ..TkDefaultFont \.. -selectborderwidth.1 \.. -selectbackground.$colors(-selectbg) \.. -selectforeground.$colors(-selectfg) \.. -insertwidth .1 \.. -indicatordiameter.10 \.. ;...ttk::style map "." -background \.. [list disabled $colors(-frame) active $colors(-activebg)]..ttk::style map "." -foreground \.. [list disabled $colo

C:\Users\user\AppData\Local\Packages\Update\log.txt Download File
Process:	C:\Users\user\AppData\Local\Packages\Update\namang.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1486
Entropy (8bit):	5.308902394692896
Encrypted:	false
SSDEEP:
MD5:	B28DC358960B0A69572BF10C851B935F
SHA1:	2F6E5BC637656684A65F7C0D0A0BD06407817980
SHA-256:	3A33F33B0944C47064CDFD09DB7B18D44A1826BADE1F04754ED7603FD0B61FF3
SHA-512:	434E91E8359C079DCA9068C2024F79F04CAC13C765C85AC75ADBC40499F7504032157420B5ED3C8F8BDAABD48963A75940A384CF09A6AC970B289227761FFF9D
Malicious:	false
Preview:	2021/01/27 06:53:37 \| ('--------------------',)..2021/01/27 06:53:37 \| ('START APP',)..2021/01/27 06:53:37 \| ('__file__', 'C:\\Users\\user\\AppData\\Local\\Packages\\Update\\service_updater.py')..2021/01/27 06:53:37 \| ('C:\\Users\\user\\AppData\\Local\\Packages\\Update\\service_updater.py',)..2021/01/27 06:53:37 \| ('cwd', 'C:\\Users\\user\\AppData\\Local\\Packages\\Update')..2021/01/27 06:53:37 \| ('0xecf4bb862ded',)..2021/01/27 06:53:37 \| ('STARTUP CHECK',)..2021/01/27 06:51:15 \| ('--------------------',)..2021/01/27 06:51:15 \| ('START APP',)..2021/01/27 06:51:16 \| ('__file__', 'C:\\Users\\user\\AppData\\Local\\Namang\\service_updater.py')..2021/01/27 06:51:16 \| ('C:\\Users\\user\\AppData\\Local\\Namang\\service_updater.py',)..2021/01/27 06:51:16 \| ('cwd', 'C:\\Users\\user\\AppData\\Local\\Namang')..2021/01/27 06:51:16 \| ('0xecf4bb862ded',)..2021/01/27 06:51:16 \| ('STARTUP CHECK',)..2021/01/27 06:52:37 \| ('ACT', 'WAIT')..2021/01/27 06:52:37 \| ('WAIT', 1)..2021/01/27 06:53:41 \| ('

C:\Users\user\AppData\Local\Temp\gen_py\3.8\__init__.py Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	176
Entropy (8bit):	4.713840781302666
Encrypted:	false
SSDEEP:
MD5:	8C7CA775CF482C6027B4A2D3DB0F6A31
SHA1:	E3596A87DD6E81BA7CF43B0E8E80DA5BC823EA1A
SHA-256:	52C72CF96B12AE74D84F6C049775DA045FAE47C007DC834CA4DAC607B6F518EA
SHA-512:	19C7D229723249885B125121B3CC86E8C571360C1FB7F2AF92B251E6354A297B4C2B9A28E708F2394CA58C35B20987F8B65D9BD6543370F063BBD59DB4A186AC
Malicious:	false
Preview:	# Generated file - this directory may be deleted to reset the COM cache.....import win32com..if __path__[:-1] != win32com.__gen_path__: __path__.append(win32com.__gen_path__)..

C:\Users\user\AppData\Local\Temp\gen_py\3.8\dicts.dat Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10
Entropy (8bit):	2.7219280948873625
Encrypted:	false
SSDEEP:
MD5:	2C7344F3031A5107275CE84AED227411
SHA1:	68ACAD72A154CBE8B2D597655FF84FD31D57C43B
SHA-256:	83CDA9FECC9C008B22C0C8E58CBCBFA577A3EF8EE9B2F983ED4A8659596D5C11
SHA-512:	F58362C70A2017875D231831AE5868DF22D0017B00098A28AACB5753432E8C4267AA7CBF6C5680FEB2DC9B7ABADE5654C3651685167CC26AA208A9EB71528BB6
Malicious:	false
Preview:	..K....}..

C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp Download File
Process:	C:\Users\user\Desktop\Mario Deluxe InstaII.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2651648
Entropy (8bit):	6.356454432804566
Encrypted:	false
SSDEEP:
MD5:	83FC883CAAF182C20D7472508A0826D2
SHA1:	270F0618DFCDA174DDBCF4BB1F3BC5352ACE6014
SHA-256:	F23D62C02BF5C108BA5415A38D779F003CA1999C7B5C2B911FCD3FE770563C69
SHA-512:	99701FE421C230887548B57AD2575AB5CE3EAA5BF5EF42ED2EC9B56DDC6A65F44FD20CD27CDD4CBA563F8BA51D12959F276D22E9CAB79B7AB48989FD1711C8C7
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......^..................%...........%.......%...@..........................`)...........@......@....................'.......&..5...0'..&................................................... '.....................L.&.H.....&......................text.....%.......%................. ..`.itext...&....%..(....%............. ..`.data...dZ....%..\....%.............@....bss.....x...0&..........................idata...5....&..6....&.............@....didata.......&......@&.............@....edata........'......J&.............@..@.tls....D.....'..........................rdata..].... '......L&.............@..@.rsrc....&...0'..(...N&.............@..@............. (......<'.............@..@........................................................

C:\Users\user\AppData\Local\Temp\is-4CLRJ.tmp\_isetup\_setup64.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	4.720366600008286
Encrypted:	false
SSDEEP:
MD5:	E4211D6D009757C078A9FAC7FF4F03D4
SHA1:	019CD56BA687D39D12D4B13991C9A42EA6BA03DA
SHA-256:	388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
SHA-512:	17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..\|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-D5BMH.tmp\_isetup\_setup64.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	4.720366600008286
Encrypted:	false
SSDEEP:
MD5:	E4211D6D009757C078A9FAC7FF4F03D4
SHA1:	019CD56BA687D39D12D4B13991C9A42EA6BA03DA
SHA-256:	388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
SHA-512:	17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: FrC4UAhnvX.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Trojan.DownLoader36.34557.26355.exe, Detection: malicious, Browse Filename: 9oUx9PzdSA.exe, Detection: malicious, Browse Filename: atikmdag-patcher 1.4.7.exe, Detection: malicious, Browse Filename: Atikmdag Patcher 1.4.8.sfx.exe, Detection: malicious, Browse Filename: atikmdag-patcher 1.4.7.sfx.exe, Detection: malicious, Browse Filename: VoiceMan Reflex-Setup-V3.0.3.exe, Detection: malicious, Browse Filename: FastKeys_Setup.exe, Detection: malicious, Browse Filename: FastKeys_Setup.exe, Detection: malicious, Browse Filename: atiflash_293.sfx.exe, Detection: malicious, Browse Filename: sfk_setup.exe, Detection: malicious, Browse Filename: atiflash_293.exe, Detection: malicious, Browse Filename: Softerra Adaxes 2011.3.exe, Detection: malicious, Browse Filename: atikmdag-patcher 1.4.8.exe, Detection: malicious, Browse Filename: atikmdag-patcher_1.4.8.exe, Detection: malicious, Browse Filename: OhGodAnETHlargementPill2.exe, Detection: malicious, Browse Filename: atikmdag-patcher-1.4.8.exe, Detection: malicious, Browse Filename: atiflash_293.exe, Detection: malicious, Browse Filename: OhGodAnETHlargementPill.sfx.exe, Detection: malicious, Browse Filename: godflex-r2.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..\|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp Download File
Process:	C:\Users\user\Desktop\Mario Deluxe InstaII.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2651648
Entropy (8bit):	6.356454432804566
Encrypted:	false
SSDEEP:
MD5:	83FC883CAAF182C20D7472508A0826D2
SHA1:	270F0618DFCDA174DDBCF4BB1F3BC5352ACE6014
SHA-256:	F23D62C02BF5C108BA5415A38D779F003CA1999C7B5C2B911FCD3FE770563C69
SHA-512:	99701FE421C230887548B57AD2575AB5CE3EAA5BF5EF42ED2EC9B56DDC6A65F44FD20CD27CDD4CBA563F8BA51D12959F276D22E9CAB79B7AB48989FD1711C8C7
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......^..................%...........%.......%...@..........................`)...........@......@....................'.......&..5...0'..&................................................... '.....................L.&.H.....&......................text.....%.......%................. ..`.itext...&....%..(....%............. ..`.data...dZ....%..\....%.............@....bss.....x...0&..........................idata...5....&..6....&.............@....didata.......&......@&.............@....edata........'......J&.............@..@.tls....D.....'..........................rdata..].... '......L&.............@..@.rsrc....&...0'..(...N&.............@..@............. (......<'.............@..@........................................................

C:\Users\user\AppData\Local\Update\Crypto\Cipher\_Salsa20.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	15360
Entropy (8bit):	4.869873603847906
Encrypted:	false
SSDEEP:
MD5:	9FB7DAEDD82BDDE61D467B7A568BF577
SHA1:	8772A438D9735498BE7ED4D566BB0439361AAA56
SHA-256:	CF235E8F929568EE0C24C676BE7FB15E6A8820CB8437CD06BEE1E038B80DEB2B
SHA-512:	456DB61224D9F3EE5786173BE2998ECD54D05BC29919EC8E1A7A917EB5F42FBB3EDB1AEE374D9B97B4DB94591BE440F58DDBD0F32AAB1A2977DB28573223E806
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................<................................................!.P..........Rich....................PE..d...*R.^.........." .........$............................................................`..........................................6.......7..d....p.......P..X....................1...............................1...............0...............................text............................... ..`.rdata.......0......................@..@.data... ....@.......,..............@....pdata..X....P.......2..............@..@.gfids.......`.......6..............@..@.rsrc........p.......8..............@..@.reloc...............:..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_aes.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	34816
Entropy (8bit):	6.529743411975845
Encrypted:	false
SSDEEP:
MD5:	6CA7EA319CCA4740384488A4C5A2C61A
SHA1:	013CCBC61EF87D47426783E33DC6A1909BBB1A0E
SHA-256:	BD1D83F2E473D9838327EE5AEB758896459616F5ED006479EAEA80629C9D3CA2
SHA-512:	2E5455136E5C844369D1F1FAFE6C96A4AA0BC5356D1786459439E1295461A6AF30BB6DF37565E283B68116F69567E032D4591B7715301C9B418446EBD2FD7061
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!...@..@..@..8`.@.....@...(..@..@..@.....@.....@.....@......@......@..#...@......@..Rich.@..........PE..d...'R.^.........." .....>...L............................................................`.........................................`...........d............................... ....y...............................y...............P...............................text...#=.......>.................. ..`.rdata..\4...P...6...B..............@..@.data... ............x..............@....pdata...............~..............@..@.gfids..............................@..@.rsrc...............................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_aesni.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	5.166087238848412
Encrypted:	false
SSDEEP:
MD5:	0FFCFFFDC650194CD9F803E7593FCAC1
SHA1:	7488AAB01D38E69BAC8A1858A92FC7458F7F0A42
SHA-256:	63C184B6E7B17E319611AE141CFD06CC94B86833B6C9F4ADDABA80F547299F55
SHA-512:	380CD213157F9F32541049F455D0B723ED1C9F3528D827A540BC89C2908318F3EE9947C26FAFD4D27768FD93CA366607387201DE8923C39409AE7CAA197E8AD2
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................x.......................................................!.............Rich....................PE..d...(R.^.........." .........$............................................................`..........................................8.......8..d....p.......P.......................1...............................1...............0..0............................text............................... ..`.rdata..\....0......."..............@..@.data........@.......0..............@....pdata.......P.......6..............@..@.gfids.......`.......:..............@..@.rsrc........p.......<..............@..@.reloc...............>..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_arc2.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	15872
Entropy (8bit):	5.442995425168784
Encrypted:	false
SSDEEP:
MD5:	6BFB3849D64A049436F42B982C29727B
SHA1:	678DBAD627DA656DD55EC7BC33B67D244BA11FD6
SHA-256:	8A039CEF8A954F43217B31005B260C949C5B437796263F94629F76A2E67CD4FF
SHA-512:	FD4BC5A88B3901CEF07D50C8F4725C198981EFD4D1F5A155F2A8BFDC4499F74D4718ECC29F53BA6830FF8A212B38E4D2B6AC9ED1CE09CDA8B3EF9DCAF154626A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................... ................................................!.L..........Rich............PE..d...(R.^.........." ........."............................................................`.........................................p8.......9..d....p.......P.......................2...............................2...............0...............................text............................... ..`.rdata.......0......."..............@..@.data........@.......0..............@....pdata.......P.......4..............@..@.gfids.......`.......8..............@..@.rsrc........p.......:..............@..@.reloc...............<..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_blowfish.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	19968
Entropy (8bit):	5.8239487510065455
Encrypted:	false
SSDEEP:
MD5:	9E32123400ADB0529FC4559D99750498
SHA1:	2E5709724C0ADDB8DDAFE3F55C836CED3412577F
SHA-256:	959EB9F68FF3C24100BD623B4677A8BDC93F3FC0130D3DAF79D29669FB0A0B48
SHA-512:	42F4A3A5A0E4C04EA559B428577805F12C55D1CFB9AB143FBE6038421C3774F87CFAE2BF6735C6EBE6E15C2A4D36E41CF9BEE2EC246EBBF7F7EC0AFDFFF20A53
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................... ................................................!.L..........Rich............PE..d...(R.^.........." .........4............................................................`..........................................G......PH..d............`.................. ....A...............................B...............0...............................text............................... ..`.rdata.......0....... ..............@..@.data... ....P.......>..............@....pdata.......`.......D..............@..@.gfids.......p.......H..............@..@.rsrc................J..............@..@.reloc.. ............L..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_cast.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	26624
Entropy (8bit):	6.396335971733679
Encrypted:	false
SSDEEP:
MD5:	1541709C23CC83957DCF0A72AD38B0E1
SHA1:	D295C60C65BFC416F5EC0ED9FEB2F1B4BE3F1890
SHA-256:	98F1B53979E1CD8CA7EB511FB98DC53947F94B779B6C51001B6C18E5BFDC2167
SHA-512:	48C8C1792E5442C2813E212E01161A173DEC287BDE74C378B984E083521549530652BECE13468EC1D10261DFE9749DC256D23059A78AAE122298EA7FD836088F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................<................................................!.P..........Rich....................PE..d...(R.^.........." .....&...D............................................................`..........................................g.......h..d...............0............... ....a...............................a...............@...............................text...C$.......&.................. ..`.rdata...,...@.......*..............@..@.data........p.......X..............@....pdata..0............^..............@..@.gfids...............b..............@..@.rsrc................d..............@..@.reloc.. ............f..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_cbc.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13312
Entropy (8bit):	4.881042404291281
Encrypted:	false
SSDEEP:
MD5:	03C703A8F4C2A1443CCCC8316AF8940C
SHA1:	046D8C846D9393E472064AA1250826994A785577
SHA-256:	CA09E03D93F3A330A467AFD7FB998AD81DFD75FA7A1C2E202D6898F229C269D4
SHA-512:	A65BF31452E984DE1F951A3BCA97C9DC27AC113E5FD4E0D29FA2B67E6C1B24D48BA6513D1E2CEAA7617E92305171E9675379A0E97980A3CEEC209C49CD687329
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................... ................................................!.L..........Rich............PE..d...)R.^.........." ........."............................................................`..........................................6.......7..d....p.......P..d....................1...............................1...............0...............................text............................... ..`.rdata.......0......................@..@.data........@.......&..............@....pdata..d....P.......*..............@..@.gfids.......`......................@..@.rsrc........p.......0..............@..@.reloc...............2..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_cfb.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13824
Entropy (8bit):	4.65813044523921
Encrypted:	false
SSDEEP:
MD5:	6F1D3ED33D7DFEAE5642406D76FF2084
SHA1:	014CFEE7D754564928ED2DF2FEF933AEDA915918
SHA-256:	F5918822781473D44F69030A9B32BCAEFFA8671F1328C48085C9671F140D1273
SHA-512:	E55F57EF9411979AB164D5C3FACA609856DDAA273EE817225BA77A12DDAD02DA464378CA0CBD98DDEC708AEAC96845AB8C718D35EDC88B0AB06BB14ED53647CA
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!a..@..@..@..8..@.....@...(..@..@..@.....@.....@.....@......@......@..#...@......@..Rich.@..........................PE..d...*R.^.........." .........$............................................................`..........................................6.......7..d....p.......P..@....................1...............................1...............0..(............................text............................... ..`.rdata..$....0......................@..@.data........@.......&..............@....pdata..@....P.......,..............@..@.gfids.......`.......0..............@..@.rsrc........p.......2..............@..@.reloc...............4..............@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_ctr.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	14336
Entropy (8bit):	4.824956860065785
Encrypted:	false
SSDEEP:
MD5:	C04554CF7F89E2D360EBCC39F85A2970
SHA1:	42AC403BD2A854D7F6AC60A299594A9C4A793F35
SHA-256:	264ED03313EFC36EF0794E3C716319E0AA4774C3D0A26C522DCFA7BE1F46349F
SHA-512:	668928ABB8510D36DCC2E9FF7CD10353C3CBC10AF199CA4C909770921FDCBE4AEEDC5DFB106C91CF480C86A2AB78E2DA6278D859AAE93CB72BC50DE432411ED9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!A..@/.@/.@/.8..@/....@/..(..@/.@..@/..,.@/...@/..+.@/...'.@/.../.@/.#...@/...-.@/.Rich.@/.........PE..d...R.^.........." .........$............................................................`.........................................@7.......8..d....p.......P..p....................1...............................1...............0..0............................text............................... ..`.rdata.......0......................@..@.data...0....@.......(..............@....pdata..p....P......................@..@.gfids.......`.......2..............@..@.rsrc........p.......4..............@..@.reloc...............6..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_des.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	54272
Entropy (8bit):	3.958532589679522
Encrypted:	false
SSDEEP:
MD5:	154F2B33E92A439BFCE987BAD831E9C9
SHA1:	23A960EFC3BFFD8B688EECA33EA370FC3B11BEC1
SHA-256:	197560B24B509BE799DBE497FD2C657CF625CC5BD0E46F71601AB6C215FCD9A8
SHA-512:	9A6A8810900046D7E19120547C35FB66013A552C83CEC42BE630E26259B156B34200FDC45C619833344FDCF647BE9A1D9989D48149F986592449A7E4FD9E1BE8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../../../..WR./..q../...G../../../..q../..q../..q../...q../...q../...q>./...q../..Rich./..........................PE..d...)R.^.........." .....(...................................................0............`.........................................p...........d...............<............ .. ...................................0................@...............................text....&.......(.................. ..`.rdata..~....@.......,..............@..@.data...............................@....pdata..<...........................@..@.gfids..............................@..@.rsrc...............................@..@.reloc.. .... ......................@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_des3.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	54272
Entropy (8bit):	3.9493333228477514
Encrypted:	false
SSDEEP:
MD5:	60C9776A18EFC553A79A595E18F7CE97
SHA1:	1C1AF825013F967A73F2E7FBBA159A1FFD8FE3F9
SHA-256:	8BEC34BB5E092EBA39402A97A11E62BD39AAB56716401D2A968D117A973C54C8
SHA-512:	0DD8F1B0E1C767DD7673071B007A267EE5763BEA2F900DBC20220D6B405818BB3FE7CEADD0C8AE4127C682D45DCD459FE3498CB1943E52257F532C849589BEA2
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../../../..WR./..q../...G../../../..q../..q../..q../...q../...q../...q>./...q../..Rich./..........................PE..d...)R.^.........." .....(...................................................0............`.........................................`...........d...............<............ .. ...................................0................@...............................text...s&.......(.................. ..`.rdata..v....@.......,..............@..@.data...............................@....pdata..<...........................@..@.gfids..............................@..@.rsrc...............................@..@.reloc.. .... ......................@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_ecb.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	4.744645578247188
Encrypted:	false
SSDEEP:
MD5:	D4535F5B8683CD4B523D1F97232D3772
SHA1:	1A6CE4EEB5ACD1762F629478DB14DFE8E361967F
SHA-256:	A8BD1B23F25393B26570A23F3083227DCA1E2A6C4422581FF3E46CEA3C4AC4AD
SHA-512:	447C9B1772F4A4F91961268E1B87C3576415F5257197DB16336A3BE8601DCFC8CD01DD1BB0676403633C58B8593AA9F558BBD53CCD994F5702DF38C265358730
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.E...E...E...L..G...~...G.......F...E...e...~...G...~...O...~...L.......D.......D.......D.......D...RichE...........PE..d...)R.^.........." ......................................................................`..........................................%.......&..P....`.......@...............p......p!...............................!............... ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....pdata.......@.......$..............@..@.gfids.......P.......&..............@..@.rsrc........`.......(..............@..@.reloc.......p.......*..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_ocb.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	15360
Entropy (8bit):	4.933354199557525
Encrypted:	false
SSDEEP:
MD5:	17C326C453A2D25B25358AF4E121B285
SHA1:	0998EA09CC6B44C1A3ED30571E28D9C43097E259
SHA-256:	EECBBBCFF336430B675077B2C375DB070F12F21E89535367FF7DAFC446486975
SHA-512:	B1E46D1071DD6BE3E5F8FAA168F0948CABD5F57422261FD46A8FD6079F7778F7B9525FACFE3479B2C29F01423211BB8F9A2768703EC4BFFFD8C7823A4D38E85E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................(................................................!.D..........Rich....................PE..d...*R.^.........." .........$............................................................`..........................................7.......8..d....p.......P.......................1...............................1...............0.. ............................text............................... ..`.rdata.......0......................@..@.data...@....@.......,..............@....pdata.......P.......2..............@..@.gfids.......`.......6..............@..@.rsrc........p.......8..............@..@.reloc...............:..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Crypto\Cipher\_raw_ofb.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	4.842784266684081
Encrypted:	false
SSDEEP:
MD5:	B537C5216BD68311D50B10D62D02B9BB
SHA1:	EB613BDABC18EE0F43AFA4A13E684D0F8BC57817
SHA-256:	2B4FEFD3688F5E92B1C3EF745D3463D44D9C071B9E2E190A7179191CD3B1E3A5
SHA-512:	1A3A8E9454646D7AC87F0ACC34092DA9C3873E4912EA8CB7C335D58A1BF7336D370DDA9DA13FDC6148EBFE93E3B75CEEBC0684A5EE7B4AE24E8E2B5D053AFE38
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................... ................................................!.L..........Rich............PE..d...R.^.........." ......... ............................................................`..........................................6......H7..d....p.......P..(....................1...............................1...............0...............................text............................... ..`.rdata.......0......................@..@.data........@......."..............@....pdata..(....P.......&..............@..@.gfids.......`.....................@..@.rsrc........p.......,..............@..@.reloc..............................@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Crypto\Hash\_BLAKE2s.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	15872
Entropy (8bit):	5.038428810350728
Encrypted:	false
SSDEEP:
MD5:	2101EB8948AD5B50FEECEB0865169D48
SHA1:	FD55A3553D0C0416CD733AE732361685C0D23C59
SHA-256:	962A6E4BAF1FE8579B815C059ABD924563835FC2139FA16D4BA191C291D033EC
SHA-512:	122C8BA5DF3D3C2B6DDB6DE8415634C02C296285E629F780E1F9D9A4AFAF1EF3BEF0863F83748F2AD5847385E349B4D39C4C54ED7D4246F502603080C5B973E4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................... ................................................!.L..........Rich............PE..d...'R.^.........." .........$............................................................`......................................... 8.......8..d....p.......P......................p2...............................2...............0...............................text............................... ..`.rdata..n....0....... ..............@..@.data... ....@......................@....pdata.......P.......4..............@..@.gfids.......`.......8..............@..@.rsrc........p.......:..............@..@.reloc...............<..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Crypto\Hash\_MD5.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	16896
Entropy (8bit):	5.275980187584586
Encrypted:	false
SSDEEP:
MD5:	7B4DB40A5AF596C7B685B1BFF8C85A63
SHA1:	BDC1CA3A817731AB89FCC0FF8F9ED540B8FE016D
SHA-256:	938AA6F71988F899C605DFE09A0882403AF0564EB1937316BF50BDA5B63659AF
SHA-512:	8D995A342EECBB4278EA02CA84B0C5D3446B06952C1CE29E3D3EB1AA95C7B31CBD88976BD6BDB2C92C4E5E25103D392AA911A5F718CCA3CB6E9E0C2D9E8695FB
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................(................................................!.D..........Rich....................PE..d...$R.^.........." ..... ...$............................................................`..........................................6.......7..d....p.......P..d....................1...............................1...............0.. ............................text............ .................. ..`.rdata..Z....0.......$..............@..@.data........@.......2..............@....pdata..d....P.......8..............@..@.gfids.......`.......<..............@..@.rsrc........p.......>..............@..@.reloc...............@..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Crypto\Hash\_SHA1.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	19456
Entropy (8bit):	5.462532756593117
Encrypted:	false
SSDEEP:
MD5:	ABC7D549B8974A93E441B45B118A3F8E
SHA1:	1B78C6022F03550CA48A67AA2B2EDC0ADD3A5FD7
SHA-256:	059E3B26C6816C5F2E3A3D6FDFCC0298077221CD8AE8A17FC9FE6D67EF2BFC3A
SHA-512:	8AC63714EEBBE6C4FF7DA73EBE1E03BE1AAEE194D635DF068108956BF009B872BAD1357A5C41E5780D053903784C10797D417F90F941E362F3D3774E91BBB98E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................(................................................!.D..........Rich....................PE..d...%R.^.........." ........$............................................................`..........................................G.......G..d............`..d....................A...............................A...............@.. ............................text...s)......................... ..`.rdata..r....@......................@..@.data........P.......<..............@....pdata..d....`.......B..............@..@.gfids.......p.......F..............@..@.rsrc................H..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Crypto\Hash\_SHA256.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	22016
Entropy (8bit):	5.6246149737924
Encrypted:	false
SSDEEP:
MD5:	4C16BB062911F8D38D881022DBA921DC
SHA1:	FED09BCB06FA5BB604BFB81D4AECBD012548F5F9
SHA-256:	D72174D81EF9E6C8C9C2B2C9A0392E85195A1FDE81757A8FA61E7561B8689F84
SHA-512:	2CA19B324011F1957F2182B6D57A687CFF1805E94C27118452D7B579EA4DC9BDF2F409C03CB97B71E312593C41312BD278C25D52CAC1CF0EECC72CE79BA0D08D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................(................................................!.D..........Rich....................PE..d...%R.^.........." .....2...&............................................................`..........................................X.......Y..d............p.......................R...............................R...............P.. ............................text...c1.......2.................. ..`.rdata.."....P.......6..............@..@.data........`.......F..............@....pdata.......p.......L..............@..@.gfids...............P..............@..@.rsrc................R..............@..@.reloc...............T..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Crypto\Hash\_ghash_portable.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13824
Entropy (8bit):	4.8282939196820465
Encrypted:	false
SSDEEP:
MD5:	FDD4207EA3C8938D4C1150A9A15B5987
SHA1:	2F4B87A20474A825C5B4C45D0BEC15B1911F54CE
SHA-256:	F7CE5ED7D00BED3C9C9F41A75D616930BC06973A86F721AAEBE1529719C48A0F
SHA-512:	4B6D8B76EDBD4A4BB0B6E704C8EF58474975F4B2C09E7CA0364D40F154BA1E1D2511B5D4757071FBCB0B98F0A39DD182BC05EE1118DEB7FD8CE9F47428BD6FCB
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................<................................................!.P..........Rich....................PE..d...'R.^.........." ........."............................................................`..........................................6......H7..d....p.......P..@....................1...............................1...............0...............................text............................... ..`.rdata.......0......................@..@.data... ....@.......&..............@....pdata..@....P.......,..............@..@.gfids.......`.......0..............@..@.rsrc........p.......2..............@..@.reloc...............4..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Crypto\Protocol\_scrypt.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13312
Entropy (8bit):	4.759561699497299
Encrypted:	false
SSDEEP:
MD5:	2C9B60C7800D640DDBFA6F2AAD83C41E
SHA1:	4778DF5386FA9E676CEC84F6A144212323EB5817
SHA-256:	A6C6E4735CC74B83BB97A94452BCBDD46E825BA485D9AB5CF2F134E7ADDAA48F
SHA-512:	38E3993A4E63ABB47FBFD266925CA8C588F553CD46799910EA337D00B29240A412BF33FC5486760C3E4D87577D836BDF1B45395CDBA8FECC3BEC4DA92B2BF8B6
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!...@..@..@..8l.@.....@...(..@..@..@.....@.....@.....@......@......@..#...@......@..Rich.@..........PE..d...+R.^.........." ........."............................................................`..........................................6..t...T7..d....p.......P..@....................1...............................1...............0.. ............................text............................... ..`.rdata.......0......................@..@.data...p....@.......$..............@....pdata..@....P.......*..............@..@.gfids.......`......................@..@.rsrc........p.......0..............@..@.reloc...............2..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Crypto\Util\_cpuid_c.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	4.727397359928835
Encrypted:	false
SSDEEP:
MD5:	7178BF889C059DD34240C73A87D7E2C8
SHA1:	3C8A3BCD0C60C33B74719536B42323CB183BB05F
SHA-256:	04D50A58068B32790015186C55CC83D204DBFB94E245EAE131806576F2D4DA24
SHA-512:	15539B3EF516ECA7823884FFBCA61CB0CAC9143D9FF39778985D1E980DA0184F85C38EBD627935AA332C7F55E87216FF9040B21B61664F454DCE630621DD9E35
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.E...E...E...L..G...~...G.......F...E...e...~...G...~...O...~...L.......D.......D.......D.......D...RichE...........PE..d...)R.^.........." ......................................................................`..........................................%......\|&..P....`.......@...............p......p!...............................!............... ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....pdata.......@.......$..............@..@.gfids.......P.......&..............@..@.rsrc........`.......(..............@..@.reloc.......p.......*..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Crypto\Util\_strxor.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	4.687259301917375
Encrypted:	false
SSDEEP:
MD5:	C718722A0C7E48A91B492B604CA15125
SHA1:	6FA5B7DA8366BFD7AE575452D389D01BFA25E6B4
SHA-256:	248962DBFABFD47F79DF23F22754E6644404CCD10F152420A639DE12215A615F
SHA-512:	953AA4827746AD544E799976724F657A56337407BEBCC0C721B926CAA74FAE6BFC42ACBD194C4220F3E0E4EDC5E325674BE3F0773859F9ED40AD943A359058DD
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.E...E...E...L..G...~...G.......F...E...e...~...G...~...O...~...L.......D.......D.......D.......D...RichE...........PE..d...+R.^.........." ......................................................................`..........................................%......`&..P....`.......@...............p......p!...............................!............... ...............................text...c........................... ..`.rdata..b.... ......................@..@.data........0....... ..............@....pdata.......@.......$..............@..@.gfids.......P.......&..............@..@.rsrc........`.......(..............@..@.reloc.......p.......*..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Cryptodome\Cipher\_raw_aesni.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	5.167521512758171
Encrypted:	false
SSDEEP:
MD5:	E65879A935DE5D5DD415AA4AA4BAA0F3
SHA1:	C338A3D7B2111840CF77827759F1EA9FB54EFB53
SHA-256:	9992FA4B4720F7557D8CF6246FB296B39ABE6E22A781B88B75D8EFF34CC4B1A7
SHA-512:	73AD2C7A2C08485A947E3382003D0AE00BD96A98E3DE44D307E116889F874CC02BB4846DF5A9040AE73BBD35286BC51392298A7391D8E846FE1E663827AC898A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................x.......................................................!.............Rich....................PE..d....j.^.........." .........$............................................................`..........................................8.......8..d....p.......P.......................1...............................1...............0..0............................text............................... ..`.rdata..\....0......."..............@..@.data........@.......0..............@....pdata.......P.......6..............@..@.gfids.......`.......:..............@..@.rsrc........p.......<..............@..@.reloc...............>..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Cryptodome\Cipher\_raw_blowfish.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	19968
Entropy (8bit):	5.824269059450341
Encrypted:	false
SSDEEP:
MD5:	3DBB0F0322BD115D64F4378439DEC143
SHA1:	2A130D7980BB63C4BE4E1249979B3AC1F5826E5E
SHA-256:	6B899E850FCAB1C8074D19B6FF4D08D543FBC68A668B379115263F14114F1D48
SHA-512:	3C1C998E68ADCEAE68EB97D031306F9465AA017ADC4BAABE96A80F6EDD877BA96123D313FC790E9AFB740EACF6FB2F518BC2A16F591175564C28B009F225D9A1
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................... ................................................!.L..........Rich............PE..d....j.^.........." .........4............................................................`..........................................G......PH..d............`.................. ....A...............................B...............0...............................text............................... ..`.rdata.......0....... ..............@..@.data... ....P.......>..............@....pdata.......`.......D..............@..@.gfids.......p.......H..............@..@.rsrc................J..............@..@.reloc.. ............L..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Cryptodome\Cipher\_raw_cast.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	26624
Entropy (8bit):	6.396490110090226
Encrypted:	false
SSDEEP:
MD5:	1CF7D1AC56C8553F8EB3269F2965DF40
SHA1:	30784EFA82246928194A68096AF8F8963CF2A2F8
SHA-256:	57E8AD1345D3E36540C6A9B6395D8DC1468B882A1CEDAAAA287A8DC7A519A568
SHA-512:	0DD14F96E76ED3DF2B934204D02A10463F33188C7B7B1229E8F176386A6A1A68F7DC2751AE3E25502A20A327ADF701AB35327FE28E9A4BB562C4E97D8FE00615
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................<................................................!.P..........Rich....................PE..d....j.^.........." .....&...D............................................................`..........................................g.......h..d...............0............... ....a...............................a...............@...............................text...C$.......&.................. ..`.rdata...,...@.......*..............@..@.data........p.......X..............@....pdata..0............^..............@..@.gfids...............b..............@..@.rsrc................d..............@..@.reloc.. ............f..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Cryptodome\Cipher\_raw_cfb.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13824
Entropy (8bit):	4.658496034268565
Encrypted:	false
SSDEEP:
MD5:	481E98A50C05DEEDA2A1D2E44E1C510F
SHA1:	A003493C0787C8BB380E7987AFB6C003D708AF03
SHA-256:	BD62BEB7E2CE9D42908907E7B12B1BF74EA23D4E7F73AB9A695D69506A924746
SHA-512:	0D0BFA1BB9F17A7B0500B57FDB74CBF59C3EAC423593F4EEE0474149EF2A9C1CDF858DE2FA58B56E7EDB9BD0D33CB84198E0E20D63994BFB7E0B4F9CA6B009BA
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!a..@..@..@..8..@.....@...(..@..@..@.....@.....@.....@......@......@..#...@......@..Rich.@..........................PE..d....j.^.........." .........$............................................................`..........................................6.......7..d....p.......P..@....................1...............................1...............0..(............................text............................... ..`.rdata..$....0......................@..@.data........@.......&..............@....pdata..@....P.......,..............@..@.gfids.......`.......0..............@..@.rsrc........p.......2..............@..@.reloc...............4..............@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Cryptodome\Cipher\_raw_ctr.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	14336
Entropy (8bit):	4.825474062924337
Encrypted:	false
SSDEEP:
MD5:	0CA4BF944474EF356F1EB01703095AC5
SHA1:	6DFC3E9EE4CA0A1818A487E83E8661E2581CFFEE
SHA-256:	1150830809AB8912BBD36771A5CC10E22806BB6E80BC7EBA8E2B4B55450F6BB2
SHA-512:	012094B6BE85FF54C065522B5CB3DBAE0A8F3536544F9972DA32C767F713D010B2C56AA5CDD0A1265A18213174D0CD4D7AF028CD8E80E424B30CA975D1CA8698
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!A..@/.@/.@/.8..@/....@/..(..@/.@..@/..,.@/..*.@/..+.@/...'.@/.../.@/.#...@/...-.@/.Rich.@/.........PE..d....j.^.........." .........$............................................................`.........................................@7.......8..d....p.......P..p....................1...............................1...............0..0............................text............................... ..`.rdata.......0......................@..@.data...0....@.......(..............@....pdata..p....P......................@..@.gfids.......`.......2..............@..@.rsrc........p.......4..............@..@.reloc...............6..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Cryptodome\Cipher\_raw_des.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	54272
Entropy (8bit):	3.958714453934893
Encrypted:	false
SSDEEP:
MD5:	4625600D8C48387339A1D9067CE8E55D
SHA1:	E3CB9D219DAB8F04861205FF24421F74C55E6D52
SHA-256:	B71BB3CA6E4927DAD4D313785B04555E5E60EA96AE93E55FA7095E4D5C167635
SHA-512:	C9FFE89788CE4D84893F6863CC973C2BDFDDEAB0CD4D874A5CB3BBD4BCA2D78920F88A1EAA44BAC97016084FF88F1D7263A6B16A2F6501BA2CAA99B8E1B08DE1
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../../../..WR./..q../...G../../../..q../..q../..q../...q../...q../...q>./...q../..Rich./..........................PE..d....j.^.........." .....(...................................................0............`.........................................p...........d...............<............ .. ...................................0................@...............................text....&.......(.................. ..`.rdata..~....@.......,..............@..@.data...............................@....pdata..<...........................@..@.gfids..............................@..@.rsrc...............................@..@.reloc.. .... ......................@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Cryptodome\Cipher\_raw_des3.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	54272
Entropy (8bit):	3.9495226444320974
Encrypted:	false
SSDEEP:
MD5:	4483117C20D95C2379A74ED97DE7B360
SHA1:	E5CE9A04A72191E16FEA2F26B311086F9EF8942F
SHA-256:	58E9CC84C8E58F3EE340F5F8B8BCC07A2F5DC122462C37D0D9E1956B1695A910
SHA-512:	6F069C70E55CCF0E628B419ABD93902C4513A3021B59B8FD98936C625194011D21D3F90A6BA04C8C27E4C13A2123E71D2F68FD3F58AE5CEA3F9D86CBF2C279CB
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../../../..WR./..q../...G../../../..q../..q../..q../...q../...q../...q>./...q../..Rich./..........................PE..d....j.^.........." .....(...................................................0............`.........................................`...........d...............<............ .. ...................................0................@...............................text...s&.......(.................. ..`.rdata..v....@.......,..............@..@.data...............................@....pdata..<...........................@..@.gfids..............................@..@.rsrc...............................@..@.reloc.. .... ......................@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Cryptodome\Cipher\_raw_ecb.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	4.746003285347009
Encrypted:	false
SSDEEP:
MD5:	2070681F89E56EC025E9A3BA3C24B220
SHA1:	09A734A9D6E3A29295D44D28A989916FA3542333
SHA-256:	428462EAD40E8263BEFD401D254E527A31220753DB7A28D4A33AABD217F803D1
SHA-512:	FF4A3B38611904CDF1772F45F1E7E161FA81E28B88C98E85366DC339E745DD506F6E58FDEF25BD2AEF045F97D0927B97AACE9487E9CD8AABB274A0CA6B1877DD
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.E...E...E...L..G...~...G.......F...E...e...~...G...~...O...~...L.......D.......D.......D.......D...RichE...........PE..d....j.^.........." ......................................................................`..........................................%.......&..P....`.......@...............p......p!...............................!............... ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....pdata.......@.......$..............@..@.gfids.......P.......&..............@..@.rsrc........`.......(..............@..@.reloc.......p.......*..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Cryptodome\Cipher\_raw_ocb.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	15360
Entropy (8bit):	4.933726126744446
Encrypted:	false
SSDEEP:
MD5:	67E76858404F4343DC9936C8C10B06BB
SHA1:	EF5C6AC6FBF5A5C9FA479AB608FADFF43E9EA695
SHA-256:	2F2DE0D09731BC400728A787CAA408670A20AA8D5C6D52077E6C9E8C4607403D
SHA-512:	9F69AE8FA3F8CE352D5E788FCDB23702ECEA113B1DD2385B5CD425CE5FD94D350EC664EC5690B4DB791F57398EA641F12CC220E40D69FDE59F102107E68CD7F6
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................(................................................!.D..........Rich....................PE..d....j.^.........." .........$............................................................`..........................................7.......8..d....p.......P.......................1...............................1...............0.. ............................text............................... ..`.rdata.......0......................@..@.data...@....@.......,..............@....pdata.......P.......2..............@..@.gfids.......`.......6..............@..@.rsrc........p.......8..............@..@.reloc...............:..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Cryptodome\Cipher\_raw_ofb.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	4.843432695319185
Encrypted:	false
SSDEEP:
MD5:	853547B7917AD381CF76AD17D6A78C74
SHA1:	3B72E78E1FCFA957B96D3445803B5A70D8FE45E0
SHA-256:	D2534EAB37062201DFF6F286B39C2FF2F1AC26B7AAC273F570FA36F4955424E1
SHA-512:	8CB46A3908FA016A401807DAE3E35E61DFA79A37EC4D1CE71EF84CBAD1E31325D6313390A017C543F2C1477A253098F9C156B2984506D935B283C0DCCE6A385A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................... ................................................!.L..........Rich............PE..d....j.^.........." ......... ............................................................`..........................................6......H7..d....p.......P..(....................1...............................1...............0...............................text............................... ..`.rdata.......0......................@..@.data........@......."..............@....pdata..(....P.......&..............@..@.gfids.......`.......*..............@..@.rsrc........p.......,..............@..@.reloc..............................@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Cryptodome\Hash\_BLAKE2s.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	15872
Entropy (8bit):	5.038997702046557
Encrypted:	false
SSDEEP:
MD5:	64B2B0AE155702D6C55F0531AB399778
SHA1:	840C660E61127199A093559A3964A1A6D46195F0
SHA-256:	16F1C31B2E6DEACFD40D329E2A81DC29015A5C8DD66E748B8EDF3CD272150966
SHA-512:	C1AAD6A7E1E89A3E6D29D915AA838F8EEE9BC5EEFD4CED7BD74A20A78C594C748D53D8DBD06C546C489E319C71F6858AF6A12FAD01C4F3905C05B35B592C87E9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................... ................................................!.L..........Rich............PE..d....j.^.........." .........$............................................................`......................................... 8.......8..d....p.......P......................p2...............................2...............0...............................text............................... ..`.rdata..n....0....... ..............@..@.data... ....@......................@....pdata.......P.......4..............@..@.gfids.......`.......8..............@..@.rsrc........p.......:..............@..@.reloc...............<..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Cryptodome\Hash\_MD5.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	16896
Entropy (8bit):	5.277310484431663
Encrypted:	false
SSDEEP:
MD5:	F15B47D73B858114B3EECEDB6F8E033C
SHA1:	77ECEA423D71FF3E687C8804C3257983DAB87276
SHA-256:	7F37847AF968EAA2266C5A65FEB92508B1F2CF4CE6BC5D5380E4C046E9409795
SHA-512:	DB063A0756A3E53DD489BF60766467A95424E9E2EAFAC7B5FAFED23BE850508C20CC7C2D795B1FB6A3317668533AE5F065C82A24E929D20BFB2AA610711E55D9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................(................................................!.D..........Rich....................PE..d....j.^.........." ..... ...$............................................................`..........................................6.......7..d....p.......P..d....................1...............................1...............0.. ............................text............ .................. ..`.rdata..Z....0.......$..............@..@.data........@.......2..............@....pdata..d....P.......8..............@..@.gfids.......`.......<..............@..@.rsrc........p.......>..............@..@.reloc...............@..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Cryptodome\Hash\_SHA1.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	19456
Entropy (8bit):	5.463601696298073
Encrypted:	false
SSDEEP:
MD5:	065A2C1AED8862511CAD7D8CFADBF2AA
SHA1:	57FF41C4D590B795F10A3E15CD9B57C29B91A6E6
SHA-256:	54BE53D0406A8E7CF8813FD2E18E5255BB81D71C4BE3E93EAC9CCF5A8F347C44
SHA-512:	E7749F79841BA0FB3F3AF43117ED855D272F54EBD0555B192AF61ACA1F2E660EA1B1CA57A2766B1D3611C9CCBABF3F4EA29EE22B69D9BCDCDBABDEE7F770070C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................(................................................!.D..........Rich....................PE..d....j.^.........." ........$............................................................`..........................................G.......G..d............`..d....................A...............................A...............@.. ............................text...s)......................... ..`.rdata..r....@......................@..@.data........P.......<..............@....pdata..d....`.......B..............@..@.gfids.......p.......F..............@..@.rsrc................H..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Cryptodome\Hash\_SHA256.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	22016
Entropy (8bit):	5.625142174427415
Encrypted:	false
SSDEEP:
MD5:	49E7A1884B2BCD44348309434975FA22
SHA1:	9B8FAE57DD897C89D4B2B02D9877012CC8323BE4
SHA-256:	8B26F5AEFF94FA14D889DD5F4BFF4769147670D3D40993E7F6F4D939B9D6877D
SHA-512:	E1F7AEF775D62DFC89313CDC0854AD7814A6713E6844F1D9B9FE866595E073BA75DDE4D001D939464B4476B0491C515318034B29F34ACD2CB8CD81E32F9D6928
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................(................................................!.D..........Rich....................PE..d....j.^.........." .....2...&............................................................`..........................................X.......Y..d............p.......................R...............................R...............P.. ............................text...c1.......2.................. ..`.rdata.."....P.......6..............@..@.data........`.......F..............@....pdata.......p.......L..............@..@.gfids...............P..............@..@.rsrc................R..............@..@.reloc...............T..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Cryptodome\Hash\_ghash_portable.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13824
Entropy (8bit):	4.82889992935088
Encrypted:	false
SSDEEP:
MD5:	5B710142D48D722093B4606839101C09
SHA1:	0BC9479764A42BEBA5E5C17BDD9B90DAF9FA55F1
SHA-256:	BF7DBA6921E7A701888E048E292611EB2373B2F824DD21486523F52E400DD3D9
SHA-512:	82F87CE3031FC218AEDCC5BD7F2B2086FCF0E34EAD08A5BFF771EF7260D36EE726D2004490942A7718B727C28FBEBC389CF2B44D77711C98A0317CEBD7F67628
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................<................................................!.P..........Rich....................PE..d....j.^.........." ........."............................................................`..........................................6......H7..d....p.......P..@....................1...............................1...............0...............................text............................... ..`.rdata.......0......................@..@.data... ....@.......&..............@....pdata..@....P.......,..............@..@.gfids.......`.......0..............@..@.rsrc........p.......2..............@..@.reloc...............4..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Cryptodome\Protocol\_scrypt.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13312
Entropy (8bit):	4.759873868490212
Encrypted:	false
SSDEEP:
MD5:	6CEADBE7E509BE3584CE4564D2D10E66
SHA1:	4B6BF5C8997054EBCEE27E55AECC2CA3065C8C15
SHA-256:	4F27ACE66C537D25E396E942CAE547B441EE7CBEE24C15C3AF986253F88906C4
SHA-512:	9E55B5C3447124C8AEC31C7B4EBA8658958225B8275B2F3B82E220D2E2B0D7C566E16547B60247C65A482D634B5CA4D663ADA88A565D5BD59E3997FFF3531119
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!...@..@..@..8l.@.....@...(..@..@..@.....@.....@.....@......@......@..#...@......@..Rich.@..........PE..d....j.^.........." ........."............................................................`..........................................6..t...T7..d....p.......P..@....................1...............................1...............0.. ............................text............................... ..`.rdata.......0......................@..@.data...p....@.......$..............@....pdata..@....P.......*..............@..@.gfids.......`......................@..@.rsrc........p.......0..............@..@.reloc...............2..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Cryptodome\Util\_cpuid_c.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	4.72863875034582
Encrypted:	false
SSDEEP:
MD5:	2AC15B9CD36B627FDD09D3965E976B9D
SHA1:	8465BEF36F62CAEEB5A9CC8A6AC71A4DD91B9007
SHA-256:	6A86883A374869E00FBCD8328363C0FAD60D8E0A9591D22CB9DDB84F0E35ACFF
SHA-512:	D40CEE6F007AF971FE848DE22061D48D06B1A0523CCD0DB26A8FE64BA3F458F746D95675C84A8706C77D64C8E4AFB822926645B55C9B898273DDED30C1DFAF93
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.E...E...E...L..G...~...G.......F...E...e...~...G...~...O...~...L.......D.......D.......D.......D...RichE...........PE..d....j.^.........." ......................................................................`..........................................%......\|&..P....`.......@...............p......p!...............................!............... ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....pdata.......@.......$..............@..@.gfids.......P.......&..............@..@.rsrc........`.......(..............@..@.reloc.......p.......*..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\Cryptodome\Util\_strxor.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	4.687943701724495
Encrypted:	false
SSDEEP:
MD5:	AF386C92A57ACED282A186788C12FA30
SHA1:	BFA4E1635474702ED21AFB962ED154D50904A73A
SHA-256:	90200573CAD056F89480C6E3DFB1F0A5600A3A79F4FD4C71C24CD99B693F0A9E
SHA-512:	0E8E680DE4E6B5095A88A27656980FA6C109AE51F8A2BD3278A399EE6ABBD3E6828448B99DA641F9857C2393890DC3AC65F52677ADFA7D3635F1A92B28ED4FE0
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.E...E...E...L..G...~...G.......F...E...e...~...G...~...O...~...L.......D.......D.......D.......D...RichE...........PE..d....j.^.........." ......................................................................`..........................................%......`&..P....`.......@...............p......p!...............................!............... ...............................text...c........................... ..`.rdata..b.... ......................@..@.data........0....... ..............@....pdata.......@.......$..............@..@.gfids.......P.......&..............@..@.rsrc........`.......(..............@..@.reloc.......p.......*..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\_asyncio.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	63504
Entropy (8bit):	5.880463890261539
Encrypted:	false
SSDEEP:
MD5:	8CF9A316051BFC50F6DC343128B9C4E0
SHA1:	3659BA74D2BC5B7D7EE806B95AF71EC4DEC76C13
SHA-256:	F934719BEA056A98446E786DE88CDA8F76AFE9A29E67121950B17CAAFC2799C8
SHA-512:	AD0E1FBF6744AE6D58768301E5DDC93EB2BF24F33BC49588097A03AF915D51B296D815A36D9EEFD671701289802075B1C850E8A5F4F453A81F0D53B28E65D6AE
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................x.....2.......2.......2.......2.......}..................H...}.......}.......}.......}.......Rich....................PE..d....ok_.........." .....\................................................... ......&a....`.........................................@...P.......d...............................\|....v..T............................v..0............p..0............................text...hZ.......\.................. ..`.rdata..xI...p...J...`..............@..@.data...( ..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..\|...........................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\_bz2.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	86032
Entropy (8bit):	6.389278256209014
Encrypted:	false
SSDEEP:
MD5:	B89B6C064CD8241AE12ADDB7F376CAB2
SHA1:	29E86A1DF404C442E14344042D39A98DD15425F7
SHA-256:	0563DF6E938B836F817C49E0CF9828CC251B2092A84273152EA5A7C537C03BEB
SHA-512:	F87B1C6D90CFB01316A17AD37F27287D5EF4FF3A0F7FD25303203EA7C7FA1ED12C1AEF486DC9BBB8B4D527F37E771B950FA5142B2BAC01F52AFBFDBF7A77111D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y.8.8.k.8.k.8.k.@ k.8.k.H.j.8.km.tk.8.k.H.j.8.k.H.j.8.k.H.j.8.kDI.j.8.k.P.j.8.k.8.k.8.kDI.j.8.kDI.j.8.kDILk.8.kDI.j.8.kRich.8.k................PE..d....pk_.........." .........h...............................................p.......j....`.........................................0...H...x........P.......@..4....6.......`..........T...............................0...............H............................text............................... ..`.rdata..rB.......D..................@..@.data........0......................@....pdata..4....@......................@..@.rsrc........P.......(..............@..@.reloc.......`.......4..............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\_ctypes.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	125968
Entropy (8bit):	5.90596134783906
Encrypted:	false
SSDEEP:
MD5:	4D13A7B3ECC8C7DC96A0424C465D7251
SHA1:	0C72F7259AC9108D956AEDE40B6FCDF3A3943CB5
SHA-256:	2995EF03E784C68649FA7898979CBB2C1737F691348FAE15F325D9FC524DF8ED
SHA-512:	68FF7C421007D63A970269089AFB39C949D6CF9F4D56AFF7E4E0B88D3C43CFAA352364C5326523386C00727CC36E64274A51B5DBB3A343B16201CF5FC264FEC8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9...W...W...W......W...V...W...R...W...S...W...T...W.A.V...W...S...W...V...W.l.V...W...V...W.A.Z...W.A.W...W.A.....W.A.U...W.Rich..W.........PE..d....ok_.........." .................]....................................................`..........................................r......ts..................p...................l-..T............................-..0............ ..p............................text...M........................... ..`.rdata...n... ...p..................@..@.data....>.......:...v..............@....pdata..p...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\_decimal.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	267792
Entropy (8bit):	6.511577028180732
Encrypted:	false
SSDEEP:
MD5:	3E9395DC60B342FA529C2C805369977D
SHA1:	174286C9C838D1983F13047E0BFA7D611259DAA9
SHA-256:	9EBBF65D4F40D392B70631B6B5BF4C6384FA40BA7647C618F2832C874B7E7516
SHA-512:	4768F06E00F0DF59168D776DDE837156CB030E0635D10067AA83171F91C93D158D72084AF1E2E914ED75B1D885B752290582980DA468A4D3CF07EBCB1A02E4C1
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\di..............}.......u.......u.......u.......u.......t......Cm...............t.......t.......t.......t.......t......Rich............................PE..d....ok_.........." .........H......D........................................0.......G....`.............................................P...P....................+........... ..\.......T...........................0...0...............(............................text............................... ..`.rdata..<...........................@..@.data...H*.......$..................@....pdata...+.......,..................@..@.rsrc...............................@..@.reloc..\.... ......................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\_elementtree.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	177168
Entropy (8bit):	6.329511373202548
Encrypted:	false
SSDEEP:
MD5:	7E0CB089E82FBBBEA649839C8DE6D939
SHA1:	C3AF306C3427FDEDE4099682D12442055F68952E
SHA-256:	B65E87BCEF572B2B980FCC5D2E385D8632B274358E2CA28B2B1B65704E36765D
SHA-512:	0966B775A0E87675EB8D740949AFAA8BB8D5C46A61D5823F02492FB76FF423E37B28200863C03CC4B98BB6FF7E4FA1F55CA052D7883E0B787CD3B9C6B946A7EE
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........MA...A...A...H.D.M.......C.......J.......I.......B.......C.......B...A..........E.......@.....(.@.......@...RichA...........................PE..d....ok_.........." ......................................................................`..........................................V..X...(W..................`...............d.......T...............................0...............H............................text...W........................... ..`.rdata...z.......\|..................@..@.data........p.......`..............@....pdata..`............r..............@..@.rsrc...............................@..@.reloc..d...........................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\_hashlib.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	46096
Entropy (8bit):	5.948638744670222
Encrypted:	false
SSDEEP:
MD5:	496CDE3C381C8E33186354631DFAD0F1
SHA1:	CBDB280ECB54469FD1987B9EFF666D519E20249F
SHA-256:	F9548E3B71764AC99EFB988E4DAAC249E300EB629C58D2A341B753299180C679
SHA-512:	F7245EB24F2B6D8BC22F876D6ABB90E77DB46BF0E5AB367F2E02E4CA936C898A5A14D843235ADC5502F6D74715DA0B93D86222E8DEC592AE41AB59D56432BF4F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4...4...4...=.E.0......6......?......<......7.....6...o...6.....7...4...E.....5.....5...).5.....5...Rich4...........PE..d....pk_.........." .....@...\.......1....................................................`..........................................v..P....v......................................4X..T............................X..0............P...............................text....>.......@.................. ..`.rdata..D4...P...6...D..............@..@.data...h............z..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\_lzma.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	161808
Entropy (8bit):	6.773094570512468
Encrypted:	false
SSDEEP:
MD5:	6E396653552D446C8114E98E5E195D09
SHA1:	C1F760617F7F640D6F84074D6D5218D5A338A6EC
SHA-256:	5DDBA137DB772B61D4765C45B6156B2EE33A1771DDD52DD55B0EF592535785CF
SHA-512:	C4BF2C4C51350B9142DA3FAEADF72F94994E614F9E43E3C2A1675AA128C6E7F1212FD388A71124971648488BB718CA9B66452E5D0D0B840A0979DF7146ED7AE5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................../....v......v......v......v......9..................9......9......9.C....9......Rich...........PE..d....pk_.........." .....z...........3.............................................._*....`..........................................6..L....6..x............`.......^..........0.......T...........................p...0...............0............................text....y.......z.................. ..`.rdata..............~..............@..@.data........P.......2..............@....pdata.......`.......:..............@..@.rsrc................P..............@..@.reloc..0............\..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\_msi.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	38928
Entropy (8bit):	5.872661864111929
Encrypted:	false
SSDEEP:
MD5:	099CF66C48FB6EB1625AF172A8E2DD01
SHA1:	3562DDD967AED62AE28BFEA3AEBBCA50C38DDBF5
SHA-256:	5BA219D782499C60AD7E3534F3EE4CC5007ED0789BB9542862156753580BB2A6
SHA-512:	67047DD484A0043CE49BC26D6EEC179FAC99AA02E45299B7C0F9A02A93D1C058992B0AA60A0C5AE594DEF134F98227B3AB0618374A33E054C494772A9C9BD937
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..zi..)i..)i..)`.4)c..)...(k..)...(b..)...(a..)...(j..)...(k..)2.(b..)i..)...)...(h..)...(h..)..X)h..)...(h..)Richi..)................PE..d....ok_.........." .....2...N......h0..............................................\a....`..........................................k..H....k.......................~...............b..T...........................`b..0............P...............................text...X1.......2.................. ..`.rdata...(...P...(...6..............@..@.data................^..............@....pdata...............j..............@..@.rsrc................p..............@..@.reloc...............\|..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\_multiprocessing.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	29200
Entropy (8bit):	5.977323521819293
Encrypted:	false
SSDEEP:
MD5:	FF89379AF2476DF84439CA80CA57D703
SHA1:	CC684C4599A0AD8F6AF5957CF92D1D976D3E6D1D
SHA-256:	307BD91486B07AD315792CDE26FE6BD8D70D3EC7CB4BAEBE1D24F4B741F7FC5C
SHA-512:	FD97FAC721912B3BB2D501B16E6C5873F950F3CF7BAFCDD8B77E9F61BCDF7F27F84CC1C4A39BE0B62B84E1EDD505F9C77878CCF5DE533877E1C43669FCB3ABD7
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......4:J.p[$.p[$.p[$.y#..r[$..+%.r[$..+!.{[$..+ .x[$..+'.s[$..%.r[$.+3%.u[$.p[%.%[$..).r[$..$.q[$....q[$..&.q[$.Richp[$.........PE..d....ok_.........." ..... ...:......X....................................................`..........................................@..`....A..x....p.. ....`.......X...............3..T........................... 4..0............0...............................text............ .................. ..`.rdata..T....0.......$..............@..@.data...h....P.......@..............@....pdata.......`.......F..............@..@.rsrc... ....p.......J..............@..@.reloc...............V..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\_overlapped.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	45584
Entropy (8bit):	6.029332140856522
Encrypted:	false
SSDEEP:
MD5:	724C5F1347A77318BDFA4942A71FFDFD
SHA1:	A284EECA1D336E9148DE2A69D3728971B6CFA43E
SHA-256:	03EF0F32653E78901649B3207340C914786E0455369412CA160D76F553F81FAA
SHA-512:	21463A489524EAE93C4B734A56E07096A5620E48946D6C459E0AC5E451BF397130F022E4C5D8E26A5A9880D250A5D7EE0E4F508D66A174EFB08D870C62A2D497
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P.................l.........................................O.......O...........`...................................Rich............................PE..d....ok_.........." .....@...Z......h.....................................................`..........................................w..X...hw......................................`W..T............................W..0............P...............................text....?.......@.................. ..`.rdata...4...P...6...D..............@..@.data...`............z..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\_queue.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	28176
Entropy (8bit):	6.042656674077241
Encrypted:	false
SSDEEP:
MD5:	1707A6AEEB0278EE445E86EE4354C86C
SHA1:	50C30823B1DC995A03F5989C774D6541E5EAAEF9
SHA-256:	DD8C39FF48DE02F3F74256A61BF3D9D7E411C051DD4205CA51446B909458F0CD
SHA-512:	404B99B8C70DE1D5E6A4F747DF44F514A4B6480B6C30B468F35E9E0257FD75C1A480641BC88180F6EB50F0BD96BDCAFB65BB25364C0757A6E601090AE5989838
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................\|.....2.......2.......2.......2.......}.....................}.......}.......}.......}.......Rich............PE..d....ok_.........." .........8.......................................................o....`..........................................B..L....B..d....p.......`.......T..........x...L3..T............................3..0............0..8............................text...t........................... ..`.rdata..j....0......."..............@..@.data........P.......>..............@....pdata.......`.......B..............@..@.rsrc........p.......F..............@..@.reloc..x............R..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\_socket.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	78864
Entropy (8bit):	6.066137618869659
Encrypted:	false
SSDEEP:
MD5:	EB974AEDA30D7478BB800BB4C5FBC0A2
SHA1:	C5B7BC326BD003D42BCF620D657CAC3F46F9D566
SHA-256:	1DB7B4F6AE31C4D35EF874EB328F735C96A2457677A3119E9544EE2A79BC1016
SHA-512:	F9EEA3636371BA508D563CF21541A21879CE50A5666E419ECFD74255C8DECC3AE5E2CEB4A8F066AE519101DD71A116335A359E3343E8B2FF3884812099AE9B1B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........o....................N.......N.......N.......N..............................................................Rich....................PE..d....pk_.........." .....x..........(........................................`......R]....`.........................................0...P............@.......0.. ............P..........T...........................`...0............................................text...hv.......x.................. ..`.rdata...v.......x...\|..............@..@.data...............................@....pdata.. ....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\_sqlite3.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	87568
Entropy (8bit):	5.897786544791193
Encrypted:	false
SSDEEP:
MD5:	7F184284E7786226D3B1DE5F02338A48
SHA1:	B5B8D1A23780DABE32E994A6A7B348FC56F97C43
SHA-256:	17FB342ECDACB63160576DEC824C9F627ED06A6BA58236110620AFAEACB45BB5
SHA-512:	C3794F8E0EACAA98C756BC6F0AB7EE39CCDC228691298C9B5D14ED834EC06F408D86031BCD62CFFB02E349706FEE8763CA24D39B13CF7A8FEEFACC25AAB9ED46
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J...+~[.+~[.+~[.S.[.+~[.[.Z.+~[x..[.+~[.[{Z.+~[.[zZ.+~[.[}Z.+~[QZ.Z.+~[.C.Z.+~[.+.[.+~[QZsZ.+~[QZ~Z.+~[QZ.[.+~[QZ\|Z.+~[Rich.+~[........................PE..d....pk_.........." .................y.......................................p...........`.............................................P... ........P.......@.......<.......`..d.......T........................... ...0...............H............................text............................... ..`.rdata...c.......d..................@..@.data........ ......................@....pdata.......@......................@..@.rsrc........P.......,..............@..@.reloc..d....`.......8..............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\_ssl.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	153616
Entropy (8bit):	5.896409456338409
Encrypted:	false
SSDEEP:
MD5:	FEFBB91866778278460E16E44CFB8151
SHA1:	53890F03A999078B70B921B104DF198F2F481A7C
SHA-256:	8A10B301294A35BC3A96A59CA434A628753A13D26DE7C7CB51D37CF96C3BDBB5
SHA-512:	449B5F0C089626DB1824EBE405B97A67B073EA7CE22CEE72AA3B2490136B3B6218E9F15D71DA6FD32FBA090255D3A0BA0E77A36C1F8B8BEA45F6BE95A91E388D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d..m.J.b.....f.....h.....l.....g....f.....`..?..c..d.......f....e...&.e....e..Richd..........PE..d....pk_.........." .........................................................p......[.....`............................................d...T........P.......@.......>.......`..........T...............................0............................................text...}........................... ..`.rdata..L...........................@..@.data....k.......f..................@....pdata.......@......................@..@.rsrc........P.......$..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\_tkinter.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	64016
Entropy (8bit):	6.032207270052518
Encrypted:	false
SSDEEP:
MD5:	1C6AFD9052929F700806E2C6407B47D5
SHA1:	3A53CC3C1C8A5F08D502B471CC2B43904A1A99BB
SHA-256:	C7A385B97218DFAFE81B5ECD249A5F7031C258A4F36A5C9EFF7CF1E6203D148E
SHA-512:	72AA844F3020FA4B0874A5A2F995B83523F44451DB817AFB25132F2FC02414152C9F78236CB8E30C203CF50EA0F5C760A66D8E8B2019244944E0D3F53B69D517
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E./...AG..AG..AG...G..AG..@F..AG..DF..AG..EF..AG..BF..AG..@F..AGZ.@F..AGm.@F..AG..@G..AG..LF..AG..AF..AG...G..AG..CF..AGRich..AG........................PE..d....pk_.........." .....v...l............................................... ............`.............................................P...................................... .......T...........................`...0............................................text....u.......v.................. ..`.rdata...B.......D...z..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\_win32sysloader.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	4.971871688889933
Encrypted:	false
SSDEEP:
MD5:	9D5AB1022F291222D4E8EEC7DD946915
SHA1:	62704C28BEE69394BAB4C250FDDEEB54895C2E75
SHA-256:	65385AA62B0F1BF9D59B3FB5E601A74BBD170EEBF4ED7BE15159589DBB21614F
SHA-512:	6F3EADC34C1D1570DBFB48BFB7226DD597BD2964C905C327B2F8390AEA30A007E76EF8E73E7E188FF14E02E6552DBC3A09744B5EAEAE88499A7B8DA3F7D094A2
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H...&...&...&......&...'...&..&...&...%...&...#...&..."...&..'...&...'...&...#...&...&...&...$...&.Rich..&.........PE..d...C..^.........." ..........................;...........................................`..........................................7..]...P8..d............P...............p..0...P2..T............................2...............0..H............................text...c........................... ..`.rdata.......0......................@..@.data........@.......$..............@....pdata.......P.......&..............@..@.gfids.......`.......(..............@..@.reloc..0....p.......*..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-core-console-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12440
Entropy (8bit):	6.612481819514475
Encrypted:	false
SSDEEP:
MD5:	3B3C26D2247B0A2928F643FDA76264B1
SHA1:	06D8D10EA6B23F886C832DF4FE1122130E71BB22
SHA-256:	258AC28B71532D6F9419EDCE72961E2B9644B0F92DE5CE002801CC9C3CAF442E
SHA-512:	5B6DFC3FB97A4A2E906739531B6D3D066D9F12EAB67D5051DBB99B260A2A51E5CA19BA449B8FD901FC1034FD2402DDFA2C87FD2AC6DC3E7BDD4E929D8426A0CC
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................" .........................................................0.......m....`.........................................`...,............ ..................."..............T............................................................................rdata..P...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-core-datetime-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11928
Entropy (8bit):	6.617404906984193
Encrypted:	false
SSDEEP:
MD5:	5F1E568D0CDCF0D5D4F52FD2E8690B4A
SHA1:	D582714273B6254249CF0BFC8EC41272ECA2BC29
SHA-256:	ED94F413F576835ACF4DADE22EAD7E764DD2F0242581090E3A2424452B49B9FE
SHA-512:	D283D739210AB29802C9DF8588A5E0188DD3FD3A3061ED0AA5B5B3633E686A66AC9AA0C6FD7BFA696AF7FF16DA1F870B775A3A44C3A015F33A3DD83A56CFC42D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d......P.........." .........................................................0......".....`.........................................`................ ..................."..............T............................................................................rdata..4...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-core-debug-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11928
Entropy (8bit):	6.6200656148778965
Encrypted:	false
SSDEEP:
MD5:	D85B98D1E5746F36E8AFB027756547CF
SHA1:	91EF9250155D7685C5730C73C1A2DE361E9BA772
SHA-256:	143C8BCC6AB0D6AFA1DC03996B5256A6BCCB3442DC4FF3182404FDE8172DE4B6
SHA-512:	6D1B507613CE85DEDDDB5D61A0EA3B926B79443C5688FE0CE9283FFAE7FF27AF93C418EC3B086F3A84E574AFCC3A1170D0AB1D8B4D5976A71AF79BBD351D7CAA
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....m..........." .........................................................0...........`.........................................`................ ..................."..............T............................................................................rdata..@...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-core-errorhandling-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11952
Entropy (8bit):	6.682485653961111
Encrypted:	false
SSDEEP:
MD5:	1CA45137E611548C8D090EBAA178D462
SHA1:	EE84CB3D6AD1E6180A6825D9D293E7C9418C7153
SHA-256:	3C186AFD5CF0E4314D0E15BD55832E976368D162331D5CB065FE890B88C9CFBD
SHA-512:	139349C90590D17A73D0DCA3BCB72FEBAEA1A8CF2A4DA24716DCFBAACDF6C85260C5E792BB04F923975E918163A46524EBEED1F2F02494D9F271D73F8B558BB8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...}............" .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-core-file-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	15512
Entropy (8bit):	6.570723113745359
Encrypted:	false
SSDEEP:
MD5:	EB5E7AFFE24AB532089733F8B708A1FF
SHA1:	F3B1F20D29D8B38D8C47CF66C75D650C5B855738
SHA-256:	17AD72ADBEF247080DD456BB54F11BC782801381FC2AA2ABE005CCA9DB6254C0
SHA-512:	69C148749F9B1729187C3D39D2D00BA952D22163AE393716B2096A869A97EAD4CFED8EDDE303CC65C13CB30D6E44FCB2E4CB896B03DC14AAC7CB49958A23E699
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...V4E@.........." .........................................................@......3.....`.........................................`................0..................."..............T............................................................................rdata..(...........................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-core-file-l1-2-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11928
Entropy (8bit):	6.64045283725903
Encrypted:	false
SSDEEP:
MD5:	A8B0327931FD2C863693634B3081E6A0
SHA1:	D66CD78C124E931667B6079D5BC5ADF55A644293
SHA-256:	1FA836B3704B29E7AD1EA1B0B457F62AAE4435C6A1D745707631552A2F83D5F6
SHA-512:	1B8331AC9B17D3553A5C7B4572F826BB232B339C28F6C9A31A870097C7612587CD1DBE59FE294501CE11CF5BBA973D83784108309617B6F7104F2AAE8F723961
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...b..-.........." .........................................................0......i_....`.........................................`...L............ ..................."..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-core-file-l2-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11928
Entropy (8bit):	6.742169492173527
Encrypted:	false
SSDEEP:
MD5:	EB4C279C8386D4F30AAB6D76FEEC3E5A
SHA1:	0C611E8F56591F64841B846DF7D5C07FD75B55A4
SHA-256:	56BC7D3DD48D9CB209195F71BE67D0A90CA929A8D4E6AE5A481F3AB0345DA294
SHA-512:	1869B0C843DF05BA849E79AA15B25855AA5C2C2E5A932C0DE650B83C8ABE2371585731B0213061B8F4D781A87B352AD3A09BF8555FCF0F9422A0BCC1A9062781
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....j............" .........................................................0......#.....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-core-handle-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11712
Entropy (8bit):	6.632071635532418
Encrypted:	false
SSDEEP:
MD5:	CEF770449597EE64EED064E5EDF3F76B
SHA1:	F759143F09F539E032A680B376F7362610215FE3
SHA-256:	2B52BF5A8C0BC2E93CEBCCE597C6693A118667E9F16836E65D8B166D33D33F49
SHA-512:	F899E00AE697C44C8B127DAB548C25181E2772A9CB80E6887ED2435BE7A03A51D2E77820456E984921B0252D77F0FECB7B1C5B08615B49E3C08D531A09C67279
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....]............" .........................................................0............`.........................................`...`............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-core-libraryloader-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12952
Entropy (8bit):	6.609470638355565
Encrypted:	false
SSDEEP:
MD5:	7672F7AF6DF502BDA30F98005487E24C
SHA1:	D49003F56BD5D19FF265DAB88FCF9D1BBD145A31
SHA-256:	52A11CA57D562EE1CFBB7D6C26253CBD67A39B55BF1A56CD0F9332136986E8CC
SHA-512:	0EE52BF600F70E16006AB159D4B3EA50241941FE9DC8031A78C8F0797374F6AE221ECB4BE9789AE0B29FC1B8313951A79886B44B51CB6387E79059ACC2E1E3C0
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...{!H..........." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..D...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-core-localization-l1-2-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	14488
Entropy (8bit):	6.677288278552557
Encrypted:	false
SSDEEP:
MD5:	A94626CBC9C0E1B62619A8CF49504FF8
SHA1:	047E2B1F21F1258242238043143F1D892538BBC3
SHA-256:	A36792281C0AAAB929635BB1F40EE3627225E7E35E6A199C188F3F782C7E6C27
SHA-512:	B208602F33F02C92DF718E4C009E6E8055E538C9451EF6F9682CE21DB5258D799C09F689AAE2879470A934B60B4F3D44EA82704933FA40F2FF408CF42BD1C534
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...C............." .........................................................0.......+....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-core-memory-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.6491678059596415
Encrypted:	false
SSDEEP:
MD5:	130B06C83791D63B703D54291B69C789
SHA1:	314E29B408A93343FA8E0666EB0D128E8E2F83AC
SHA-256:	BBF2556EFF6F0BC6A11D73821ACA2C14D5C8235143CEEB16B55B47EEE453F179
SHA-512:	46A513A466A43ED1581A4406795BCF79576E731FC486D0B055BE2F75CD6B9E5F6221BC76873941B8C8418EBAE4AAACD7F689C3A01B2F42D89BECA55406184837
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...G..[.........." .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-core-namedpipe-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11920
Entropy (8bit):	6.744796606383434
Encrypted:	false
SSDEEP:
MD5:	EAD87C06066422461368FA5DC07BE9C0
SHA1:	3009D09B9727DF50E586217E98EDCDA9F46A7B30
SHA-256:	B39D21F236D903C34770D50DA02C14E8D226E695138F3F6ACE4EAE11B6D6796D
SHA-512:	4F1EABC514B18B5704F90F87A7D0231CE47E9125C7F490570699519D5EE70CDFBBA067AB67C6D9878A86129181367E55FADA55A377EFC6873AFCCC40763459EA
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d......D.........." .........................................................0............`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-core-processthreads-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	14280
Entropy (8bit):	6.520616618522882
Encrypted:	false
SSDEEP:
MD5:	E345E6656AEAC37C80A404F032BA550B
SHA1:	371EAEEB74227DD2E7B1BCF36E7AA2CDE446A0AA
SHA-256:	31FD144DC063F7FAC651147F0C3826FB0B33CA8028BD4F70A78D63CFB53D81A8
SHA-512:	6AF30635D25BA9552498E78EF3332B60E03D070D6E503903145C8AE30930EFEDA75B687082CF46C0C25590D6459463F8D873F3E5176BAFC9194156D8AAEAA045
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....5............" .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata.. ...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-core-processthreads-l1-1-1.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12440
Entropy (8bit):	6.674743691695309
Encrypted:	false
SSDEEP:
MD5:	B16E6798AD40000698A09276961FC2C3
SHA1:	B5184D9BDB1F5E7CFE17B2EC305C8554362067DE
SHA-256:	F8B7122CA5E1D473818940FEA4D1155AF429463038BA61953908FBBBB7A8D613
SHA-512:	A4737A2236EB35E1B4935A5E333C7F1C51588852A8DAF654FD2E7CA6E945E40DF9D001394C2F3E3A9D023B8D4E34E9753F6472ED58DF245B104623D7DBDE7423
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...k............." .........................................................0.......`....`.........................................`................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-core-profile-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11208
Entropy (8bit):	6.765953602531154
Encrypted:	false
SSDEEP:
MD5:	C06F8F8EED1581FFEE9EFD5FDBC44F5A
SHA1:	B44AA8D6AB3A713C07BB68CBC153C78C634AEBE8
SHA-256:	8B36BCE1B7A881F85529EAE56E5B75E32763EB14B6683F2203A957EC31336CE1
SHA-512:	13D369D61A953F92CB1A5935D8E69EC050D7291F8C83FFD09752112BFEBCCE8B8AE99FC168E969B00141816A1C6C3A981340CFACA319D4F7B188E3A20A43F950
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." .........................................................0......$s....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-core-rtlsupport-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.592927043251726
Encrypted:	false
SSDEEP:
MD5:	1F79F843211CDBF6F109BC2E1ECA522F
SHA1:	B4A7A607E3EB04FB616D885768EC729273EC33EA
SHA-256:	5208000A52363B1DE665D5D46CD6F4DA45F0C19C74876918E165E23EFED26E92
SHA-512:	4AC7797B2E84D2FADE089BD6F4B44103EECD1369E47440F1ABAD3F06CFC2EA5408B8692AF63B81769703898CEF87068A1E8998EFB91B13E60A93325E72DBDC39
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-core-string-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11720
Entropy (8bit):	6.684087200964433
Encrypted:	false
SSDEEP:
MD5:	6FC55F288E6124935BEEFDB24F98E4D6
SHA1:	E9CFF87BA41B04EAAC6F7BBBDFDCB671857A2EB3
SHA-256:	6BF3E8A6CDB3CCAA52F05FA336BBE80E70351A3EB0C8A98EF599B596D11AAEE5
SHA-512:	A675D0F195774EBE7E118D12932AF97F15EBB982F7981552216AEFC18B918934C863DD9CC35A67761FFB0DAB6791F0363808256B2E708D2F93A5800C42475DD2
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....(..........." .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-core-synch-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13768
Entropy (8bit):	6.572285030200128
Encrypted:	false
SSDEEP:
MD5:	9C69B176FDB21F68FBB36AEDF237A18F
SHA1:	AA25E9565D6FA887135318AB8C384180B575D916
SHA-256:	B48B10BFEDA8C32E538B03A9DB05864866F8A44D04824F63032F2DC33E39FA1B
SHA-512:	F34C0FE7B29F7C475D663E12DFF71A9A93D76914072C69ABCA54E6780A81894E35D9650E855FD4BE5485747DC4A24ED10CB658688432900A0FFE6489D622C1F3
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....u!..........." .........................................................0............`.........................................`...X............ ...................!..............T............................................................................rdata..\|...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-core-synch-l1-2-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.705263463368433
Encrypted:	false
SSDEEP:
MD5:	2D7DB8919CEB847377E4C40C1EC7B842
SHA1:	27371E9E311C7B8EDC56084E41C25E7A87C7C265
SHA-256:	D3E6256C2DD7150CFF8FFCA9C9CC6EF477C1DA72C0D32972D1022381927B8295
SHA-512:	B634C27CD0F50748C66F256E316D6AACE23D358CBD9AEDBAB2A0BBA9B1A77587422D77C6D161D129A57CA34DFB11507486E1CFBCB6D4AC9779C7A2989F3A29C9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...;.?A.........." .........................................................0............`.........................................`...x............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-core-sysinfo-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12744
Entropy (8bit):	6.599048397636437
Encrypted:	false
SSDEEP:
MD5:	44208A7738486BF56121C752DF083658
SHA1:	93665AF04CE345174DF47D7B39AAC68327DD13A4
SHA-256:	85B8A6D64A66556F4501AAF120D699DBA661841027D27BECC6D7240DAFB14138
SHA-512:	38680A4329DA0BA501DD78A9005B3E8B54F1DEC9FC8DBC08B969E70EBE480DC2444D3C4E66634B14E0E032573240524333E019E4B2C750D8DEC1A9DD7B7632C9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....Ak6.........." .........................................................0......@.....`.........................................`...H............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-core-timezone-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.702051473319232
Encrypted:	false
SSDEEP:
MD5:	F0F891D08E0E358327B323B38F3FFCA2
SHA1:	EB20F147C53F86C59603F5EDBF60F936F768FB1B
SHA-256:	9C8461929B61E0FD269CE735D699E7E3B6C0159D3E2659F60D681290ABF9EAC5
SHA-512:	94E13C4D09FF35C2DED7FD2649B3542AADE1414F05772E2034AF7723F2622E662E8C0BB67E1EB288E230F8AE183D8F1296C2A134B7AE061A452FA3F7423D7694
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....8..........." .........................................................0......I.....`.........................................`...P............ ...................!..............T............................................................................rdata..t...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-core-util-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11720
Entropy (8bit):	6.6141290476685475
Encrypted:	false
SSDEEP:
MD5:	1417705C75240630943AAEDD35A4B406
SHA1:	74047910E023F6AB2AC5242C47147C1CB47A7D48
SHA-256:	76748B18C61FAC93FE1C0587711E3EC0B306B2C92198F0B8B4F6BAD8C6D9BA8F
SHA-512:	918987AA8E72B6875D0C1C53CC3521757EDA25C746AE477FEA545428BE5DA692FAE60AAC665DC15C3AF89BAD43E491A72D00302BEB349F45E35E7C89217DEEA0
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...D............." .........................................................0......5.....`.........................................`...<............ ...................!..............T............................................................................rdata..\...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-crt-conio-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12952
Entropy (8bit):	6.637988686654711
Encrypted:	false
SSDEEP:
MD5:	184A6A9DF3526464A3A5F2DC1C21E55B
SHA1:	33101ECE94C15D733D985FC71DDB13BA4B70B9C7
SHA-256:	25BBDABC7B8D8EDF5CD05B5591EDCA13236724CAD1011393E010DF3C58FD6F7E
SHA-512:	2C2162DBD2E36D81054FEB064EA6850547DAB270B95FAA3DC878A11E47A9C0558AE2039CBB3BB3D1974C1582117D0F3022512A340241DA5DBACFD5F94F713F75
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....(C~.........." .........................................................0......._....`.........................................0................ ..................."..............T............................................................................rdata.. ...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-crt-convert-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	15808
Entropy (8bit):	6.4263227098634825
Encrypted:	false
SSDEEP:
MD5:	DAD955BBD1A073F1920BDACC7E9D4B32
SHA1:	1CE733A4450D5426A78EF2BD1CDBE5D5FF958FD0
SHA-256:	FE368E5EDF476436AFEA571FAACF80D5D12A4B064D5736EE482B972EEE82A64C
SHA-512:	294E838DC41F97AFEECB90B58DF5FD5449FF1582CB80185D7EFE7CADF354EF9F0A1E374C50BCA5F72F1859D88A832330CAAA9D7A25E1DA49195530F0EC26A06E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...b.&..........." .........................................................@......K ....`.........................................0................0...................!..............T............................................................................rdata..............................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-crt-environment-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.593668731511585
Encrypted:	false
SSDEEP:
MD5:	36A4F9AF7C7D93C49C973DA11475D81E
SHA1:	8167F90EE36A9C24C53CE78BAC9427B8DAFDD5D5
SHA-256:	29656B4F4F985952C5EDEE8E66AD7901E47C3C5619965DDDC9939C5CE5AB7D58
SHA-512:	92449C67DBA558B54C71C88BBFEE5A245078238642FDD5368B1D0F41439DFB62FA9292B4FE00162605DBE3D14C8847C3BDE4F14C1F06F5271D6392C81278D74A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...X.&..........." .........................................................0.......)....`.........................................0..."............ ...................!..............T............................................................................rdata..R...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-crt-filesystem-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	13976
Entropy (8bit):	6.658699106568923
Encrypted:	false
SSDEEP:
MD5:	F6C3B0CD6C578F544E94D75D9C9FFAEC
SHA1:	1B4B1BABDA538E23CBF2BC458303D7AE70741347
SHA-256:	6E65F088E4ECB0CF8306766C59190CE3EFBC8A190FCBB53572CC61E35D2787F1
SHA-512:	0DFCFE028970DD70653B3DFECAC4AC5672A3B5C6AAE0252CA54A1226E19C4CD2BAD5B32EB6FF75765CF82CD82AD986D95AEF6D12E3A4A291BAF6615CB6E96356
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...M%I..........." .........................................................0.......A....`.........................................0................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-crt-heap-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12744
Entropy (8bit):	6.565800633367126
Encrypted:	false
SSDEEP:
MD5:	6D8959DA747B68298F6D8F81CF23C077
SHA1:	E7C7B64EF5E5FAA0DA00430A81DD85765661649C
SHA-256:	1BC96D86E373FCB77E3D2E48440F0EAFB7E42A88A5A82E0ACE01967ACF236D3B
SHA-512:	0838C8ADCEA9127BB1F39A70D07AC7BDE0EA23C4FD8F418517AEF72F590C3F644E9FD7A1A571231E7D47311E66CCA1F71187337E634C1E3FDBF8E0D0016B112B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...+..<.........." .........................................................0.......?....`.........................................0................ ...................!..............T............................................................................rdata..F...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-crt-locale-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.685796313851468
Encrypted:	false
SSDEEP:
MD5:	DD5FC38ED969FF4B3ACA435C70EB2132
SHA1:	BECB1D7B94D4D99222CDD4C4C7472F0448C3A65C
SHA-256:	69E5F222DC622555C88E3BC4CFEF42F64237728BD02D00C9281203E512CA77B2
SHA-512:	4680D5FF8D40BF58B6E1BD3A8BCEF7CAF9F0B652993FAA22958D0315E259ACF2177FE8E3E579065641BDDD4BFC8EEA34F47ACA63AC8B07A56DE7C952ADEAFD5D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....u.).........." .........................................................0......k.....`.........................................0...e............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-crt-math-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	21168
Entropy (8bit):	6.221932952236112
Encrypted:	false
SSDEEP:
MD5:	5F6C4318712EF0C644D39C088B660EBD
SHA1:	44B166918CB8208BEC51FF46DDBAA49CF023FBD1
SHA-256:	E4244F90307AB003CB5CC9BCD729EF897ABCF26785DF9277CBE389E328E0FE0B
SHA-512:	AD272ECE4C4FD3F8362D8FF91D3C3E738E2DF8281C319744D7D72792F203AC40CD0C4082550815690036320756B57ED8E51C9EFB01ED4C2FE01138B98F9DEBA1
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." .........,...............................................P......w.....`.........................................0....%...........@...............0..."..............T............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-crt-multibyte-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	20120
Entropy (8bit):	6.207205209338854
Encrypted:	false
SSDEEP:
MD5:	4B189D01EDDD9C21D2E56CABA7B6CF50
SHA1:	05DC00B2C5E8C85D9F4F339D4C83F0DBEBAC060F
SHA-256:	996B63255E2F1E366F520A6D09352D2829E92F6B34F2D98448C4FD33AE4C06D1
SHA-512:	70506B16C25A710DEFA47548C60A0AC4E6978EA8BC24472E0726D98C5754B8293FD60622D7798639BCDB878B035D468B799A2C9EB03D8B87828E7C8C08832731
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....m............" .........(...............................................P.......o....`.........................................0.... ...........@...............,..."..............T............................................................................rdata..$".......$..................@..@.rsrc........@.......(..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-crt-process-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12744
Entropy (8bit):	6.588958260637645
Encrypted:	false
SSDEEP:
MD5:	0AD8330A78941C63F4FED28440163005
SHA1:	47A73D254ECD71273F71BFB67CA43DBD974D3791
SHA-256:	0DBE94BDFB49BA93CCD7DB40323B824B4F1941CD340916D73BA2241A7D34FC1E
SHA-512:	BDFA386B2A5C3B31F29592E6C76E6E36A4489AEB2EDB8D713D6DEC99FBD3BB6CD97195FE81AB30BDFB2E26BBB57102C25961739734035C482227F40BAD585A1F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....k............" .........................................................0......U7....`.........................................0...x............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-crt-runtime-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	16328
Entropy (8bit):	6.445861289779398
Encrypted:	false
SSDEEP:
MD5:	36CBAFA7D455A21362AF5153FF1C1367
SHA1:	6842ED962111F40463D5B672D13542BCA1909608
SHA-256:	48655A29504BCDB1A7F5C2B316F9CD71AB35CA521D2659DF105F49C40B0F92F0
SHA-512:	E9DEB4BA721524C633302028FB8EA0DD962E7E546016E0F145769648D3AFD7F1A637EA47B520EAE19AF1F1D6AB11F11399D4C05C8206B8011140341C3FF3E488
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...J.E..........." .........................................................@......s4....`.........................................0...4............0...................!..............T............................................................................rdata..d...........................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-crt-stdio-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	17864
Entropy (8bit):	6.393478590306202
Encrypted:	false
SSDEEP:
MD5:	71A78CA51C03C4B0B464FB33F146B111
SHA1:	5C2A992DD6349D728D993E5074273939896806B5
SHA-256:	550EA9556BA9197B25B7EB9D12CA9DD9AD0E820E4DBA91F94DD54B57A2E6934F
SHA-512:	7A8907C9C364B9436BC20A70084410100AC7B95EB028571046F2C1854CD6431BAC560D0F28F47CD93B7E096C4AAB9349DA186F4ABD503D768AF9651A93FAAB41
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...&8............" ......... ...............................................@.......g....`.........................................0...a............0...............$...!..............T............................................................................rdata..............................@..@.rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-crt-string-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	18576
Entropy (8bit):	6.287134486810637
Encrypted:	false
SSDEEP:
MD5:	CFE9E3331815616F392CE1DB58E01ADC
SHA1:	2F4EA14189FF21ADB507FB09F3CBCF92C7ECDE63
SHA-256:	341F489491F992BECE2879FEA3B660FF2DCD04A59BDB5F3998D58E5AC8CE3341
SHA-512:	33C6C3BABFDC5B01118F411070983579B01711B3F67F9CBCDDB861EC655C3989AB670B62422AABAC382A4F953887F4CF5549A23FEB0683D4C6EEE8965BF030A5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...W.>4.........." ........."...............................................@......Z.....`.........................................0................0...............&..."..............T............................................................................rdata..............................@..@.rsrc........0......."..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-crt-time-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	14488
Entropy (8bit):	6.552427550571419
Encrypted:	false
SSDEEP:
MD5:	C492EE40814B7586F554EC0223B14430
SHA1:	B8A929929C8936CBE387000D7D0CEF5BA04ABFAF
SHA-256:	2B7FED76BA52606E442D5069F42077F0CF304E49326DDDCF3695A06530C4B5C1
SHA-512:	2B7873EBDB1873E718754477FEE55FDE7B9DE752B23648554198FF6B69042565C47CC8DDF25FA75E1FB9B9F6F8AC2B7D972594B8C038D3AC65A0C9DBDB26F882
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....y.?.........." .........................................................0......$.....`.........................................0................ ..................."..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-crt-utility-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12232
Entropy (8bit):	6.680886817449457
Encrypted:	false
SSDEEP:
MD5:	294E2CAF335A8A68B64D5623D0CB5FD3
SHA1:	93888112A512AFA6107CA303A343DDEA70271C77
SHA-256:	47AA51AD00153EDD4F3DD42BF89DA2325F9E0106E9772396C066666182B22D07
SHA-512:	D2FC964A6523D15A5D471B1409D65E2278AE8B97279705C37A3E00AFCF6D8D7671BFD174D59A7F36AACE21C0CAEF9C01645E919FF2FA26CC32ABC774C769CD2E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." .........................................................0......?-....`.........................................0...^............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\api-ms-win-eventing-provider-l1-1-0.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1536
Entropy (8bit):	4.0999780944495585
Encrypted:	false
SSDEEP:
MD5:	87841BCBAA07361D507756E5492E1C02
SHA1:	9C148D71514035263EFA92B66B9988D2BD0D7BCA
SHA-256:	AD0DCDD5781B2AD557E159F18E54252D802C808C17550DDF1EB41A813A045260
SHA-512:	F313127E74DD7473D91BEBA7BF176242ACCF41F5603CE300727A25BBA45FF13EC901CE6D6067A418AF47F1F69E58C2497A6A84BD5D3AA88A3F5CCAC3E98A0697
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............g...g...g...g...g...n...g...e...g.Rich..g.........PE..d....B............" ......................................................... ............`A........................................`...D...............................................T............................................................................rdata..D...........................@..@.............................B..........@................B..........<................B..........$... ... ....................B......................................>...i...................2...Y...........1...T...................%...H...s.......................forwarder.dll.EventActivityIdControl.advapi32.EventActivityIdControl.EventEnabled.advapi32.EventEnabled.EventProviderEnabled.advapi32.EventProviderEnabled.EventRegister.advapi32.EventRegister.EventSetInformation.advapi32.EventSetInformation.EventUnregi

C:\Users\user\AppData\Local\Update\certifi\cacert.pem Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	282394
Entropy (8bit):	6.051428711388177
Encrypted:	false
SSDEEP:
MD5:	C760591283D5A4A987AD646B35DE3717
SHA1:	5D10CBD25AC1C7CED5BFB3D6F185FA150F6EA134
SHA-256:	1A14F6E1FD11EFFF72E1863F8645F090EEC1B616614460C210C3B7E3C13D4B5E
SHA-512:	C192AE381008EAF180782E6E40CD51834E0233E98942BD071768308E179F58F3530E6E883F245A2630C86923DBEB68B624C5EC2167040D749813FEDC37A6D1E6
Malicious:	false
Preview:	.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

C:\Users\user\AppData\Local\Update\comctl32.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	673080
Entropy (8bit):	6.308718108249972
Encrypted:	false
SSDEEP:
MD5:	1358B1A6613A9D6DDB2C5A8F67234355
SHA1:	02A0AFA31243B7D305ED714BF407B747475237F6
SHA-256:	A162C3F2FD67E4CA35525F14DD67A1AE7AEDD02456556A89CC21C93DB9901761
SHA-512:	B52FE3A434A4CC44FF2C9D6D6F1983B496C9CC593CD53A3A40683FE46D8AB9AAC8721D5D03C9A9E2BA871D4A858D6D83DDF6A14CBDF4EEF629565A7C79FB856F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I...'.'.'...&.'.&...'...$.'...#...'...".'...'.'.....'.....'...%.'.Rich..'.........................PE..d...>............." ................................................................._....`A........................................`... .......x............@...D...$..8!..........0u..T............................5...............6...............................text............................... ..`.rdata..$....0......................@..@.data... 8..........................@....pdata...D...@...F..................@..@.rsrc................<..............@..@.reloc............... ..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\config.json Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	233
Entropy (8bit):	4.862829660007836
Encrypted:	false
SSDEEP:
MD5:	78561AA8DECB82B90A7E3C837A6F47C0
SHA1:	705BE59D0214209018B6F4EC69C750B93DB6DC14
SHA-256:	68F7B0D4C4652FEA2DBA30323BFF60130F890F2408A3936F2A253D17C619AE7E
SHA-512:	5F29AC81D99198F6E64E43FF6A02AA696421E9285B395B8D649B12CBED1EE594B3D087D02C0C0FA677CD8C1B7127EE2C57E9EB3EF3C6ACB4C835CA6E10D9B3C4
Malicious:	false
Preview:	{. "APP_NAME": "namang.exe",. "APP_TITLE": "Namang",. "APP_VERSION": 3,. "APP_TOKEN": "s3JHjBiUaSAT3ZKJdujczLtbhuSpJNHR",. "APP_ID_PREFIX": "Update",. "APP_ID": "Core",. "APP_ID_SUFFIX": "0x30",. "DEBUG": 1.}.

C:\Users\user\AppData\Local\Update\curl-ca-bundle.crt Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	221418
Entropy (8bit):	6.002297995099485
Encrypted:	false
SSDEEP:
MD5:	EAFD4FB8598E05389F29ABBF7BACC0AF
SHA1:	EC7BB02EA174D6EEB433C0B3F6793C6C74A74139
SHA-256:	BB28D145ED1A4EE67253D8DDB11268069C9DAFE3DB25A9EEE654974C4E43EEE5
SHA-512:	F72D08913F2E1271A2F4BB1B77144BBEA21FFF28113074474F83D0A3BAFC54CAD69449BD98D6C228D78B409B6055A7EFB341B75878724BD9D6A468DAB20CF541
Malicious:	false
Preview:	##.## Bundle of CA Root Certificates.##.## Certificate data from Mozilla as of: Wed Oct 14 03:12:15 2020 GMT.##.## This is a bundle of X.509 certificates of public Certificate Authorities.## (CA). These were automatically extracted from Mozilla's root certificates.## file (certdata.txt). This file can be found in the mozilla source tree:.## https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt.##.## It contains the certificates in PEM format and therefore.## can be directly used with curl / libcurl / php_curl, or with.## an Apache+mod_ssl webserver for SSL client authentication..## Just configure this file as the SSLCACertificateFile..##.## Conversion done with mk-ca-bundle.pl version 1.28..## SHA256: a831d3bc63ba1f65478afe28038742b7150c0c2efd243ac342b64792a75d2038.##...GlobalSign Root CA.==================.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUx.GTAXBgNVBAoTEEdsb2Jh

C:\Users\user\AppData\Local\Update\curl.exe Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3794376
Entropy (8bit):	6.6146126666533105
Encrypted:	false
SSDEEP:
MD5:	1773BE7802D6CD072A9EA9C354D5A0B4
SHA1:	2A436A053D10744DB23022A4AE536BF1B11B325F
SHA-256:	AFE31D287996D3613E98E83D72B04EE909D8A3217E1255D20FF5E7C68BCAEEE9
SHA-512:	4AE5C64F9A5B73A9BD49E440B2686AD4054DC1BF910F4DDC872044D3C9547E5903C101A7429AF6A46965A70F34A5E9ECC761198F301889204419E0C3D722C1D1
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#.._...............#..+...9..J............+...@...........................:......I:...@... .......................8.1.....8..!....8.X.............9.......8.t...........................<.8.......................8..............................text....p+.......+.................`..`.data....<....+..>....+.............@.`..rdata...S....+..T....+.............@.`@.bss.....I...08.......................`..edata..1.....8......"8.............@.0@.idata...!....8.."...$8.............@.0..CRT....4.....8......F8.............@.0..tls..........8......H8.............@.0..rsrc...X.....8......J8.............@.0..reloc..t.....8......R8.............@.0B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\download.exe Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	429568
Entropy (8bit):	6.32898061918233
Encrypted:	false
SSDEEP:
MD5:	56E17751A0F1F506EE7CA9F35BD77738
SHA1:	BF86F1472B1C25FA825273DD520E4C71F9083C5C
SHA-256:	E18A786A55C051E51495FE92C156B98BF292ECAC8F55E872233AE59582B0126E
SHA-512:	005712944E0C4F46AB03465C351C2C463B22F3571347CDC7F9131DBF61965F164AA6BA9958BEB958278179AF3C38844823A5EEF01410EB630234F5DB9386D2B4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....S............"...0.................. ... ....@.. ....................................@.................................j...O.... ..,...............................8............................................ ............... ..H............text........ ...................... ..`.rsrc...,.... ......................@..@.reloc..............................@..B........................H........'..X............A...............................................0...........s....}..... @...}..... 0u..}.....(.....(.....(....s......{....s....%r...po....%..{.....{....o....o....o.....{....s....%r-..po....% .'..o....o.....{....s....%r-..po....%..{.....{....o....o....o.....{....s....%rW..po....% PF..o....o.....{....s....%r...po....%..{.....{....o....o....o.....{....s....%r...po....% .e..o....o.....{....s....%r...po....%..{.....{....o....o....o.....{....s....%r...po...

C:\Users\user\AppData\Local\Update\gdiplus.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1698816
Entropy (8bit):	6.539614523690977
Encrypted:	false
SSDEEP:
MD5:	B7055D26E2F703642AE720D1F5B9A9CB
SHA1:	99D2AEA05D32F4D3D52038BD7E7A329155942E5A
SHA-256:	D23A8552BCC02ABA8B09236E1E86381F4BA93E1BCBD3C66E44149F08733FAFD5
SHA-512:	5A164C6B51BC31B4028785EC966ED6914937284E0781521D04BAE97146D4F2AE296DC1A4CB73A929603173AC314CB536D20DC393A89D3ECFB2CB70258C10D0B8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p/D.4NN4NN4NNo&/O5NN=6.N.NNo&.O&NNo&)O7NN4N+NNONo&+O=NNo&O5NNo&$O7ONo&.N5NNo&(O5NNRich4N*N................PE..d...BN............" .....0...........U.......................................0.......\|....`A.........................................V...P.....l...............................$.......T...........................P...................h...4V..`....................text...P/.......0.................. ..`.rdata.......@.......4..............@..@.data...............................@....pdata..............................@..@.didat.. ...........................@....rsrc...............................@..@.reloc..$........ ..................@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\libcrypto-1_1.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3399200
Entropy (8bit):	6.094152840203032
Encrypted:	false
SSDEEP:
MD5:	CC4CBF715966CDCAD95A1E6C95592B3D
SHA1:	D5873FEA9C084BCC753D1C93B2D0716257BEA7C3
SHA-256:	594303E2CE6A4A02439054C84592791BF4AB0B7C12E9BBDB4B040E27251521F1
SHA-512:	3B5AF9FBBC915D172648C2B0B513B5D2151F940CCF54C23148CD303E6660395F180981B148202BEF76F5209ACC53B8953B1CB067546F90389A6AA300C1FBE477
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............K..K..K..;K..K...J..K...J..K...J..K...J..K...J..K..Kb.Kd..J..Kd..J..Kd..J..Kd.WK..Kd..J..KRich..K........................PE..d......^.........." .....R$..........r.......................................`4......~4...`.........................................`...hg...3.@.....3.\|.....1.......3. .....3..O...m,.8............................m,...............3..............................text...GQ$......R$................. ..`.rdata.......p$......V$.............@..@.data....z...P1..,...41.............@....pdata..P.....1......`1.............@..@.idata...#....3..$....3.............@..@.00cfg........3......@3.............@..@.rsrc...\|.....3......B3.............@..@.reloc..fx....3..z...J3.............@..B................................................................................................................................................

C:\Users\user\AppData\Local\Update\libcurl.def Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2126
Entropy (8bit):	4.407066927207585
Encrypted:	false
SSDEEP:
MD5:	F4276B58BAFB4EF816A157162D6F17B9
SHA1:	BF5AFE0CFD10D3438B1871D3D521A21C60F7D127
SHA-256:	0706D93373971E7E1AA304845BFEB2484A9D76C865ABB49290A54DF964F287FF
SHA-512:	5DCB7D43BFAE531A5ED7842DCA66176723ACEA720BADABFBDBC9BEB444583DC60D74E66FAB529EF1244489C893AF7686B9E2D0ED7CA487A5707AF1389D32A20D
Malicious:	false
Preview:	EXPORTS. curl_easy_cleanup @1. curl_easy_duphandle @2. curl_easy_escape @3. curl_easy_getinfo @4. curl_easy_init @5. curl_easy_option_by_id @6. curl_easy_option_by_name @7. curl_easy_option_next @8. curl_easy_pause @9. curl_easy_perform @10. curl_easy_recv @11. curl_easy_reset @12. curl_easy_send @13. curl_easy_setopt @14. curl_easy_strerror @15. curl_easy_unescape @16. curl_easy_upkeep @17. curl_escape @18. curl_formadd @19. curl_formfree @20. curl_formget @21. curl_free @22. curl_getdate @23. curl_getenv @24. curl_global_cleanup @25. curl_global_init @26. curl_global_init_mem @27. curl_global_sslset @28. curl_maprintf @29. curl_mfprintf @30. curl_mime_addpart @31. curl_mime_data @32. curl_mime_data_cb @33. curl_mime_encoder @34. curl_mime_filedata @35. curl_mime_filename @36. curl_mime_free @37. curl_mime_headers @38. curl_mime_init @39. curl_mime_name @40. curl_

C:\Users\user\AppData\Local\Update\libcurl.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1133000
Entropy (8bit):	6.708026299261413
Encrypted:	false
SSDEEP:
MD5:	E050D7745E744FF42758B7EBB2F9AFB9
SHA1:	3AB97A794A06438CA361543C4EB8576DBC55F298
SHA-256:	24A9C7EFD1E966627F3B0E9B365C81C55EE2911E31D909304248C12455861922
SHA-512:	F297480E6C1C8D439933A2C7C7DB75716317F708C3951479F565276A87E9547A7649C594317EAF147424BD713864A79ED90F0D8A20A0C9A4199EA376499BD14F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#.._...........#...#.....d....................Dk................................,V....@... .........................-........A... ...............D.......0..$x.......................... ~......................d................................text............................... .P`.data...............................@.0..rdata..`}.......~..................@.`@.bss..................................`..edata..-............t..............@.0@.idata...A.......B...~..............@.0..CRT....,...........................@.0..tls................................@.0..rsrc........ ......................@.0..reloc..$x...0...z..................@.0B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\libffi-7.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	32792
Entropy (8bit):	6.3566777719925565
Encrypted:	false
SSDEEP:
MD5:	EEF7981412BE8EA459064D3090F4B3AA
SHA1:	C60DA4830CE27AFC234B3C3014C583F7F0A5A925
SHA-256:	F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
SHA-512:	DC9FF4202F74A13CA9949A123DFF4C0223DA969F49E9348FEAF93DA4470F7BE82CFA1D392566EAAA836D77DDE7193FED15A8395509F72A0E9F97C66C0A096016
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....F...$.......I....................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\libssl-1_1.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	689184
Entropy (8bit):	5.526574117413294
Encrypted:	false
SSDEEP:
MD5:	BC778F33480148EFA5D62B2EC85AAA7D
SHA1:	B1EC87CBD8BC4398C6EBB26549961C8AAB53D855
SHA-256:	9D4CF1C03629F92662FC8D7E3F1094A7FC93CB41634994464B853DF8036AF843
SHA-512:	80C1DD9D0179E6CC5F33EB62D05576A350AF78B5170BFDF2ECDA16F1D8C3C2D0E991A5534A113361AE62079FB165FFF2344EFD1B43031F1A7BFDA696552EE173
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E......T...T...T...T...TS.U...TZ.U...TS.U...TS.U...TS.U...T..U...T...T.T..U-..T..U...T..uT...T..U...TRich...T........PE..d......^.........." .....(...H.......%..............................................H.....`..............................................N..85..........s........K...j.. .......L.......8............................................ ..8............................text....&.......(.................. ..`.rdata...%...@...&...,..............@..@.data...!M...p...D...R..............@....pdata..TT.......V..................@..@.idata...V... ...X..................@..@.00cfg...............D..............@..@.rsrc...s............F..............@..@.reloc..5............N..............@..B................................................................................................................................................................

C:\Users\user\AppData\Local\Update\log.txt Download File
Process:	C:\Users\user\AppData\Local\Packages\Update\namang.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	510
Entropy (8bit):	5.264863030309315
Encrypted:	false
SSDEEP:
MD5:	7C3BCE1FF57A1DA4E5C06D1C01554173
SHA1:	9D98397B08F4DAFAED4C6DF9502E7DDAC687C8A3
SHA-256:	BF1C9D80B915098339233D6D445DCFFF430670DF4B7A539DA1521B7140F48C24
SHA-512:	A8F783DEC2776DCE21B809DB6310C2D3A405BAE8E5FFB84343F219B675254F7FFB884A08DDD366ADA52CEC78FC594B047FCF1FECBA59142D62864D35BC6E2663
Malicious:	false
Preview:	2021/01/27 06:51:15 \| ('--------------------',)..2021/01/27 06:51:15 \| ('START APP',)..2021/01/27 06:51:16 \| ('__file__', 'C:\\Users\\user\\AppData\\Local\\Namang\\service_updater.py')..2021/01/27 06:51:16 \| ('C:\\Users\\user\\AppData\\Local\\Namang\\service_updater.py',)..2021/01/27 06:51:16 \| ('cwd', 'C:\\Users\\user\\AppData\\Local\\Namang')..2021/01/27 06:51:16 \| ('0xecf4bb862ded',)..2021/01/27 06:51:16 \| ('STARTUP CHECK',)..2021/01/27 06:52:37 \| ('ACT', 'WAIT')..2021/01/27 06:52:37 \| ('WAIT', 1)..

C:\Users\user\AppData\Local\Update\lz4\_version.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	4.755159063384422
Encrypted:	false
SSDEEP:
MD5:	B3F72BAA1511FDC3AF50AC193724999B
SHA1:	087AD890ACE3C5A89A459C4A5406EE801C84D99C
SHA-256:	77BE4D0A4BAF0483421398F0B625DED214F9C1765E6CA7378D90ABD62594142E
SHA-512:	A2D1039C52B629EE01F27B6060B2F40C37BB8E4A07CE146EFB9731A816F57E1D3A74F594CF57A224016AA9A3775935389B58F271061520DDFA43FE5929C4BC31
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........+._.E._.E._.E.V...[.E.d.D.].E...D.].E.d.F.].E.d.@.U.E.d.A.V.E...D.\.E._.D.y.E...M.].E...E.^.E.....^.E...G.^.E.Rich_.E.........................PE..d......^.........." ......................................................................`..........................................'..`....'..d....`.......@...............p..0... #..............................@#............... ...............................text...s........................... ..`.rdata..T.... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.gfids.......P.......&..............@..@.rsrc........`.......(..............@..@.reloc..0....p.......*..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\lz4\block\_block.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	99840
Entropy (8bit):	6.356240728953898
Encrypted:	false
SSDEEP:
MD5:	58F4F8108A179089B04580DF4368235F
SHA1:	ECD2630C3A85800C00A1CD639FABDE2D03146827
SHA-256:	22C520BDA85F4B7EFCACE4D77686AF567410DB0F8B0A46EA2ACD4596CBAB98BE
SHA-512:	AD40067597A6BE04E8714986858AA4A3A1EA28EB572AFFB1B0EB53025CD9A66BB30260014D78C936D51BF9D8A244F824CA0F007517D5F567C1E1752B8421BC54
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........A...A...A...H...G...z..C.......C...z..B...z..K...z..K.......B...A...v......B......@.....h.@......@...RichA...................PE..d......^.........." .....P...8............................................................`..........................................w..\...,x..x...............................H....n...............................o...............`...............................text....O.......P.................. ..`.rdata.......`... ...T..............@..@.data...(............t..............@....pdata...............z..............@..@.gfids..............................@..@.rsrc...............................@..@.reloc..H...........................@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\mfc140u.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5654688
Entropy (8bit):	6.659289657256088
Encrypted:	false
SSDEEP:
MD5:	5E0548B18DAAA378E30FA562826E9070
SHA1:	66F7CDA5E8F2B80F776992751D457A86C48F02C4
SHA-256:	B576336FD2D0688C1DAD0B508FBDBC2081846E43B0CCC6BE4E3A71E498E1DC40
SHA-512:	914D92E142EF4CCA05E94CFF407B094424C53DBE1CE8D74A10D22E4DF75ED1CF5B23892656DCB1766E5635171B171AF563667D1504BE7E6C042D90DC66EC67B4
Malicious:	false
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........#.UB..UB..UB...N.TB...Q.TB...P.WB...O.@B..\:..AB..;...WB..;...GB..;...YB.....VB...J.FB..UB..UF..;...PB..;....C..;...TB..;.~.TB..;...TB..RichUB..........PE..d....M<V.........." .........+.....,.).......................................V......#W...`.........................................0.:......;.......?......`=..B....V..>...pU.Pp...>4.8...................H>4.(....,+...............+.P.....:......................text............................. ..`.rdata..J.....+....................@..@.data....n....;.......;.............@....pdata...B...`=..D....<.............@..@.gfids........?.......>.............@..@.tls..........?.......>.............@....rsrc.........?.......?.............@..@.reloc..Pp...pU..r....T.............@..B................................................................................................................................

C:\Users\user\AppData\Local\Update\msg.exe Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7947264
Entropy (8bit):	5.620588746678961
Encrypted:	false
SSDEEP:
MD5:	FC9E2489FA4D8E845AB071933CA0FF0A
SHA1:	B9110DF52567C469F0F341D4D9F72A4667BC10F6
SHA-256:	7A958474C45F78A77303C4EBBFD45FE2478652F4B48A718B62C54811F5CA12DE
SHA-512:	A0F98E134EFEFFEF6C0229FF678131475F0F16E63B2A4E9FD12D3BA92E8E8E4FADC1661B1D9E869433AAC839945326314D21A7BF59B1B1F9C8C9664E03279F54
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...Z.._........../..........@y..*............@...............................y............... .................................................\|3...@...r..@...............................................3..(...................H................................text...............................`.P`.data.......0....... ..............@.`..rdata...}.......~..................@.`@.pdata.......@...0... ..............@.0@.xdata...2...p...4...P..............@.0@.bss....P(............................`..idata..\|3.......4..................@.@..CRT....h.... ......................@.@..tls.........0......................@.@..rsrc....r..@....r.................@.0.................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\msg.json Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	105
Entropy (8bit):	4.305450688286891
Encrypted:	false
SSDEEP:
MD5:	35B0E94B4A94044C2865602FB394F40C
SHA1:	4F65D312B64148B4DAE8C98D2328CE2354F4651F
SHA-256:	82C1AD18B26F6B6B2E7CFE4CFAF4B383A42C77F99C68FA558B4E190F868A8551
SHA-512:	DA5647E3218F65441C966C2E08F3110BCCFE2D1325A61B7C108F78BDDA930CBF856A711AECEB969F514500B69053C59659BA64991B31357B71E51927E8BF54E0
Malicious:	false
Preview:	{. "msg": "To run this application, you first must install Console Manager!",. "title": "Warning".}

C:\Users\user\AppData\Local\Update\namang.exe Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	74468528
Entropy (8bit):	6.11889115193257
Encrypted:	false
SSDEEP:
MD5:	55CDDB0D895741E9E0CF8ACE2619015D
SHA1:	383B8FD40B2EAF3C88261AB15B2BCB845818A321
SHA-256:	F4C3436693107F1DAA6F1B840E49A636B47AEE43752F98C58C57F48D0DC0D721
SHA-512:	B41F0474042701F423CDF3429327F051F20C0446FC4776FE277A4C275ADCD8E6E1389599BA0BD5C5CB7094FB38E01ADE5A4C5D32D01CE509C357E8273BF5DBF1
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...*..`........../......~...2p...............@.......................................p....... ..............................................P..`:...........P.......6p......................................6..(....................\..(............................text...X\|.......~..................`.P`.data...............................@.`..rdata..`...........................@.`@.pdata.......P.......8..............@.0@.xdata.......`.......B..............@.0@.bss.........@........................`..idata..`:...P...<..................@.@..CRT....h............Z..............@.@..tls.................\..............@.@..rsrc................^..............@.0.................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\python38.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4205584
Entropy (8bit):	6.41852572844258
Encrypted:	false
SSDEEP:
MD5:	3CD1E87AEB3D0037D52C8E51030E1084
SHA1:	49ECD5F6A55F26B0FB3AEB4929868B93CC4EC8AF
SHA-256:	13F7C38DC27777A507D4B7F0BD95D9B359925F6F5BF8D0465FE91E0976B610C8
SHA-512:	497E48A379885FDD69A770012E31CD2A62536953E317BB28E3A50FDB177E202F8869EA58FC11802909CABB0552D8C8850537E9FB4EAD7DD14A99F67283182340
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x.H`..H`..H`..A...P`.....J`......E`.....C`.....@`.....L`......C`..H`...a......`......I`......I`......I`..RichH`..........PE..d....ok_.........." ..........".....t.........................................B.......@...`.........................................@.8......q9.\|....`B......`@.8.....@......pB.Ht..\b!.T............................b!.0............. .`............................text............................... ..`.rdata........ .....................@..@.data.........9.......9.............@....pdata..8....`@.......=.............@..@.rsrc........`B.......?.............@..@.reloc..Ht...pB..v....?.............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\pythoncom38.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	571904
Entropy (8bit):	6.063712356735004
Encrypted:	false
SSDEEP:
MD5:	4F8818B15E4F1237748EAA870D7A3E38
SHA1:	1BAECA046A4BB9031E30BE99D2333D93562C3BD9
SHA-256:	063D249851F457C8D5684943BEE1C81D1C7810CE7E06469FAEF19898C556C8B5
SHA-512:	C9A6E3A03B2124E22FD179B5DC50D6D09AB51AC6D41390845C48508C7175AD4CD08599EE6E564158BE3A375C40D88088DBA50CA9CBCF8DBA1C2480612F0F4539
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........J.\|...\|...\|.......\|...'...\|...'...\|...'...\|...'...\|...'...\|....s..\|.......\|....v..\|...\|...}...'...\|...'...\|...'...\|..Rich.\|..................PE..d....4.^.........." .....F..........D4........ ...........................................`..........................................G..9c.......................q...................%..T........................... &...............`...............................text....D.......F.................. ..`.rdata...u...`...v...J..............@..@.data............h..................@....pdata...q.......r...(..............@..@.gfids..4....p......................@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\pywintypes38.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	141312
Entropy (8bit):	5.997700043284669
Encrypted:	false
SSDEEP:
MD5:	306E8A0CA8C383A27AE00649CB1E5080
SHA1:	25A4188ED099D45F092598C6ED119A41EF446672
SHA-256:	74565D7B4E01807EB146BF26CFEB7AA27029CACA58FEE7C394111CBD5FA95E2E
SHA-512:	3A61B826556C6CBBE56397CEF9F0429BF366D453D6894327DCD6AEEAFFB625B5FC82559A108B74612727100C5FFF156FFA048D45FCA149FE4437270E6293A763
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9...}..}..}..t.V.q.........i..\|.....\|......l......u...6..\|..i......6..v..}.........p.....\|.....\|..Rich}..........PE..d......^.........." .........@......t.........z...........................................`......................................... ...aG...................@...............p.......l..T........................... m..................h............................text............................... ..`.rdata..............................@..@.data....1.......0..................@....pdata.......@......................@..@.gfids..4....`......."..............@..@.reloc.......p.......$..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\select.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	26640
Entropy (8bit):	6.103391333142684
Encrypted:	false
SSDEEP:
MD5:	08B499AE297C5579BA05EA87C31AFF5B
SHA1:	4A1A9F1BF41C284E9C5A822F7D018F8EDC461422
SHA-256:	940FB90FD78B5BE4D72279DCF9C24A8B1FCF73999F39909980B12565A7921281
SHA-512:	AB26F4F80449AA9CC24E68344FC89AEB25D5BA5AAE15AEED59A804216825818EDFE31C7FDA837A93A6DB4068CCFB1CC7E99173A80BD9DDA33BFB2D3B5937D7E9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^K..?%..?%..?%..G...?%.ZO$..?%.ZO ..?%.ZO!..?%.ZO&..?%..N$..?%..W$..?%..?$..?%..N(..?%..N%..?%..N...?%..N'..?%.Rich.?%.........................PE..d....pk_.........." .........4......X................................................s....`.........................................P@..L....@..x....p.......`.......N..........8....2..T........................... 3..0............0...............................text............................... ..`.rdata.......0....... ..............@..@.data........P.......:..............@....pdata.......`.......<..............@..@.rsrc........p.......@..............@..@.reloc..8............L..............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\sqlite3.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1474064
Entropy (8bit):	6.571081648971449
Encrypted:	false
SSDEEP:
MD5:	CE480E119718E4ECE416C7216AEF7620
SHA1:	F5EF2E1C2BC7F25221CC84461975B536B165FEC2
SHA-256:	9C903BEEE9B402A167A0E1E66FCD80790840EFC4D55753DCF06F1E742777E374
SHA-512:	2D57D162D8E9A0B35F21E06E0D62378C1C567540618C2635583D5F86CC99E1583924D0EE136C034631C3736E0FA3D8B7FCC3522757134758A3A647D36592D2E4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i..l-.?-.?-.?$.>?!.?..>/.?..>!.?..>%.?..>).?v..>..?-.?\.?...>,.?...>,.?..R?,.?...>,.?Rich-.?........PE..d....pk_.........." ................T................................................q....`.......................................... ... ...A.......................d..............`...T...............................0............................................text............................... ..`.rdata.............................@..@.data....3...P...*...B..............@....pdata...............l..............@..@.rsrc................N..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\tcl86t.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1705120
Entropy (8bit):	6.496511987047776
Encrypted:	false
SSDEEP:
MD5:	C0B23815701DBAE2A359CB8ADB9AE730
SHA1:	5BE6736B645ED12E97B9462B77E5A43482673D90
SHA-256:	F650D6BC321BCDA3FC3AC3DEC3AC4E473FB0B7B68B6C948581BCFC54653E6768
SHA-512:	ED60384E95BE8EA5930994DB8527168F78573F8A277F8D21C089F0018CD3B9906DA764ED6FCC1BD4EFAD009557645E206FBB4E5BAEF9AB4B2E3C8BB5C3B5D725
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k)...GD..GD..GD.bFE..GD9..D..GD.bDE..GD.bBE..GD.bCE..GD.r.D..GD.jAE..GD.jFE..GD..FD..GD.bOE..GD.bGE..GD.b.D..GD.bEE..GDRich..GD........PE..d......\.........." .....d..........0h.......................................@.......b....`..........................................p..._......T.......0.... ............... .......<...............................=...............................................text....b.......d.................. ..`.rdata...k.......l...h..............@..@.data...."..........................@....pdata....... ......................@..@.rsrc...0...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\tcl\auto.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	21148
Entropy (8bit):	4.7268785966563405
Encrypted:	false
SSDEEP:
MD5:	5E9B3E874F8FBEAADEF3A004A1B291B5
SHA1:	B356286005EFB4A3A46A1FDD53E4FCDC406569D0
SHA-256:	F385515658832FEB75EE4DCE5BD53F7F67F2629077B7D049B86A730A49BD0840
SHA-512:	482C555A0DA2E635FA6838A40377EEF547746B2907F53D77E9FFCE8063C1A24322D8FAA3421FC8D12FDCAFF831B517A65DAFB1CEA6F5EA010BDC18A441B38790
Malicious:	false
Preview:	# auto.tcl --.#.# utility procs formerly in init.tcl dealing with auto execution of commands.# and can be auto loaded themselves..#.# Copyright (c) 1991-1993 The Regents of the University of California..# Copyright (c) 1994-1998 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution of.# this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# auto_reset --.#.# Destroy all cached information for auto-loading and auto-execution, so that.# the information gets recomputed the next time it's needed. Also delete any.# commands that are listed in the auto-load index..#.# Arguments:.# None...proc auto_reset {} {. global auto_execs auto_index auto_path. if {[array exists auto_index]} {..foreach cmdName [array names auto_index] {.. set fqcn [namespace which $cmdName].. if {$fqcn eq ""} {...continue.. }.. rename $fqcn {}..}. }. unset -nocomplain auto_execs auto_index ::tcl::auto_oldpath. if {[catch {llength $auto_path}]} {..

C:\Users\user\AppData\Local\Update\tcl\clock.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	128934
Entropy (8bit):	5.001022641779315
Encrypted:	false
SSDEEP:
MD5:	F1E825244CC9741595F47F4979E971A5
SHA1:	7159DD873C567E10CADAF8638D986FFE11182A27
SHA-256:	F0CF27CB4B5D9E3B5D7C84B008981C8957A0FF94671A52CC6355131E55DD59FB
SHA-512:	468C881EB7CE92C91F28CAE2471507A76EF44091C1586DCD716309E3252ED00CCB847EC3296C1954CA6F965161664F7BB73F21A24B9FF5A86F625C0B67C74F67
Malicious:	false
Preview:	#----------------------------------------------------------------------.#.# clock.tcl --.#.#.This file implements the portions of the [clock] ensemble that are.#.coded in Tcl. Refer to the users' manual to see the description of.#.the [clock] command and its subcommands..#.#.#----------------------------------------------------------------------.#.# Copyright (c) 2004,2005,2006,2007 by Kevin B. Kenny.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#.#----------------------------------------------------------------------..# We must have message catalogs that support the root locale, and we need.# access to the Registry on Windows systems...uplevel \#0 {. package require msgcat 1.6. if { $::tcl_platform(platform) eq {windows} } {..if { [catch { package require registry 1.1 }] } {.. namespace eval ::tcl::clock [list variable NoRegistry {}]..}. }.}..# Put the library directory into the namespace

C:\Users\user\AppData\Local\Update\tcl\encoding\ascii.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	2.009389929214244
Encrypted:	false
SSDEEP:
MD5:	68D69C53B4A9F0AABD60646CA7E06DAE
SHA1:	DD83333DC1C838BEB9102F063971CCC20CC4FD80
SHA-256:	294C97175FD0894093B866E73548AE660AEED0C3CC1E73867EB66E52D34C0DD2
SHA-512:	48960E838D30401173EA0DF8597BB5D9BC3A09ED2CFFCB774BA50CB0B2ACCF47AAD3BA2782B3D4A92BEF572CBD98A3F4109FC4344DB82EB207BFDE4F61094D72
Malicious:	false
Preview:	# Encoding file: ascii, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E0000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000

C:\Users\user\AppData\Local\Update\tcl\encoding\big5.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	92873
Entropy (8bit):	3.255311357682213
Encrypted:	false
SSDEEP:
MD5:	9E67816F304FA1A8E20D2270B3A53364
SHA1:	9E35EBF3D5380E34B92FE2744124F9324B901DD3
SHA-256:	465AE2D4880B8006B1476CD60FACF676875438244C1D93A7DBE4CDE1035E745F
SHA-512:	EE529DA3511EB8D73465EB585561D54833C46B8C31062299B46F5B9EE7EB5BE473E630AA264F45B2806FC1B480C8ED39A173FF1756CB6401B363568E951F0637
Malicious:	false
Preview:	# Encoding file: big5, multi-byte.M.003F 0 89.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.00000000000000000000000000000000000000000

C:\Users\user\AppData\Local\Update\tcl\encoding\cp1250.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.286986942547087
Encrypted:	false
SSDEEP:
MD5:	79ACD9BD261A252D93C9D8DDC42B8DF6
SHA1:	FA2271030DB9005D71FAAD60B44767955D5432DD
SHA-256:	1B42DF7E7D6B0FEB17CB0BC8D97E6CE6899492306DD880C48A39D1A2F0279004
SHA-512:	607F21A84AE569B19DF42463A56712D232CA192E1827E53F3ACB46D373EF4165A38FFBF116E28D4EAAEF49B08F6162C7A1C517CCE2DFACA71DA07193FEFFFF06
Malicious:	false
Preview:	# Encoding file: cp1250, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0083201E2026202020210088203001602039015A0164017D0179.009020182019201C201D202220132014009821220161203A015B0165017E017A.00A002C702D8014100A4010400A600A700A800A9015E00AB00AC00AD00AE017B.00B000B102DB014200B400B500B600B700B80105015F00BB013D02DD013E017C.015400C100C2010200C40139010600C7010C00C9011800CB011A00CD00CE010E.01100143014700D300D4015000D600D70158016E00DA017000DC00DD016200DF.015500E100E2010300E4013A010700E7010D00E

C:\Users\user\AppData\Local\Update\tcl\encoding\cp1251.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.288070862623515
Encrypted:	false
SSDEEP:
MD5:	55FB20FB09C610DB38C22CF8ADD4F7B8
SHA1:	604396D81FD2D90F5734FE6C3F283F8F19AABB64
SHA-256:	2D1BED2422E131A140087FAF1B12B8A46F7DE3B6413BAE8BC395C06F0D70B9B0
SHA-512:	07C6640BB40407C384BCF646CC436229AEC77C6398D57659B739DC4E180C81A1524F55A5A8F7B3F671A53320052AD888736383486CC01DFC317029079B17172E
Malicious:	false
Preview:	# Encoding file: cp1251, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.04020403201A0453201E20262020202120AC203004092039040A040C040B040F.045220182019201C201D202220132014009821220459203A045A045C045B045F.00A0040E045E040800A4049000A600A7040100A9040400AB00AC00AD00AE0407.00B000B104060456049100B500B600B704512116045400BB0458040504550457.0410041104120413041404150416041704180419041A041B041C041D041E041F.0420042104220423042404250426042704280429042A042B042C042D042E042F.043004310432043304340435043604370438043

C:\Users\user\AppData\Local\Update\tcl\encoding\cp1252.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.2209074629945476
Encrypted:	false
SSDEEP:
MD5:	5900F51FD8B5FF75E65594EB7DD50533
SHA1:	2E21300E0BC8A847D0423671B08D3C65761EE172
SHA-256:	14DF3AE30E81E7620BE6BBB7A9E42083AF1AE04D94CF1203565F8A3C0542ACE0
SHA-512:	EA0455FF4CD5C0D4AFB5E79B671565C2AEDE2857D534E1371F0C10C299C74CB4AD113D56025F58B8AE9E88E2862F0864A4836FED236F5730360B2223FDE479DC
Malicious:	false
Preview:	# Encoding file: cp1252, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0192201E20262020202102C62030016020390152008D017D008F.009020182019201C201D20222013201402DC21220161203A0153009D017E0178.00A000A100A200A300A400A500A600A700A800A900AA00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900BA00BB00BC00BD00BE00BF.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.00D000D100D200D300D400D500D600D700D800D900DA00DB00DC00DD00DE00DF.00E000E100E200E300E400E500E600E700E800E

C:\Users\user\AppData\Local\Update\tcl\encoding\cp1253.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.3530146237761445
Encrypted:	false
SSDEEP:
MD5:	2E5F553D214B534EBA29A9FCEEC36F76
SHA1:	8FF9A526A545D293829A679A2ECDD33AA6F9A90E
SHA-256:	2174D94E1C1D5AD93717B9E8C20569ED95A8AF51B2D3AB2BCE99F1A887049C0E
SHA-512:	44AB13C0D322171D5EE62946086058CF54963F91EC3F899F3A10D051F9828AC66D7E9F8055026E938DDD1B97A30D5D450B89D72F9113DEE2DBBB62DDBBBE456C
Malicious:	false
Preview:	# Encoding file: cp1253, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0192201E20262020202100882030008A2039008C008D008E008F.009020182019201C201D20222013201400982122009A203A009C009D009E009F.00A00385038600A300A400A500A600A700A800A9000000AB00AC00AD00AE2015.00B000B100B200B3038400B500B600B703880389038A00BB038C00BD038E038F.0390039103920393039403950396039703980399039A039B039C039D039E039F.03A003A1000003A303A403A503A603A703A803A903AA03AB03AC03AD03AE03AF.03B003B103B203B303B403B503B603B703B803B

C:\Users\user\AppData\Local\Update\tcl\encoding\cp1254.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.2357714075228494
Encrypted:	false
SSDEEP:
MD5:	35AD7A8FC0B80353D1C471F6792D3FD8
SHA1:	484705A69596C9D813EA361625C3A45C6BB31228
SHA-256:	BC4CBE4C99FD65ABEA45FBDAF28CC1D5C42119280125FBBD5C2C11892AE460B2
SHA-512:	CCA3C6A4B826E0D86AC10E45FFC6E5001942AA1CF45B9E0229D56E06F2600DDA0139764F1222C56CF7A9C14E6E6C387F9AB265CB9B936E803FECD8285871C70F
Malicious:	false
Preview:	# Encoding file: cp1254, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0192201E20262020202102C62030016020390152008D008E008F.009020182019201C201D20222013201402DC21220161203A0153009D009E0178.00A000A100A200A300A400A500A600A700A800A900AA00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900BA00BB00BC00BD00BE00BF.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.011E00D100D200D300D400D500D600D700D800D900DA00DB00DC0130015E00DF.00E000E100E200E300E400E500E600E700E800E

C:\Users\user\AppData\Local\Update\tcl\encoding\cp1255.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.267336792625871
Encrypted:	false
SSDEEP:
MD5:	0419DBEE405723E7A128A009DA06460D
SHA1:	660DBE4583923CBDFFF6261B1FADF4349658579C
SHA-256:	F8BD79AE5A90E5390D77DC31CB3065B0F93CB8813C9E67ACCEC72E2DB2027A08
SHA-512:	FDD9F23A1B5ABBF973BEE28642A7F28F767557FE842AF0B30B1CF97CD258892F82E547392390A51900DC7FF5D56433549A5CB463779FC131E885B00568F86A32
Malicious:	false
Preview:	# Encoding file: cp1255, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0192201E20262020202102C62030008A2039008C008D008E008F.009020182019201C201D20222013201402DC2122009A203A009C009D009E009F.00A000A100A200A320AA00A500A600A700A800A900D700AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900F700BB00BC00BD00BE00BF.05B005B105B205B305B405B505B605B705B805B9000005BB05BC05BD05BE05BF.05C005C105C205C305F005F105F205F305F40000000000000000000000000000.05D005D105D205D305D405D505D605D705D805D

C:\Users\user\AppData\Local\Update\tcl\encoding\cp1256.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.3332869352420795
Encrypted:	false
SSDEEP:
MD5:	0FFA293AA50AD2795EAB7A063C4CCAE5
SHA1:	38FEE39F44E14C3A219978F8B6E4DA548152CFD6
SHA-256:	BBACEA81D4F7A3A7F3C036273A4534D31DBF8B6B5CCA2BCC4C00CB1593CF03D8
SHA-512:	AB4A6176C8C477463A6CABD603528CEB98EF4A7FB9AA6A8659E1AA6FE3F88529DB9635D41649FBAD779AEB4413F9D8581E6CA078393A3042B468E8CAE0FA0780
Malicious:	false
Preview:	# Encoding file: cp1256, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC067E201A0192201E20262020202102C62030067920390152068606980688.06AF20182019201C201D20222013201406A921220691203A0153200C200D06BA.00A0060C00A200A300A400A500A600A700A800A906BE00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B9061B00BB00BC00BD00BE061F.06C1062106220623062406250626062706280629062A062B062C062D062E062F.063006310632063306340635063600D7063706380639063A0640064106420643.00E0064400E2064506460647064800E700E800E

C:\Users\user\AppData\Local\Update\tcl\encoding\cp1257.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.2734430397929604
Encrypted:	false
SSDEEP:
MD5:	A1CCD70248FEA44C0EBB51FB71D45F92
SHA1:	CC103C53B3BA1764714587EAEBD92CD1BC75194D
SHA-256:	4151434A714FC82228677C39B07908C4E19952FC058E26E7C3EBAB7724CE0C77
SHA-512:	74E4A13D65FAB11F205DB1E6D826B06DE421282F7461B273196FD7EECEE123EA0BD32711640B15B482C728966CC0C70FFC67AEDAD91566CA87CD623738E34726
Malicious:	false
Preview:	# Encoding file: cp1257, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0083201E20262020202100882030008A2039008C00A802C700B8.009020182019201C201D20222013201400982122009A203A009C00AF02DB009F.00A0000000A200A300A4000000A600A700D800A9015600AB00AC00AD00AE00C6.00B000B100B200B300B400B500B600B700F800B9015700BB00BC00BD00BE00E6.0104012E0100010600C400C501180112010C00C90179011601220136012A013B.01600143014500D3014C00D500D600D701720141015A016A00DC017B017D00DF.0105012F0101010700E400E501190113010D00E

C:\Users\user\AppData\Local\Update\tcl\encoding\cp1258.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.226508038800896
Encrypted:	false
SSDEEP:
MD5:	BB010BFF4DD16B05EEB6E33E5624767A
SHA1:	6294E42ED22D75679FF1464FF41D43DB3B1824C2
SHA-256:	0CDB59E255CCD7DCF4AF847C9B020AEAEE78CE7FCF5F214EBCF123328ACF9F24
SHA-512:	2CD34F75DC61DC1495B0419059783A5579932F43DB9B125CADCB3838A142E0C1CD7B42DB71EF103E268206E31099D6BB0670E84D5658C0E18D0905057FF87182
Malicious:	false
Preview:	# Encoding file: cp1258, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0192201E20262020202102C62030008A20390152008D008E008F.009020182019201C201D20222013201402DC2122009A203A0153009D009E0178.00A000A100A200A300A400A500A600A700A800A900AA00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900BA00BB00BC00BD00BE00BF.00C000C100C2010200C400C500C600C700C800C900CA00CB030000CD00CE00CF.011000D1030900D300D401A000D600D700D800D900DA00DB00DC01AF030300DF.00E000E100E2010300E400E500E600E700E800E

C:\Users\user\AppData\Local\Update\tcl\encoding\cp437.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.447501009231115
Encrypted:	false
SSDEEP:
MD5:	8645C2DFCC4D5DAD2BCD53A180D83A2F
SHA1:	3F725245C66050D39D9234BAACE9D047A3842944
SHA-256:	D707A1F03514806E714F01CBFCB7C9F9973ACDC80C2D67BBD4E6F85223A50952
SHA-512:	208717D7B1CBDD8A0B8B3BE1B6F85353B5A094BDC370E6B8396158453DD7DC400EE6C4D60490AD1A1F4C943E733298FC971AE30606D6BAB14FB1290B886C76D0
Malicious:	false
Preview:	# Encoding file: cp437, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E400E000E500E700EA00EB00E800EF00EE00EC00C400C5.00C900E600C600F400F600F200FB00F900FF00D600DC00A200A300A520A70192.00E100ED00F300FA00F100D100AA00BA00BF231000AC00BD00BC00A100AB00BB.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398

C:\Users\user\AppData\Local\Update\tcl\encoding\cp737.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.551534707521956
Encrypted:	false
SSDEEP:
MD5:	C68ADEFE02B77F6E6B5217CD83D46406
SHA1:	C95EA4ED3FBEF013D810C0BFB193B15FA8ADE7B8
SHA-256:	8BFCA34869B3F9A3B2FC71B02CBAC41512AF6D1F8AB17D2564E65320F88EDE10
SHA-512:	5CCAACD8A9795D4FE0FD2AC6D3E33C10B0BCC43B29B45DFBA66FBD180163251890BB67B8185D806E4341EB01CB1CED6EA682077577CC9ED948FC094B099A662A
Malicious:	false
Preview:	# Encoding file: cp737, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.039103920393039403950396039703980399039A039B039C039D039E039F03A0.03A103A303A403A503A603A703A803A903B103B203B303B403B503B603B703B8.03B903BA03BB03BC03BD03BE03BF03C003C103C303C203C403C503C603C703C8.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03C903AC03AD03AE03CA03AF03CC03CD03CB03CE

C:\Users\user\AppData\Local\Update\tcl\encoding\cp775.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.3818286672990854
Encrypted:	false
SSDEEP:
MD5:	DE1282E2925870A277AF9DE4C52FA457
SHA1:	F4301A1340A160E1F282B5F98BF9FACBFA93B119
SHA-256:	44FB04B5C72B584B6283A99B34789690C627B5083C5DF6E8B5B7AB2C68903C06
SHA-512:	08173FC4E5FC9AA9BD1E296F299036E49C0333A876EA0BDF40BEC9F46120329A530B6AA57B32BC83C7AA5E6BD20DE9F616F4B17532EE54634B6799C31D8F668F
Malicious:	false
Preview:	# Encoding file: cp775, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.010600FC00E9010100E4012300E501070142011301560157012B017900C400C5.00C900E600C6014D00F6012200A2015A015B00D600DC00F800A300D800D700A4.0100012A00F3017B017C017A201D00A600A900AE00AC00BD00BC014100AB00BB.259125922593250225240104010C01180116256325512557255D012E01602510.25142534252C251C2500253C0172016A255A25542569256625602550256C017D.0105010D01190117012F01610173016B017E2518250C25882584258C25902580.00D300DF014C014300F500D500B5014401360137

C:\Users\user\AppData\Local\Update\tcl\encoding\cp850.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.301196372002172
Encrypted:	false
SSDEEP:
MD5:	FF3D96C0954843C7A78299FED6986D9E
SHA1:	5EAD37788D124D4EE49EC4B8AA1CF6AAA9C2849C
SHA-256:	55AA2D13B789B3125F5C9D0DC5B6E3A90D79426D3B7825DCD604F56D4C6E36A2
SHA-512:	B76CD82F3204E17D54FB679615120564C53BBE27CC474101EE073EFA6572B50DB2E9C258B09C0F7EAE8AC445D469461364C81838C07D41B43E353107C06C247E
Malicious:	false
Preview:	# Encoding file: cp850, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E400E000E500E700EA00EB00E800EF00EE00EC00C400C5.00C900E600C600F400F600F200FB00F900FF00D600DC00F800A300D800D70192.00E100ED00F300FA00F100D100AA00BA00BF00AE00AC00BD00BC00A100AB00BB.2591259225932502252400C100C200C000A9256325512557255D00A200A52510.25142534252C251C2500253C00E300C3255A25542569256625602550256C00A4.00F000D000CA00CB00C8013100CD00CE00CF2518250C2588258400A600CC2580.00D300DF00D400D200F500D500B500FE00DE00DA

C:\Users\user\AppData\Local\Update\tcl\encoding\cp852.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.3816687566591797
Encrypted:	false
SSDEEP:
MD5:	25A59EA83B8E9F3322A54B138861E274
SHA1:	904B357C30603DFBCF8A10A054D9399608B131DF
SHA-256:	5266B6F18C3144CFADBCB7B1D27F0A7EAA1C641FD3B33905E42E4549FD373770
SHA-512:	F7E41357849599E7BA1D47B9B2E615C3C2EF4D432978251418EBF9314AAEB0E1B0A56ED14ED9BA3BE46D3DABE5DD80E0CA6592AE88FB1923E7C3D90D7F846709
Malicious:	false
Preview:	# Encoding file: cp852, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E4016F010700E7014200EB0150015100EE017900C40106.00C90139013A00F400F6013D013E015A015B00D600DC01640165014100D7010D.00E100ED00F300FA01040105017D017E0118011900AC017A010C015F00AB00BB.2591259225932502252400C100C2011A015E256325512557255D017B017C2510.25142534252C251C2500253C01020103255A25542569256625602550256C00A4.01110110010E00CB010F014700CD00CE011B2518250C258825840162016E2580.00D300DF00D401430144014801600161015400DA

C:\Users\user\AppData\Local\Update\tcl\encoding\cp855.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.3580450853378596
Encrypted:	false
SSDEEP:
MD5:	0220F1955F01B676D2595C30DEFB6064
SHA1:	F8BD4BF6D95F672CB61B8ECAB580A765BEBDAEA5
SHA-256:	E3F071C63AC43AF66061506EF2C574C35F7BF48553FB5158AE41D9230C1A10DF
SHA-512:	F7BFF7D6534C9BFDBF0FB0147E31E948F60E933E6DA6A39E8DC62CC55FEBDD6901240460D7B3C0991844CDEE7EB8ED26E5FDBBC12BDC9B8173884D8FCA123B69
Malicious:	false
Preview:	# Encoding file: cp855, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0452040204530403045104010454040404550405045604060457040704580408.04590409045A040A045B040B045C040C045E040E045F040F044E042E044A042A.0430041004310411044604260434041404350415044404240433041300AB00BB.259125922593250225240445042504380418256325512557255D043904192510.25142534252C251C2500253C043A041A255A25542569256625602550256C00A4.043B041B043C041C043D041D043E041E043F2518250C25882584041F044F2580.042F044004200441042104420422044304230436

C:\Users\user\AppData\Local\Update\tcl\encoding\cp857.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.2936796452153128
Encrypted:	false
SSDEEP:
MD5:	58C52199269A3BB52C3E4C20B5CE6093
SHA1:	888499D9DFDF75C60C2770386A4500F35753CE70
SHA-256:	E39985C6A238086B54427475519C9E0285750707DB521D1820E639723C01C36F
SHA-512:	754667464C4675E8C8F2F88A9211411B3648068085A898D693B33BF3E1FAECC9676805FD2D1A4B19FAAB30E286236DCFB2FC0D498BF9ABD9A5E772B340CEE768
Malicious:	false
Preview:	# Encoding file: cp857, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E400E000E500E700EA00EB00E800EF00EE013100C400C5.00C900E600C600F400F600F200FB00F9013000D600DC00F800A300D8015E015F.00E100ED00F300FA00F100D1011E011F00BF00AE00AC00BD00BC00A100AB00BB.2591259225932502252400C100C200C000A9256325512557255D00A200A52510.25142534252C251C2500253C00E300C3255A25542569256625602550256C00A4.00BA00AA00CA00CB00C8000000CD00CE00CF2518250C2588258400A600CC2580.00D300DF00D400D200F500D500B5000000D700DA

C:\Users\user\AppData\Local\Update\tcl\encoding\cp860.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.438607583601603
Encrypted:	false
SSDEEP:
MD5:	8CA7C4737A18D5326E9A437D5ADC4A1A
SHA1:	C6B1E9320EEF46FC9A23437C255E4085EA2980DB
SHA-256:	6DB59139627D29ABD36F38ED2E0DE2A6B234A7D7E681C7DBAF8B888F1CAC49A5
SHA-512:	2D2427E7A3FF18445321263A42C6DA560E0250691ACBE5113BDE363B36B5E9929003F3C91769A02FF720AB8261429CBFA9D9580C1065FFE77400327B1A5539A6
Malicious:	false
Preview:	# Encoding file: cp860, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E300E000C100E700EA00CA00E800CD00D400EC00C300C2.00C900C000C800F400F500F200DA00F900CC00D500DC00A200A300D920A700D3.00E100ED00F300FA00F100D100AA00BA00BF00D200AC00BD00BC00A100AB00BB.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398

C:\Users\user\AppData\Local\Update\tcl\encoding\cp861.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.4494568686644276
Encrypted:	false
SSDEEP:
MD5:	45F0D888DBCB56703E8951C06CFAED51
SHA1:	53529772EA6322B7949DB73EEBAED91E5A5BA3DA
SHA-256:	A43A5B58BFC57BD723B12BBDEA9F6E1A921360B36D2D52C420F37299788442D3
SHA-512:	61D0C361E1C7D67193409EC327568867D1FD0FE448D11F16A08638D3EE31BE95AD37B8A2E67B8FB448D09489AA3F5D65AD9AC18E9BDC690A049F0C015BA806F1
Malicious:	false
Preview:	# Encoding file: cp861, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E400E000E500E700EA00EB00E800D000F000DE00C400C5.00C900E600C600F400F600FE00FB00DD00FD00D600DC00F800A300D820A70192.00E100ED00F300FA00C100CD00D300DA00BF231000AC00BD00BC00A100AB00BB.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398

C:\Users\user\AppData\Local\Update\tcl\encoding\cp862.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.4900477558394694
Encrypted:	false
SSDEEP:
MD5:	E417DCE52E8438BBE9AF8AD51A09F9E3
SHA1:	EF273671D46815F22996EA632D22CC27EB8CA44B
SHA-256:	AEA716D490C35439621A8F00CA7E4397EF1C70428E206C5036B7AF25F1C3D82F
SHA-512:	97D65E05008D75BC56E162D51AB76888E1FA0591D9642D7C0D09A5CE823904B5D6C14214828577940EDBE7F0265ABACDD67E4E12FACFDF5C7CD35FA80B90EC02
Malicious:	false
Preview:	# Encoding file: cp862, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.05D005D105D205D305D405D505D605D705D805D905DA05DB05DC05DD05DE05DF.05E005E105E205E305E405E505E605E705E805E905EA00A200A300A520A70192.00E100ED00F300FA00F100D100AA00BA00BF231000AC00BD00BC00A100AB00BB.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398

C:\Users\user\AppData\Local\Update\tcl\encoding\cp863.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.450081751310228
Encrypted:	false
SSDEEP:
MD5:	A2C4062EB4F37C02A45B13BD08EC1120
SHA1:	7F6ED89BD0D415C64D0B8A037F08A47FEADD14C4
SHA-256:	13B5CB481E0216A8FC28BFA9D0F6B060CDF5C457B3E12435CA826EB2EF52B068
SHA-512:	95EFDA8CBC5D52E178640A145859E95A780A8A25D2AF88F98E8FFFA035016CABAE2259D22B3D6A95316F64138B578934FAF4C3403E35C4B7D42E0369B5D88C9B
Malicious:	false
Preview:	# Encoding file: cp863, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200C200E000B600E700EA00EB00E800EF00EE201700C000A7.00C900C800CA00F400CB00CF00FB00F900A400D400DC00A200A300D900DB0192.00A600B400F300FA00A800B800B300AF00CE231000AC00BD00BC00BE00AB00BB.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398

C:\Users\user\AppData\Local\Update\tcl\encoding\cp864.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.6558830653506647
Encrypted:	false
SSDEEP:
MD5:	3C88BF83DBA99F7B682120FBEEC57336
SHA1:	E0CA400BAE0F66EEBE4DFE147C5A18DD3B00B78C
SHA-256:	E87EC076F950FCD58189E362E1505DD55B0C8F4FA7DD1A9331C5C111D2CE569F
SHA-512:	6BD65D0A05F57333DA0078759DB2FC629B56C47DAB24E231DE41AD0DF3D07BF7A2A55D1946A7BA38BE228D415FB2BDB606BF1EF243974ED7DFD204548B2A43BA
Malicious:	false
Preview:	# Encoding file: cp864, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.00200021002200230024066A0026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00B000B72219221A259225002502253C2524252C251C25342510250C25142518.03B2221E03C600B100BD00BC224800AB00BBFEF7FEF8009B009CFEFBFEFC009F.00A000ADFE8200A300A4FE8400000000FE8EFE8FFE95FE99060CFE9DFEA1FEA5.0660066106620663066406650666066706680669FED1061BFEB1FEB5FEB9061F.00A2FE80FE81FE83FE85FECAFE8BFE8DFE91FE93FE97FE9BFE9FFEA3FEA7FEA9.FEABFEADFEAFFEB3FEB7FEBBFEBFFEC1FEC5FECBFECF00A600AC00F700D7FEC9.0640FED3FED7FEDBFEDFFEE3FEE7FEEBFEEDFEEF

C:\Users\user\AppData\Local\Update\tcl\encoding\cp865.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.451408971174579
Encrypted:	false
SSDEEP:
MD5:	6F290E2C3B8A8EE38642C23674B18C71
SHA1:	0EB40FEEB8A382530B69748E08BF513124232403
SHA-256:	407FC0FE06D2A057E9BA0109EA9356CAB38F27756D135EF3B06A85705B616F50
SHA-512:	A975F69360A28484A8A3B4C93590606B8F372A27EC612ECC2355C9B48E042DCE132E64411CF0B107AA5566CAF6954F6937BEBFE17A2AE79EFF25B67FA0F88B7D
Malicious:	false
Preview:	# Encoding file: cp865, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E400E000E500E700EA00EB00E800EF00EE00EC00C400C5.00C900E600C600F400F600F200FB00F900FF00D600DC00F800A300D820A70192.00E100ED00F300FA00F100D100AA00BA00BF231000AC00BD00BC00A100AB00A4.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398

C:\Users\user\AppData\Local\Update\tcl\encoding\cp866.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.435639928335435
Encrypted:	false
SSDEEP:
MD5:	C612610A7B63519BB7FEFEE26904DBB5
SHA1:	431270939D3E479BF9B9A663D9E67FCEBA79416F
SHA-256:	82633643CD326543915ACC5D28A634B5795274CD39974D3955E51D7330BA9338
SHA-512:	A3B84402AB66B1332C150E9B931E75B401378DDB4378D993DD460C81909DB72F2D136F0BE7B014F0A907D9EF9BE541C8E0B42CAB01667C6EF17E1DE1E0A3D0AE
Malicious:	false
Preview:	# Encoding file: cp866, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0410041104120413041404150416041704180419041A041B041C041D041E041F.0420042104220423042404250426042704280429042A042B042C042D042E042F.0430043104320433043404350436043704380439043A043B043C043D043E043F.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.0440044104420443044404450446044704480449

C:\Users\user\AppData\Local\Update\tcl\encoding\cp869.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.458262128093304
Encrypted:	false
SSDEEP:
MD5:	51B18570775BCA6465BD338012C9099C
SHA1:	E8149F333B1809DCCDE51CF8B6332103DDE7FC30
SHA-256:	27F16E3DD02B2212C4980EA09BDC068CF01584A1B8BB91456C03FCABABE0931E
SHA-512:	EB285F0E5A9333FFF0E3A6E9C7CAC9D44956EDF180A46D623989A93683BC70EE362256B58EB9AED3BFC6B5C8F5DB4E42540DFC681D51D22A97398CD18F76A1E1
Malicious:	false
Preview:	# Encoding file: cp869, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850386008700B700AC00A620182019038820150389.038A03AA038C00930094038E03AB00A9038F00B200B303AC00A303AD03AE03AF.03CA039003CC03CD039103920393039403950396039700BD0398039900AB00BB.25912592259325022524039A039B039C039D256325512557255D039E039F2510.25142534252C251C2500253C03A003A1255A25542569256625602550256C03A3.03A403A503A603A703A803A903B103B203B32518250C2588258403B403B52580.03B603B703B803B903BA03BB03BC03BD03BE03BF

C:\Users\user\AppData\Local\Update\tcl\encoding\cp874.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	3.2660589395582478
Encrypted:	false
SSDEEP:
MD5:	7884C95618EF4E9BAA1DED2707F48467
SHA1:	DA057E1F93F75521A51CC725D47130F41E509E70
SHA-256:	3E067363FC07662EBE52BA617C2AAD364920F2AF395B3416297400859ACD78BB
SHA-512:	374AA659A8DB86C023187D02BD7993516CE0EC5B4C6743AD4956AA2DDB86D2B4A57B797253913E08E40485BF3263FBD1C74DDE2C00E6F228201811ED89A6DFF0
Malicious:	false
Preview:	# Encoding file: cp874, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC008100820083008420260086008700880089008A008B008C008D008E008F.009020182019201C201D20222013201400980099009A009B009C009D009E009F.00A00E010E020E030E040E050E060E070E080E090E0A0E0B0E0C0E0D0E0E0E0F.0E100E110E120E130E140E150E160E170E180E190E1A0E1B0E1C0E1D0E1E0E1F.0E200E210E220E230E240E250E260E270E280E290E2A0E2B0E2C0E2D0E2E0E2F.0E300E310E320E330E340E350E360E370E380E390E3A00000000000000000E3F.0E400E410E420E430E440E450E460E470E480E49

C:\Users\user\AppData\Local\Update\tcl\encoding\cp932.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	48207
Entropy (8bit):	3.450462303370557
Encrypted:	false
SSDEEP:
MD5:	AA4398630883066C127AA902832C82E4
SHA1:	D0B3DEB0EE6539CE5F28A51464BFBB3AA03F28E5
SHA-256:	9D33DF6E1CFDD2CF2553F5E2758F457D710CAFF5F8C69968F2665ACCD6E9A6FD
SHA-512:	77794E74B0E6B5855773EE9E1F3B1DA9DB7661D66485DAE6F61CA69F6DA9FD308A55B3A76C9B887135949C60FC3888E6F9A45C6BC481418737AA452A0D9CAE64
Malicious:	false
Preview:	# Encoding file: cp932, multi-byte.M.003F 0 46.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080000000000000000000850086000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000FF61FF62FF63FF64FF65FF66FF67FF68FF69FF6AFF6BFF6CFF6DFF6EFF6F.FF70FF71FF72FF73FF74FF75FF76FF77FF78FF79FF7AFF7BFF7CFF7DFF7EFF7F.FF80FF81FF82FF83FF84FF85FF86FF87FF88FF89FF8AFF8BFF8CFF8DFF8EFF8F.FF90FF91FF92FF93FF94FF95FF96FF97FF98FF99FF9AFF9BFF9CFF9DFF9EFF9F.0000000000000000000000000000000000000000

C:\Users\user\AppData\Local\Update\tcl\encoding\cp936.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	132509
Entropy (8bit):	3.458586416034501
Encrypted:	false
SSDEEP:
MD5:	27280A39A06496DE6035203A6DAE5365
SHA1:	3B1D07B02AE7E3B40784871E17F36332834268E6
SHA-256:	619330192984A80F93AC6F2E4E5EAA463FD3DDDC75C1F65F3975F33E0DD7A0BB
SHA-512:	EA05CC8F9D6908EE2241E2A72374DAAD55797B5A487394B4C2384847C808AF091F980951941003039745372022DE88807F93EEF6CDB3898FBB300A48A09B66E8
Malicious:	false
Preview:	# Encoding file: cp936, multi-byte.M.003F 0 127.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000

C:\Users\user\AppData\Local\Update\tcl\encoding\cp949.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	130423
Entropy (8bit):	3.0309641114333425
Encrypted:	false
SSDEEP:
MD5:	6788B104D2297CBD8D010E2776AF6EBA
SHA1:	904A8B7846D34521634C8C09013DBB1D31AF47CA
SHA-256:	26BCB620472433962717712D04597A63264C8E444459432565C4C113DE0A240B
SHA-512:	0DF73561B76159D0A94D16A2DAB22F2B3D88C67146A840CB74D19E70D50A4C7E4DDF1952B5B805471985A896CA9F1B69C3FC4E6D8D17454566D7D39377BA1394
Malicious:	false
Preview:	# Encoding file: cp949, multi-byte.M.003F 0 125.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000

C:\Users\user\AppData\Local\Update\tcl\encoding\cp950.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	91831
Entropy (8bit):	3.253346615914323
Encrypted:	false
SSDEEP:
MD5:	A0F8C115D46D02A5CE2B8C56AFF53235
SHA1:	6605FCCB235A08F9032BB45231B1A6331764664B
SHA-256:	1FB9A3D52D432EA2D6CD43927CEBF9F58F309A236E1B11D20FE8D5A5FB944E6E
SHA-512:	124EA2134CF59585DB2C399B13DE67089A6BB5412D2B210DF484FA38B77555AAF0605D04F441BDC2B0BE0F180FA17C145731D7826DA7556A573D357CC00A968F
Malicious:	false
Preview:	# Encoding file: cp950, multi-byte.M.003F 0 88.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000

C:\Users\user\AppData\Local\Update\tcl\encoding\ebcdic.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1054
Entropy (8bit):	2.92745681322567
Encrypted:	false
SSDEEP:
MD5:	67212AAC036FE54C8D4CDCB2D03467A6
SHA1:	465509C726C49680B02372501AF7A52F09AB7D55
SHA-256:	17A7D45F3B82F2A42E1D36B13DB5CED077945A3E82700947CD1F803DD2A60DBF
SHA-512:	9500685760800F5A31A755D582FCEDD8BB5692C27FEEEC2709D982C0B8FCB5238AFB310DCB817F9FE140086A8889B7C60D5D1017764CEB03CB388DD22C8E0B3E
Malicious:	false
Preview:	S.006F 0 1.00.0000000100020003008500090086007F0087008D008E000B000C000D000E000F.0010001100120013008F000A0008009700180019009C009D001C001D001E001F.0080008100820083008400920017001B00880089008A008B008C000500060007.0090009100160093009400950096000400980099009A009B00140015009E001A.002000A000E200E400E000E100E300E500E700F10060002E003C0028002B007C.002600E900EA00EB00E800ED00EE00EF00EC00DF00210024002A0029003B009F.002D002F00C200C400C000C100C300C500C700D1005E002C0025005F003E003F.00F800C900CA00CB00C800CD00CE00CF00CC00A8003A002300400027003D0022.00D800610062006300640065006600670068006900AB00BB00F000FD00FE00B1.00B0006A006B006C006D006E006F00700071007200AA00BA00E600B800C600A4.00B500AF0073007400750076007700780079007A00A100BF00D000DD00DE00AE.00A200A300A500B700A900A700B600BC00BD00BE00AC005B005C005D00B400D7.00F900410042004300440045004600470048004900AD00F400F600F200F300F5.00A6004A004B004C004D004E004F00500051005200B900FB00FC00DB00FA00FF.00D900F70053005400550056005700580059005A00B200D400D600D200D300D5.00300031003

C:\Users\user\AppData\Local\Update\tcl\encoding\euc-cn.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	85574
Entropy (8bit):	2.3109636068522357
Encrypted:	false
SSDEEP:
MD5:	9A60E5D1AB841DB3324D584F1B84F619
SHA1:	BCCC899015B688D5C426BC791C2FCDE3A03A3EB5
SHA-256:	546392237F47D71CEE1DAA1AAE287D94D93216A1FABD648B50F59DDCE7E8AE35
SHA-512:	E9F42B65A8DFB157D1D3336A94A83D372227BAA10A82EB0C6B6FB5601AA352A576FA3CDFD71EDF74A2285ABCA3B1D3172BB4B393C05B3B4AB141AAF04B10F426
Malicious:	false
Preview:	# Encoding file: euc-cn, multi-byte.M.003F 0 82.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000

C:\Users\user\AppData\Local\Update\tcl\encoding\euc-jp.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	82537
Entropy (8bit):	2.267779266005065
Encrypted:	false
SSDEEP:
MD5:	453626980EB36062E32D98ACECCCBD6E
SHA1:	F8FCA3985009A2CDD397CB3BAE308AF05B0D7CAC
SHA-256:	3BFB42C4D36D1763693AEFCE87F6277A11AD5A756D691DEDA804D9D0EDCB3093
SHA-512:	0F026E1EF3AE1B08BBC7050DB0B181B349511F2A526D2121A6100C426674C0FB1AD6904A5CC11AA924B7F03E33F6971599BAF85C94528428F2E22DCB7D6FE443
Malicious:	false
Preview:	# Encoding file: euc-jp, multi-byte.M.003F 0 79.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D0000008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000

C:\Users\user\AppData\Local\Update\tcl\encoding\euc-kr.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	93918
Entropy (8bit):	2.3267174168729032
Encrypted:	false
SSDEEP:
MD5:	93FEADA4D8A974E90E77F6EB8A9F24AB
SHA1:	89CDA4FE6515C9C03551E4E1972FD478AF3A419C
SHA-256:	1F1AD4C4079B33B706E948A735A8C3042F40CC68065C48C220D0F56FD048C33B
SHA-512:	7FC43C273F8C2A34E7AD29375A36B6CAC539AC4C1CDCECFAF0B366DCFE605B5D924D09DAD23B2EE589B1A8A63EE0F7A0CE32CE74AC873369DE8555C9E27A5EDF
Malicious:	false
Preview:	# Encoding file: euc-kr, multi-byte.M.003F 0 90.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000

C:\Users\user\AppData\Local\Update\tcl\encoding\gb12345.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	86619
Entropy (8bit):	2.2972446758995697
Encrypted:	false
SSDEEP:
MD5:	12DBEEF45546A01E041332427FEC7A51
SHA1:	5C8E691AE3C13308820F4CF69206D765CFD5094B
SHA-256:	0C0DF17BFECE897A1DA7765C822453B09866573028CECCED13E2EFEE02BCCCC4
SHA-512:	FC8A250EE17D5E94A765AFCD9464ECAE74A4E2FF594A8632CEAEC5C84A3C4D26599642DA42E507B7873C37849D3E784CFB0792DE5B4B4262428619D7473FF611
Malicious:	false
Preview:	# Encoding file: gb12345, double-byte.D.233F 0 83.21.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000030003001300230FB02C902C700A8300330052015FF5E2225202620182019.201C201D3014301530083009300A300B300C300D300E300F3016301730103011.00B100D700F72236222722282211220F222A222922082237221A22A522252220.23122299222B222E2261224C2248223D221D2260226E226F22642265221E2235.22342642264000B0203220332103FF0400A4FFE0FFE1203000A7211626062605.25CB25CF25CE25C725C625A125A025B325B2203B219221902191219330130000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000

C:\Users\user\AppData\Local\Update\tcl\encoding\gb1988.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.1978221748141253
Encrypted:	false
SSDEEP:
MD5:	06645FE6C135D2EDE313629D24782F98
SHA1:	49C663AC26C1FE4F0FD1428C9EF27058AEE6CA95
SHA-256:	A2717AE09E0CF2D566C245DC5C5889D326661B40DB0D5D9A6D95B8E6B0F0E753
SHA-512:	DB544CFE58753B2CF8A5D65321A2B41155FE2430DB6783DD2F20E1244657482072633D16C8AC99765C113B60E99C8718263C483763A34C5E4BB04B4FFBA41976
Malicious:	false
Preview:	# Encoding file: gb1988, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.002000210022002300A500250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D203E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000FF61FF62FF63FF64FF65FF66FF67FF68FF69FF6AFF6BFF6CFF6DFF6EFF6F.FF70FF71FF72FF73FF74FF75FF76FF77FF78FF79FF7AFF7BFF7CFF7DFF7EFF7F.FF80FF81FF82FF83FF84FF85FF86FF87FF88FF89FF8AFF8BFF8CFF8DFF8EFF8F.FF90FF91FF92FF93FF94FF95FF96FF97FF98FF99FF9AFF9BFF9CFF9DFF9EFF9F.000000000000000000000000000000000000000

C:\Users\user\AppData\Local\Update\tcl\encoding\gb2312-raw.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	84532
Entropy (8bit):	2.3130049332819502
Encrypted:	false
SSDEEP:
MD5:	BF74C90D28E52DD99A01377A96F462E3
SHA1:	DBA09C670F24D47B95D12D4BB9704391B81DDA9A
SHA-256:	EC11BFD49C715CD89FB9D387A07CF54261E0F4A1CCEC1A810E02C7B38AD2F285
SHA-512:	8F5A86BB57256ED2412F6454AF06C52FB44C83EB7B820C642CA9216E9DB31D6EC22965BF5CB9E8AE4492C77C1F48EB2387B1CBDC80F6CDA33FA57C57EC9FF9CD
Malicious:	false
Preview:	# Encoding file: gb2312, double-byte.D.233F 0 81.21.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000030003001300230FB02C902C700A8300330052015FF5E2225202620182019.201C201D3014301530083009300A300B300C300D300E300F3016301730103011.00B100D700F72236222722282211220F222A222922082237221A22A522252220.23122299222B222E2261224C2248223D221D2260226E226F22642265221E2235.22342642264000B0203220332103FF0400A4FFE0FFE1203000A7211626062605.25CB25CF25CE25C725C625A125A025B325B2203B219221902191219330130000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.00000000000000000000000000000000000000

C:\Users\user\AppData\Local\Update\tcl\encoding\gb2312.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	85574
Entropy (8bit):	2.3109636068522357
Encrypted:	false
SSDEEP:
MD5:	9A60E5D1AB841DB3324D584F1B84F619
SHA1:	BCCC899015B688D5C426BC791C2FCDE3A03A3EB5
SHA-256:	546392237F47D71CEE1DAA1AAE287D94D93216A1FABD648B50F59DDCE7E8AE35
SHA-512:	E9F42B65A8DFB157D1D3336A94A83D372227BAA10A82EB0C6B6FB5601AA352A576FA3CDFD71EDF74A2285ABCA3B1D3172BB4B393C05B3B4AB141AAF04B10F426
Malicious:	false
Preview:	# Encoding file: euc-cn, multi-byte.M.003F 0 82.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000

C:\Users\user\AppData\Local\Update\tcl\encoding\iso2022-jp.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	192
Entropy (8bit):	4.915818681498601
Encrypted:	false
SSDEEP:
MD5:	224219C864280FA5FB313ADBC654E37D
SHA1:	39E20B41CFA8B269377AFA06F9C4D66EDD946ACB
SHA-256:	E12928E8B5754D49D0D3E799135DE2B480BA84B5DBAA0E350D9846FA67F943EC
SHA-512:	6E390D83B67E2FD5BCAC1BA603A9C6F8BE071FA64021612CE5F8EE33FD8E3840A8C31A7B00134A0039E46BDC66BEF7EB6EA1F8663BA72816B86AF792EF7BDC56
Malicious:	false
Preview:	# Encoding file: iso2022-jp, escape-driven.E.name..iso2022-jp.init..{}.final..{}.ascii..\x1b(B.jis0201..\x1b(J.jis0208..\x1b$B.jis0208..\x1b$@.jis0212..\x1b$(D.gb2312..\x1b$A.ksc5601..\x1b$(C.

C:\Users\user\AppData\Local\Update\tcl\encoding\iso2022-kr.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	115
Entropy (8bit):	4.945508829557185
Encrypted:	false
SSDEEP:
MD5:	F6464F7C5E3F642BC3564D59B888C986
SHA1:	94C5F39256366ABB68CD67E3025F177F54ECD39D
SHA-256:	6AC0F1845A56A1A537B9A6D9BCB724DDDF3D3A5E61879AE925931B1C0534FBB7
SHA-512:	B9A7E0A9344D8E883D44D1A975A7C3B966499D34BA6206B15C90250F88A8FA422029CEF190023C4E4BE806791AC3BEA87FD8872B47185B0CE0F9ED9C38C41A84
Malicious:	false
Preview:	# Encoding file: iso2022-kr, escape-driven.E.name..iso2022-kr.init..\x1b$)C.final..{}.iso8859-1.\x0f.ksc5601..\x0e.

C:\Users\user\AppData\Local\Update\tcl\encoding\iso2022.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	226
Entropy (8bit):	4.925633473589168
Encrypted:	false
SSDEEP:
MD5:	745464FF8692E3C3D8EBBA38D23538C8
SHA1:	9D6F077598A5A86E6EB6A4EEC14810BF525FBD89
SHA-256:	753DDA518A7E9F6DC0309721B1FAAE58C9661F545801DA9F04728391F70BE2D0
SHA-512:	E919677CC96DEF4C75126A173AF6C229428731AB091CDDBB2A6CE4EB82BCD8191CE64A33B418057A15E094A48E846BEE7820619E414E7D90EDA6E2B66923DDA5
Malicious:	false
Preview:	# Encoding file: iso2022, escape-driven.E.name..iso2022.init..{}.final..{}.iso8859-1.\x1b(B.jis0201..\x1b(J.gb1988..\x1b(T.jis0208..\x1b$B.jis0208..\x1b$@.jis0212..\x1b$(D.gb2312..\x1b$A.ksc5601..\x1b$(C.jis0208..\x1b&@\x1b$B.

C:\Users\user\AppData\Local\Update\tcl\encoding\iso8859-1.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1094
Entropy (8bit):	3.163043970763833
Encrypted:	false
SSDEEP:
MD5:	E3BAE26F5D3D9A4ADCF5AE7D30F4EC38
SHA1:	A71B6380EA3D23DC0DE11D3B8CEA86A4C8063D47
SHA-256:	754EF6BF3A564228AB0B56DDE391521DCC1A6C83CFB95D4B761141E71D2E8E87
SHA-512:	AFED8F5FE02A9A30987736F08B47F1C19339B5410D6020CC7EA37EA0D717A70AF6CDDC775F53CE261FCF215B579206E56458D61AB4CEB44E060BD6B3AC2F4C41
Malicious:	false
Preview:	# Encoding file: iso8859-1, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A000A100A200A300A400A500A600A700A800A900AA00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900BA00BB00BC00BD00BE00BF.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.00D000D100D200D300D400D500D600D700D800D900DA00DB00DC00DD00DE00DF.00E000E100E200E300E400E500E600E700E8

C:\Users\user\AppData\Local\Update\tcl\encoding\iso8859-10.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1095
Entropy (8bit):	3.2483197762497458
Encrypted:	false
SSDEEP:
MD5:	162E76BD187CB54A5C9F0B72A082C668
SHA1:	CEC787C4DE78F9DBB97B9C44070CF2C12A2468F7
SHA-256:	79F6470D9BEBD30832B3A9CA59CD1FDCA28C5BE6373BD01D949EEE1BA51AA7A8
SHA-512:	ADDBCA6E296286220FFF449D3E34E5267528627AFFF1FCBD2B9AC050A068D116452D70308049D88208FB7CB2C2F7582FCF1703CF22CFC125F2E6FA89B8A653FE
Malicious:	false
Preview:	# Encoding file: iso8859-10, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0010401120122012A0128013600A7013B011001600166017D00AD016A014A.00B0010501130123012B0129013700B7013C011101610167017E2015016B014B.010000C100C200C300C400C500C6012E010C00C9011800CB011600CD00CE00CF.00D00145014C00D300D400D500D6016800D8017200DA00DB00DC00DD00DE00DF.010100E100E200E300E400E500E6012F010

C:\Users\user\AppData\Local\Update\tcl\encoding\iso8859-13.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1095
Entropy (8bit):	3.267798724121087
Encrypted:	false
SSDEEP:
MD5:	BF3993877A45AC7091CFC81CFD4A4D43
SHA1:	D462934A074EE13F2C810463FD061084953F77BC
SHA-256:	33C6072A006BA4E9513D7B7FD3D08B1C745CA1079B6D796C36B2A5AE8E4AE02B
SHA-512:	17489E6AD6A898628239EA1B43B4BE81ECC33608F0FD3F7F0E19CF74F7FC4752813C3C21F1DC73E9CC8765E23C63ED932799905381431DAF4E10A88EC29EBF6E
Malicious:	false
Preview:	# Encoding file: iso8859-13, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0201D00A200A300A4201E00A600A700D800A9015600AB00AC00AD00AE00C6.00B000B100B200B3201C00B500B600B700F800B9015700BB00BC00BD00BE00E6.0104012E0100010600C400C501180112010C00C90179011601220136012A013B.01600143014500D3014C00D500D600D701720141015A016A00DC017B017D00DF.0105012F0101010700E400E501190113010

C:\Users\user\AppData\Local\Update\tcl\encoding\iso8859-14.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1095
Entropy (8bit):	3.296489289648924
Encrypted:	false
SSDEEP:
MD5:	3BE4986264587BEC738CC46EBB43D698
SHA1:	62C253AA7A868CE32589868FAB37336542457A96
SHA-256:	8D737283289BAF8C08EF1DD7E47A6C775DACE480419C5E2A92D6C0E85BB5B381
SHA-512:	CB9079265E47EF9672EAACFCE474E4D6771C6F61394F29CC59C9BBE7C99AE89A0EACD73F2BCDD8374C4E03BE9B1685F463F029E35C4070DF9D1B143B02CAD573
Malicious:	false
Preview:	# Encoding file: iso8859-14, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A01E021E0300A3010A010B1E0A00A71E8000A91E821E0B1EF200AD00AE0178.1E1E1E1F012001211E401E4100B61E561E811E571E831E601EF31E841E851E61.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.017400D100D200D300D400D500D61E6A00D800D900DA00DB00DC00DD017600DF.00E000E100E200E300E400E500E600E700E

C:\Users\user\AppData\Local\Update\tcl\encoding\iso8859-15.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1095
Entropy (8bit):	3.1878838020538374
Encrypted:	false
SSDEEP:
MD5:	6AE49F4E916B02EB7EDB160F88B5A27F
SHA1:	49F7A42889FB8A0D78C80067BDE18094DBE956EE
SHA-256:	C7B0377F30E42048492E4710FE5A0A54FA9865395B8A6748F7DAC53B901284F9
SHA-512:	397E636F4B95522FD3909B4546A1B7E31E92388DAE4F9F6B638875449E3498B49320F4C4A47168C7ADD43C78EF5680CAAEE40661DDC8205687532D994133EA3B
Malicious:	false
Preview:	# Encoding file: iso8859-15, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A000A100A200A320AC00A5016000A7016100A900AA00AB00AC00AD00AE00AF.00B000B100B200B3017D00B500B600B7017E00B900BA00BB01520153017800BF.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.00D000D100D200D300D400D500D600D700D800D900DA00DB00DC00DD00DE00DF.00E000E100E200E300E400E500E600E700E

C:\Users\user\AppData\Local\Update\tcl\encoding\iso8859-16.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1095
Entropy (8bit):	3.2349228762697972
Encrypted:	false
SSDEEP:
MD5:	D30094CAEFA5C4A332159829C6CB7FEC
SHA1:	50FDA6C70A133CB64CF38AA4B2F313B54D2FD955
SHA-256:	C40CA014B88F97AE62AE1A816C5963B1ED432A77D84D89C3A764BA15C8A23708
SHA-512:	6EDD6912053D810D1E2B0698494D26E119EF1BF3FABC2FBFBA44551792800FA0CF163773E4F37F908C2DE41F05D6F17153656623A6D4681BE74EB253D9163422
Malicious:	false
Preview:	# Encoding file: iso8859-16, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A001040105014120AC201E016000A7016100A9021800AB017900AD017A017B.00B000B1010C0142017D201D00B600B7017E010D021900BB015201530178017C.00C000C100C2010200C4010600C600C700C800C900CA00CB00CC00CD00CE00CF.0110014300D200D300D4015000D6015A017000D900DA00DB00DC0118021A00DF.00E000E100E2010300E4010700E600E700E

C:\Users\user\AppData\Local\Update\tcl\encoding\iso8859-2.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1094
Entropy (8bit):	3.269412550127009
Encrypted:	false
SSDEEP:
MD5:	69FCA2E8F0FD9B39CDD908348BD2985E
SHA1:	FF62EB5710FDE11074A87DAEE9229BCF7F66D7A0
SHA-256:	0E0732480338A229CC3AD4CDDE09021A0A81902DC6EDFB5F12203E2AFF44668F
SHA-512:	46A7899D17810D2E0FF812078D91F29BF2BB8770F09A02367CF8361229F424FC9B06EAC8E3756491612972917463B6F27DB3D897AFAE8DB5F159D45975D9CBD8
Malicious:	false
Preview:	# Encoding file: iso8859-2, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0010402D8014100A4013D015A00A700A80160015E0164017900AD017D017B.00B0010502DB014200B4013E015B02C700B80161015F0165017A02DD017E017C.015400C100C2010200C40139010600C7010C00C9011800CB011A00CD00CE010E.01100143014700D300D4015000D600D70158016E00DA017000DC00DD016200DF.015500E100E2010300E4013A010700E7010D

C:\Users\user\AppData\Local\Update\tcl\encoding\iso8859-3.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1094
Entropy (8bit):	3.178020305301999
Encrypted:	false
SSDEEP:
MD5:	5685992A24D85E93BD8EA62755E327BA
SHA1:	B0BEBEDEC53FFB894D9FB0D57F25AB2A459B6DD5
SHA-256:	73342C27CF55F625D3DB90C5FC8E7340FFDF85A51872DBFB1D0A8CB1E43EC5DA
SHA-512:	E88ED02435026CA9B8A23073F61031F3A75C4B2CD8D2FC2B598F924ADF34B268AB16909120F1D96B794BDBC484C764FDE83B63C9FB122279AC5242D57030AF3A
Malicious:	false
Preview:	# Encoding file: iso8859-3, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0012602D800A300A40000012400A700A80130015E011E013400AD0000017B.00B0012700B200B300B400B5012500B700B80131015F011F013500BD0000017C.00C000C100C2000000C4010A010800C700C800C900CA00CB00CC00CD00CE00CF.000000D100D200D300D4012000D600D7011C00D900DA00DB00DC016C015C00DF.00E000E100E2000000E4010B010900E700E8

C:\Users\user\AppData\Local\Update\tcl\encoding\iso8859-4.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1094
Entropy (8bit):	3.2703067063488724
Encrypted:	false
SSDEEP:
MD5:	07576E85AFDB2816BBCFFF80E2A12747
SHA1:	CC1C2E6C35B005C17EB7B1A3D744983A86A75736
SHA-256:	17745BDD299779E91D41DB0CEE26CDC7132DA3666907A94210B591CED5A55ADB
SHA-512:	309EEF25EE991E3321A57D2CEE139C9C3E7C8B3D9408664AAFE9BA34E28EF5FB8167481F3C5CAD0557AE55249E47016CA3A6AC19857D76EFB58D0CDAC428F600
Malicious:	false
Preview:	# Encoding file: iso8859-4, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A001040138015600A40128013B00A700A8016001120122016600AD017D00AF.00B0010502DB015700B40129013C02C700B80161011301230167014A017E014B.010000C100C200C300C400C500C6012E010C00C9011800CB011600CD00CE012A.01100145014C013600D400D500D600D700D8017200DA00DB00DC0168016A00DF.010100E100E200E300E400E500E6012F010D

C:\Users\user\AppData\Local\Update\tcl\encoding\iso8859-5.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1094
Entropy (8bit):	3.2716690950473573
Encrypted:	false
SSDEEP:
MD5:	67577E6720013EEF73923D3F050FBFA1
SHA1:	F9F64BB6014068E2C0737186C694B8101DD9575E
SHA-256:	BC5ED164D15321404BBDCAD0D647C322FFAB1659462182DBD3945439D9ECBAE7
SHA-512:	B584DB1BD5BE97CCFCA2F71E765DEC66CF2ABE18356C911894C988B2238E14074748C71074E0633C7CA50733E189D937160A35438C720DB2243CBC3566F52629
Malicious:	false
Preview:	# Encoding file: iso8859-5, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0040104020403040404050406040704080409040A040B040C00AD040E040F.0410041104120413041404150416041704180419041A041B041C041D041E041F.0420042104220423042404250426042704280429042A042B042C042D042E042F.0430043104320433043404350436043704380439043A043B043C043D043E043F.044004410442044304440445044604470448

C:\Users\user\AppData\Local\Update\tcl\encoding\iso8859-6.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1094
Entropy (8bit):	2.9147595181616284
Encrypted:	false
SSDEEP:
MD5:	49DEC951C7A7041314DF23FE26C9B300
SHA1:	B810426354D857718CC841D424DA070EFB9F144F
SHA-256:	F502E07AE3F19CCDC31E434049CFC733DD5DF85487C0160B0331E40241AD0274
SHA-512:	CB5D8C5E807A72F35AD4E7DA80882F348D70052169A7ED5BB585152C2BF628177A2138BD0A982A398A8DF373E1D3E145AD1F6C52485DE57ECBE5A7ED33E13776
Malicious:	false
Preview:	# Encoding file: iso8859-6, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A000000000000000A40000000000000000000000000000060C00AD00000000.00000000000000000000000000000000000000000000061B000000000000061F.0000062106220623062406250626062706280629062A062B062C062D062E062F.0630063106320633063406350636063706380639063A00000000000000000000.064006410642064306440645064606470648

C:\Users\user\AppData\Local\Update\tcl\encoding\iso8859-7.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1094
Entropy (8bit):	3.2933089629252037
Encrypted:	false
SSDEEP:
MD5:	0AF65F8F07F623FA38E2D732400D95CF
SHA1:	D2903B32FEA225F3FB9239E622390A078C8A8FA6
SHA-256:	8FEC7631A69FCF018569EBADB05771D892678790A08E63C05E0007C9910D58A8
SHA-512:	EF03237A030C54E0E20DBA7ED724580C513490B9B3B043C1E885638E7BCE21415CE56C3902EA39689365B12E44194C6BF868C4D9BCBCA8FDC334BE77DA46E24D
Malicious:	false
Preview:	# Encoding file: iso8859-7, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A02018201900A30000000000A600A700A800A9000000AB00AC00AD00002015.00B000B100B200B303840385038600B703880389038A00BB038C00BD038E038F.0390039103920393039403950396039703980399039A039B039C039D039E039F.03A003A1000003A303A403A503A603A703A803A903AA03AB03AC03AD03AE03AF.03B003B103B203B303B403B503B603B703B8

C:\Users\user\AppData\Local\Update\tcl\encoding\iso8859-8.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1094
Entropy (8bit):	2.9730608214144323
Encrypted:	false
SSDEEP:
MD5:	45E35EFF7ED2B2DF0B5694A2B639FE1E
SHA1:	4EA5EC5331541EDE65A9CF601F5418FD4B6CFCBC
SHA-256:	E1D207917AA3483D9110E24A0CC0CD1E0E5843C8BFC901CFEE7A6D872DD945A9
SHA-512:	527283C9EFF2C1B21FAE716F5DFB938D8294B22938C76A73D88135312FA01B5C3DF288461CCE8B692928B334A28A7D29319F9F48733174C898F41BD1BEB8E862
Malicious:	false
Preview:	# Encoding file: iso8859-8, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0000000A200A300A400A500A600A700A800A900D700AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900F700BB00BC00BD00BE0000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000002017.05D005D105D205D305D405D505D605D705D8

C:\Users\user\AppData\Local\Update\tcl\encoding\iso8859-9.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1094
Entropy (8bit):	3.1865263857127375
Encrypted:	false
SSDEEP:
MD5:	675C89ECD212C8524B1875095D78A5AF
SHA1:	F585C70A5589DE39558DAC016743FF85E0C5F032
SHA-256:	1CDCF510C38464E5284EDCFAEC334E3FC516236C1CA3B9AB91CA878C23866914
SHA-512:	E620657C5F521A101B6FF7B5FD9A7F0DDD560166BA109D20E91F2E828F81697F897DFA136533C0D6F24A9861E92F34C0CC0FA590F344713C089157F8AC3ECFE2
Malicious:	false
Preview:	# Encoding file: iso8859-9, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A000A100A200A300A400A500A600A700A800A900AA00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900BA00BB00BC00BD00BE00BF.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.011E00D100D200D300D400D500D600D700D800D900DA00DB00DC0130015E00DF.00E000E100E200E300E400E500E600E700E8

C:\Users\user\AppData\Local\Update\tcl\encoding\jis0201.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1092
Entropy (8bit):	3.1984111069807395
Encrypted:	false
SSDEEP:
MD5:	0DCB64ACBB4B518CC20F4E196E04692C
SHA1:	7AEB708C89C178FB4D5611C245EA1A7CF66ADF3A
SHA-256:	480F61D0E1A75DEE59BF9A66DE0BB78FAAE4E87FD6317F93480412123277D442
SHA-512:	4AFA210763DE9742626886D7D281AC15169CDC7A31D185F48D105190CA247AA014FB8F281AFCB4A0C31D2D55EE7D907B6A8E51FC4BEEDB9DB8C484E88CAA78A9
Malicious:	false
Preview:	# Encoding file: jis0201, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D203E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000FF61FF62FF63FF64FF65FF66FF67FF68FF69FF6AFF6BFF6CFF6DFF6EFF6F.FF70FF71FF72FF73FF74FF75FF76FF77FF78FF79FF7AFF7BFF7CFF7DFF7EFF7F.FF80FF81FF82FF83FF84FF85FF86FF87FF88FF89FF8AFF8BFF8CFF8DFF8EFF8F.FF90FF91FF92FF93FF94FF95FF96FF97FF98FF99FF9AFF9BFF9CFF9DFF9EFF9F.00000000000000000000000000000000000000

C:\Users\user\AppData\Local\Update\tcl\encoding\jis0208.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	80453
Entropy (8bit):	2.274731552146978
Encrypted:	false
SSDEEP:
MD5:	F35938AC582E460A14646D2C93F1A725
SHA1:	A922ACACE0C1A4A7DDC92FE5DD7A116D30A3686B
SHA-256:	118EA160EF29E11B46DEC57AF2C44405934DD8A7C49D2BC8B90C94E8BAA6138B
SHA-512:	D27CD9C9D67370C288036AACA5999314231F7070152FF7EEF1F3379E748EF9047001430D391B61C281FF69AB4F709D47F8FF5390873B5DEFD105371AB8FB8872
Malicious:	false
Preview:	# Encoding file: jis0208, double-byte.D.2129 0 77.21.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000300030013002FF0CFF0E30FBFF1AFF1BFF1FFF01309B309C00B4FF4000A8.FF3EFFE3FF3F30FD30FE309D309E30034EDD30053006300730FC20152010FF0F.FF3C301C2016FF5C2026202520182019201C201DFF08FF0930143015FF3BFF3D.FF5BFF5D30083009300A300B300C300D300E300F30103011FF0B221200B100D7.00F7FF1D2260FF1CFF1E22662267221E22342642264000B0203220332103FFE5.FF0400A200A3FF05FF03FF06FF0AFF2000A72606260525CB25CF25CE25C70000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000

C:\Users\user\AppData\Local\Update\tcl\encoding\jis0212.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	70974
Entropy (8bit):	2.2631380488363284
Encrypted:	false
SSDEEP:
MD5:	F518436AC485F5DC723518D7872038E0
SHA1:	15013478760463A0BCE3577B4D646ECDB07632B5
SHA-256:	24A9D379FDA39F2BCC0580CA3E0BD2E99AE279AF5E2841C9E7DBE7F931D19CC0
SHA-512:	2325705D4772A10CD81082A035BEAC85E6C64C7CCFA5981955F0B85CAF9A95D8A0820092957822A05C2E8E773F2089035ED5E76BF3FAF19B0E7E6AED7B4214D8
Malicious:	false
Preview:	# Encoding file: jis0212, double-byte.D.2244 0 68.22.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.00000000000000000000000000000000000000000000000000000000000002D8.02C700B802D902DD00AF02DB02DA007E03840385000000000000000000000000.0000000000A100A600BF00000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000BA00AA00A900AE2122.00A4211600000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000

C:\Users\user\AppData\Local\Update\tcl\encoding\koi8-r.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.463428231669408
Encrypted:	false
SSDEEP:
MD5:	E66D42CB71669CA0FFBCDC75F6292832
SHA1:	366C137C02E069B1A93FBB5D64B9120EA6E9AD1F
SHA-256:	7142B1120B993D6091197574090FE04BE3EA64FFC3AD5A167A4B5E0B42C9F062
SHA-512:	6FBF7AF0302B4AA7EF925EFED7235E946EDA8B628AA204A8BBB0A3D1CB8C79DD37D9DD92A276AD14B55776FEBB3B55CF5881AC4013F95ED4E618E3B49771E8A5
Malicious:	false
Preview:	# Encoding file: koi8-r, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.25002502250C251025142518251C2524252C2534253C258025842588258C2590.259125922593232025A02219221A22482264226500A0232100B000B200B700F7.25502551255204512553255425552556255725582559255A255B255C255D255E.255F25602561040125622563256425652566256725682569256A256B256C00A9.044E0430043104460434043504440433044504380439043A043B043C043D043E.043F044F044004410442044304360432044C044B04370448044D04490447044A.042E04100411042604140415042404130425041

C:\Users\user\AppData\Local\Update\tcl\encoding\koi8-u.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.439504497428066
Encrypted:	false
SSDEEP:
MD5:	D722EFEA128BE671A8FDA45ED7ADC586
SHA1:	DA9E67F64EC4F6A74C60CB650D5A12C4430DCFF7
SHA-256:	BBB729B906F5FC3B7EE6694B208B206D19A9D4DC571E235B9C94DCDD4A323A2A
SHA-512:	FDF183C1A0D9109E21F7EEBC5996318AEDED3F87319A980C4E96BFE1D43593BDB693D181744C5C7E391A849783E3594234060A9F76116DE56F9592EF95979E63
Malicious:	false
Preview:	# Encoding file: koi8-u, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.25002502250C251025142518251C2524252C2534253C258025842588258C2590.259125922593232025A02219221A22482264226500A0232100B000B200B700F7.25502551255204510454255404560457255725582559255A255B0491255D255E.255F25602561040104032563040604072566256725682569256A0490256C00A9.044E0430043104460434043504440433044504380439043A043B043C043D043E.043F044F044004410442044304360432044C044B04370448044D04490447044A.042E04100411042604140415042404130425041

C:\Users\user\AppData\Local\Update\tcl\encoding\ksc5601.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	92877
Entropy (8bit):	2.32911747373862
Encrypted:	false
SSDEEP:
MD5:	599CEA614F5C5D01CDFA433B184AA904
SHA1:	C2FFA427457B4931E5A92326F251CD3D671059B0
SHA-256:	0F8B530AD0DECBF8DD81DA8291B8B0F976C643B5A292DB84680B31ECFBE5D00A
SHA-512:	43D24B719843A21E3E1EDDFC3607B1B198542306C2EC8D621188CD39BA913D23678D39D12D8370CC1CE12828661AF0A5F14AD2B2BF99F62387C5E3E365BA1E75
Malicious:	false
Preview:	# Encoding file: ksc5601, double-byte.D.233F 0 89.21.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000030003001300200B72025202600A8300300AD20152225FF3C223C20182019.201C201D3014301530083009300A300B300C300D300E300F3010301100B100D7.00F7226022642265221E223400B0203220332103212BFFE0FFE1FFE526422640.222022A52312220222072261225200A7203B2606260525CB25CF25CE25C725C6.25A125A025B325B225BD25BC219221902191219321943013226A226B221A223D.221D2235222B222C2208220B2286228722822283222A222922272228FFE20000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000

C:\Users\user\AppData\Local\Update\tcl\encoding\macCentEuro.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1096
Entropy (8bit):	3.3601842107710365
Encrypted:	false
SSDEEP:
MD5:	CADFBF5A4C7CAD984294284D643E9CA3
SHA1:	16B51D017001688A32CB7B15DE6E7A49F28B76FD
SHA-256:	8F3089F4B2CA47B7AC4CB78375B2BFAC01268113A7C67D020F8B5B7F2C25BBDA
SHA-512:	3941ACA62CF59BF6857BA9C300B4236F18690DE1213BB7FCFA0EC87DCD71152849F1DEAFB470CA4BC2ACC2C0C13D7FD57661BFC053960ADD7570DE365AE7E63C
Malicious:	false
Preview:	# Encoding file: macCentEuro, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C40100010100C9010400D600DC00E10105010C00E4010D0106010700E90179.017A010E00ED010F01120113011600F3011700F400F600F500FA011A011B00FC.202000B0011800A300A7202200B600DF00AE00A92122011900A822600123012E.012F012A22642265012B0136220222110142013B013C013D013E0139013A0145.0146014300AC221A01440147220600AB00BB202600A00148015000D50151014C.20132014201C201D2018201900F725CA014D0154015501582039203A01590156.01570160201A201E0161015A015B00C101

C:\Users\user\AppData\Local\Update\tcl\encoding\macCroatian.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1096
Entropy (8bit):	3.3293096097500965
Encrypted:	false
SSDEEP:
MD5:	F13D479550D4967A0BC76A60C89F1461
SHA1:	63F44E818284384DE07AB0D8B0CD6F7EBFE09AB9
SHA-256:	8D0B6A882B742C5CCE938241328606C111DDA0CB83334EBEDCDA17605F3641AE
SHA-512:	80AB9DCAAC1A496FD2CA6BE9959FE2DE201F504D8A58D114F2FF5D1F6AAD507F052B87D29D3EBA69093C3D965CC4C113C9EA6DB8EEBB67BD620ADF860CA2CC35
Malicious:	false
Preview:	# Encoding file: macCroatian, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400C500C700C900D100D600DC00E100E000E200E400E300E500E700E900E8.00EA00EB00ED00EC00EE00EF00F100F300F200F400F600F500FA00F900FB00FC.202000B000A200A300A7202200B600DF00AE0160212200B400A82260017D00D8.221E00B122642265220600B522022211220F0161222B00AA00BA03A9017E00F8.00BF00A100AC221A01922248010600AB010C202600A000C000C300D501520153.01102014201C201D2018201900F725CAF8FF00A9204420AC2039203A00C600BB.201300B7201A201E203000C2010700C101

C:\Users\user\AppData\Local\Update\tcl\encoding\macCyrillic.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1096
Entropy (8bit):	3.3482225358368565
Encrypted:	false
SSDEEP:
MD5:	60FFC8E390A31157D8646AEAC54E58AE
SHA1:	3DE17B2A5866272602FB8E9C54930A4CD1F3B06C
SHA-256:	EB135A89519F2E004282DED21B11C3AF7CCB2320C9772F2DF7D1A4A1B674E491
SHA-512:	3644429A9BD42ADC356E1BD6FCFABEE120E851348B538A4FE4903B72A533174D7448A6C2DA71219E4CD5D0443C0475417D54C8E113005DF2CA20C608DE5E3306
Malicious:	false
Preview:	# Encoding file: macCyrillic, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0410041104120413041404150416041704180419041A041B041C041D041E041F.0420042104220423042404250426042704280429042A042B042C042D042E042F.202000B0049000A300A7202200B6040600AE00A9212204020452226004030453.221E00B122642265045600B504910408040404540407045704090459040A045A.0458040500AC221A01922248220600AB00BB202600A0040B045B040C045C0455.20132014201C201D2018201900F7201E040E045E040F045F211604010451044F.0430043104320433043404350436043704

C:\Users\user\AppData\Local\Update\tcl\encoding\macDingbats.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1096
Entropy (8bit):	3.8086748658227827
Encrypted:	false
SSDEEP:
MD5:	EBD121A4E93488A48FC0A06ADE9FD158
SHA1:	A40E6DB97D6DB2893A072B2275DC22E2A4D60737
SHA-256:	8FBCC63CB289AFAAE15B438752C1746F413F3B79BA5845C2EF52BA1104F8BDA6
SHA-512:	26879ABE4854908296F32B2BB97AEC1F693C56EC29A7DB9B63B2DA62282F2D2EDAE9D50738595D1530731DF5B1812719A74F50ADF521F80DD5067F3DF6A3517C
Malicious:	false
Preview:	# Encoding file: macDingbats, single-byte.S.003F 1 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.00202701270227032704260E2706270727082709261B261E270C270D270E270F.2710271127122713271427152716271727182719271A271B271C271D271E271F.2720272127222723272427252726272726052729272A272B272C272D272E272F.2730273127322733273427352736273727382739273A273B273C273D273E273F.2740274127422743274427452746274727482749274A274B25CF274D25A0274F.27502751275225B225BC25C6275625D727582759275A275B275C275D275E007F.F8D7F8D8F8D9F8DAF8DBF8DCF8DDF8DEF8DFF8E0F8E1F8E2F8E3F8E4008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000276127622763276427652766276726632666266526602460246124622463.2464246524662467246824692776277727782779277A277B277C277D277E277F.2780278127822783278427852786278727882789278A278B278C278D278E278F.2790279127922793279421922194219527982799279A279B279C279D279E279F.27A027A127A227A327A427A527A627A727

C:\Users\user\AppData\Local\Update\tcl\encoding\macGreek.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1093
Entropy (8bit):	3.4271472017271556
Encrypted:	false
SSDEEP:
MD5:	14AD68855168E3E741FE179888EA7482
SHA1:	9C2AD53D69F5077853A05F0933330B5D6F88A51C
SHA-256:	F7BFF98228DED981EC9A4D1D0DA62247A8D23F158926E3ACBEC3CCE379C998C2
SHA-512:	FB13F32197D3582BC20EEA604A0B0FD7923AE541CCEB3AF1CDE36B0404B8DB6312FB5270B40CBC8BA4C91B9505B57FB357EB875E8AFB3DB76DFB498CE17851ED
Malicious:	false
Preview:	# Encoding file: macGreek, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400B900B200C900B300D600DC038500E000E200E4038400A800E700E900E8.00EA00EB00A3212200EE00EF202200BD203000F400F600A600AD00F900FB00FC.2020039303940398039B039E03A000DF00AE00A903A303AA00A7226000B000B7.039100B12264226500A503920395039603970399039A039C03A603AB03A803A9.03AC039D00AC039F03A1224803A400AB00BB202600A003A503A7038603880153.20132015201C201D2018201900F70389038A038C038E03AD03AE03AF03CC038F.03CD03B103B203C803B403B503C603B303B70

C:\Users\user\AppData\Local\Update\tcl\encoding\macIceland.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1095
Entropy (8bit):	3.3292041026777457
Encrypted:	false
SSDEEP:
MD5:	6D52A84C06970CD3B2B7D8D1B4185CE6
SHA1:	C434257D76A9FDF81CCCD8CC14242C8E3940FD89
SHA-256:	633F5E3E75BF1590C94AB9CBF3538D0F0A7A319DB9016993908452D903D9C4FD
SHA-512:	711F4DC86DD609823BF1BC5505DEE9FA3875A8AA7BCA31DC1B5277720C5ABE65B62E8A592FC55D99D1C7CA181FDDC2606551C43A9D12489B9FECFF152E9A3DCF
Malicious:	false
Preview:	# Encoding file: macIceland, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400C500C700C900D100D600DC00E100E000E200E400E300E500E700E900E8.00EA00EB00ED00EC00EE00EF00F100F300F200F400F600F500FA00F900FB00FC.00DD00B000A200A300A7202200B600DF00AE00A9212200B400A8226000C600D8.221E00B12264226500A500B522022211220F03C0222B00AA00BA03A900E600F8.00BF00A100AC221A01922248220600AB00BB202600A000C000C300D501520153.20132014201C201D2018201900F725CA00FF0178204420AC00D000F000DE00FE.00FD00B7201A201E203000C200CA00C100C

C:\Users\user\AppData\Local\Update\tcl\encoding\macJapan.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	48028
Entropy (8bit):	3.3111639331656635
Encrypted:	false
SSDEEP:
MD5:	105B49F855C77AE0D3DED6C7130F93C2
SHA1:	BA187C52FAE9792DA5BFFBEAA781FD4E0716E0F6
SHA-256:	2A6856298EC629A16BDD924711DFE3F3B1E3A882DDF04B7310785D83EC0D566C
SHA-512:	5B5FBE69D3B67AF863759D92D4A68481EC2211FF84ED9F0B3BD6129857966DE32B42A42432C44B9246C9D0D9C4C546CD3C6D13FF49BD338192C24AD053C0602E
Malicious:	false
Preview:	# Encoding file: macJapan, multi-byte.M.003F 0 46.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.00A0FF61FF62FF63FF64FF65FF66FF67FF68FF69FF6AFF6BFF6CFF6DFF6EFF6F.FF70FF71FF72FF73FF74FF75FF76FF77FF78FF79FF7AFF7BFF7CFF7DFF7EFF7F.FF80FF81FF82FF83FF84FF85FF86FF87FF88FF89FF8AFF8BFF8CFF8DFF8EFF8F.FF90FF91FF92FF93FF94FF95FF96FF97FF98FF99FF9AFF9BFF9CFF9DFF9EFF9F.0000000000000000000000000000000000000

C:\Users\user\AppData\Local\Update\tcl\encoding\macRoman.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1093
Entropy (8bit):	3.3361385497578406
Encrypted:	false
SSDEEP:
MD5:	30BECAE9EFD678B6FD1E08FB952A7DBE
SHA1:	E4D8EA6A0E70BB793304CA21EB1337A7A2C26A31
SHA-256:	68F22BAD30DAA81B215925416C1CC83360B3BB87EFC342058929731AC678FF37
SHA-512:	E87105F7A5A983ACEAC55E93FA802C985B2B19F51CB3C222B4C13DDCF17C32D08DF323C829FB4CA33770B668485B7D14B7F6B0CF2287B0D76091DE2A675E88BD
Malicious:	false
Preview:	# Encoding file: macRoman, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400C500C700C900D100D600DC00E100E000E200E400E300E500E700E900E8.00EA00EB00ED00EC00EE00EF00F100F300F200F400F600F500FA00F900FB00FC.202000B000A200A300A7202200B600DF00AE00A9212200B400A8226000C600D8.221E00B12264226500A500B522022211220F03C0222B00AA00BA03A900E600F8.00BF00A100AC221A01922248220600AB00BB202600A000C000C300D501520153.20132014201C201D2018201900F725CA00FF0178204420AC2039203AFB01FB02.202100B7201A201E203000C200CA00C100CB0

C:\Users\user\AppData\Local\Update\tcl\encoding\macRomania.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1095
Entropy (8bit):	3.342586490827578
Encrypted:	false
SSDEEP:
MD5:	C9AD5E42DA1D2C872223A14CC76F1D2B
SHA1:	E257BD16EF34FDC29D5B6C985A1B45801937354C
SHA-256:	71AE80ADFB437B7BC88F3C76FD37074449B3526E7AA5776D2B9FD5A43C066FA8
SHA-512:	74588523D35A562AD4B1AF2B570596194D8C5018D5B44C8BA2B1F6BAD422D06E90172B0E65BB975663F3A3C246BCF2F598E9778BA86D1C5A51F5C0A38A2670EC
Malicious:	false
Preview:	# Encoding file: macRomania, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400C500C700C900D100D600DC00E100E000E200E400E300E500E700E900E8.00EA00EB00ED00EC00EE00EF00F100F300F200F400F600F500FA00F900FB00FC.202000B000A200A300A7202200B600DF00AE00A9212200B400A822600102015E.221E00B12264226500A500B522022211220F03C0222B00AA00BA21260103015F.00BF00A100AC221A01922248220600AB00BB202600A000C000C300D501520153.20132014201C201D2018201900F725CA00FF0178204400A42039203A01620163.202100B7201A201E203000C200CA00C100C

C:\Users\user\AppData\Local\Update\tcl\encoding\macThai.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1092
Entropy (8bit):	3.539905812302991
Encrypted:	false
SSDEEP:
MD5:	163729C7C2B1F5A5DE1FB7866C93B102
SHA1:	633D190B5E281CFC0178F6C11DD721C6A266F643
SHA-256:	CEAD5EB2B0B44EF4003FBCB2E49CA0503992BA1D6540D11ACBBB84FDBBD6E79A
SHA-512:	2093E3B59622E61F29276886911FAA50BA3AA9D903CAF8CB778A1D3FDB3D1F7DA43071AFC3672C27BE175E7EEBBC542B655A85533F41EA39F32E80663CAF3B44
Malicious:	false
Preview:	# Encoding file: macThai, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00AB00BB2026F88CF88FF892F895F898F88BF88EF891F894F897201C201DF899.FFFD2022F884F889F885F886F887F888F88AF88DF890F893F89620182019FFFD.00A00E010E020E030E040E050E060E070E080E090E0A0E0B0E0C0E0D0E0E0E0F.0E100E110E120E130E140E150E160E170E180E190E1A0E1B0E1C0E1D0E1E0E1F.0E200E210E220E230E240E250E260E270E280E290E2A0E2B0E2C0E2D0E2E0E2F.0E300E310E320E330E340E350E360E370E380E390E3AFEFF200B201320140E3F.0E400E410E420E430E440E450E460E470E480E

C:\Users\user\AppData\Local\Update\tcl\encoding\macTurkish.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1095
Entropy (8bit):	3.353168947106635
Encrypted:	false
SSDEEP:
MD5:	F20CBBE1FF9289AC4CBAFA136A9D3FF1
SHA1:	382E34824AD8B79EF0C98FD516750649FD94B20A
SHA-256:	F703B7F74CC6F5FAA959F51C757C94623677E27013BCAE23BEFBA01A392646D9
SHA-512:	23733B711614EA99D954E92C6035DAC1237866107FE11CDD5B0CD2A780F22B9B7B879570DB38C6B9195F54DAD9DFB0D60641AB37DFF3C51CF1A11D1D36471B2D
Malicious:	false
Preview:	# Encoding file: macTurkish, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400C500C700C900D100D600DC00E100E000E200E400E300E500E700E900E8.00EA00EB00ED00EC00EE00EF00F100F300F200F400F600F500FA00F900FB00FC.202000B000A200A300A7202200B600DF00AE00A9212200B400A8226000C600D8.221E00B12264226500A500B522022211220F03C0222B00AA00BA03A900E600F8.00BF00A100AC221A01922248220600AB00BB202600A000C000C300D501520153.20132014201C201D2018201900F725CA00FF0178011E011F01300131015E015F.202100B7201A201E203000C200CA00C100C

C:\Users\user\AppData\Local\Update\tcl\encoding\macUkraine.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1095
Entropy (8bit):	3.3460856516901947
Encrypted:	false
SSDEEP:
MD5:	92716A59D631BA3A352DE0872A5CF351
SHA1:	A487946CB2EFD75FD748503D75E495720B53E5BC
SHA-256:	4C94E7FBE183379805056D960AB624D78879E43278262E4D6B98AB78E5FEFEA8
SHA-512:	863A667B6404ED02FE994089320EB0ECC34DC431D591D661277FB54A2055334DBEBCAAE1CA06FB8D190727EBA23A47B47991323BE35E74C182F83E5DEAA0D83B
Malicious:	false
Preview:	# Encoding file: macUkraine, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0410041104120413041404150416041704180419041A041B041C041D041E041F.0420042104220423042404250426042704280429042A042B042C042D042E042F.202000B0049000A300A7202200B6040600AE00A9212204020452226004030453.221E00B122642265045600B504910408040404540407045704090459040A045A.0458040500AC221A01922248220600AB00BB202600A0040B045B040C045C0455.20132014201C201D2018201900F7201E040E045E040F045F211604010451044F.04300431043204330434043504360437043

C:\Users\user\AppData\Local\Update\tcl\encoding\shiftjis.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	41862
Entropy (8bit):	3.4936148161949747
Encrypted:	false
SSDEEP:
MD5:	8FBCB1BBC4B59D6854A8FCBF25853E0D
SHA1:	2D56965B24125D999D1020C7C347B813A972647C
SHA-256:	7502587D52E7810228F2ECB45AC4319EA0F5C008B7AC91053B920010DC6DDF94
SHA-512:	128E66F384F9EA8F3E7FBEAD0D3AA1D45570EB3669172269A89AE3B522ED44E4572C6A5C9281B7E219579041D14FF0E76777A36E3902BFA1B58DC3DA729FA075
Malicious:	false
Preview:	# Encoding file: shiftjis, multi-byte.M.003F 0 40.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080000000000000000000850086008700000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000FF61FF62FF63FF64FF65FF66FF67FF68FF69FF6AFF6BFF6CFF6DFF6EFF6F.FF70FF71FF72FF73FF74FF75FF76FF77FF78FF79FF7AFF7BFF7CFF7DFF7EFF7F.FF80FF81FF82FF83FF84FF85FF86FF87FF88FF89FF8AFF8BFF8CFF8DFF8EFF8F.FF90FF91FF92FF93FF94FF95FF96FF97FF98FF99FF9AFF9BFF9CFF9DFF9EFF9F.0000000000000000000000000000000000000

C:\Users\user\AppData\Local\Update\tcl\encoding\symbol.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.675943323650254
Encrypted:	false
SSDEEP:
MD5:	1B612907F31C11858983AF8C009976D6
SHA1:	F0C014B6D67FC0DC1D1BBC5F052F0C8B1C63D8BF
SHA-256:	73FD2B5E14309D8C036D334F137B9EDF1F7B32DBD45491CF93184818582D0671
SHA-512:	82D4A8F9C63F50E5D77DAD979D3A59729CD2A504E7159AE3A908B7D66DC02090DABD79B6A6DC7B998C32C383F804AACABC564A5617085E02204ADF0B13B13E5B
Malicious:	false
Preview:	# Encoding file: symbol, single-byte.S.003F 1 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002122000023220300250026220D002800292217002B002C2212002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.22450391039203A70394039503A603930397039903D1039A039B039C039D039F.03A0039803A103A303A403A503C203A9039E03A80396005B2234005D22A5005F.F8E503B103B203C703B403B503C603B303B703B903D503BA03BB03BC03BD03BF.03C003B803C103C303C403C503D603C903BE03C803B6007B007C007D223C007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.000003D2203222642044221E0192266326662665266021942190219121922193.00B000B12033226500D7221D2202202200F72260226122482026F8E6F8E721B5.21352111211C21182297229522052229222A2283228722842282228622082209.2220220700AE00A92122220F221A22C500AC2227222821D421D021D121D221D3.22C42329F8E8F8E9F8EA2211F8EBF8ECF8EDF8E

C:\Users\user\AppData\Local\Update\tcl\encoding\tis-620.enc Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	2.9763240350841884
Encrypted:	false
SSDEEP:
MD5:	7273E998972C9EFB2CEB2D5CD553DE49
SHA1:	4AA47E6DF964366FA3C29A0313C0DAE0FA63A78F
SHA-256:	330517F72738834ECBF4B6FA579F725B4B33AD9F4669975E727B40DF185751FF
SHA-512:	56BF15C123083D3F04FE0C506EE8ECE4C08C17754F0CAAD3566F1469728CFD2F0A487023DCB26432240EB09F064944D3EF08175979F5D1D2BF734E7C7C609055
Malicious:	false
Preview:	# Encoding file: tis-620, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E0000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.00000E010E020E030E040E050E060E070E080E090E0A0E0B0E0C0E0D0E0E0E0F.0E100E110E120E130E140E150E160E170E180E190E1A0E1B0E1C0E1D0E1E0E1F.0E200E210E220E230E240E250E260E270E280E290E2A0E2B0E2C0E2D0E2E0E2F.0E300E310E320E330E340E350E360E370E380E390E3A00000000000000000E3F.0E400E410E420E430E440E450E460E470E480E

C:\Users\user\AppData\Local\Update\tcl\history.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7900
Entropy (8bit):	4.806010360595623
Encrypted:	false
SSDEEP:
MD5:	E8FD468CCD2EE620544FE204BDE2A59D
SHA1:	2E26B7977D900EAA7D4908D5113803DF6F34FC59
SHA-256:	9B6E400EB85440EC64AB66B4AC111546585740C9CA61FD156400D7153CBAD9F4
SHA-512:	13A40A4BDE32F163CB789C69BD260ABF41C6771E7AC50FB122C727B9F39BE5D73E4D8BAE040DDDD94C5F2B901AB7C32D9C6BB62310121CA8DB4ADE25CB9AA4B0
Malicious:	false
Preview:	# history.tcl --.#.# Implementation of the history command..#.# Copyright (c) 1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution of.# this file, and for a DISCLAIMER OF ALL WARRANTIES..#...# The tcl::history array holds the history list and some additional.# bookkeeping variables..#.# nextid.the index used for the next history list item..# keep..the max size of the history list.# oldest.the index of the oldest item in the history...namespace eval ::tcl {. variable history. if {![info exists history]} {..array set history {.. nextid.0.. keep.20.. oldest.-20..}. }.. namespace ensemble create -command ::tcl::history -map {..add.::tcl::HistAdd..change.::tcl::HistChange..clear.::tcl::HistClear..event.::tcl::HistEvent..info.::tcl::HistInfo..keep.::tcl::HistKeep..nextid.::tcl::HistNextID..redo.::tcl::HistRedo. }.}...# history --.#.#.This is the main history command. See the man page for its interface..#.This does s

C:\Users\user\AppData\Local\Update\tcl\http1.0\http.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9689
Entropy (8bit):	4.754346192989986
Encrypted:	false
SSDEEP:
MD5:	1DA12C32E7E4C040BD9AB2BCBAC5445B
SHA1:	8E8659BEF065AF9430509BBDD5FB4CFE0EF14153
SHA-256:	ACBFF9B5EF75790920B95023156FAD80B18AFF8CAFC4A6DC03893F9388E053A2
SHA-512:	A269C76C1684EC1A2E2AA611ABB459AA3BE2973FD456737BC8C8D2E5C8BC53A26BBC1488062281CA87E38D548281166C4D775C50C695AEC9741FE911BB431EAD
Malicious:	false
Preview:	# http.tcl.# Client-side HTTP for GET, POST, and HEAD commands..# These routines can be used in untrusted code that uses the Safesock.# security policy..# These procedures use a callback interface to avoid using vwait,.# which is not defined in the safe base..#.# See the http.n man page for documentation..package provide http 1.0..array set http {. -accept /. -proxyhost {}. -proxyport {}. -useragent {Tcl http client package 1.0}. -proxyfilter httpProxyRequired.}.proc http_config {args} {. global http. set options [lsort [array names http -*]]. set usage [join $options ", "]. if {[llength $args] == 0} {..set result {}..foreach name $options {.. lappend result $name $http($name)..}..return $result. }. regsub -all -- - $options {} options. set pat ^-([join $options \|])$. if {[llength $args] == 1} {..set flag [lindex $args 0]..if {[regexp -- $pat $flag]} {.. return $http($flag)..} else {.. return -code error "Unknown option $flag, must be:

C:\Users\user\AppData\Local\Update\tcl\http1.0\pkgIndex.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	735
Entropy (8bit):	4.669068874824871
Encrypted:	false
SSDEEP:
MD5:	10EC7CD64CA949099C818646B6FAE31C
SHA1:	6001A58A0701DFF225E2510A4AAEE6489A537657
SHA-256:	420C4B3088C9DACD21BC348011CAC61D7CB283B9BEE78AE72EED764AB094651C
SHA-512:	34A0ACB689E430ED2903D8A903D531A3D734CB37733EF13C5D243CB9F59C020A3856AAD98726E10AD7F4D67619A3AF1018F6C3E53A6E073E39BD31D088EFD4AF
Malicious:	false
Preview:	# Tcl package index file, version 1.0.# This file is generated by the "pkg_mkIndex" command.# and sourced either when an application starts up or.# by a "package unknown" script. It invokes the.# "package ifneeded" command to set up package-related.# information so that packages will be loaded automatically.# in response to "package require" commands. When this.# script is sourced, the variable $dir must contain the.# full path name of this file's directory...package ifneeded http 1.0 [list tclPkgSetup $dir http 1.0 {{http.tcl source {httpCopyDone httpCopyStart httpEof httpEvent httpFinish httpMapReply httpProxyRequired http_code http_config http_data http_formatQuery http_get http_reset http_size http_status http_wait}}}].

C:\Users\user\AppData\Local\Update\tcl\init.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	24432
Entropy (8bit):	4.824619671192163
Encrypted:	false
SSDEEP:
MD5:	B900811A252BE90C693E5E7AE365869D
SHA1:	345752C46F7E8E67DADEF7F6FD514BED4B708FC5
SHA-256:	BC492B19308BC011CFCD321F1E6E65E6239D4EEB620CC02F7E9BF89002511D4A
SHA-512:	36B8CDBA61B9222F65B055C0C513801F3278A3851912215658BCF0CE10F80197C1F12A5CA3054D8604DA005CE08DA8DCD303B8544706B642140A49C4377DD6CE
Malicious:	false
Preview:	# init.tcl --.#.# Default system startup file for Tcl-based applications. Defines.# "unknown" procedure and auto-load facilities..#.# Copyright (c) 1991-1993 The Regents of the University of California..# Copyright (c) 1994-1996 Sun Microsystems, Inc..# Copyright (c) 1998-1999 Scriptics Corporation..# Copyright (c) 2004 by Kevin B. Kenny. All rights reserved..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# This test intentionally written in pre-7.5 Tcl.if {[info commands package] == ""} {. error "version mismatch: library\nscripts expect Tcl version 7.5b1 or later but the loaded version is\nonly [info patchlevel]".}.package require -exact Tcl 8.6.9..# Compute the auto path to use in this interpreter..# The values on the path come from several locations:.#.# The environment variable TCLLIBPATH.#.# tcl_library, which is the directory containing this init.tcl script..# [tclInit] (Tcl_Init()) sea

C:\Users\user\AppData\Local\Update\tcl\msgs\af.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	989
Entropy (8bit):	4.015702624322247
Encrypted:	false
SSDEEP:
MD5:	3A3B4D3B137E7270105DC7B359A2E5C2
SHA1:	2089B3948F11EF8CE4BD3D57167715ADE65875E9
SHA-256:	2981965BD23A93A09EB5B4A334ACB15D00645D645C596A5ECADB88BFA0B6A908
SHA-512:	044602E7228D2CB3D0A260ADFD0D3A1F7CAB7EFE5DD00C7519EAF00A395A48A46EEFDB3DE81902D420D009B137030BC98FF32AD97E9C3713F0990FE6C09887A2
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset af DAYS_OF_WEEK_ABBREV [list \. "So"\. "Ma"\. "Di"\. "Wo"\. "Do"\. "Vr"\. "Sa"]. ::msgcat::mcset af DAYS_OF_WEEK_FULL [list \. "Sondag"\. "Maandag"\. "Dinsdag"\. "Woensdag"\. "Donderdag"\. "Vrydag"\. "Saterdag"]. ::msgcat::mcset af MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mar"\. "Apr"\. "Mei"\. "Jun"\. "Jul"\. "Aug"\. "Sep"\. "Okt"\. "Nov"\. "Des"\. ""]. ::msgcat::mcset af MONTHS_FULL [list \. "Januarie"\. "Februarie"\. "Maart"\. "April"\. "Mei"\. "Junie"\. "Julie"\. "Augustus"\. "September"\. "Oktober"\. "November"\. "Desember"\. ""]. ::msgcat::mcset af AM "VM". ::msgcat::mcset af PM "NM".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\af_za.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.879621059534584
Encrypted:	false
SSDEEP:
MD5:	27C356DF1BED4B22DFA55835115BE082
SHA1:	677394DF81CDBAF3D3E735F4977153BB5C81B1A6
SHA-256:	3C2F5F631ED3603EF0D5BCB31C51B2353C5C27839C806A036F3B7007AF7F3DE8
SHA-512:	EE88348C103382F91F684A09F594177119960F87E58C5E4FC718C698AD436E332B74B8ED18DF8563F736515A3A6442C608EBCBE6D1BD13B3E3664E1AA3851076
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset af_ZA DATE_FORMAT "%d %B %Y". ::msgcat::mcset af_ZA TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset af_ZA DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\ar.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1964
Entropy (8bit):	4.417722751563065
Encrypted:	false
SSDEEP:
MD5:	0A88A6BFF15A6DABAAE48A78D01CFAF1
SHA1:	90834BCBDA9B9317B92786EC89E20DCF1F2DBD22
SHA-256:	BF984EC7CF619E700FE7E00381FF58ABE9BD2F4B3DD622EB2EDACCC5E6681050
SHA-512:	85CB96321BB6FB3119D69540B9E76916F0C5F534BA01382E73F8F9A0EE67A7F1BFC39947335688F2C8F3DB9B51D969D8EA7C7104A035C0E949E8E009D4656288
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ar DAYS_OF_WEEK_ABBREV [list \. "\u062d"\. "\u0646"\. "\u062b"\. "\u0631"\. "\u062e"\. "\u062c"\. "\u0633"]. ::msgcat::mcset ar DAYS_OF_WEEK_FULL [list \. "\u0627\u0644\u0623\u062d\u062f"\. "\u0627\u0644\u0627\u062b\u0646\u064a\u0646"\. "\u0627\u0644\u062b\u0644\u0627\u062b\u0627\u0621"\. "\u0627\u0644\u0623\u0631\u0628\u0639\u0627\u0621"\. "\u0627\u0644\u062e\u0645\u064a\u0633"\. "\u0627\u0644\u062c\u0645\u0639\u0629"\. "\u0627\u0644\u0633\u0628\u062a"]. ::msgcat::mcset ar MONTHS_ABBREV [list \. "\u064a\u0646\u0627"\. "\u0641\u0628\u0631"\. "\u0645\u0627\u0631"\. "\u0623\u0628\u0631"\. "\u0645\u0627\u064a"\. "\u064a\u0648\u0646"\. "\u064a\u0648\u0644"\. "\u0623\u063a\u0633"\. "\u0633\u0628\u062a"\. "\u0623\u0643\u062a"\

C:\Users\user\AppData\Local\Update\tcl\msgs\ar_in.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	259
Entropy (8bit):	4.825452591398057
Encrypted:	false
SSDEEP:
MD5:	EEB42BA91CC7EF4F89A8C1831ABE7B03
SHA1:	74D12B4CBCDF63FDF00E589D8A604A5C52C393EF
SHA-256:	29A70EAC43B1F3AA189D8AE4D92658E07783965BAE417FB66EE5F69CFCB564F3
SHA-512:	6CCB2F62986CE1CF3CE78538041A0E4AAF717496F965D73014A13E9B05093EB43185C3C14212DC052562F3F369AB6985485C8C93D1DFC60CF9B8DABEA7CDF434
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ar_IN DATE_FORMAT "%A %d %B %Y". ::msgcat::mcset ar_IN TIME_FORMAT_12 "%I:%M:%S %z". ::msgcat::mcset ar_IN DATE_TIME_FORMAT "%A %d %B %Y %I:%M:%S %z %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\ar_jo.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1812
Entropy (8bit):	4.023830561129656
Encrypted:	false
SSDEEP:
MD5:	4338BD4F064A6CDC5BFED2D90B55D4E8
SHA1:	709717BB1F62A71E94D61056A70660C6A03B48AE
SHA-256:	78116E7E706C7D1E3E7446094709819FB39A50C2A2302F92D6A498E06ED4A31B
SHA-512:	C63A535AD19CBEF5EFC33AC5A453B1C503A59C6CE71A4CABF8083BC516DF0F3F14D3D4F309D33EDF2EC5E79DB00ED1F7D56FD21068F09F178BB2B191603BAC25
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ar_JO DAYS_OF_WEEK_ABBREV [list \. "\u0627\u0644\u0623\u062d\u062f"\. "\u0627\u0644\u0627\u062b\u0646\u064a\u0646"\. "\u0627\u0644\u062b\u0644\u0627\u062b\u0627\u0621"\. "\u0627\u0644\u0623\u0631\u0628\u0639\u0627\u0621"\. "\u0627\u0644\u062e\u0645\u064a\u0633"\. "\u0627\u0644\u062c\u0645\u0639\u0629"\. "\u0627\u0644\u0633\u0628\u062a"]. ::msgcat::mcset ar_JO MONTHS_ABBREV [list \. "\u0643\u0627\u0646\u0648\u0646 \u0627\u0644\u062b\u0627\u0646\u064a"\. "\u0634\u0628\u0627\u0637"\. "\u0622\u0630\u0627\u0631"\. "\u0646\u064a\u0633\u0627\u0646"\. "\u0646\u0648\u0627\u0631"\. "\u062d\u0632\u064a\u0631\u0627\u0646"\. "\u062a\u0645\u0648\u0632"\. "\u0622\u0628"\. "\u0623\u064a\u0644\u0648\u0644"\. "\u062a\u0634\u0631\u064a\u0646 \u0627\u0644\u0623\u0648\u0644"\. "\u062a\

C:\Users\user\AppData\Local\Update\tcl\msgs\ar_lb.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1812
Entropy (8bit):	4.020656526954981
Encrypted:	false
SSDEEP:
MD5:	3789E03CF926D4F12AFD30FC7229B78D
SHA1:	AEF38AAB736E5434295C72C14F38033AAFE6EF15
SHA-256:	7C970EFEB55C53758143DF42CC452A3632F805487CA69DB57E37C1F478A7571B
SHA-512:	C9172600703337EDB2E36D7470A3AED96CCC763D7163067CB19E7B097BB7877522758C3109E31D5D72F486DD50BF510DDBA50EDD248B899FA0A2EEF09FCBF903
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ar_LB DAYS_OF_WEEK_ABBREV [list \. "\u0627\u0644\u0623\u062d\u062f"\. "\u0627\u0644\u0627\u062b\u0646\u064a\u0646"\. "\u0627\u0644\u062b\u0644\u0627\u062b\u0627\u0621"\. "\u0627\u0644\u0623\u0631\u0628\u0639\u0627\u0621"\. "\u0627\u0644\u062e\u0645\u064a\u0633"\. "\u0627\u0644\u062c\u0645\u0639\u0629"\. "\u0627\u0644\u0633\u0628\u062a"]. ::msgcat::mcset ar_LB MONTHS_ABBREV [list \. "\u0643\u0627\u0646\u0648\u0646 \u0627\u0644\u062b\u0627\u0646\u064a"\. "\u0634\u0628\u0627\u0637"\. "\u0622\u0630\u0627\u0631"\. "\u0646\u064a\u0633\u0627\u0646"\. "\u0646\u0648\u0627\u0631"\. "\u062d\u0632\u064a\u0631\u0627\u0646"\. "\u062a\u0645\u0648\u0632"\. "\u0622\u0628"\. "\u0623\u064a\u0644\u0648\u0644"\. "\u062a\u0634\u0631\u064a\u0646 \u0627\u0644\u0623\u0648\u0644"\. "\u062a\

C:\Users\user\AppData\Local\Update\tcl\msgs\ar_sy.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1812
Entropy (8bit):	4.02203966019266
Encrypted:	false
SSDEEP:
MD5:	EC736BFD4355D842E5BE217A7183D950
SHA1:	C6B83C02F5D4B14064D937AFD8C6A92BA9AE9EFB
SHA-256:	AEF17B94A0DB878E2F0FB49D982057C5B663289E3A8E0E2B195DCEC37E8555B1
SHA-512:	68BB7851469C24003A9D74FC7FE3599A2E95EE3803014016DDEBF4C5785F49EDBADA69CD4103F2D3B6CE91E9A32CC432DBDFEC2AED0557E5B6B13AED489A1EDA
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ar_SY DAYS_OF_WEEK_ABBREV [list \. "\u0627\u0644\u0623\u062d\u062f"\. "\u0627\u0644\u0627\u062b\u0646\u064a\u0646"\. "\u0627\u0644\u062b\u0644\u0627\u062b\u0627\u0621"\. "\u0627\u0644\u0623\u0631\u0628\u0639\u0627\u0621"\. "\u0627\u0644\u062e\u0645\u064a\u0633"\. "\u0627\u0644\u062c\u0645\u0639\u0629"\. "\u0627\u0644\u0633\u0628\u062a"]. ::msgcat::mcset ar_SY MONTHS_ABBREV [list \. "\u0643\u0627\u0646\u0648\u0646 \u0627\u0644\u062b\u0627\u0646\u064a"\. "\u0634\u0628\u0627\u0637"\. "\u0622\u0630\u0627\u0631"\. "\u0646\u064a\u0633\u0627\u0646"\. "\u0646\u0648\u0627\u0631"\. "\u062d\u0632\u064a\u0631\u0627\u0646"\. "\u062a\u0645\u0648\u0632"\. "\u0622\u0628"\. "\u0623\u064a\u0644\u0648\u0644"\. "\u062a\u0634\u0631\u064a\u0646 \u0627\u0644\u0623\u0648\u0644"\. "\u062a\

C:\Users\user\AppData\Local\Update\tcl\msgs\be.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2105
Entropy (8bit):	4.215818273236158
Encrypted:	false
SSDEEP:
MD5:	1A3ABFBC61EF757B45FF841C197BB6C3
SHA1:	74D623DAB6238D05C18DDE57FC956D84974FC2D4
SHA-256:	D790E54217A4BF9A7E1DCB4F3399B5861728918E93CD3F00B63F1349BDB71C57
SHA-512:	154D053410AA0F7817197B7EE1E8AE839BA525C7660620581F228477B1F5B972FE95A4E493BB50365D0B63B0115036DDE54A98450CA4E8048AF5D0AF092BADE5
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset be DAYS_OF_WEEK_ABBREV [list \. "\u043d\u0434"\. "\u043f\u043d"\. "\u0430\u0442"\. "\u0441\u0440"\. "\u0447\u0446"\. "\u043f\u0442"\. "\u0441\u0431"]. ::msgcat::mcset be DAYS_OF_WEEK_FULL [list \. "\u043d\u044f\u0434\u0437\u0435\u043b\u044f"\. "\u043f\u0430\u043d\u044f\u0434\u0437\u0435\u043b\u0430\u043a"\. "\u0430\u045e\u0442\u043e\u0440\u0430\u043a"\. "\u0441\u0435\u0440\u0430\u0434\u0430"\. "\u0447\u0430\u0446\u0432\u0435\u0440"\. "\u043f\u044f\u0442\u043d\u0456\u0446\u0430"\. "\u0441\u0443\u0431\u043e\u0442\u0430"]. ::msgcat::mcset be MONTHS_ABBREV [list \. "\u0441\u0442\u0434"\. "\u043b\u044e\u0442"\. "\u0441\u043a\u0432"\. "\u043a\u0440\u0441"\. "\u043c\u0430\u0439"\. "\u0447\u0440\u0432"\. "\u043b\u043f\u043d"\. "\u0436\u043d\u

C:\Users\user\AppData\Local\Update\tcl\msgs\bg.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1819
Entropy (8bit):	4.363233187157474
Encrypted:	false
SSDEEP:
MD5:	11FA3BA30A0EE6A7B2B9D67B439C240D
SHA1:	EC5557A16A0293ABF4AA8E5FD50940B60A8A36A6
SHA-256:	E737D8DC724AA3B9EC07165C13E8628C6A8AC1E80345E10DC77E1FC62A6D86F1
SHA-512:	B776E7C98FB819436C61665206EE0A2644AA4952D739FF7CC58EAFBD549BD1D26028DE8E11B8533814102B31FC3884F95890971F547804BCAA4530E35BDD5CFD
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset bg DAYS_OF_WEEK_ABBREV [list \. "\u041d\u0434"\. "\u041f\u043d"\. "\u0412\u0442"\. "\u0421\u0440"\. "\u0427\u0442"\. "\u041f\u0442"\. "\u0421\u0431"]. ::msgcat::mcset bg DAYS_OF_WEEK_FULL [list \. "\u041d\u0435\u0434\u0435\u043b\u044f"\. "\u041f\u043e\u043d\u0435\u0434\u0435\u043b\u043d\u0438\u043a"\. "\u0412\u0442\u043e\u0440\u043d\u0438\u043a"\. "\u0421\u0440\u044f\u0434\u0430"\. "\u0427\u0435\u0442\u0432\u044a\u0440\u0442\u044a\u043a"\. "\u041f\u0435\u0442\u044a\u043a"\. "\u0421\u044a\u0431\u043e\u0442\u0430"]. ::msgcat::mcset bg MONTHS_ABBREV [list \. "I"\. "II"\. "III"\. "IV"\. "V"\. "VI"\. "VII"\. "VIII"\. "IX"\. "X"\. "XI"\. "XII"\. ""]. ::msgcat::mcset bg MONTHS_FULL [list \. "\u042

C:\Users\user\AppData\Local\Update\tcl\msgs\bn.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2286
Entropy (8bit):	4.04505151160981
Encrypted:	false
SSDEEP:
MD5:	B387D4A2AB661112F2ABF57CEDAA24A5
SHA1:	80DB233687A9314600317AD39C01466C642F3C4C
SHA-256:	297D4D7CAE6E99DB3CA6EE793519512BFF65013CF261CF90DED4D28D3D4F826F
SHA-512:	450BB56198AAAB2EEFCD4E24C29DD79D71D2EF7E8D066F3B58F9C5D831F960AFB78C46ECE2DB32EF81454BCCC80C730E36A610DC9BAF06757E0757B421BACB19
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset bn DAYS_OF_WEEK_ABBREV [list \. "\u09b0\u09ac\u09bf"\. "\u09b8\u09cb\u09ae"\. "\u09ae\u0999\u0997\u09b2"\. "\u09ac\u09c1\u09a7"\. "\u09ac\u09c3\u09b9\u09b8\u09cd\u09aa\u09a4\u09bf"\. "\u09b6\u09c1\u0995\u09cd\u09b0"\. "\u09b6\u09a8\u09bf"]. ::msgcat::mcset bn DAYS_OF_WEEK_FULL [list \. "\u09b0\u09ac\u09bf\u09ac\u09be\u09b0"\. "\u09b8\u09cb\u09ae\u09ac\u09be\u09b0"\. "\u09ae\u0999\u0997\u09b2\u09ac\u09be\u09b0"\. "\u09ac\u09c1\u09a7\u09ac\u09be\u09b0"\. "\u09ac\u09c3\u09b9\u09b8\u09cd\u09aa\u09a4\u09bf\u09ac\u09be\u09b0"\. "\u09b6\u09c1\u0995\u09cd\u09b0\u09ac\u09be\u09b0"\. "\u09b6\u09a8\u09bf\u09ac\u09be\u09b0"]. ::msgcat::mcset bn MONTHS_ABBREV [list \. "\u099c\u09be\u09a8\u09c1\u09df\u09be\u09b0\u09c0"\. "\u09ab\u09c7\u09ac\u09cd\u09b0\u09c1\u09df\u09be\u09b0\u09c0"\.

C:\Users\user\AppData\Local\Update\tcl\msgs\bn_in.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	259
Entropy (8bit):	4.821338044395148
Encrypted:	false
SSDEEP:
MD5:	764E70363A437ECA938DEC17E615608B
SHA1:	2296073AE8CC421780E8A3BCD58312D6FB2F5BFC
SHA-256:	7D3A956663C529D07C8A9610414356DE717F3A2A2CE9B331B052367270ACEA94
SHA-512:	4C7B9082DA9DDF07C2BE16C359A1A42834B8E730AD4DD5B987866C2CC735402DDE513588A89C8DFA25A1AC6F66AF9FDDBEA8FD500F8526C4641BBA7011CD0D28
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset bn_IN DATE_FORMAT "%A %d %b %Y". ::msgcat::mcset bn_IN TIME_FORMAT_12 "%I:%M:%S %z". ::msgcat::mcset bn_IN DATE_TIME_FORMAT "%A %d %b %Y %I:%M:%S %z %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\ca.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1102
Entropy (8bit):	4.213250101046006
Encrypted:	false
SSDEEP:
MD5:	9378A5AD135137759D46A7CC4E4270E0
SHA1:	8D2D53DA208BB670A335C752DFC4B4FF4509A799
SHA-256:	14FF564FAB584571E954BE20D61C2FACB096FE2B3EF369CC5ECB7C25C2D92D5A
SHA-512:	EF784D0D982BA0B0CB37F1DA15F8AF3BE5321F59E586DBED1EDD0B3A38213D3CEA1CDFC983A025418403400CCE6039B786EE35694A5DFCE1F22CB2D315F5FCF8
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ca DAYS_OF_WEEK_ABBREV [list \. "dg."\. "dl."\. "dt."\. "dc."\. "dj."\. "dv."\. "ds."]. ::msgcat::mcset ca DAYS_OF_WEEK_FULL [list \. "diumenge"\. "dilluns"\. "dimarts"\. "dimecres"\. "dijous"\. "divendres"\. "dissabte"]. ::msgcat::mcset ca MONTHS_ABBREV [list \. "gen."\. "feb."\. "mar\u00e7"\. "abr."\. "maig"\. "juny"\. "jul."\. "ag."\. "set."\. "oct."\. "nov."\. "des."\. ""]. ::msgcat::mcset ca MONTHS_FULL [list \. "gener"\. "febrer"\. "mar\u00e7"\. "abril"\. "maig"\. "juny"\. "juliol"\. "agost"\. "setembre"\. "octubre"\. "novembre"\. "desembre"\. ""]. ::msgcat::mcset ca DATE_FORMAT "%d/%m/%Y". ::msg

C:\Users\user\AppData\Local\Update\tcl\msgs\cs.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1300
Entropy (8bit):	4.400184537938628
Encrypted:	false
SSDEEP:
MD5:	4C5679B0880394397022A70932F02442
SHA1:	CA5C47A76CD4506D8E11AECE1EA0B4A657176019
SHA-256:	49CF452EEF0B8970BC56A7B8E040BA088215508228A77032CBA0035522412F86
SHA-512:	39FA0D3235FFD3CE2BCCFFFA6A4A8EFE2668768757DAFDE901917731E20AD15FCAC4E48CF4ACF0ADFAA38CC72768FD8F1B826464B0F71A1C784E334AE72F857C
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset cs DAYS_OF_WEEK_ABBREV [list \. "Ne"\. "Po"\. "\u00dat"\. "St"\. "\u010ct"\. "P\u00e1"\. "So"]. ::msgcat::mcset cs DAYS_OF_WEEK_FULL [list \. "Ned\u011ble"\. "Pond\u011bl\u00ed"\. "\u00dater\u00fd"\. "St\u0159eda"\. "\u010ctvrtek"\. "P\u00e1tek"\. "Sobota"]. ::msgcat::mcset cs MONTHS_ABBREV [list \. "I"\. "II"\. "III"\. "IV"\. "V"\. "VI"\. "VII"\. "VIII"\. "IX"\. "X"\. "XI"\. "XII"\. ""]. ::msgcat::mcset cs MONTHS_FULL [list \. "leden"\. "\u00fanor"\. "b\u0159ezen"\. "duben"\. "kv\u011bten"\. "\u010derven"\. "\u010dervenec"\. "srpen"\. "z\u00e1\u0159\u00ed"\. "\u0159\u00edjen"\. "listopad"\. "prosinec"\. ""]

C:\Users\user\AppData\Local\Update\tcl\msgs\da.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1156
Entropy (8bit):	4.242018456508518
Encrypted:	false
SSDEEP:
MD5:	F012F45523AA0F8CFEACC44187FF1243
SHA1:	B171D1554244D2A6ED8DE17AC8000AA09D2FADE9
SHA-256:	CA58FF5BAA9681D9162E094E833470077B7555BB09EEE8E8DD41881B108008A0
SHA-512:	5BBC44471AB1B1622FABC7A12A8B8727087BE64BEAF72D2C3C9AAC1246A41D9B7CAFC5C451F24A3ACC681C310BF47BBC3384CF80EB0B4375E12646CB7BB8FFD5
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset da DAYS_OF_WEEK_ABBREV [list \. "s\u00f8"\. "ma"\. "ti"\. "on"\. "to"\. "fr"\. "l\u00f8"]. ::msgcat::mcset da DAYS_OF_WEEK_FULL [list \. "s\u00f8ndag"\. "mandag"\. "tirsdag"\. "onsdag"\. "torsdag"\. "fredag"\. "l\u00f8rdag"]. ::msgcat::mcset da MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "maj"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset da MONTHS_FULL [list \. "januar"\. "februar"\. "marts"\. "april"\. "maj"\. "juni"\. "juli"\. "august"\. "september"\. "oktober"\. "november"\. "december"\. ""]. ::msgcat::mcset da BCE "f.Kr.". ::msgcat::mcset da CE "e.Kr.".

C:\Users\user\AppData\Local\Update\tcl\msgs\de.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1222
Entropy (8bit):	4.277486792653572
Encrypted:	false
SSDEEP:
MD5:	68882CCA0886535A613ECFE528BB81FC
SHA1:	6ABF519F6E4845E6F13F272D628DE97F2D2CD481
SHA-256:	CC3672969C1DD223EADD9A226E00CAC731D8245532408B75AB9A70E9EDD28673
SHA-512:	ACD5F811A0494E04A18035D2B9171FAF3AB8C856AAB0C09AEBE755590261066ADCD2750565F1CB840B2D0111D95C98970294550A4FBD00E4346D2EDBA3A5C957
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset de DAYS_OF_WEEK_ABBREV [list \. "So"\. "Mo"\. "Di"\. "Mi"\. "Do"\. "Fr"\. "Sa"]. ::msgcat::mcset de DAYS_OF_WEEK_FULL [list \. "Sonntag"\. "Montag"\. "Dienstag"\. "Mittwoch"\. "Donnerstag"\. "Freitag"\. "Samstag"]. ::msgcat::mcset de MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mrz"\. "Apr"\. "Mai"\. "Jun"\. "Jul"\. "Aug"\. "Sep"\. "Okt"\. "Nov"\. "Dez"\. ""]. ::msgcat::mcset de MONTHS_FULL [list \. "Januar"\. "Februar"\. "M\u00e4rz"\. "April"\. "Mai"\. "Juni"\. "Juli"\. "August"\. "September"\. "Oktober"\. "November"\. "Dezember"\. ""]. ::msgcat::mcset de BCE "v. Chr.". ::msgcat::mcset de CE "n. Chr.".

C:\Users\user\AppData\Local\Update\tcl\msgs\de_at.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	812
Entropy (8bit):	4.344116560816791
Encrypted:	false
SSDEEP:
MD5:	63B8EBBA990D1DE3D83D09375E19F6AC
SHA1:	B7714AF372B4662A0C15DDBC0F80D1249CB1EEBD
SHA-256:	80513A9969A12A8FB01802D6FC3015712A4EFDDA64552911A1BB3EA7A098D02C
SHA-512:	638307C9B97C74BAF38905AC88E73B57F24282E40929DA43ADB74978040B818EFCC2EE2A377DFEB3AC9050800536F2BE1C7C2A7AB9E7B8BCF8D15E5F293F24D9
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset de_AT MONTHS_ABBREV [list \. "J\u00e4n"\. "Feb"\. "M\u00e4r"\. "Apr"\. "Mai"\. "Jun"\. "Jul"\. "Aug"\. "Sep"\. "Okt"\. "Nov"\. "Dez"\. ""]. ::msgcat::mcset de_AT MONTHS_FULL [list \. "J\u00e4nner"\. "Februar"\. "M\u00e4rz"\. "April"\. "Mai"\. "Juni"\. "Juli"\. "August"\. "September"\. "Oktober"\. "November"\. "Dezember"\. ""]. ::msgcat::mcset de_AT DATE_FORMAT "%Y-%m-%d". ::msgcat::mcset de_AT TIME_FORMAT "%T". ::msgcat::mcset de_AT TIME_FORMAT_12 "%T". ::msgcat::mcset de_AT DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\de_be.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1223
Entropy (8bit):	4.319193323810203
Encrypted:	false
SSDEEP:
MD5:	A741CF1A27C77CFF2913076AC9EE9DDC
SHA1:	DE519D3A86DCF1E8F469490967AFE350BAEAFE01
SHA-256:	7573581DEC27E90B0C7D34057D9F4EF89727317D55F2C4E0428A47740FB1EB7A
SHA-512:	C9272793BAA1D33C32576B48756063F4A9BB97E8FFA276809CF4C3956CC457E48C577BDF359C1ECF5CF665A68135CAED17E972DC053A6AFBAAC3BA0ECBAFEB05
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset de_BE DAYS_OF_WEEK_ABBREV [list \. "Son"\. "Mon"\. "Die"\. "Mit"\. "Don"\. "Fre"\. "Sam"]. ::msgcat::mcset de_BE DAYS_OF_WEEK_FULL [list \. "Sonntag"\. "Montag"\. "Dienstag"\. "Mittwoch"\. "Donnerstag"\. "Freitag"\. "Samstag"]. ::msgcat::mcset de_BE MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "M\u00e4r"\. "Apr"\. "Mai"\. "Jun"\. "Jul"\. "Aug"\. "Sep"\. "Okt"\. "Nov"\. "Dez"\. ""]. ::msgcat::mcset de_BE MONTHS_FULL [list \. "Januar"\. "Februar"\. "M\u00e4rz"\. "April"\. "Mai"\. "Juni"\. "Juli"\. "August"\. "September"\. "Oktober"\. "November"\. "Dezember"\. ""]. ::msgcat::mcset de_BE AM "vorm". ::msgcat::mcs

C:\Users\user\AppData\Local\Update\tcl\msgs\el.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2252
Entropy (8bit):	4.313031807335687
Encrypted:	false
SSDEEP:
MD5:	E152787B40C5E30699AD5E9B0C60DC07
SHA1:	4FB9DB6E784E1D28E632B55ED31FBBB4997BF575
SHA-256:	9B2F91BE34024FBCF645F6EF92460E5F944CA6A16268B79478AB904B2934D357
SHA-512:	DE59E17CAB924A35C4CC74FE8FCA4776BD49E30C224E476741A273A74BBE40CDAAEDBF6BBB5E30011CD0FEED6B2840F607FD0F1BD3E136E7FE39BAE81C7ED4DB
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset el DAYS_OF_WEEK_ABBREV [list \. "\u039a\u03c5\u03c1"\. "\u0394\u03b5\u03c5"\. "\u03a4\u03c1\u03b9"\. "\u03a4\u03b5\u03c4"\. "\u03a0\u03b5\u03bc"\. "\u03a0\u03b1\u03c1"\. "\u03a3\u03b1\u03b2"]. ::msgcat::mcset el DAYS_OF_WEEK_FULL [list \. "\u039a\u03c5\u03c1\u03b9\u03b1\u03ba\u03ae"\. "\u0394\u03b5\u03c5\u03c4\u03ad\u03c1\u03b1"\. "\u03a4\u03c1\u03af\u03c4\u03b7"\. "\u03a4\u03b5\u03c4\u03ac\u03c1\u03c4\u03b7"\. "\u03a0\u03ad\u03bc\u03c0\u03c4\u03b7"\. "\u03a0\u03b1\u03c1\u03b1\u03c3\u03ba\u03b5\u03c5\u03ae"\. "\u03a3\u03ac\u03b2\u03b2\u03b1\u03c4\u03bf"]. ::msgcat::mcset el MONTHS_ABBREV [list \. "\u0399\u03b1\u03bd"\. "\u03a6\u03b5\u03b2"\. "\u039c\u03b1\u03c1"\. "\u0391\u03c0\u03c1"\. "\u039c\u03b1\u03ca"\. "\u0399\u03bf\u03c5\u03bd"\. "\u

C:\Users\user\AppData\Local\Update\tcl\msgs\en_au.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	300
Entropy (8bit):	4.849761581276844
Encrypted:	false
SSDEEP:
MD5:	F8AE50E60590CC1FF7CCC43F55B5B8A8
SHA1:	52892EDDFA74DD4C8040F9CDD19A9536BFF72B6E
SHA-256:	B85C9A373FF0F036151432652DD55C182B0704BD0625EA84BED1727EC0DE3DD8
SHA-512:	8E15C9CA9A7D2862FDBA330F59BB177B06E5E3154CF3EA948B8E4C0282D66E75E18C225F28F6A203B4643E8BCAA0B5BDB59578A4C20D094F8B923650796E2E72
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_AU DATE_FORMAT "%e/%m/%Y". ::msgcat::mcset en_AU TIME_FORMAT "%H:%M:%S". ::msgcat::mcset en_AU TIME_FORMAT_12 "%I:%M:%S %P %z". ::msgcat::mcset en_AU DATE_TIME_FORMAT "%e/%m/%Y %H:%M:%S %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\en_be.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	305
Entropy (8bit):	4.823881517188826
Encrypted:	false
SSDEEP:
MD5:	A0BB5A5CC6C37C12CB24523198B82F1C
SHA1:	B7A6B4BFB6533CC33A0A0F5037E55A55958C4DFC
SHA-256:	596AC02204C845AA74451FC527645549F2A3318CB63051FCACB2BF948FD77351
SHA-512:	9859D8680E326C2EB39390F3B96AC0383372433000A4E828CF803323AB2AB681B2BAE87766CB6FB23F6D46DBA38D3344BC4A941AFB0027C737784063194F9AE4
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_BE DATE_FORMAT "%d %b %Y". ::msgcat::mcset en_BE TIME_FORMAT "%k:%M:%S". ::msgcat::mcset en_BE TIME_FORMAT_12 "%k h %M min %S s %z". ::msgcat::mcset en_BE DATE_TIME_FORMAT "%d %b %Y %k:%M:%S %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\en_bw.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.869619023232552
Encrypted:	false
SSDEEP:
MD5:	ECC735522806B18738512DC678D01A09
SHA1:	EEEC3A5A3780DBA7170149C779180748EB861B86
SHA-256:	340804F73B620686AB698B2202191D69227E736B1652271C99F2CFEF03D72296
SHA-512:	F46915BD68249B5B1988503E50EBC48C13D9C0DDBDCBA9F520386E41A0BAAE640FD97A5085698AB1DF65640CE70AC63ED21FAD49AF54511A5543D1F36247C22D
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_BW DATE_FORMAT "%d %B %Y". ::msgcat::mcset en_BW TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset en_BW DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\en_ca.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	288
Entropy (8bit):	4.828989678102087
Encrypted:	false
SSDEEP:
MD5:	F9A9EE00A4A2A899EDCCA6D82B3FA02A
SHA1:	BFDBAD5C0A323A37D5F91C37EC899B923DA5B0F5
SHA-256:	C9FE2223C4949AC0A193F321FC0FD7C344A9E49A54B00F8A4C30404798658631
SHA-512:	4E5471ADE75E0B91A02A30D8A042791D63565487CBCA1825EA68DD54A3AE6F1E386D9F3B016D233406D4B0B499B05DF6295BC0FFE85E8AA9DA4B4B7CC0128AD9
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_CA DATE_FORMAT "%d/%m/%y". ::msgcat::mcset en_CA TIME_FORMAT "%r". ::msgcat::mcset en_CA TIME_FORMAT_12 "%I:%M:%S %p". ::msgcat::mcset en_CA DATE_TIME_FORMAT "%a %d %b %Y %r %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\en_gb.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	279
Entropy (8bit):	4.84511182583436
Encrypted:	false
SSDEEP:
MD5:	07C16C81F1B59444508D0F475C2DB175
SHA1:	DEDBDB2C9ACA932C373C315FB6C5691DBEDEB346
SHA-256:	AE38AD5452314B0946C5CB9D3C89CDFC2AD214E146EB683B8D0CE3FE84070FE1
SHA-512:	F13333C975E6A0AD06E57C5C1908ED23C4A96008A895848D1E2FE7985001B2E5B9B05C4824C74EDA94E0CC70EC7CABCB103B97E54E957F986D8F277EEC3325B7
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_GB DATE_FORMAT "%d/%m/%y". ::msgcat::mcset en_GB TIME_FORMAT "%T". ::msgcat::mcset en_GB TIME_FORMAT_12 "%T". ::msgcat::mcset en_GB DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\en_hk.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	321
Entropy (8bit):	4.803235346516854
Encrypted:	false
SSDEEP:
MD5:	27B4185EB5B4CAAD8F38AE554231B49A
SHA1:	67122CAA8ECA829EC0759A0147C6851A6E91E867
SHA-256:	C9BE2C9AD31D516B508D01E85BCCA375AAF807D6D8CD7C658085D5007069FFFD
SHA-512:	003E5C1E2ECCCC48D14F3159DE71A5B0F1471275D4051C7AC42A3CFB80CAF651A5D04C4D8B868158211E8BC4E08554AF771993B0710E6625AA3AE912A33F5487
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_HK AM "AM". ::msgcat::mcset en_HK PM "PM". ::msgcat::mcset en_HK DATE_FORMAT "%B %e, %Y". ::msgcat::mcset en_HK TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset en_HK DATE_TIME_FORMAT "%B %e, %Y %l:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\en_ie.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	279
Entropy (8bit):	4.78446779523026
Encrypted:	false
SSDEEP:
MD5:	30E351D26DC3D514BC4BF4E4C1C34D6F
SHA1:	FA87650F840E691643F36D78F7326E925683D0A8
SHA-256:	E7868C80FD59D18BB15345D29F5292856F639559CFFD42EE649C16C7938BF58D
SHA-512:	5AAC8A55239A909207E73EFB4123692D027F7728157D07FAFB629AF5C6DB84B35CF11411E561851F7CDB6F25AEC174E85A1982C4B79C7586644E74512F5FBDDA
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_IE DATE_FORMAT "%d/%m/%y". ::msgcat::mcset en_IE TIME_FORMAT "%T". ::msgcat::mcset en_IE TIME_FORMAT_12 "%T". ::msgcat::mcset en_IE DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\en_in.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	310
Entropy (8bit):	4.756550208645364
Encrypted:	false
SSDEEP:
MD5:	1423A9CF5507A198580D84660D829133
SHA1:	70362593A2B04CF965213F318B10E92E280F338D
SHA-256:	71E5367FE839AFC4338C50D450F111728E097538ECACCC1B17B10238001B0BB1
SHA-512:	C4F1AD41D44A2473531247036BEEF8402F7C77A21A33690480F169F35E78030942FD31C9331A82B8377D094E22D506C785D0311DBB9F1C2B4AD3575B3F0E76E3
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_IN AM "AM". ::msgcat::mcset en_IN PM "PM". ::msgcat::mcset en_IN DATE_FORMAT "%d %B %Y". ::msgcat::mcset en_IN TIME_FORMAT "%H:%M:%S". ::msgcat::mcset en_IN DATE_TIME_FORMAT "%d %B %Y %H:%M:%S %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\en_nz.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	300
Entropy (8bit):	4.89415873600679
Encrypted:	false
SSDEEP:
MD5:	DB734349F7A1A83E1CB18814DB6572E8
SHA1:	3386B2599C7C170A03E4EED68C39EAC7ADD01708
SHA-256:	812DB204E4CB8266207A4E948FBA3DD1EFE4D071BBB793F9743A4320A1CEEBE3
SHA-512:	EF09006552C624A2F1C62155251A18BDA9EE85C9FC81ABBEDE8416179B1F82AD0D88E42AB0A10B4871EF4B7DB670E4A824392339976C3C95FB31F588CDE5840D
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_NZ DATE_FORMAT "%e/%m/%Y". ::msgcat::mcset en_NZ TIME_FORMAT "%H:%M:%S". ::msgcat::mcset en_NZ TIME_FORMAT_12 "%I:%M:%S %P %z". ::msgcat::mcset en_NZ DATE_TIME_FORMAT "%e/%m/%Y %H:%M:%S %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\en_ph.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	321
Entropy (8bit):	4.775448167269054
Encrypted:	false
SSDEEP:
MD5:	787C83099B6E4E80AC81DD63BA519CBE
SHA1:	1971ACFAA5753D2914577DCC9EBDF43CF89C1D00
SHA-256:	BE107F5FAE1E303EA766075C52EF2146EF149EDA37662776E18E93685B176CDC
SHA-512:	527A36D64B4B5C909F69AA8609CFFEBBA19A378CEA618E1BB07EC2AED89E456E2292080C43917DF51B08534A1D0B35F2069008324C99A7688BBEDE49049CD8A2
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_PH AM "AM". ::msgcat::mcset en_PH PM "PM". ::msgcat::mcset en_PH DATE_FORMAT "%B %e, %Y". ::msgcat::mcset en_PH TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset en_PH DATE_TIME_FORMAT "%B %e, %Y %l:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\en_sg.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.865159200607995
Encrypted:	false
SSDEEP:
MD5:	3045036D8F0663E26796E4E8AFF144E2
SHA1:	6C9066396C107049D861CD0A9C98DE8753782571
SHA-256:	B8D354519BD4EB1004EB7B25F4E23FD3EE7F533A5F491A46D19FD520ED34C930
SHA-512:	EBA6CD05BD596D0E8C96BBCA86379F003AD31E564D9CB90C906AF4B3A776AA797FC18EC405781F83493BBB33510DEDC0E78504AD1E6977BE0F83B2959AD25B8A
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_SG DATE_FORMAT "%d %b %Y". ::msgcat::mcset en_SG TIME_FORMAT_12 "%P %I:%M:%S". ::msgcat::mcset en_SG DATE_TIME_FORMAT "%d %b %Y %P %I:%M:%S %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\en_za.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	245
Entropy (8bit):	4.89152584889677
Encrypted:	false
SSDEEP:
MD5:	F285A8BA3216DA69B764991124F2F75A
SHA1:	A5B853A39D944DB9BB1A4C0B9D55AFDEF0515548
SHA-256:	98CE9CA4BB590BA5F922D6A196E5381E19C64E7682CDBEF914F2DCE6745A7332
SHA-512:	05695E29BA10072954BC91885A07D74EFBCB81B0DE3961261381210A51968F99CE1801339A05B810A54295E53B0A7E1D75CA5350485A8DEBFFFCBD4945234382
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_ZA DATE_FORMAT "%Y/%m/%d". ::msgcat::mcset en_ZA TIME_FORMAT_12 "%I:%M:%S". ::msgcat::mcset en_ZA DATE_TIME_FORMAT "%Y/%m/%d %I:%M:%S %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\en_zw.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.888960668540414
Encrypted:	false
SSDEEP:
MD5:	D8878533B11C21445CAEFA324C638C7E
SHA1:	EFF82B28741FA16D2DFC93B5421F856D6F902509
SHA-256:	91088BBBF58A704185DEC13DBD421296BBD271A1AEBBCB3EF85A99CECD848FF8
SHA-512:	CBFD4FC093B3479AE9E90A5CA05EA1894F62DA9E0559ACC2BD37BBED1F0750ECFF13E6DF2078D68268192CA51A832E1BEED379E11380ADF3C91C1A01A352B20C
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_ZW DATE_FORMAT "%d %B %Y". ::msgcat::mcset en_ZW TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset en_ZW DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\eo.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1231
Entropy (8bit):	4.282246801138565
Encrypted:	false
SSDEEP:
MD5:	FE2F92E5C0AB19CDC7119E70187479F6
SHA1:	A14B9AA999C0BBD9B21E6A2B44A934D685897430
SHA-256:	50DF3E0E669502ED08DD778D0AFEDF0F71993BE388B0FCAA1065D1C91BD22D83
SHA-512:	72B4975DC2CAB725BD6557CAED41B9C9146E0DE167EE0A0723C3C90D7CF49FB1D749977042FFECBCD7D8F21509307AAB3CE80E3C51023D22072FB5B415801EA9
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset eo DAYS_OF_WEEK_ABBREV [list \. "di"\. "lu"\. "ma"\. "me"\. "\u0135a"\. "ve"\. "sa"]. ::msgcat::mcset eo DAYS_OF_WEEK_FULL [list \. "diman\u0109o"\. "lundo"\. "mardo"\. "merkredo"\. "\u0135a\u016ddo"\. "vendredo"\. "sabato"]. ::msgcat::mcset eo MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "maj"\. "jun"\. "jul"\. "a\u016dg"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset eo MONTHS_FULL [list \. "januaro"\. "februaro"\. "marto"\. "aprilo"\. "majo"\. "junio"\. "julio"\. "a\u016dgusto"\. "septembro"\. "oktobro"\. "novembro"\. "decembro"\. ""]. ::msgcat::mcset eo BCE "aK". ::msgcat::mcset e

C:\Users\user\AppData\Local\Update\tcl\msgs\es.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1180
Entropy (8bit):	4.216657382642579
Encrypted:	false
SSDEEP:
MD5:	022CBA4FF73CF18D63D1B0C11D058B5D
SHA1:	8B2D0BE1BE354D639EC3373FE20A0F255E312EF6
SHA-256:	FFF2F08A5BE202C81E469E16D4DE1F8A0C1CFE556CDA063DA071279F29314837
SHA-512:	5142AD14C614E6BA5067B371102F7E81B14EB7AF3E40D05C674CFF1052DA4D172768636D34FF1DEE2499E43B2FEB4771CB1B67EDA10B887DE50E15DCD58A5283
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es DAYS_OF_WEEK_ABBREV [list \. "dom"\. "lun"\. "mar"\. "mi\u00e9"\. "jue"\. "vie"\. "s\u00e1b"]. ::msgcat::mcset es DAYS_OF_WEEK_FULL [list \. "domingo"\. "lunes"\. "martes"\. "mi\u00e9rcoles"\. "jueves"\. "viernes"\. "s\u00e1bado"]. ::msgcat::mcset es MONTHS_ABBREV [list \. "ene"\. "feb"\. "mar"\. "abr"\. "may"\. "jun"\. "jul"\. "ago"\. "sep"\. "oct"\. "nov"\. "dic"\. ""]. ::msgcat::mcset es MONTHS_FULL [list \. "enero"\. "febrero"\. "marzo"\. "abril"\. "mayo"\. "junio"\. "julio"\. "agosto"\. "septiembre"\. "octubre"\. "noviembre"\. "diciembre"\. ""]. ::msgcat::mcset es BCE "a.C.". ::msgcat::mcset es

C:\Users\user\AppData\Local\Update\tcl\msgs\es_ar.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	242
Entropy (8bit):	4.830874390627383
Encrypted:	false
SSDEEP:
MD5:	C806EF01079E6B6B7EAE5D717DA2AAB3
SHA1:	3C553536241A5D2E95A3BA9024AAB46BB87FBAD9
SHA-256:	AF530ACD69676678C95B803A29A44642ED2D2F2D077CF0F47B53FF24BAC03B2E
SHA-512:	619905C2FB5F8D2BC2CBB9F8F0EA117C0AEFBDDE5E4F826FF962D7DC069D16D5DE12E27E898471DC6C039866FB64BBF62ED54DBC031E03C7D24FC2EA38DE5699
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_AR DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_AR TIME_FORMAT "%H:%M:%S". ::msgcat::mcset es_AR DATE_TIME_FORMAT "%d/%m/%Y %H:%M:%S %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\es_bo.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.878640071219599
Encrypted:	false
SSDEEP:
MD5:	4C2B2A6FBC6B514EA09AA9EF98834F17
SHA1:	853FFCBB9A2253B7DC2B82C2BFC3B132500F7A9D
SHA-256:	24B58DE38CD4CB2ABD08D1EDA6C9454FFDE7ED1A33367B457D7702434A0A55EE
SHA-512:	3347F9C13896AF19F6BAFBEF225AF2A1F84F20F117E7F0CE3E5CAA783FDD88ABDFAF7C1286AE421BC609A39605E16627013945E4ACA1F7001B066E14CAB90BE7
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_BO DATE_FORMAT "%d-%m-%Y". ::msgcat::mcset es_BO TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_BO DATE_TIME_FORMAT "%d-%m-%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\es_cl.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.889615718638578
Encrypted:	false
SSDEEP:
MD5:	B7E7BE63F24FC1D07F28C5F97637BA1C
SHA1:	8FE1D17696C910CF59467598233D55268BFE0D94
SHA-256:	12AD1546EB391989105D80B41A87686D3B30626D0C42A73705F33B2D711950CC
SHA-512:	FD8B83EF06B1E1111AFF186F5693B17526024CAD8CC99102818BE74FD885344D2F628A0541ABB485F38DB8DE7E29EA4EE4B28D8E5F6ECEF826BABE1013ABDFB8
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_CL DATE_FORMAT "%d-%m-%Y". ::msgcat::mcset es_CL TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_CL DATE_TIME_FORMAT "%d-%m-%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\es_co.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.862231219172699
Encrypted:	false
SSDEEP:
MD5:	FD946BE4D44995911E79135E5B7BD3BB
SHA1:	3BA38CB03258CA834E37DBB4E3149D4CDA9B353B
SHA-256:	1B4979874C3F025317DFCF0B06FC8CEE080A28FF3E8EFE1DE9E899F6D4F4D21E
SHA-512:	FBD8087891BA0AE58D71A6D07482EED5E0EA5C658F0C82A9EC67DFC0D826059F1FC6FF404D6A6DC9619BD9249D4E4EC30D828B177E0939302196C51FA9B2FC4B
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_CO DATE_FORMAT "%e/%m/%Y". ::msgcat::mcset es_CO TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_CO DATE_TIME_FORMAT "%e/%m/%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\es_cr.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.873281593259653
Encrypted:	false
SSDEEP:
MD5:	F08EF3582AF2F88B71C599FBEA38BFD9
SHA1:	456C90C09C2A8919DC948E86170F523062F135DB
SHA-256:	7AC5FC35BC422A5445603E0430236E62CCA3558787811DE22305F72D439EB4BB
SHA-512:	7187FC4CE0533F14BBA073039A0B86D610618573BA9A936CBE7682ED2939384C6BB9E0A407C016A42702E83627CCE394618ACB58419EA36908AA37F59165E371
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_CR DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_CR TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_CR DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\es_do.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.8668686830029335
Encrypted:	false
SSDEEP:
MD5:	44F2EE567A3E9A021A3C16062CEAE220
SHA1:	180E938584F0A57AC0C3F85E6574BC48291D820E
SHA-256:	847C14C297DBE4D8517DEBAA8ED555F3DAEDF843D6BAD1F411598631A0BD3507
SHA-512:	BEB005D006E432963F9C1EF474A1E3669C8B7AF0681681E74DDA8FE9C8EE04D307EF85CF0257DA72663026138D38807A6ABA1255337CF8CC724ED1993039B40C
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_DO DATE_FORMAT "%m/%d/%Y". ::msgcat::mcset es_DO TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_DO DATE_TIME_FORMAT "%m/%d/%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\es_ec.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.86970949384834
Encrypted:	false
SSDEEP:
MD5:	CCB036C33BA7C8E488D37E754075C6CF
SHA1:	336548C8D361B1CAA8BDF698E148A88E47FB27A6
SHA-256:	2086EE8D7398D5E60E5C3048843B388437BD6F2507D2293CA218936E3BF61E59
SHA-512:	05058262E222653CF3A4C105319B74E07322AEE726CC11AEB2B562F01FF2476E3169EA829BF8B66E1B76617CB58E45423480E5A6CB3B3D4B33AA4DDDFA52D111
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_EC DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_EC TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_EC DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\es_gt.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.86395314548955
Encrypted:	false
SSDEEP:
MD5:	1E6062716A094CC3CE1F2C97853CD3CD
SHA1:	499F69E661B3B5747227B31DE4539CAF355CCAAC
SHA-256:	1BC22AF98267D635E3F07615A264A716940A2B1FAA5CAA3AFF54D4C5A4A34370
SHA-512:	7C3FB65EC76A2F35354E93A47C3A59848170AAF504998CEF66AEBAAD39D303EC67BE212C6FACC98305E35FFEBF23CCB7E34396F11987E81D76B3685E6B5E89B3
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_GT DATE_FORMAT "%e/%m/%Y". ::msgcat::mcset es_GT TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_GT DATE_TIME_FORMAT "%e/%m/%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\es_hn.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.902544453689719
Encrypted:	false
SSDEEP:
MD5:	AAE4A89F6AB01044D6BA3511CBE6FE66
SHA1:	639A94279453B0028995448FD2E221C1BDE23CEE
SHA-256:	A2D25880C64309552AACED082DEED1EE006482A14CAB97DB524E9983EE84ACFC
SHA-512:	E2BE94973C931B04C730129E9B9746BB76E7AC7F5AAA8D7899903B8C86B4E3D4A955E9580CF2C64DE48AFD6A2A9386337C2F8A8128A511AFBFBBA09CC032A76E
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_HN DATE_FORMAT "%m-%d-%Y". ::msgcat::mcset es_HN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_HN DATE_TIME_FORMAT "%m-%d-%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\es_mx.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.863953145489551
Encrypted:	false
SSDEEP:
MD5:	F60290CF48AA4EDCA938E496F43135FD
SHA1:	0EE5A36277EA4E7A1F4C6D1D9EE32D90918DA25C
SHA-256:	D0FAA9D7997D5696BFF92384144E0B9DFB2E4C38375817613F81A89C06EC6383
SHA-512:	380DFCD951D15E53FCB1DEF4B892C8FD65CEFBF0857D5A7347FF3ED34F69ADD53AEEF895EDCFC6D2F24A65AB8F67CF813AEA2045EDBF3BF182BD0635B5ACB1A4
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_MX DATE_FORMAT "%e/%m/%Y". ::msgcat::mcset es_MX TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_MX DATE_TIME_FORMAT "%e/%m/%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\es_ni.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.872124246425178
Encrypted:	false
SSDEEP:
MD5:	2C4C45C450FEA6BA0421281F1CF55A2A
SHA1:	5249E31611A670EAEEF105AB4AD2E5F14B355CAE
SHA-256:	4B28B46981BBB78CBD2B22060E2DD018C66FCFF1CEE52755425AD4900A90D6C3
SHA-512:	969A4566C7B5FAF36204865D5BC22C849FBB44F0D16B04B9A9473B05DBABF22AEB9B77F282A44BB85D7E2A56C4E5BCE59E4E4CDEB3F6DD52AF47C65C709A3690
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_NI DATE_FORMAT "%m-%d-%Y". ::msgcat::mcset es_NI TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_NI DATE_TIME_FORMAT "%m-%d-%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\es_pa.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.860352858208512
Encrypted:	false
SSDEEP:
MD5:	148626186A258E58851CC0A714B4CFD6
SHA1:	7F14D46F66D8A94A493702DCDE7A50C1D71774B2
SHA-256:	6832DC5AB9F610883784CF702691FCF16850651BC1C6A77A0EFA81F43BC509AC
SHA-512:	2B452D878728BFAFEA9A60030A26E1E1E44CE0BB26C7D9B8DB1D7C4F1AD3217770374BD4EDE784D0A341AB5427B08980FF4A62141FAF7024AB17296FE98427AC
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_PA DATE_FORMAT "%m/%d/%Y". ::msgcat::mcset es_PA TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_PA DATE_TIME_FORMAT "%m/%d/%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\es_pe.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.8632965835916195
Encrypted:	false
SSDEEP:
MD5:	74F014096C233B4D1D38A9DFB15B01BB
SHA1:	75C28321AFED3D9CDA3EBF3FD059CDEA597BB13A
SHA-256:	CC826C93682EF19D29AB6304657E07802C70CF18B1E5EA99C3480DF6D2383983
SHA-512:	24E7C3914BF095B55DE7F01CB537E20112E10CF741333FD0185FEF0B0E3A1CD9651C2B2EDC470BCF18F51ADB352CA7550CFBF4F79342DCA33F7E0841AEDEBA8D
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_PE DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_PE TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_PE DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\es_pr.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.859298425911738
Encrypted:	false
SSDEEP:
MD5:	AEB569C12A50B8C4A57C8034F666C1B3
SHA1:	24D8B096DD8F1CFA101D6F36606D003D4FCC7B4D
SHA-256:	19563225CE7875696C6AA2C156E6438292DE436B58F8D7C23253E3132069F9A2
SHA-512:	B5432D7A80028C3AD3A7819A5766B07EDB56CEE493C0903EDFA72ACEE0C2FFAA955A8850AA48393782471905FFF72469F508B19BE83CC626478072FFF6B60B5D
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_PR DATE_FORMAT "%m-%d-%Y". ::msgcat::mcset es_PR TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_PR DATE_TIME_FORMAT "%m-%d-%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\es_py.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.871431420165191
Encrypted:	false
SSDEEP:
MD5:	D24FF8FAEE658DD516AC298B887D508A
SHA1:	61990E6F3E399B87060E522ABCDE77A832019167
SHA-256:	94FF64201C27AB04F362617DD56B7D85B223BCCA0735124196E7669270C591F0
SHA-512:	1409E1338988BC70C19DA2F6C12A39E311CF91F6BB759575C95E125EA67949F17BBE450B2CD29E3F6FDA1421C742859CB990921949C6940B34D7A8B8545FF8F0
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_PY DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_PY TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_PY DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\es_sv.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.883202808381857
Encrypted:	false
SSDEEP:
MD5:	6A013D20A3C983639EAF89B93AB2037C
SHA1:	9ABEC22E82C1638B9C8E197760C66E370299BB93
SHA-256:	E3268C95E9B7D471F5FD2436C17318D5A796220BA39CEBEBCD39FBB0141A49CE
SHA-512:	C4FE0493A2C45DA792D0EE300EC1D30E25179209FE39ACCD74B23ACDFF0A72DEEEED1A1D12842101E0A4E57E8FEADF54F926347B6E9B987B70A52E0557919FC2
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_SV DATE_FORMAT "%m-%d-%Y". ::msgcat::mcset es_SV TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_SV DATE_TIME_FORMAT "%m-%d-%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\es_ve.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.882638228899482
Encrypted:	false
SSDEEP:
MD5:	F3A789CBC6B9DD4F5BA5182C421A9F78
SHA1:	7C2AF280C90B0104AB49B2A527602374254274CE
SHA-256:	64F796C5E3E300448A1F309A0DA7D43548CC40511036FF3A3E0C917E32147D62
SHA-512:	822C0D27D2A72C9D5336C1BCEDC13B564F0FB12146CF8D30FBE77B9C4728C4B3BF456AC62DACD2962A6B5B84761354B31CD505105EDB060BF202BA0B0A830772
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_VE DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_VE TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_VE DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\et.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1206
Entropy (8bit):	4.321464868793769
Encrypted:	false
SSDEEP:
MD5:	3B4BEE5DD7441A63A31F89D6DFA059BA
SHA1:	BEE39E45FA3A76B631B4C2D0F937FF6041E09332
SHA-256:	CCC2B4738DB16FAFB48BFC77C9E2F8BE17BC19E4140E48B61F3EF1CE7C9F3A8C
SHA-512:	AEC24C75CB00A506A46CC631A2A804C59FBE4F8EBCB86CBA0F4EE5DF7B7C12ED7D25845150599837B364E40BBFDB68244991ED5AF59C9F7792F8362A1E728883
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset et DAYS_OF_WEEK_ABBREV [list \. "P"\. "E"\. "T"\. "K"\. "N"\. "R"\. "L"]. ::msgcat::mcset et DAYS_OF_WEEK_FULL [list \. "p\u00fchap\u00e4ev"\. "esmasp\u00e4ev"\. "teisip\u00e4ev"\. "kolmap\u00e4ev"\. "neljap\u00e4ev"\. "reede"\. "laup\u00e4ev"]. ::msgcat::mcset et MONTHS_ABBREV [list \. "Jaan"\. "Veebr"\. "M\u00e4rts"\. "Apr"\. "Mai"\. "Juuni"\. "Juuli"\. "Aug"\. "Sept"\. "Okt"\. "Nov"\. "Dets"\. ""]. ::msgcat::mcset et MONTHS_FULL [list \. "Jaanuar"\. "Veebruar"\. "M\u00e4rts"\. "Aprill"\. "Mai"\. "Juuni"\. "Juuli"\. "August"\. "September"\. "Oktoober"\. "November"\. "Detsember"\. ""]. ::msgcat::mcset et

C:\Users\user\AppData\Local\Update\tcl\msgs\eu.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	985
Entropy (8bit):	3.9137059580146376
Encrypted:	false
SSDEEP:
MD5:	E27FEB15A6C300753506FC706955AC90
SHA1:	FDFAC22CC0839B29799001838765EB4A232FD279
SHA-256:	7DCC4966A5C13A52B6D1DB62BE200B9B5A1DECBACCFCAF15045DD03A2C3E3FAA
SHA-512:	C54A0F72BC0DAF6A411466565467A2783690EA19F4D401A5448908944A0A6F3F74A7976FA0F851F15B6A97C6D6A3C41FB8BBC8EA42B5D5E3C17A5C8A37436FC5
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset eu DAYS_OF_WEEK_ABBREV [list \. "igandea"\. "astelehena"\. "asteartea"\. "asteazkena"\. "osteguna"\. "ostirala"\. "larunbata"]. ::msgcat::mcset eu DAYS_OF_WEEK_FULL [list \. "igandea"\. "astelehena"\. "asteartea"\. "asteazkena"\. "osteguna"\. "ostirala"\. "larunbata"]. ::msgcat::mcset eu MONTHS_ABBREV [list \. "urt"\. "ots"\. "mar"\. "api"\. "mai"\. "eka"\. "uzt"\. "abu"\. "ira"\. "urr"\. "aza"\. "abe"\. ""]. ::msgcat::mcset eu MONTHS_FULL [list \. "urtarrila"\. "otsaila"\. "martxoa"\. "apirila"\. "maiatza"\. "ekaina"\. "uztaila"\. "abuztua"\. "iraila"\. "urria"\. "azaroa"\. "abendua"\. ""].}.

C:\Users\user\AppData\Local\Update\tcl\msgs\eu_es.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	287
Entropy (8bit):	4.8689948586471825
Encrypted:	false
SSDEEP:
MD5:	D20788793E6CC1CD07B3AFD2AA135CB6
SHA1:	3503FCB9490261BA947E89D5494998CEBB157223
SHA-256:	935164A2D2D14815906B438562889B31139519B3A8E8DB3D2AC152A77EC591DC
SHA-512:	F65E7D27BD0A99918D6F21C425238000563C2E3A4162D6806EEAC7C9DCB9798987AFFB8BE01899D577078F6297AF468DBAEBEB6375C09ABF332EB44E328F0E8B
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset eu_ES DATE_FORMAT "%a, %Yeko %bren %da". ::msgcat::mcset eu_ES TIME_FORMAT "%T". ::msgcat::mcset eu_ES TIME_FORMAT_12 "%T". ::msgcat::mcset eu_ES DATE_TIME_FORMAT "%y-%m-%d %T %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\fa.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1664
Entropy (8bit):	4.1508548760580295
Encrypted:	false
SSDEEP:
MD5:	7E74DE42FBDA63663B58B2E58CF30549
SHA1:	CB210740F56208E8E621A45D545D7DEFCAE8BCAF
SHA-256:	F9CA4819E8C8B044D7D68C97FC67E0F4CCD6245E30024161DAB24D0F7C3A9683
SHA-512:	A03688894BD44B6AB87DC6CAB0A5EC348C9117697A2F9D00E27E850F23EFDC2ADBD53CAC6B9ED33756D3A87C9211B6EE8DF06020F6DA477B9948F52E96071F76
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fa DAYS_OF_WEEK_ABBREV [list \. "\u06cc\u2214"\. "\u062f\u2214"\. "\u0633\u2214"\. "\u0686\u2214"\. "\u067e\u2214"\. "\u062c\u2214"\. "\u0634\u2214"]. ::msgcat::mcset fa DAYS_OF_WEEK_FULL [list \. "\u06cc\u06cc\u200c\u0634\u0646\u0628\u0647"\. "\u062f\u0648\u0634\u0646\u0628\u0647"\. "\u0633\u0647\u200c\u0634\u0646\u0628\u0647"\. "\u0686\u0647\u0627\u0631\u0634\u0646\u0628\u0647"\. "\u067e\u0646\u062c\u200c\u0634\u0646\u0628\u0647"\. "\u062c\u0645\u0639\u0647"\. "\u0634\u0646\u0628\u0647"]. ::msgcat::mcset fa MONTHS_ABBREV [list \. "\u0698\u0627\u0646"\. "\u0641\u0648\u0631"\. "\u0645\u0627\u0631"\. "\u0622\u0648\u0631"\. "\u0645\u0640\u0647"\. "\u0698\u0648\u0646"\. "\u0698\u0648\u06cc"\. "\u0627\u0648\u062a"\. "\u0633\u067e\u

C:\Users\user\AppData\Local\Update\tcl\msgs\fa_in.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1957
Entropy (8bit):	4.433104256056609
Encrypted:	false
SSDEEP:
MD5:	E6DBD1544A69BFC653865B723395E79C
SHA1:	5E4178E7282807476BD0D6E1F2E320E42FA0DE77
SHA-256:	6360CE0F31EE593E311B275F3C1F1ED427E237F31010A4280EF2C58AA6F2633A
SHA-512:	8D77DCB4333F043502CED7277AEEB0453A2C019E1A46826A0FE90F0C480A530F5646A4F76ECC1C15825601FC8B646ED7C78E53996E2908B341BA4ED1392B95F0
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fa_IN DAYS_OF_WEEK_ABBREV [list \. "\u06cc\u2214"\. "\u062f\u2214"\. "\u0633\u2214"\. "\u0686\u2214"\. "\u067e\u2214"\. "\u062c\u2214"\. "\u0634\u2214"]. ::msgcat::mcset fa_IN DAYS_OF_WEEK_FULL [list \. "\u06cc\u06cc\u200c\u0634\u0646\u0628\u0647"\. "\u062f\u0648\u0634\u0646\u0628\u0647"\. "\u0633\u0647\u200c\u0634\u0646\u0628\u0647"\. "\u0686\u0647\u0627\u0631\u0634\u0646\u0628\u0647"\. "\u067e\u0646\u062c\u200c\u0634\u0646\u0628\u0647"\. "\u062c\u0645\u0639\u0647"\. "\u0634\u0646\u0628\u0647"]. ::msgcat::mcset fa_IN MONTHS_ABBREV [list \. "\u0698\u0627\u0646"\. "\u0641\u0648\u0631"\. "\u0645\u0627\u0631"\. "\u0622\u0648\u0631"\. "\u0645\u0640\u0647"\. "\u0698\u0648\u0646"\. "\u0698\u0648\u06cc"\. "\u0627\u0648\u062a"\. "\u063

C:\Users\user\AppData\Local\Update\tcl\msgs\fa_ir.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	417
Entropy (8bit):	5.087144086729547
Encrypted:	false
SSDEEP:
MD5:	044BAAA627AD3C3585D229865A678357
SHA1:	9D64038C00253A7EEDA4921B9C5E34690E185061
SHA-256:	CF492CBD73A6C230725225D70566B6E46D5730BD3F63879781DE4433965620BE
SHA-512:	DA138F242B44111FAFE9EFE986EB987C26A64D9316EA5644AC4D3D4FEC6DF9F5D55F342FC194BC487A1B7C740F931D883A574863B48396D837D1E270B733F735
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fa_IR AM "\u0635\u0628\u062d". ::msgcat::mcset fa_IR PM "\u0639\u0635\u0631". ::msgcat::mcset fa_IR DATE_FORMAT "%d\u2044%m\u2044%Y". ::msgcat::mcset fa_IR TIME_FORMAT "%S:%M:%H". ::msgcat::mcset fa_IR TIME_FORMAT_12 "%S:%M:%l %P". ::msgcat::mcset fa_IR DATE_TIME_FORMAT "%d\u2044%m\u2044%Y %S:%M:%H %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\fi.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1145
Entropy (8bit):	4.249302428029841
Encrypted:	false
SSDEEP:
MD5:	34FE8E2D987FE534BD88291046F6820B
SHA1:	B173700C176336BD1B123C2A055A685F73B60C07
SHA-256:	BE0D2DCE08E6CD786BC3B07A1FB1ADC5B2CF12053C99EACDDAACDDB8802DFB9C
SHA-512:	4AC513F092D2405FEF6E30C828AE94EDBB4B0B0E1C68C1168EB2498C186DB054EBF697D6B55B49F865A2284F75B7D5490AFE7A80F887AE8312E6F9A5EFE16390
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fi DAYS_OF_WEEK_ABBREV [list \. "su"\. "ma"\. "ti"\. "ke"\. "to"\. "pe"\. "la"]. ::msgcat::mcset fi DAYS_OF_WEEK_FULL [list \. "sunnuntai"\. "maanantai"\. "tiistai"\. "keskiviikko"\. "torstai"\. "perjantai"\. "lauantai"]. ::msgcat::mcset fi MONTHS_ABBREV [list \. "tammi"\. "helmi"\. "maalis"\. "huhti"\. "touko"\. "kes\u00e4"\. "hein\u00e4"\. "elo"\. "syys"\. "loka"\. "marras"\. "joulu"\. ""]. ::msgcat::mcset fi MONTHS_FULL [list \. "tammikuu"\. "helmikuu"\. "maaliskuu"\. "huhtikuu"\. "toukokuu"\. "kes\u00e4kuu"\. "hein\u00e4kuu"\. "elokuu"\. "syyskuu"\. "lokakuu"\. "marraskuu"\. "joulukuu"\. ""]. ::msgcat

C:\Users\user\AppData\Local\Update\tcl\msgs\fo.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	986
Entropy (8bit):	4.07740021579371
Encrypted:	false
SSDEEP:
MD5:	996B699F6821A055B826415446A11C8E
SHA1:	C382039ED7D2AE8D96CF2EA55FA328AE9CFD2F7D
SHA-256:	F249DD1698ED1687E13654C04D08B829193027A2FECC24222EC854B59350466A
SHA-512:	AB6F5ABC9823C7F7A67BA1E821680ACD37761F83CD1F46EC731AB2B72AA34C2E523ACE288E9DE70DB3D58E11F5CB42ECB5A5E4E39BFD7DFD284F1FF6B637E11D
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fo DAYS_OF_WEEK_ABBREV [list \. "sun"\. "m\u00e1n"\. "t\u00fds"\. "mik"\. "h\u00f3s"\. "fr\u00ed"\. "ley"]. ::msgcat::mcset fo DAYS_OF_WEEK_FULL [list \. "sunnudagur"\. "m\u00e1nadagur"\. "t\u00fdsdagur"\. "mikudagur"\. "h\u00f3sdagur"\. "fr\u00edggjadagur"\. "leygardagur"]. ::msgcat::mcset fo MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "mai"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "des"\. ""]. ::msgcat::mcset fo MONTHS_FULL [list \. "januar"\. "februar"\. "mars"\. "apr\u00edl"\. "mai"\. "juni"\. "juli"\. "august"\. "september"\. "oktober"\. "november"\. "desember"\. ""].}.

C:\Users\user\AppData\Local\Update\tcl\msgs\fo_fo.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	279
Entropy (8bit):	4.816022066048386
Encrypted:	false
SSDEEP:
MD5:	A76D09A4FA15A2C985CA6BDD22989D6A
SHA1:	E6105EBCDC547FE2E2FE9EDDC9C573BBDAD85AD0
SHA-256:	7145B57AC5C074BCA968580B337C04A71BBD6EFB93AFAF291C1361FD700DC791
SHA-512:	D16542A1CCDC3F5C2A20300B7E38F43F94F7753E0E99F08EB7240D4F286B263815AD481B29F4E96F268E24BA17C5E135E356448685E1BF65B2B63CE6146AA54C
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fo_FO DATE_FORMAT "%d/%m-%Y". ::msgcat::mcset fo_FO TIME_FORMAT "%T". ::msgcat::mcset fo_FO TIME_FORMAT_12 "%T". ::msgcat::mcset fo_FO DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\fr.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1205
Entropy (8bit):	4.313638548211754
Encrypted:	false
SSDEEP:
MD5:	B475F8E7D7065A67E73B1E5CDBF9EB1F
SHA1:	1B689EDC29F8BC4517936E5D77A084083F12AE31
SHA-256:	7A87E418B6D8D14D8C11D63708B38D607D28F7DDBF39606C7D8FBA22BE7892CA
SHA-512:	EA77EFF9B23A02F59526499615C08F1314A91AB41561856ED7DF45930FDD8EC11A105218890FD012045C4CC40621C226F94BDC3BEB62B83EA8FAA7AEC20516E7
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fr DAYS_OF_WEEK_ABBREV [list \. "dim."\. "lun."\. "mar."\. "mer."\. "jeu."\. "ven."\. "sam."]. ::msgcat::mcset fr DAYS_OF_WEEK_FULL [list \. "dimanche"\. "lundi"\. "mardi"\. "mercredi"\. "jeudi"\. "vendredi"\. "samedi"]. ::msgcat::mcset fr MONTHS_ABBREV [list \. "janv."\. "f\u00e9vr."\. "mars"\. "avr."\. "mai"\. "juin"\. "juil."\. "ao\u00fbt"\. "sept."\. "oct."\. "nov."\. "d\u00e9c."\. ""]. ::msgcat::mcset fr MONTHS_FULL [list \. "janvier"\. "f\u00e9vrier"\. "mars"\. "avril"\. "mai"\. "juin"\. "juillet"\. "ao\u00fbt"\. "septembre"\. "octobre"\. "novembre"\. "d\u00e9cembre"\. ""]. ::msgcat::mcset fr BCE "a

C:\Users\user\AppData\Local\Update\tcl\msgs\fr_be.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	279
Entropy (8bit):	4.863262857917797
Encrypted:	false
SSDEEP:
MD5:	483652B6A3D8010C3CDB6CAD0AD95E72
SHA1:	8FCDB01D0729E9F1A0CAC56F79EDB79A37734AF5
SHA-256:	980E703DFB1EEDE7DE48C958F6B501ED4251F69CB0FBCE0FCA85555F5ACF134A
SHA-512:	0282B8F3884BB4406F69AF2D2F44E431FB8077FEA86D09ED5607BC0932A049853D0C5CAF0B57EF0289F42A8265F76CC4B10111A28B1E0E9BD54E9319B25D8DB6
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fr_BE DATE_FORMAT "%d/%m/%y". ::msgcat::mcset fr_BE TIME_FORMAT "%T". ::msgcat::mcset fr_BE TIME_FORMAT_12 "%T". ::msgcat::mcset fr_BE DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\fr_ca.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	279
Entropy (8bit):	4.843031408533295
Encrypted:	false
SSDEEP:
MD5:	017D816D73DAB852546169F3EC2D16F2
SHA1:	3145BB54D9E1E4D9166186D5B43F411CE0250594
SHA-256:	F16E212D5D1F6E83A9FC4E56874E4C7B8F1947EE882610A73199480319EFA529
SHA-512:	4D4EF395B15F750F16EC64162BE8AB4B082C6CD1877CA63D5EA4A5E940A7F98E46D792115FD105B293DC43714E8662BC4411E14E93F09769A064622E52EDE258
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fr_CA DATE_FORMAT "%Y-%m-%d". ::msgcat::mcset fr_CA TIME_FORMAT "%T". ::msgcat::mcset fr_CA TIME_FORMAT_12 "%T". ::msgcat::mcset fr_CA DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\fr_ch.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	281
Entropy (8bit):	4.866549204705568
Encrypted:	false
SSDEEP:
MD5:	8B27EFF0D45F536852E7A819500B7F93
SHA1:	CAED7D4334BAD8BE586A1AEEE270FB6913A03512
SHA-256:	AB160BFDEB5C3ADF071E01C78312A81EE4223BBF5470AB880972BBF5965291F3
SHA-512:	52DD94F524C1D9AB13F5933265691E8C44B2946F507DE30D789FDCFEA7839A4076CB55A01CEB49194134D7BC84E4F490341AAB9DFB75BB960B03829D6550872B
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fr_CH DATE_FORMAT "%d. %m. %y". ::msgcat::mcset fr_CH TIME_FORMAT "%T". ::msgcat::mcset fr_CH TIME_FORMAT_12 "%T". ::msgcat::mcset fr_CH DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\ga.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1141
Entropy (8bit):	4.24180563443443
Encrypted:	false
SSDEEP:
MD5:	88D5CB026EBC3605E8693D9A82C2D050
SHA1:	C2A613DC7C367A841D99DE15876F5E7A8027BBF8
SHA-256:	057C75C1AD70653733DCE43EA5BF151500F39314E8B0236EE80F8D5DB623627F
SHA-512:	253575BFB722CF06937BBE4E9867704B95EFE7B112B370E1430A2027A1818BD2560562A43AD2D067386787899093B25AE84ABFE813672A15A649FEF487E31F7A
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ga DAYS_OF_WEEK_ABBREV [list \. "Domh"\. "Luan"\. "M\u00e1irt"\. "C\u00e9ad"\. "D\u00e9ar"\. "Aoine"\. "Sath"]. ::msgcat::mcset ga DAYS_OF_WEEK_FULL [list \. "D\u00e9 Domhnaigh"\. "D\u00e9 Luain"\. "D\u00e9 M\u00e1irt"\. "D\u00e9 C\u00e9adaoin"\. "D\u00e9ardaoin"\. "D\u00e9 hAoine"\. "D\u00e9 Sathairn"]. ::msgcat::mcset ga MONTHS_ABBREV [list \. "Ean"\. "Feabh"\. "M\u00e1rta"\. "Aib"\. "Beal"\. "Meith"\. "I\u00fail"\. "L\u00fan"\. "MF\u00f3mh"\. "DF\u00f3mh"\. "Samh"\. "Noll"\. ""]. ::msgcat::mcset ga MONTHS_FULL [list \. "Ean\u00e1ir"\. "Feabhra"\. "M\u00e1rta"\. "Aibre\u00e1n"\. "M\u00ed na Bealtaine"\. "Meith"\. "I\u00fail"\. "L\u00fanasa"

C:\Users\user\AppData\Local\Update\tcl\msgs\ga_ie.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	279
Entropy (8bit):	4.7755422576113595
Encrypted:	false
SSDEEP:
MD5:	04452D43DA05A94414973F45CDD12869
SHA1:	AEEDCC2177B592A0025A1DBCFFC0EF3634DBF562
SHA-256:	2072E48C98B480DB5677188836485B4605D5A9D99870AC73B5BFE9DCC6DB46F4
SHA-512:	5A01156FD5AB662EE9D626518B4398A161BAF934E3A618B3A18839A944AEEAEE6FE1A5279D7750511B126DB3AD2CC992CDA067573205ACBC211C34C8A099305F
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ga_IE DATE_FORMAT "%d.%m.%y". ::msgcat::mcset ga_IE TIME_FORMAT "%T". ::msgcat::mcset ga_IE TIME_FORMAT_12 "%T". ::msgcat::mcset ga_IE DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\gl.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	950
Entropy (8bit):	4.037076523160125
Encrypted:	false
SSDEEP:
MD5:	B940E67011DDBAD6192E9182C5F0CCC0
SHA1:	83A284899785956ECB015BBB871E7E04A7C36585
SHA-256:	C71A07169CDBE9962616D28F38C32D641DA277E53E67F8E3A69EB320C1E2B88C
SHA-512:	28570CB14452CA5285D97550EA77C9D8F71C57DE6C1D144ADB00B93712F588AF900DA32C10C3A81C7A2DEE11A3DC843780D24218F53920AB72E90321677CC9E8
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset gl DAYS_OF_WEEK_ABBREV [list \. "Dom"\. "Lun"\. "Mar"\. "M\u00e9r"\. "Xov"\. "Ven"\. "S\u00e1b"]. ::msgcat::mcset gl DAYS_OF_WEEK_FULL [list \. "Domingo"\. "Luns"\. "Martes"\. "M\u00e9rcores"\. "Xoves"\. "Venres"\. "S\u00e1bado"]. ::msgcat::mcset gl MONTHS_ABBREV [list \. "Xan"\. "Feb"\. "Mar"\. "Abr"\. "Mai"\. "Xu\u00f1"\. "Xul"\. "Ago"\. "Set"\. "Out"\. "Nov"\. "Dec"\. ""]. ::msgcat::mcset gl MONTHS_FULL [list \. "Xaneiro"\. "Febreiro"\. "Marzo"\. "Abril"\. "Maio"\. "Xu\u00f1o"\. "Xullo"\. "Agosto"\. "Setembro"\. "Outubro"\. "Novembro"\. "Decembro"\. ""].}.

C:\Users\user\AppData\Local\Update\tcl\msgs\gl_es.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.839318757139709
Encrypted:	false
SSDEEP:
MD5:	3FCDF0FC39C8E34F6270A646A996F663
SHA1:	6999E82148E1D1799C389BCC6C6952D5514F4A4B
SHA-256:	BC2B0424CF27BEF67F309E2B6DFFEF4D39C46F15D91C15E83E070C7FD4E20C9C
SHA-512:	CDB9ED694A7E555EB321F559E9B0CC0998FD526ADEF33AD08C56943033351D70900CD6EC62D380E23AB9F65CCFB85F4EEEB4E17FA8CC05E56C2AC57FBEDE721E
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset gl_ES DATE_FORMAT "%d %B %Y". ::msgcat::mcset gl_ES TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset gl_ES DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\gv.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1037
Entropy (8bit):	4.13549698574103
Encrypted:	false
SSDEEP:
MD5:	3350E1228CF7157ECE68762F967F2F32
SHA1:	2D0411DA2F6E0441B1A8683687178E9EB552B835
SHA-256:	75AA686FF901C9E66E51D36E8E78E5154B57EE9045784568F6A8798EA9689207
SHA-512:	1D0B44F00A5E6D7B8CECB67EAF060C6053045610CF7246208C8E63E7271C7780587A184D38ECFDFDCFB976F9433FEFDA0BAF8981FCD197554D0874ED1E6B6428
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset gv DAYS_OF_WEEK_ABBREV [list \. "Jed"\. "Jel"\. "Jem"\. "Jerc"\. "Jerd"\. "Jeh"\. "Jes"]. ::msgcat::mcset gv DAYS_OF_WEEK_FULL [list \. "Jedoonee"\. "Jelhein"\. "Jemayrt"\. "Jercean"\. "Jerdein"\. "Jeheiney"\. "Jesarn"]. ::msgcat::mcset gv MONTHS_ABBREV [list \. "J-guer"\. "T-arree"\. "Mayrnt"\. "Avrril"\. "Boaldyn"\. "M-souree"\. "J-souree"\. "Luanistyn"\. "M-fouyir"\. "J-fouyir"\. "M.Houney"\. "M.Nollick"\. ""]. ::msgcat::mcset gv MONTHS_FULL [list \. "Jerrey-geuree"\. "Toshiaght-arree"\. "Mayrnt"\. "Averil"\. "Boaldyn"\. "Mean-souree"\. "Jerrey-souree"\. "Luanistyn"\. "Mean-fouyir"\. "Jerrey-fouyir"\. "Mee Houney"\.

C:\Users\user\AppData\Local\Update\tcl\msgs\gv_gb.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.890913756172577
Encrypted:	false
SSDEEP:
MD5:	A65040748621B18B1F88072883891280
SHA1:	4D0ED6668A99BAC9B273B0FA8BC74EB6BB9DDFC8
SHA-256:	823AF00F4E44613E929D32770EDB214132B6E210E872751624824DA5F0B78448
SHA-512:	16FFD4107C3B85619629B2CD8A48AB9BC3763FA6E4FE4AE910EDF3B42209CEEB8358D4E7E531C2417875D05E5F801BB19B10130FA8BF70E44CFD8F1BA06F6B6E
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset gv_GB DATE_FORMAT "%d %B %Y". ::msgcat::mcset gv_GB TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset gv_GB DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\he.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1938
Entropy (8bit):	4.234997703698801
Encrypted:	false
SSDEEP:
MD5:	FFD5D8007D78770EA0E7E5643F1BD20A
SHA1:	40854EB81EE670086D0D0C0C2F0F9D8406DF6B47
SHA-256:	D27ADAF74EBB18D6964882CF931260331B93AE4B283427F9A0DB147A83DE1D55
SHA-512:	EFBDADE1157C7E1CB8458CBA89913FB44DC2399AD860FCAEDA588B99230B0934EDAAF8BAB1742E03F06FA8047D3605E8D63BB23EC4B32155C256D07C46ABBFEE
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset he DAYS_OF_WEEK_ABBREV [list \. "\u05d0"\. "\u05d1"\. "\u05d2"\. "\u05d3"\. "\u05d4"\. "\u05d5"\. "\u05e9"]. ::msgcat::mcset he DAYS_OF_WEEK_FULL [list \. "\u05d9\u05d5\u05dd \u05e8\u05d0\u05e9\u05d5\u05df"\. "\u05d9\u05d5\u05dd \u05e9\u05e0\u05d9"\. "\u05d9\u05d5\u05dd \u05e9\u05dc\u05d9\u05e9\u05d9"\. "\u05d9\u05d5\u05dd \u05e8\u05d1\u05d9\u05e2\u05d9"\. "\u05d9\u05d5\u05dd \u05d7\u05de\u05d9\u05e9\u05d9"\. "\u05d9\u05d5\u05dd \u05e9\u05d9\u05e9\u05d9"\. "\u05e9\u05d1\u05ea"]. ::msgcat::mcset he MONTHS_ABBREV [list \. "\u05d9\u05e0\u05d5"\. "\u05e4\u05d1\u05e8"\. "\u05de\u05e8\u05e5"\. "\u05d0\u05e4\u05e8"\. "\u05de\u05d0\u05d9"\. "\u05d9\u05d5\u05e0"\. "\u05d9\u05d5\u05dc"\. "\u05d0\u05d5\u05d2"\. "\u05e1\u05e4\u05d8"\.

C:\Users\user\AppData\Local\Update\tcl\msgs\hi.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1738
Entropy (8bit):	4.1505681803025185
Encrypted:	false
SSDEEP:
MD5:	349823390798DF68270E4DB46C3CA863
SHA1:	814F9506FCD8B592C22A47023E73457C469B2F53
SHA-256:	FAFE65DB09BDCB863742FDA8705BCD1C31B59E0DD8A3B347EA6DEC2596CEE0E9
SHA-512:	4D12213EA9A3EAD6828E21D3B5B73931DC922EBE8FD2373E3A3E106DF1784E0BCE2C9D1FBEAE0D433449BE6D28A0F2F50F49AB8C208E69D413C6787ADF52915E
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset hi DAYS_OF_WEEK_FULL [list \. "\u0930\u0935\u093f\u0935\u093e\u0930"\. "\u0938\u094b\u092e\u0935\u093e\u0930"\. "\u092e\u0902\u0917\u0932\u0935\u093e\u0930"\. "\u092c\u0941\u0927\u0935\u093e\u0930"\. "\u0917\u0941\u0930\u0941\u0935\u093e\u0930"\. "\u0936\u0941\u0915\u094d\u0930\u0935\u093e\u0930"\. "\u0936\u0928\u093f\u0935\u093e\u0930"]. ::msgcat::mcset hi MONTHS_ABBREV [list \. "\u091c\u0928\u0935\u0930\u0940"\. "\u092b\u093c\u0930\u0935\u0930\u0940"\. "\u092e\u093e\u0930\u094d\u091a"\. "\u0905\u092a\u094d\u0930\u0947\u0932"\. "\u092e\u0908"\. "\u091c\u0942\u0928"\. "\u091c\u0941\u0932\u093e\u0908"\. "\u0905\u0917\u0938\u094d\u0924"\. "\u0938\u093f\u0924\u092e\u094d\u092c\u0930"\. "\u0905\u0915\u094d\u091f\u0942\u092c\u0930"\. "\u0928\u0935\u092e\u094d\u092c\u093

C:\Users\user\AppData\Local\Update\tcl\msgs\hi_in.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.882853646266983
Encrypted:	false
SSDEEP:
MD5:	BC86C58492BCB8828489B871D2A727F0
SHA1:	22EEC74FC011063071A40C3860AE8EF38D898582
SHA-256:	29C7CA358FFFCAF94753C7CC2F63B58386234B75552FA3272C2E36F253770C3F
SHA-512:	ABFE093952144A285F7A86800F5933F7242CB224D917B4BAA4FD2CA48792BEFCBEE9AB7073472510B53D31083719EC68A77DD896410B3DC3C6E2CCD60C2E92F9
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset hi_IN DATE_FORMAT "%d %M %Y". ::msgcat::mcset hi_IN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset hi_IN DATE_TIME_FORMAT "%d %M %Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\hr.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1121
Entropy (8bit):	4.291836444825864
Encrypted:	false
SSDEEP:
MD5:	46FD3DF765F366C60B91FA0C4DE147DE
SHA1:	5E006D1ACA7BBDAC9B8A65EFB26FAFC03C6E9FDE
SHA-256:	9E14D8F7F54BE953983F198C8D59F38842C5F73419A5E81BE6460B3623E7307A
SHA-512:	3AC26C55FB514D9EA46EF57582A2E0B64822E90C889F4B83A62EE255744FEBE0A012079DD764E0F6C7338B3580421C5B6C8575E0B85632015E3689CF58D9EB77
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset hr DAYS_OF_WEEK_ABBREV [list \. "ned"\. "pon"\. "uto"\. "sri"\. "\u010det"\. "pet"\. "sub"]. ::msgcat::mcset hr DAYS_OF_WEEK_FULL [list \. "nedjelja"\. "ponedjeljak"\. "utorak"\. "srijeda"\. "\u010detvrtak"\. "petak"\. "subota"]. ::msgcat::mcset hr MONTHS_ABBREV [list \. "sij"\. "vel"\. "o\u017eu"\. "tra"\. "svi"\. "lip"\. "srp"\. "kol"\. "ruj"\. "lis"\. "stu"\. "pro"\. ""]. ::msgcat::mcset hr MONTHS_FULL [list \. "sije\u010danj"\. "velja\u010da"\. "o\u017eujak"\. "travanj"\. "svibanj"\. "lipanj"\. "srpanj"\. "kolovoz"\. "rujan"\. "listopad"\. "studeni"\. "prosinac"\. ""]. ::msgcat::mcset hr DATE_FORMAT "

C:\Users\user\AppData\Local\Update\tcl\msgs\hu.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1327
Entropy (8bit):	4.447184847972284
Encrypted:	false
SSDEEP:
MD5:	0561E62941F6ED8965DFC4E2B424E028
SHA1:	C622B21C0DBA83F943FBD10C746E5FABE20235B2
SHA-256:	314F4180C05DE4A4860F65AF6460900FFF77F12C08EDD728F68CA0065126B9AE
SHA-512:	CAD01C963145463612BBAE4B9F5C80B83B228C0181C2500CE8CE1394E1A32CCA3587221F1406F6343029059F5AD47E8FD5514535DCEA45BBA6B2AE76993DFFBD
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset hu DAYS_OF_WEEK_ABBREV [list \. "V"\. "H"\. "K"\. "Sze"\. "Cs"\. "P"\. "Szo"]. ::msgcat::mcset hu DAYS_OF_WEEK_FULL [list \. "vas\u00e1rnap"\. "h\u00e9tf\u0151"\. "kedd"\. "szerda"\. "cs\u00fct\u00f6rt\u00f6k"\. "p\u00e9ntek"\. "szombat"]. ::msgcat::mcset hu MONTHS_ABBREV [list \. "jan."\. "febr."\. "m\u00e1rc."\. "\u00e1pr."\. "m\u00e1j."\. "j\u00fan."\. "j\u00fal."\. "aug."\. "szept."\. "okt."\. "nov."\. "dec."\. ""]. ::msgcat::mcset hu MONTHS_FULL [list \. "janu\u00e1r"\. "febru\u00e1r"\. "m\u00e1rcius"\. "\u00e1prilis"\. "m\u00e1jus"\. "j\u00fanius"\. "j\u00falius"\. "augusztus"\. "szeptember"\. "okt\u00f3ber"\. "nove

C:\Users\user\AppData\Local\Update\tcl\msgs\id.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	914
Entropy (8bit):	3.9322448438499125
Encrypted:	false
SSDEEP:
MD5:	CE834C7E0C3170B733122FF8BF38C28D
SHA1:	693ACC2A0972156B984106AFD07911AF14C4F19C
SHA-256:	1F1B0F5DEDE0263BD81773A78E98AF551F36361ACCB315B618C8AE70A5FE781E
SHA-512:	23BFC6E2CDB7BA75AAC3AA75869DF4A235E4526E8E83D73551B3BC2CE89F3675EBFA75BC94177F2C2BD6AC58C1B125BE65F8489BC4F85FA701415DB9768F7A80
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset id DAYS_OF_WEEK_ABBREV [list \. "Min"\. "Sen"\. "Sel"\. "Rab"\. "Kam"\. "Jum"\. "Sab"]. ::msgcat::mcset id DAYS_OF_WEEK_FULL [list \. "Minggu"\. "Senin"\. "Selasa"\. "Rabu"\. "Kamis"\. "Jumat"\. "Sabtu"]. ::msgcat::mcset id MONTHS_ABBREV [list \. "Jan"\. "Peb"\. "Mar"\. "Apr"\. "Mei"\. "Jun"\. "Jul"\. "Agu"\. "Sep"\. "Okt"\. "Nov"\. "Des"\. ""]. ::msgcat::mcset id MONTHS_FULL [list \. "Januari"\. "Pebruari"\. "Maret"\. "April"\. "Mei"\. "Juni"\. "Juli"\. "Agustus"\. "September"\. "Oktober"\. "November"\. "Desember"\. ""].}.

C:\Users\user\AppData\Local\Update\tcl\msgs\id_id.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.857986813915644
Encrypted:	false
SSDEEP:
MD5:	A285817AAABD5203706D5F2A34158C03
SHA1:	18FD0178051581C9F019604499BF91B16712CC91
SHA-256:	DB81643BA1FD115E9D547943A889A56DFC0C81B63F21B1EDC1955C6884C1B2F5
SHA-512:	0B6C684F2E5122681309A6212980C95C14172723F12D4864AF8A8A913DC7081BC42AC39CF087D29770B4A1F0B3B1F712856CBF05D1975FFFC008C16A91081A00
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset id_ID DATE_FORMAT "%d %B %Y". ::msgcat::mcset id_ID TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset id_ID DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\is.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1255
Entropy (8bit):	4.391152464169964
Encrypted:	false
SSDEEP:
MD5:	6695839F1C4D2A92552CB1647FD14DA5
SHA1:	04CB1976846A78EA9593CB3706C9D61173CE030C
SHA-256:	6767115FFF2DA05F49A28BAD78853FAC6FC716186B985474D6D30764E1727C40
SHA-512:	208766038A6A1D748F4CB2660F059AD355A5439EA6D8326F4F410B2DFBBDEECB55D4CE230C01C519B08CAB1CF5E5B3AC61E7BA86020A7BDA1AFEA624F3828521
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset is DAYS_OF_WEEK_ABBREV [list \. "sun."\. "m\u00e1n."\. "\u00feri."\. "mi\u00f0."\. "fim."\. "f\u00f6s."\. "lau."]. ::msgcat::mcset is DAYS_OF_WEEK_FULL [list \. "sunnudagur"\. "m\u00e1nudagur"\. "\u00feri\u00f0judagur"\. "mi\u00f0vikudagur"\. "fimmtudagur"\. "f\u00f6studagur"\. "laugardagur"]. ::msgcat::mcset is MONTHS_ABBREV [list \. "jan."\. "feb."\. "mar."\. "apr."\. "ma\u00ed"\. "j\u00fan."\. "j\u00fal."\. "\u00e1g\u00fa."\. "sep."\. "okt."\. "n\u00f3v."\. "des."\. ""]. ::msgcat::mcset is MONTHS_FULL [list \. "jan\u00faar"\. "febr\u00faar"\. "mars"\. "apr\u00edl"\. "ma\u00ed"\. "j\u00fan\u00ed"\. "j\u00fal\u00ed"\. "\u00e1g\u00fast"\.

C:\Users\user\AppData\Local\Update\tcl\msgs\it.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1240
Entropy (8bit):	4.207511774275323
Encrypted:	false
SSDEEP:
MD5:	8E205D032206D794A681E2A994532FA6
SHA1:	47098672D339624474E8854EB0512D54A0CA49E7
SHA-256:	C7D84001855586A0BAB236A6A5878922D9C4A2EA1799BF18544869359750C0DF
SHA-512:	139219DBD014CCA15922C45C7A0468F62E864F18CC16C7B8506258D1ECD766E1EFF6EAE4DFDAF72898B9AF1A5E6CE8D7BB0F1A93A6604D2539F2645C9ED8D146
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset it DAYS_OF_WEEK_ABBREV [list \. "dom"\. "lun"\. "mar"\. "mer"\. "gio"\. "ven"\. "sab"]. ::msgcat::mcset it DAYS_OF_WEEK_FULL [list \. "domenica"\. "luned\u00ec"\. "marted\u00ec"\. "mercoled\u00ec"\. "gioved\u00ec"\. "venerd\u00ec"\. "sabato"]. ::msgcat::mcset it MONTHS_ABBREV [list \. "gen"\. "feb"\. "mar"\. "apr"\. "mag"\. "giu"\. "lug"\. "ago"\. "set"\. "ott"\. "nov"\. "dic"\. ""]. ::msgcat::mcset it MONTHS_FULL [list \. "gennaio"\. "febbraio"\. "marzo"\. "aprile"\. "maggio"\. "giugno"\. "luglio"\. "agosto"\. "settembre"\. "ottobre"\. "novembre"\. "dicembre"\. ""]. ::msgcat::mcset it BCE "aC". ::msgc

C:\Users\user\AppData\Local\Update\tcl\msgs\it_ch.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	244
Entropy (8bit):	4.851375233848049
Encrypted:	false
SSDEEP:
MD5:	8666E24230AED4DC76DB93BE1EA07FF6
SHA1:	7C688C8693C76AEE07FB32637CD58E47A85760F3
SHA-256:	2EE356FFA2491A5A60BDF7D7FEBFAC426824904738615A0C1D07AEF6BDA3B76F
SHA-512:	BCCE87FB94B28B369B9EE48D792A399DB8250D0D3D73FC05D053276A7475229EF1555D5E516D780092496F0E5F229A9912A45FB5A88C024FCEBF08E654D37B07
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset it_CH DATE_FORMAT "%e. %B %Y". ::msgcat::mcset it_CH TIME_FORMAT "%H:%M:%S". ::msgcat::mcset it_CH DATE_TIME_FORMAT "%e. %B %Y %H:%M:%S %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\ja.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1664
Entropy (8bit):	4.88149888596689
Encrypted:	false
SSDEEP:
MD5:	430DEB41034402906156D7E23971CD2C
SHA1:	0952FFBD241B5111714275F5CD8FB5545067FFEC
SHA-256:	38DCA9B656241884923C451A369B90A9F1D76F9029B2E98E04784323169C3251
SHA-512:	AE5DF1B79AE34DF4CC1EB00406FFF49541A95E2C732E3041CCE321F2F3FA6461BB45C6524A5FEB77E18577206CBD88A83FBF20B4B058BAE9B889179C93221557
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ja DAYS_OF_WEEK_ABBREV [list \. "\u65e5"\. "\u6708"\. "\u706b"\. "\u6c34"\. "\u6728"\. "\u91d1"\. "\u571f"]. ::msgcat::mcset ja DAYS_OF_WEEK_FULL [list \. "\u65e5\u66dc\u65e5"\. "\u6708\u66dc\u65e5"\. "\u706b\u66dc\u65e5"\. "\u6c34\u66dc\u65e5"\. "\u6728\u66dc\u65e5"\. "\u91d1\u66dc\u65e5"\. "\u571f\u66dc\u65e5"]. ::msgcat::mcset ja MONTHS_FULL [list \. "1\u6708"\. "2\u6708"\. "3\u6708"\. "4\u6708"\. "5\u6708"\. "6\u6708"\. "7\u6708"\. "8\u6708"\. "9\u6708"\. "10\u6708"\. "11\u6708"\. "12\u6708"]. ::msgcat::mcset ja BCE "\u7d00\u5143\u524d". ::msgcat::mcset ja CE "\u897f\u66a6". ::msgcat::mcset ja AM "\u5348\u524d". ::msgcat::mcset ja PM "\u5348\u5f8c". ::msgcat::mcset ja DATE_FORMAT "%Y/%m/%

C:\Users\user\AppData\Local\Update\tcl\msgs\kl.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	978
Entropy (8bit):	4.013253613061898
Encrypted:	false
SSDEEP:
MD5:	AE55E001BBE3272CE13369C836139EF3
SHA1:	D912A0AEBA08BC97D80E9B7A55CE146956C90BCC
SHA-256:	1B00229DF5A979A040339BBC72D448F39968FEE5CC24F07241C9F6129A9B53DD
SHA-512:	E53E8DB56AD367E832A121D637CA4755E6C8768C063E4BE43E6193C5F71ED7AA10F7223AC85750C0CAD543CF4A0BFE578CBA2877F176A5E58DCA2BAA2F7177FB
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kl DAYS_OF_WEEK_ABBREV [list \. "sab"\. "ata"\. "mar"\. "pin"\. "sis"\. "tal"\. "arf"]. ::msgcat::mcset kl DAYS_OF_WEEK_FULL [list \. "sabaat"\. "ataasinngorneq"\. "marlunngorneq"\. "pingasunngorneq"\. "sisamanngorneq"\. "tallimanngorneq"\. "arfininngorneq"]. ::msgcat::mcset kl MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "maj"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset kl MONTHS_FULL [list \. "januari"\. "februari"\. "martsi"\. "aprili"\. "maji"\. "juni"\. "juli"\. "augustusi"\. "septemberi"\. "oktoberi"\. "novemberi"\. "decemberi"\. ""].}.

C:\Users\user\AppData\Local\Update\tcl\msgs\kl_gl.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	279
Entropy (8bit):	4.83493357349932
Encrypted:	false
SSDEEP:
MD5:	4B8E5B6EB7C27A02DBC0C766479B068D
SHA1:	E97A948FFE6C8DE99F91987155DF0A81A630950E
SHA-256:	F99DA45138A8AEBFD92747FC28992F0C315C6C4AD97710EAF9427263BFFA139C
SHA-512:	D726494A6F4E1FB8C71B8B56E9B735C1837D8D22828D006EF386E41AD15CD1E4CF14DAC01966B9AFE41F7B6A44916EFC730CF038B4EC393043AE9021D11DACF2
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kl_GL DATE_FORMAT "%d %b %Y". ::msgcat::mcset kl_GL TIME_FORMAT "%T". ::msgcat::mcset kl_GL TIME_FORMAT_12 "%T". ::msgcat::mcset kl_GL DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\ko.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1566
Entropy (8bit):	4.552910804130986
Encrypted:	false
SSDEEP:
MD5:	A4C37AF81FC4AA6003226A95539546C1
SHA1:	A18A7361783896C691BD5BE8B3A1FCCCCB015F43
SHA-256:	F6E2B0D116D2C9AC90DDA430B6892371D87A4ECFB6955318978ED6F6E9D546A6
SHA-512:	FBE6BA258C250BD90FADCC42AC18A17CC4E7B040F160B94075AF1F42ECD43EEA6FE49DA52CF9B5BBB5D965D6AB7C4CC4053A78E865241F891E13F94EB20F0472
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ko DAYS_OF_WEEK_ABBREV [list \. "\uc77c"\. "\uc6d4"\. "\ud654"\. "\uc218"\. "\ubaa9"\. "\uae08"\. "\ud1a0"]. ::msgcat::mcset ko DAYS_OF_WEEK_FULL [list \. "\uc77c\uc694\uc77c"\. "\uc6d4\uc694\uc77c"\. "\ud654\uc694\uc77c"\. "\uc218\uc694\uc77c"\. "\ubaa9\uc694\uc77c"\. "\uae08\uc694\uc77c"\. "\ud1a0\uc694\uc77c"]. ::msgcat::mcset ko MONTHS_ABBREV [list \. "1\uc6d4"\. "2\uc6d4"\. "3\uc6d4"\. "4\uc6d4"\. "5\uc6d4"\. "6\uc6d4"\. "7\uc6d4"\. "8\uc6d4"\. "9\uc6d4"\. "10\uc6d4"\. "11\uc6d4"\. "12\uc6d4"\. ""]. ::msgcat::mcset ko MONTHS_FULL [list \. "1\uc6d4"\. "2\uc6d4"\. "3\uc6d4"\. "4\uc6d4"\. "5\uc6d4"\. "6\uc6d4"\. "7\uc6d4"\. "8\uc6d4"\.

C:\Users\user\AppData\Local\Update\tcl\msgs\ko_kr.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	346
Entropy (8bit):	5.015790750376121
Encrypted:	false
SSDEEP:
MD5:	9C7E97A55A957AB1D1B5E988AA514724
SHA1:	592F8FF9FABBC7BF48539AF748DCFC9241AED82D
SHA-256:	31A4B74F51C584354907251C55FE5CE894D2C9618156A1DC6F5A979BC350DB17
SHA-512:	9D04DF2A87AFE24C339E1A0F6358FE995CBCAF8C7B08A1A7953675E2C2C1EDBCAF297B23C2B9BEC398DFEE6D1D75CE32E31389A7199466A38BC83C8DBBA67C77
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ko_KR BCE "\uae30\uc6d0\uc804". ::msgcat::mcset ko_KR CE "\uc11c\uae30". ::msgcat::mcset ko_KR DATE_FORMAT "%Y.%m.%d". ::msgcat::mcset ko_KR TIME_FORMAT_12 "%P %l:%M:%S". ::msgcat::mcset ko_KR DATE_TIME_FORMAT "%Y.%m.%d %P %l:%M:%S %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\kok.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1958
Entropy (8bit):	4.1451019501109965
Encrypted:	false
SSDEEP:
MD5:	E7938CB3AF53D42B4142CB104AB04B3B
SHA1:	6205BD2336857F368CABF89647F54D94E093A77B
SHA-256:	D236D5B27184B1E813E686D901418117F22D67024E6944018FC4B633DF9FF744
SHA-512:	CE77CE2EC773F3A1A3CD68589C26F7089E8133ADE601CE899EEB0B13648051344A94E69AEC2C8C58349456E52B11EB7545C8926E3F08DB643EE551C641FF38DB
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kok DAYS_OF_WEEK_FULL [list \. "\u0906\u0926\u093f\u0924\u094d\u092f\u0935\u093e\u0930"\. "\u0938\u094b\u092e\u0935\u093e\u0930"\. "\u092e\u0902\u0917\u0933\u093e\u0930"\. "\u092c\u0941\u0927\u0935\u093e\u0930"\. "\u0917\u0941\u0930\u0941\u0935\u093e\u0930"\. "\u0936\u0941\u0915\u094d\u0930\u0935\u093e\u0930"\. "\u0936\u0928\u093f\u0935\u093e\u0930"]. ::msgcat::mcset kok MONTHS_ABBREV [list \. "\u091c\u093e\u0928\u0947\u0935\u093e\u0930\u0940"\. "\u092b\u0947\u092c\u0943\u0935\u093e\u0930\u0940"\. "\u092e\u093e\u0930\u094d\u091a"\. "\u090f\u092a\u094d\u0930\u093f\u0932"\. "\u092e\u0947"\. "\u091c\u0942\u0928"\. "\u091c\u0941\u0932\u0948"\. "\u0913\u0917\u0938\u094d\u091f"\. "\u0938\u0947\u092a\u094d\u091f\u0947\u0902\u092c\u0930"\. "\u0913\u0915\u094d\u091f\u094b\u092c\u0

C:\Users\user\AppData\Local\Update\tcl\msgs\kok_in.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	254
Entropy (8bit):	4.8580653411441155
Encrypted:	false
SSDEEP:
MD5:	A3B27D44ED430AEC7DF2A47C19659CC4
SHA1:	700E4B9C395B540BFCE9ABDC81E6B9B758893DC9
SHA-256:	BEE07F14C7F4FC93B62AC318F89D2ED0DD6FF30D2BF21C2874654FF0292A6C4B
SHA-512:	79E9D8B817BDB6594A7C95991B2F6D7571D1C2976E74520D28223CF9F05EAA2128A44BC83A94089F09011FFCA9DB5E2D4DD74B59DE2BADC022E1571C595FE36C
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kok_IN DATE_FORMAT "%d %M %Y". ::msgcat::mcset kok_IN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset kok_IN DATE_TIME_FORMAT "%d %M %Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\kw.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	966
Entropy (8bit):	3.9734955453120504
Encrypted:	false
SSDEEP:
MD5:	413A264B40EEBEB28605481A3405D27D
SHA1:	9C2EFA6326C62962DCD83BA8D16D89616D2C5B77
SHA-256:	F49F4E1C7142BF7A82FC2B9FC075171AE45903FE69131478C15219D72BBAAD33
SHA-512:	CF0559DB130B8070FEC93A64F5317A2C9CDE7D5EAFD1E92E76EAAE0740C6429B7AB7A60BD833CCA4ABCC0AADEBC6A68F854FF654E0707091023D275404172427
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kw DAYS_OF_WEEK_ABBREV [list \. "Sul"\. "Lun"\. "Mth"\. "Mhr"\. "Yow"\. "Gwe"\. "Sad"]. ::msgcat::mcset kw DAYS_OF_WEEK_FULL [list \. "De Sul"\. "De Lun"\. "De Merth"\. "De Merher"\. "De Yow"\. "De Gwener"\. "De Sadorn"]. ::msgcat::mcset kw MONTHS_ABBREV [list \. "Gen"\. "Whe"\. "Mer"\. "Ebr"\. "Me"\. "Evn"\. "Gor"\. "Est"\. "Gwn"\. "Hed"\. "Du"\. "Kev"\. ""]. ::msgcat::mcset kw MONTHS_FULL [list \. "Mys Genver"\. "Mys Whevrel"\. "Mys Merth"\. "Mys Ebrel"\. "Mys Me"\. "Mys Evan"\. "Mys Gortheren"\. "Mye Est"\. "Mys Gwyngala"\. "Mys Hedra"\. "Mys Du"\. "Mys Kevardhu"\. ""].}.

C:\Users\user\AppData\Local\Update\tcl\msgs\kw_gb.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.914818138642697
Encrypted:	false
SSDEEP:
MD5:	D325ADCF1F81F40D7B5D9754AE0542F3
SHA1:	7A6BCD6BE5F41F84B600DF355CB00ECB9B4AE8C0
SHA-256:	7A8A539C8B990AEFFEA06188B98DC437FD2A6E89FF66483EF334994E73FD0EC9
SHA-512:	A05BBB3F80784B9C8BBA3FE618FEE154EE40D240ED4CFF7CD6EEE3D97BC4F065EFF585583123F1FFD8ABA1A194EB353229E15ED5CD43759D4D356EC5BE8DCD73
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kw_GB DATE_FORMAT "%d %B %Y". ::msgcat::mcset kw_GB TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset kw_GB DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\lt.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1255
Entropy (8bit):	4.4416408590245
Encrypted:	false
SSDEEP:
MD5:	73F0A9C360A90CB75C6DA7EF87EF512F
SHA1:	582EB224C9715C8336B4D1FCE7DDEC0D89F5AD71
SHA-256:	510D8EED3040B50AFAF6A3C85BC98847F1B4D5D8A685C5EC06ACC2491B890101
SHA-512:	B5482C7448BFC44B05FCF7EB0642B0C7393F4438082A507A94C13F56F12A115A5CE7F0744518BB0B2FAF759D1AD7744B0BEDB98F563C2A4AB11BC4619D7CEA22
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset lt DAYS_OF_WEEK_ABBREV [list \. "Sk"\. "Pr"\. "An"\. "Tr"\. "Kt"\. "Pn"\. "\u0160t"]. ::msgcat::mcset lt DAYS_OF_WEEK_FULL [list \. "Sekmadienis"\. "Pirmadienis"\. "Antradienis"\. "Tre\u010diadienis"\. "Ketvirtadienis"\. "Penktadienis"\. "\u0160e\u0161tadienis"]. ::msgcat::mcset lt MONTHS_ABBREV [list \. "Sau"\. "Vas"\. "Kov"\. "Bal"\. "Geg"\. "Bir"\. "Lie"\. "Rgp"\. "Rgs"\. "Spa"\. "Lap"\. "Grd"\. ""]. ::msgcat::mcset lt MONTHS_FULL [list \. "Sausio"\. "Vasario"\. "Kovo"\. "Baland\u017eio"\. "Gegu\u017e\u0117s"\. "Bir\u017eelio"\. "Liepos"\. "Rugpj\u016b\u010dio"\. "Rugs\u0117jo"\. "Spalio"\. "Lapkri\u010dio"\. "G

C:\Users\user\AppData\Local\Update\tcl\msgs\lv.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1219
Entropy (8bit):	4.39393801727056
Encrypted:	false
SSDEEP:
MD5:	D5DEB8EFFE6298858F9D1B9FAD0EA525
SHA1:	973DF40D0464BCE10EB5991806D9990B65AB0F82
SHA-256:	FD95B38A3BEBD59468BDC2890BAC59DF31C352E17F2E77C82471E1CA89469802
SHA-512:	F024E3D6D30E8E5C3316364A905C8CCAC87427BFC2EC10E72065F1DD114A112A61FDECDF1C4EC9C3D8BB9A54D18ED4AE9D57B07DA4AFFE480DE12F3D54BED928
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset lv DAYS_OF_WEEK_ABBREV [list \. "Sv"\. "P"\. "O"\. "T"\. "C"\. "Pk"\. "S"]. ::msgcat::mcset lv DAYS_OF_WEEK_FULL [list \. "sv\u0113tdiena"\. "pirmdiena"\. "otrdiena"\. "tre\u0161diena"\. "ceturdien"\. "piektdiena"\. "sestdiena"]. ::msgcat::mcset lv MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mar"\. "Apr"\. "Maijs"\. "J\u016bn"\. "J\u016bl"\. "Aug"\. "Sep"\. "Okt"\. "Nov"\. "Dec"\. ""]. ::msgcat::mcset lv MONTHS_FULL [list \. "janv\u0101ris"\. "febru\u0101ris"\. "marts"\. "apr\u012blis"\. "maijs"\. "j\u016bnijs"\. "j\u016blijs"\. "augusts"\. "septembris"\. "oktobris"\. "novembris"\. "decembris"\. ""]. ::msgcat

C:\Users\user\AppData\Local\Update\tcl\msgs\mk.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2105
Entropy (8bit):	4.237536682442766
Encrypted:	false
SSDEEP:
MD5:	CD589758D4F4B522781A10003D3E1791
SHA1:	D953DD123D54B02BAF4B1AE0D36081CDFCA38444
SHA-256:	F384DD88523147CEF42AA871D323FC4CBEE338FF67CC5C95AEC7940C0E531AE3
SHA-512:	2EA1E71CD1E958F83277006343E85513D112CBB3C22CBFF29910CB1FC37F2389B3F1DCB2533EC59F9E642624869E5C61F289FDC010B55C6EECEF378F2D92DB0B
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset mk DAYS_OF_WEEK_ABBREV [list \. "\u043d\u0435\u0434."\. "\u043f\u043e\u043d."\. "\u0432\u0442."\. "\u0441\u0440\u0435."\. "\u0447\u0435\u0442."\. "\u043f\u0435\u0442."\. "\u0441\u0430\u0431."]. ::msgcat::mcset mk DAYS_OF_WEEK_FULL [list \. "\u043d\u0435\u0434\u0435\u043b\u0430"\. "\u043f\u043e\u043d\u0435\u0434\u0435\u043b\u043d\u0438\u043a"\. "\u0432\u0442\u043e\u0440\u043d\u0438\u043a"\. "\u0441\u0440\u0435\u0434\u0430"\. "\u0447\u0435\u0442\u0432\u0440\u0442\u043e\u043a"\. "\u043f\u0435\u0442\u043e\u043a"\. "\u0441\u0430\u0431\u043e\u0442\u0430"]. ::msgcat::mcset mk MONTHS_ABBREV [list \. "\u0458\u0430\u043d."\. "\u0444\u0435\u0432."\. "\u043c\u0430\u0440."\. "\u0430\u043f\u0440."\. "\u043c\u0430\u0458."\. "\u0458\u0443\u043d."\. "\u0458\

C:\Users\user\AppData\Local\Update\tcl\msgs\mr.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1807
Entropy (8bit):	4.160320823510059
Encrypted:	false
SSDEEP:
MD5:	791408BAE710B77A27AD664EC3325E1C
SHA1:	E760B143A854838E18FFB66500F4D312DD80634E
SHA-256:	EB2E2B7A41854AF68CEF5881CF1FBF4D38E70D2FAB2C3F3CE5901AA5CC56FC15
SHA-512:	FE91EF67AB9313909FE0C29D5FBE2298EE35969A26A63D94A406BFDA7BCF932F2211F94C0E3C1D718DBC2D1145283C768C23487EEB253249ACFE76E8D1F1D1E5
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset mr DAYS_OF_WEEK_FULL [list \. "\u0930\u0935\u093f\u0935\u093e\u0930"\. "\u0938\u094b\u092e\u0935\u093e\u0930"\. "\u092e\u0902\u0917\u0933\u0935\u093e\u0930"\. "\u092e\u0902\u0917\u0933\u0935\u093e\u0930"\. "\u0917\u0941\u0930\u0941\u0935\u093e\u0930"\. "\u0936\u0941\u0915\u094d\u0930\u0935\u093e\u0930"\. "\u0936\u0928\u093f\u0935\u093e\u0930"]. ::msgcat::mcset mr MONTHS_ABBREV [list \. "\u091c\u093e\u0928\u0947\u0935\u093e\u0930\u0940"\. "\u092b\u0947\u092c\u0943\u0935\u093e\u0930\u0940"\. "\u092e\u093e\u0930\u094d\u091a"\. "\u090f\u092a\u094d\u0930\u093f\u0932"\. "\u092e\u0947"\. "\u091c\u0942\u0928"\. "\u091c\u0941\u0932\u0948"\. "\u0913\u0917\u0938\u094d\u091f"\. "\u0938\u0947\u092a\u094d\u091f\u0947\u0902\u092c\u0930"\. "\u0913\u0915\u094d\u091f\u094b\u092c\u0930"\.

C:\Users\user\AppData\Local\Update\tcl\msgs\mr_in.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.847742455062573
Encrypted:	false
SSDEEP:
MD5:	899E845D33CAAFB6AD3B1F24B3F92843
SHA1:	FC17A6742BF87E81BBD4D5CB7B4DCED0D4DD657B
SHA-256:	F75A29BB323DB4354B0C759CB1C8C5A4FFC376DFFD74274CA60A36994816A75C
SHA-512:	99D05FCE8A9C9BE06FDA8B54D4DE5497141F6373F470B2AB24C2D00B9C56031350F5DCDA2283A0E6F5B09FF21218FC3C7E2A6AB8ECC5BB020546FD62BDC8FF99
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset mr_IN DATE_FORMAT "%d %M %Y". ::msgcat::mcset mr_IN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset mr_IN DATE_TIME_FORMAT "%d %M %Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\ms_my.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	259
Entropy (8bit):	4.770028367699931
Encrypted:	false
SSDEEP:
MD5:	8261689A45FB754158B10B044BDC4965
SHA1:	6FFC9B16A0600D9BC457322F1316BC175309C6CA
SHA-256:	D05948D75C06669ADDB9708BC5FB48E6B651D4E62EF1B327EF8A3F605FD5271C
SHA-512:	0321A5C17B3E33FDE9480AC6014B373D1663219D0069388920D277AA61341B8293883517C900030177FF82D65340E6C9E3ED051B27708DD093055E3BE64B2AF3
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ms_MY DATE_FORMAT "%A %d %b %Y". ::msgcat::mcset ms_MY TIME_FORMAT_12 "%I:%M:%S %z". ::msgcat::mcset ms_MY DATE_TIME_FORMAT "%A %d %b %Y %I:%M:%S %z %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\mt.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	690
Entropy (8bit):	4.48913642143724
Encrypted:	false
SSDEEP:
MD5:	CE7E67A03ED8C3297C6A5B634B55D144
SHA1:	3DA5ACC0F52518541810E7F2FE57751955E12BDA
SHA-256:	D115718818E3E3367847CE35BB5FF0361D08993D9749D438C918F8EB87AD8814
SHA-512:	3754AA7B7D27A813C6113D2AA834A951FED1B81E4DACE22C81E0583F29BBC73C014697F39A2067DEC622D98EACD70D26FD40F80CF6D09E1C949F01FADED52C74
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset mt DAYS_OF_WEEK_ABBREV [list \. "\u0126ad"\. "Tne"\. "Tli"\. "Erb"\. "\u0126am"\. "\u0120im"]. ::msgcat::mcset mt MONTHS_ABBREV [list \. "Jan"\. "Fra"\. "Mar"\. "Apr"\. "Mej"\. "\u0120un"\. "Lul"\. "Awi"\. "Set"\. "Ott"\. "Nov"]. ::msgcat::mcset mt BCE "QK". ::msgcat::mcset mt CE "". ::msgcat::mcset mt DATE_FORMAT "%A, %e ta %B, %Y". ::msgcat::mcset mt TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset mt DATE_TIME_FORMAT "%A, %e ta %B, %Y %l:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\nb.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1157
Entropy (8bit):	4.24006506188001
Encrypted:	false
SSDEEP:
MD5:	D5509ABF5CBFB485C20A26FCC6B1783E
SHA1:	53A298FBBF09AE2E223B041786443A3D8688C9EB
SHA-256:	BC401889DD934C49D10D99B471441BE2B536B1722739C7B0AB7DE7629680F602
SHA-512:	BDAFBA46EF44151CFD9EF7BC1909210F6DB2BAC20C31ED21AE3BE7EAC785CD4F545C4590CF551C0D066F982E2050F5844BDDC569F32C5804DBDE657F4511A6FE
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset nb DAYS_OF_WEEK_ABBREV [list \. "s\u00f8"\. "ma"\. "ti"\. "on"\. "to"\. "fr"\. "l\u00f8"]. ::msgcat::mcset nb DAYS_OF_WEEK_FULL [list \. "s\u00f8ndag"\. "mandag"\. "tirsdag"\. "onsdag"\. "torsdag"\. "fredag"\. "l\u00f8rdag"]. ::msgcat::mcset nb MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "mai"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "des"\. ""]. ::msgcat::mcset nb MONTHS_FULL [list \. "januar"\. "februar"\. "mars"\. "april"\. "mai"\. "juni"\. "juli"\. "august"\. "september"\. "oktober"\. "november"\. "desember"\. ""]. ::msgcat::mcset nb BCE "f.Kr.". ::msgcat::mcset nb CE "e.Kr.".

C:\Users\user\AppData\Local\Update\tcl\msgs\nl.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1079
Entropy (8bit):	4.158523842311663
Encrypted:	false
SSDEEP:
MD5:	98820DFF7E1C8A9EAB8C74B0B25DEB5D
SHA1:	5357063D5699188E544D244EC4AEFDDF7606B922
SHA-256:	49128B36B88E380188059C4B593C317382F32E29D1ADC18D58D14D142459A2BB
SHA-512:	26AB945B7BA00433BEC85ACC1D90D1D3B70CE505976CABE1D75A7134E00CD591AC27463987C515EEA079969DBCF200DA9C8538CAAF178A1EE17C9B0284260C45
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset nl DAYS_OF_WEEK_ABBREV [list \. "zo"\. "ma"\. "di"\. "wo"\. "do"\. "vr"\. "za"]. ::msgcat::mcset nl DAYS_OF_WEEK_FULL [list \. "zondag"\. "maandag"\. "dinsdag"\. "woensdag"\. "donderdag"\. "vrijdag"\. "zaterdag"]. ::msgcat::mcset nl MONTHS_ABBREV [list \. "jan"\. "feb"\. "mrt"\. "apr"\. "mei"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset nl MONTHS_FULL [list \. "januari"\. "februari"\. "maart"\. "april"\. "mei"\. "juni"\. "juli"\. "augustus"\. "september"\. "oktober"\. "november"\. "december"\. ""]. ::msgcat::mcset nl DATE_FORMAT "%e %B %Y". ::msgcat::mcset nl TIME_FORM

C:\Users\user\AppData\Local\Update\tcl\msgs\nl_be.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	279
Entropy (8bit):	4.817188474504631
Encrypted:	false
SSDEEP:
MD5:	B08E30850CA849068D06A99B4E216892
SHA1:	11B5E95FF4D822E76A1B9C28EEC2BC5E95E5E362
SHA-256:	9CD54EC24CBDBEC5E4FE543DDA8CA95390678D432D33201FA1C32B61F8FE225A
SHA-512:	9AF147C2F22B11115E32E0BFD0126FE7668328E7C67B349A781F42B0022A334E53DDF3FCCC2C34C91BFBB45602A002D0D7B569B5E1FE9F0EE6C4570400CB0B0C
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset nl_BE DATE_FORMAT "%d-%m-%y". ::msgcat::mcset nl_BE TIME_FORMAT "%T". ::msgcat::mcset nl_BE TIME_FORMAT_12 "%T". ::msgcat::mcset nl_BE DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\nn.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1148
Entropy (8bit):	4.207752506572597
Encrypted:	false
SSDEEP:
MD5:	2266607EF358B632696C7164E61358B5
SHA1:	A380863A8320DAB1D5A2D60C22ED5F7DB5C7BAF7
SHA-256:	5EE93A8C245722DEB64B68EFF50C081F24DA5DE43D999C006A10C484E1D3B4ED
SHA-512:	2A8DEF754A25736D14B958D8B0CEA0DC41C402A9EFA25C9500BA861A7E8D74C79939C1969AC694245605C17D33AD3984F6B9ACCA4BE03EFC41A878772BB5FD86
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset nn DAYS_OF_WEEK_ABBREV [list \. "su"\. "m\u00e5"\. "ty"\. "on"\. "to"\. "fr"\. "lau"]. ::msgcat::mcset nn DAYS_OF_WEEK_FULL [list \. "sundag"\. "m\u00e5ndag"\. "tysdag"\. "onsdag"\. "torsdag"\. "fredag"\. "laurdag"]. ::msgcat::mcset nn MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "mai"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "des"\. ""]. ::msgcat::mcset nn MONTHS_FULL [list \. "januar"\. "februar"\. "mars"\. "april"\. "mai"\. "juni"\. "juli"\. "august"\. "september"\. "oktober"\. "november"\. "desember"\. ""]. ::msgcat::mcset nn BCE "f.Kr.". ::msgcat::mcset nn CE "e.Kr.". ::msgca

C:\Users\user\AppData\Local\Update\tcl\msgs\pl.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1211
Entropy (8bit):	4.392723231340452
Encrypted:	false
SSDEEP:
MD5:	31A9133E9DCA7751B4C3451D60CCFFA0
SHA1:	FB97A5830965716E77563BE6B7EB1C6A0EA6BF40
SHA-256:	C39595DDC0095EB4AE9E66DB02EE175B31AC3DA1F649EB88FA61B911F838F753
SHA-512:	329EE7FE79783C83361A0C5FFFD7766B64B8544D1AD63C57AEAA2CC6A526E01D9C4D7765C73E88F86DAE57477459EA330A0C42F39E441B50DE9B0F429D01EAE8
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset pl DAYS_OF_WEEK_ABBREV [list \. "N"\. "Pn"\. "Wt"\. "\u015ar"\. "Cz"\. "Pt"\. "So"]. ::msgcat::mcset pl DAYS_OF_WEEK_FULL [list \. "niedziela"\. "poniedzia\u0142ek"\. "wtorek"\. "\u015broda"\. "czwartek"\. "pi\u0105tek"\. "sobota"]. ::msgcat::mcset pl MONTHS_ABBREV [list \. "sty"\. "lut"\. "mar"\. "kwi"\. "maj"\. "cze"\. "lip"\. "sie"\. "wrz"\. "pa\u017a"\. "lis"\. "gru"\. ""]. ::msgcat::mcset pl MONTHS_FULL [list \. "stycze\u0144"\. "luty"\. "marzec"\. "kwiecie\u0144"\. "maj"\. "czerwiec"\. "lipiec"\. "sierpie\u0144"\. "wrzesie\u0144"\. "pa\u017adziernik"\. "listopad"\. "grudzie\u0144"\. ""]. ::msgcat::m

C:\Users\user\AppData\Local\Update\tcl\msgs\pt.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1127
Entropy (8bit):	4.325163993882846
Encrypted:	false
SSDEEP:
MD5:	D827F76D1ED6CB89839CAC2B56FD7252
SHA1:	140D6BC1F6CEF5FD0A390B3842053BF54B54B4E2
SHA-256:	9F2BFFA3B4D8783B2CFB2CED9CC4319ACF06988F61829A1E5291D55B19854E88
SHA-512:	B662336699E23E371F0148EDD742F71874A7A28DFA81F0AFAE91C8C9494CEA1904FEA0C21264CF2A253E0FB1360AD35B28CFC4B74E4D7B2DBB0E453E96F7EB93
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset pt DAYS_OF_WEEK_ABBREV [list \. "Dom"\. "Seg"\. "Ter"\. "Qua"\. "Qui"\. "Sex"\. "S\u00e1b"]. ::msgcat::mcset pt DAYS_OF_WEEK_FULL [list \. "Domingo"\. "Segunda-feira"\. "Ter\u00e7a-feira"\. "Quarta-feira"\. "Quinta-feira"\. "Sexta-feira"\. "S\u00e1bado"]. ::msgcat::mcset pt MONTHS_ABBREV [list \. "Jan"\. "Fev"\. "Mar"\. "Abr"\. "Mai"\. "Jun"\. "Jul"\. "Ago"\. "Set"\. "Out"\. "Nov"\. "Dez"\. ""]. ::msgcat::mcset pt MONTHS_FULL [list \. "Janeiro"\. "Fevereiro"\. "Mar\u00e7o"\. "Abril"\. "Maio"\. "Junho"\. "Julho"\. "Agosto"\. "Setembro"\. "Outubro"\. "Novembro"\. "Dezembro"\. ""]. ::msgcat::mcset pt DATE_FO

C:\Users\user\AppData\Local\Update\tcl\msgs\pt_br.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	279
Entropy (8bit):	4.8127929329126085
Encrypted:	false
SSDEEP:
MD5:	4EE34960147173A12020A583340E92F8
SHA1:	78D91A80E2426A84BC88EE97DA28EC0E4BE8DE45
SHA-256:	E383B20484EE90C00054D52DD5AF473B2AC9DC50C14D459A579EF5F44271D256
SHA-512:	EDFF8FB9A86731FFF005AFBBBB522F69B2C6033F59ECCD5E35A8B6A9E0F9AF23C52FFDCC22D893915AD1854E8104C81DA8C5BD8C794C7E645AFB82001B4BFC24
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset pt_BR DATE_FORMAT "%d-%m-%Y". ::msgcat::mcset pt_BR TIME_FORMAT "%T". ::msgcat::mcset pt_BR TIME_FORMAT_12 "%T". ::msgcat::mcset pt_BR DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\ro.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1172
Entropy (8bit):	4.279005910896047
Encrypted:	false
SSDEEP:
MD5:	0F5C8A7022DB1203442241ABEB5901FF
SHA1:	C54C8BF05E8E6C2C0901D3C88C89DDCF35A26924
SHA-256:	D2E14BE188350D343927D5380EB5672039FE9A37E9A9957921B40E4619B36027
SHA-512:	13ACF499FA803D4446D8EC67119BC8257B1F093084B83D854643CEA918049F96C8FA08DC5F896EECA80A5FD552D90E5079937B1A3894D89A589E468172856163
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ro DAYS_OF_WEEK_ABBREV [list \. "D"\. "L"\. "Ma"\. "Mi"\. "J"\. "V"\. "S"]. ::msgcat::mcset ro DAYS_OF_WEEK_FULL [list \. "duminic\u0103"\. "luni"\. "mar\u0163i"\. "miercuri"\. "joi"\. "vineri"\. "s\u00eemb\u0103t\u0103"]. ::msgcat::mcset ro MONTHS_ABBREV [list \. "Ian"\. "Feb"\. "Mar"\. "Apr"\. "Mai"\. "Iun"\. "Iul"\. "Aug"\. "Sep"\. "Oct"\. "Nov"\. "Dec"\. ""]. ::msgcat::mcset ro MONTHS_FULL [list \. "ianuarie"\. "februarie"\. "martie"\. "aprilie"\. "mai"\. "iunie"\. "iulie"\. "august"\. "septembrie"\. "octombrie"\. "noiembrie"\. "decembrie"\. ""]. ::msgcat::mcset ro BCE "d.C.". ::msgcat::mcset ro CE

C:\Users\user\AppData\Local\Update\tcl\msgs\ru.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2039
Entropy (8bit):	4.225775794669275
Encrypted:	false
SSDEEP:
MD5:	3A7181CE08259FF19D2C27CF8C6752B3
SHA1:	97DFFB1E224CEDB5427841C3B59F85376CD4423B
SHA-256:	C2A3A0BE5BC5A46A6A63C4DE34E317B402BAD40C22FB2936E1A4F53C1E2F625F
SHA-512:	CC9620BA4601E53B22CCFC66A0B53C26224158379DF6BA2D4704A2FE11222DFBDAE3CA9CF51576B4084B8CCA8DB13FDE81396E38F94BCD0C8EA21C5D77680394
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ru DAYS_OF_WEEK_ABBREV [list \. "\u0412\u0441"\. "\u041f\u043d"\. "\u0412\u0442"\. "\u0421\u0440"\. "\u0427\u0442"\. "\u041f\u0442"\. "\u0421\u0431"]. ::msgcat::mcset ru DAYS_OF_WEEK_FULL [list \. "\u0432\u043e\u0441\u043a\u0440\u0435\u0441\u0435\u043d\u044c\u0435"\. "\u043f\u043e\u043d\u0435\u0434\u0435\u043b\u044c\u043d\u0438\u043a"\. "\u0432\u0442\u043e\u0440\u043d\u0438\u043a"\. "\u0441\u0440\u0435\u0434\u0430"\. "\u0447\u0435\u0442\u0432\u0435\u0440\u0433"\. "\u043f\u044f\u0442\u043d\u0438\u0446\u0430"\. "\u0441\u0443\u0431\u0431\u043e\u0442\u0430"]. ::msgcat::mcset ru MONTHS_ABBREV [list \. "\u044f\u043d\u0432"\. "\u0444\u0435\u0432"\. "\u043c\u0430\u0440"\. "\u0430\u043f\u0440"\. "\u043c\u0430\u0439"\. "\u0438\u044e\u043d"\. "\u0438\u

C:\Users\user\AppData\Local\Update\tcl\msgs\ru_ua.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	242
Entropy (8bit):	4.8961185447535
Encrypted:	false
SSDEEP:
MD5:	E719F47462123A8E7DABADD2D362B4D8
SHA1:	332E4CC96E7A01DA7FB399EA14770A5C5185B9F2
SHA-256:	AE5D3DF23F019455F3EDFC3262AAC2B00098881F09B9A934C0D26C0AB896700C
SHA-512:	93C19D51B633A118AB0D172C5A0991E5084BD54B2E61469D800F80B251A57BD1392BA66FD627586E75B1B075A7C9C2C667654F5783C423819FBDEA640A210BFA
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ru_UA DATE_FORMAT "%d.%m.%Y". ::msgcat::mcset ru_UA TIME_FORMAT "%k:%M:%S". ::msgcat::mcset ru_UA DATE_TIME_FORMAT "%d.%m.%Y %k:%M:%S %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\sh.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1160
Entropy (8bit):	4.287536872407747
Encrypted:	false
SSDEEP:
MD5:	C7BBD44BD3C30C6116A15C77B15F8E79
SHA1:	37CD1477A3318838E8D5C93D596A23F99C8409F2
SHA-256:	00F119701C9F3EBA273701A6A731ADAFD7B8902F6BCCF34E61308984456E193A
SHA-512:	DAFBDA53CF6AD57A4F6A078E9EF8ED3CACF2F8809DC2AEFB812A4C3ACCD51D954C52079FA26828D670BF696E14989D3FE3C249F1E612B7C759770378919D8BBC
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sh DAYS_OF_WEEK_ABBREV [list \. "Ned"\. "Pon"\. "Uto"\. "Sre"\. "\u010cet"\. "Pet"\. "Sub"]. ::msgcat::mcset sh DAYS_OF_WEEK_FULL [list \. "Nedelja"\. "Ponedeljak"\. "Utorak"\. "Sreda"\. "\u010cetvrtak"\. "Petak"\. "Subota"]. ::msgcat::mcset sh MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mar"\. "Apr"\. "Maj"\. "Jun"\. "Jul"\. "Avg"\. "Sep"\. "Okt"\. "Nov"\. "Dec"\. ""]. ::msgcat::mcset sh MONTHS_FULL [list \. "Januar"\. "Februar"\. "Mart"\. "April"\. "Maj"\. "Juni"\. "Juli"\. "Avgust"\. "Septembar"\. "Oktobar"\. "Novembar"\. "Decembar"\. ""]. ::msgcat::mcset sh BCE "p. n. e.". ::msgcat::mcset sh CE "n. e."

C:\Users\user\AppData\Local\Update\tcl\msgs\sk.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1203
Entropy (8bit):	4.335103779497533
Encrypted:	false
SSDEEP:
MD5:	B2EF88014D274C8001B36739F5F566CE
SHA1:	1044145C1714FD44D008B13A31BC778DFBE47950
SHA-256:	043DECE6EA7C83956B3300B95F8A0E92BADAA8FC29D6C510706649D1D810679A
SHA-512:	820EB42D94BEE21FDB990FC27F7900CF676AFC59520F3EE78FB72D6D7243A17A234D4AE964E5D52AD7CBC7DD9A593F672BAD8A80EC48B25B344AA6950EF52ECF
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sk DAYS_OF_WEEK_ABBREV [list \. "Ne"\. "Po"\. "Ut"\. "St"\. "\u0160t"\. "Pa"\. "So"]. ::msgcat::mcset sk DAYS_OF_WEEK_FULL [list \. "Nede\u013ee"\. "Pondelok"\. "Utorok"\. "Streda"\. "\u0160tvrtok"\. "Piatok"\. "Sobota"]. ::msgcat::mcset sk MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "m\u00e1j"\. "j\u00fan"\. "j\u00fal"\. "aug"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset sk MONTHS_FULL [list \. "janu\u00e1r"\. "febru\u00e1r"\. "marec"\. "apr\u00edl"\. "m\u00e1j"\. "j\u00fan"\. "j\u00fal"\. "august"\. "september"\. "okt\u00f3ber"\. "november"\. "december"\. ""]. ::msgcat::mcset sk BCE

C:\Users\user\AppData\Local\Update\tcl\msgs\sl.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	4.26110325084843
Encrypted:	false
SSDEEP:
MD5:	2566BDE28B17C526227634F1B4FC7047
SHA1:	BE6940EC9F4C5E228F043F9D46A42234A02F4A03
SHA-256:	BD488C9D791ABEDF698B66B768E2BF24251FFEAF06F53FB3746CAB457710FF77
SHA-512:	CC684BFC82CA55240C5B542F3F63E0FF43AEF958469B3978E414261BC4FADB50A0AE3554CF2468AC88E4DDB70D2258296C0A2FBB69312223EED56C7C03FEC17C
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sl DAYS_OF_WEEK_ABBREV [list \. "Ned"\. "Pon"\. "Tor"\. "Sre"\. "\u010cet"\. "Pet"\. "Sob"]. ::msgcat::mcset sl DAYS_OF_WEEK_FULL [list \. "Nedelja"\. "Ponedeljek"\. "Torek"\. "Sreda"\. "\u010cetrtek"\. "Petek"\. "Sobota"]. ::msgcat::mcset sl MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "maj"\. "jun"\. "jul"\. "avg"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset sl MONTHS_FULL [list \. "januar"\. "februar"\. "marec"\. "april"\. "maj"\. "junij"\. "julij"\. "avgust"\. "september"\. "oktober"\. "november"\. "december"\. ""]. ::msgcat::mcset sl BCE "pr.n.\u0161.". ::msgcat::mcset sl CE "p

C:\Users\user\AppData\Local\Update\tcl\msgs\sq.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1267
Entropy (8bit):	4.339253133089184
Encrypted:	false
SSDEEP:
MD5:	931A009F7E8A376972DE22AD5670EC88
SHA1:	44AEF01F568250851099BAA8A536FBBACD3DEBBB
SHA-256:	CB27007E138315B064576C17931280CFE6E6929EFC3DAFD7171713D204CFC3BF
SHA-512:	47B230271CD362990C581CD6C06B0BCEA23E10E03D927C7C28415739DB3541D69D1B87DF554E9B4F00ECCAAB0F6AC0565F9EB0DEA8B75C54A90B2D53C928D379
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sq DAYS_OF_WEEK_ABBREV [list \. "Die"\. "H\u00ebn"\. "Mar"\. "M\u00ebr"\. "Enj"\. "Pre"\. "Sht"]. ::msgcat::mcset sq DAYS_OF_WEEK_FULL [list \. "e diel"\. "e h\u00ebn\u00eb"\. "e mart\u00eb"\. "e m\u00ebrkur\u00eb"\. "e enjte"\. "e premte"\. "e shtun\u00eb"]. ::msgcat::mcset sq MONTHS_ABBREV [list \. "Jan"\. "Shk"\. "Mar"\. "Pri"\. "Maj"\. "Qer"\. "Kor"\. "Gsh"\. "Sht"\. "Tet"\. "N\u00ebn"\. "Dhj"\. ""]. ::msgcat::mcset sq MONTHS_FULL [list \. "janar"\. "shkurt"\. "mars"\. "prill"\. "maj"\. "qershor"\. "korrik"\. "gusht"\. "shtator"\. "tetor"\. "n\u00ebntor"\. "dhjetor"\. ""]. ::msgcat::mcset sq BCE "p.e.

C:\Users\user\AppData\Local\Update\tcl\msgs\sr.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2035
Entropy (8bit):	4.24530896413441
Encrypted:	false
SSDEEP:
MD5:	5CA16D93718AAA813ADE746440CF5CE6
SHA1:	A142733052B87CA510B8945256399CE9F873794C
SHA-256:	313E8CDBBC0288AED922B9927A7331D0FAA2E451D4174B1F5B76C5C9FAEC8F9B
SHA-512:	4D031F9BA75D45EC89B2C74A870CCDA41587650D7F9BC91395F68B70BA3CD7A7105E70C19D139D20096533E06F5787C00EA850E27C4ADCF5A28572480D39B639
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sr DAYS_OF_WEEK_ABBREV [list \. "\u041d\u0435\u0434"\. "\u041f\u043e\u043d"\. "\u0423\u0442\u043e"\. "\u0421\u0440\u0435"\. "\u0427\u0435\u0442"\. "\u041f\u0435\u0442"\. "\u0421\u0443\u0431"]. ::msgcat::mcset sr DAYS_OF_WEEK_FULL [list \. "\u041d\u0435\u0434\u0435\u0459\u0430"\. "\u041f\u043e\u043d\u0435\u0434\u0435\u0459\u0430\u043a"\. "\u0423\u0442\u043e\u0440\u0430\u043a"\. "\u0421\u0440\u0435\u0434\u0430"\. "\u0427\u0435\u0442\u0432\u0440\u0442\u0430\u043a"\. "\u041f\u0435\u0442\u0430\u043a"\. "\u0421\u0443\u0431\u043e\u0442\u0430"]. ::msgcat::mcset sr MONTHS_ABBREV [list \. "\u0408\u0430\u043d"\. "\u0424\u0435\u0431"\. "\u041c\u0430\u0440"\. "\u0410\u043f\u0440"\. "\u041c\u0430\u0458"\. "\u0408\u0443\u043d"\. "\u0408\u0443\u043b"\.

C:\Users\user\AppData\Local\Update\tcl\msgs\sv.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1167
Entropy (8bit):	4.2825791311526515
Encrypted:	false
SSDEEP:
MD5:	496D9183E2907199056CA236438498E1
SHA1:	D9C3BB4AEBD9BFD942593694E796A8C2FB9217B8
SHA-256:	4F32E1518BE3270F4DB80136FAC0031C385DD3CE133FAA534F141CF459C6113A
SHA-512:	FA7FDEDDC42C36D0A60688CDBFE9A2060FE6B2644458D1EBFC817F1E5D5879EB3E3C78B5E53E9D3F42E2E4D84C93C4A7377170986A437EFF404F310D1D72F135
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sv DAYS_OF_WEEK_ABBREV [list \. "s\u00f6"\. "m\u00e5"\. "ti"\. "on"\. "to"\. "fr"\. "l\u00f6"]. ::msgcat::mcset sv DAYS_OF_WEEK_FULL [list \. "s\u00f6ndag"\. "m\u00e5ndag"\. "tisdag"\. "onsdag"\. "torsdag"\. "fredag"\. "l\u00f6rdag"]. ::msgcat::mcset sv MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "maj"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset sv MONTHS_FULL [list \. "januari"\. "februari"\. "mars"\. "april"\. "maj"\. "juni"\. "juli"\. "augusti"\. "september"\. "oktober"\. "november"\. "december"\. ""]. ::msgcat::mcset sv BCE "f.Kr.". ::msgcat::mcset sv C

C:\Users\user\AppData\Local\Update\tcl\msgs\sw.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	991
Entropy (8bit):	4.024338627988864
Encrypted:	false
SSDEEP:
MD5:	4DB24BA796D86ADF0441D2E75DE0C07E
SHA1:	9935B36FF2B1C6DFDE3EC375BC471A0E93D1F7E3
SHA-256:	6B5AB8AE265DB436B15D32263A8870EC55C7C0C07415B3F9BAAC37F73BC704E5
SHA-512:	BE7ED0559A73D01537A1E51941ED19F0FEC3F14F9527715CB119E89C97BD31CC6102934B0349D8D0554F5EDD9E3A02978F7DE4919C000A77BD353F7033A4A95B
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sw DAYS_OF_WEEK_ABBREV [list \. "Jpi"\. "Jtt"\. "Jnn"\. "Jtn"\. "Alh"\. "Iju"\. "Jmo"]. ::msgcat::mcset sw DAYS_OF_WEEK_FULL [list \. "Jumapili"\. "Jumatatu"\. "Jumanne"\. "Jumatano"\. "Alhamisi"\. "Ijumaa"\. "Jumamosi"]. ::msgcat::mcset sw MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mar"\. "Apr"\. "Mei"\. "Jun"\. "Jul"\. "Ago"\. "Sep"\. "Okt"\. "Nov"\. "Des"\. ""]. ::msgcat::mcset sw MONTHS_FULL [list \. "Januari"\. "Februari"\. "Machi"\. "Aprili"\. "Mei"\. "Juni"\. "Julai"\. "Agosti"\. "Septemba"\. "Oktoba"\. "Novemba"\. "Desemba"\. ""]. ::msgcat::mcset sw BCE "KK". ::msgcat::mcset sw CE "BK".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\ta.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1835
Entropy (8bit):	4.018233695396
Encrypted:	false
SSDEEP:
MD5:	2D9C969318D1740049D28EBBD4F62C1D
SHA1:	121665081AFC33DDBCF679D7479BF0BC47FEF716
SHA-256:	30A142A48E57F194ECC3AA9243930F3E6E1B4E8B331A8CDD2705EC9C280DCCBB
SHA-512:	7C32907C39BFB89F558692535041B2A7FA18A64E072F5CF9AB95273F3AC5A7C480B4F953B13484A07AA4DA822613E27E78CC7B02ACE7A61E58FDB5507D7579C3
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ta DAYS_OF_WEEK_FULL [list \. "\u0b9e\u0bbe\u0baf\u0bbf\u0bb1\u0bc1"\. "\u0ba4\u0bbf\u0b99\u0bcd\u0b95\u0bb3\u0bcd"\. "\u0b9a\u0bc6\u0bb5\u0bcd\u0bb5\u0bbe\u0baf\u0bcd"\. "\u0baa\u0bc1\u0ba4\u0ba9\u0bcd"\. "\u0bb5\u0bbf\u0baf\u0bbe\u0bb4\u0ba9\u0bcd"\. "\u0bb5\u0bc6\u0bb3\u0bcd\u0bb3\u0bbf"\. "\u0b9a\u0ba9\u0bbf"]. ::msgcat::mcset ta MONTHS_ABBREV [list \. "\u0b9c\u0ba9\u0bb5\u0bb0\u0bbf"\. "\u0baa\u0bc6\u0baa\u0bcd\u0bb0\u0bb5\u0bb0\u0bbf"\. "\u0bae\u0bbe\u0bb0\u0bcd\u0b9a\u0bcd"\. "\u0b8f\u0baa\u0bcd\u0bb0\u0bb2\u0bcd"\. "\u0bae\u0bc7"\. "\u0b9c\u0bc2\u0ba9\u0bcd"\. "\u0b9c\u0bc2\u0bb2\u0bc8"\. "\u0b86\u0b95\u0bb8\u0bcd\u0b9f\u0bcd"\. "\u0b9a\u0bc6\u0baa\u0bcd\u0b9f\u0bae\u0bcd\u0baa\u0bb0\u0bcd"\. "\u0b85\u0b95\u0bcd\u0b9f\u0bcb\u0baa\u0bb0\u0bcd"\. "\u0ba8\u0bb

C:\Users\user\AppData\Local\Update\tcl\msgs\ta_in.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	251
Entropy (8bit):	4.815592015875268
Encrypted:	false
SSDEEP:
MD5:	293456B39BE945C55536A5DD894787F0
SHA1:	94DEF0056C7E3082E58266BCE436A61C045EA394
SHA-256:	AA57D5FB5CC3F59EC6A3F99D7A5184403809AA3A3BC02ED0842507D4218B683D
SHA-512:	AB763F2932F2FF48AC18C8715F661F7405607E1818B53E0D0F32184ABE67714F03A39A9D0637D0D93CE43606C3E1D702D2A3F8660C288F61DFE852747B652B59
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ta_IN DATE_FORMAT "%d %M %Y". ::msgcat::mcset ta_IN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset ta_IN DATE_TIME_FORMAT "%d %M %Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\te.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2102
Entropy (8bit):	4.034298184367717
Encrypted:	false
SSDEEP:
MD5:	0B9B124076C52A503A906059F7446077
SHA1:	F43A0F6CCBDDBDD5EA140C7FA55E9A82AB910A03
SHA-256:	42C34D02A6079C4D0D683750B3809F345637BC6D814652C3FB0B344B66B70C79
SHA-512:	234B9ACA1823D1D6B82583727B4EA68C014D59916B410CB9B158FA1954B6FC3767A261BD0B9F592AF0663906ADF11C2C9A3CC0A325CB1FF58F42A884AF7CB015
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset te DAYS_OF_WEEK_ABBREV [list \. "\u0c06\u0c26\u0c3f"\. "\u0c38\u0c4b\u0c2e"\. "\u0c2e\u0c02\u0c17\u0c33"\. "\u0c2c\u0c41\u0c27"\. "\u0c17\u0c41\u0c30\u0c41"\. "\u0c36\u0c41\u0c15\u0c4d\u0c30"\. "\u0c36\u0c28\u0c3f"]. ::msgcat::mcset te DAYS_OF_WEEK_FULL [list \. "\u0c06\u0c26\u0c3f\u0c35\u0c3e\u0c30\u0c02"\. "\u0c38\u0c4b\u0c2e\u0c35\u0c3e\u0c30\u0c02"\. "\u0c2e\u0c02\u0c17\u0c33\u0c35\u0c3e\u0c30\u0c02"\. "\u0c2c\u0c41\u0c27\u0c35\u0c3e\u0c30\u0c02"\. "\u0c17\u0c41\u0c30\u0c41\u0c35\u0c3e\u0c30\u0c02"\. "\u0c36\u0c41\u0c15\u0c4d\u0c30\u0c35\u0c3e\u0c30\u0c02"\. "\u0c36\u0c28\u0c3f\u0c35\u0c3e\u0c30\u0c02"]. ::msgcat::mcset te MONTHS_ABBREV [list \. "\u0c1c\u0c28\u0c35\u0c30\u0c3f"\. "\u0c2b\u0c3f\u0c2c\u0c4d\u0c30\u0c35\u0c30\u0c3f"\. "\u0c2e\u0c3e\u0c30\u0c4d\u0c1a\u

C:\Users\user\AppData\Local\Update\tcl\msgs\te_in.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	411
Entropy (8bit):	5.01781242466238
Encrypted:	false
SSDEEP:
MD5:	443E34E2E2BC7CB64A8BA52D99D6B4B6
SHA1:	D323C03747FE68E9B73F7E5C1E10B168A40F2A2F
SHA-256:	88BDAF4B25B684B0320A2E11D3FE77DDDD25E3B17141BD7ED1D63698C480E4BA
SHA-512:	5D8B267530EC1480BF3D571AABC2DA7B4101EACD7FB03B49049709E39D665DD7ACB66FD785BA2B5203DDC54C520434219D2D9974A1E9EE74C659FFAEA6B694E0
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset te_IN AM "\u0c2a\u0c42\u0c30\u0c4d\u0c35\u0c3e\u0c39\u0c4d\u0c28". ::msgcat::mcset te_IN PM "\u0c05\u0c2a\u0c30\u0c3e\u0c39\u0c4d\u0c28". ::msgcat::mcset te_IN DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset te_IN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset te_IN DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\th.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2305
Entropy (8bit):	4.324407451316591
Encrypted:	false
SSDEEP:
MD5:	D145F9DF0E339A2538662BD752F02E16
SHA1:	AFD97F8E8CC14D306DEDD78F8F395738E38A8569
SHA-256:	F9641A6EBE3845CE5D36CED473749F5909C90C52E405F074A6DA817EF6F39867
SHA-512:	E17925057560462F730CF8288856E46FA1F1D2A10B5D4D343257B7687A3855014D5C65B6C85AC55A7C77B8B355DB19F053C74B91DFA7BE7E9F933D9D4DA117F7
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset th DAYS_OF_WEEK_ABBREV [list \. "\u0e2d\u0e32."\. "\u0e08."\. "\u0e2d."\. "\u0e1e."\. "\u0e1e\u0e24."\. "\u0e28."\. "\u0e2a."]. ::msgcat::mcset th DAYS_OF_WEEK_FULL [list \. "\u0e27\u0e31\u0e19\u0e2d\u0e32\u0e17\u0e34\u0e15\u0e22\u0e4c"\. "\u0e27\u0e31\u0e19\u0e08\u0e31\u0e19\u0e17\u0e23\u0e4c"\. "\u0e27\u0e31\u0e19\u0e2d\u0e31\u0e07\u0e04\u0e32\u0e23"\. "\u0e27\u0e31\u0e19\u0e1e\u0e38\u0e18"\. "\u0e27\u0e31\u0e19\u0e1e\u0e24\u0e2b\u0e31\u0e2a\u0e1a\u0e14\u0e35"\. "\u0e27\u0e31\u0e19\u0e28\u0e38\u0e01\u0e23\u0e4c"\. "\u0e27\u0e31\u0e19\u0e40\u0e2a\u0e32\u0e23\u0e4c"]. ::msgcat::mcset th MONTHS_ABBREV [list \. "\u0e21.\u0e04."\. "\u0e01.\u0e1e."\. "\u0e21\u0e35.\u0e04."\. "\u0e40\u0e21.\u0e22."\. "\u0e1e.\u0e04."\. "\u0e21\u0e34.\u0e22."\. "\

C:\Users\user\AppData\Local\Update\tcl\msgs\tr.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1133
Entropy (8bit):	4.32041719596907
Encrypted:	false
SSDEEP:
MD5:	3AFAD9AD82A9C8B754E2FE8FC0094BAB
SHA1:	4EE3E2DF86612DB314F8D3E7214D7BE241AA1A32
SHA-256:	DF7C4BA67457CB47EEF0F5CA8E028FF466ACDD877A487697DC48ECAC7347AC47
SHA-512:	79A6738A97B7DB9CA4AE9A3BA1C3E56BE9AC67E71AE12154FD37A37D78892B6414A49E10E007DE2EB314942DC017B87FAB7C64B74EC9B889DAEBFF9B3B78E644
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset tr DAYS_OF_WEEK_ABBREV [list \. "Paz"\. "Pzt"\. "Sal"\. "\u00c7ar"\. "Per"\. "Cum"\. "Cmt"]. ::msgcat::mcset tr DAYS_OF_WEEK_FULL [list \. "Pazar"\. "Pazartesi"\. "Sal\u0131"\. "\u00c7ar\u015famba"\. "Per\u015fembe"\. "Cuma"\. "Cumartesi"]. ::msgcat::mcset tr MONTHS_ABBREV [list \. "Oca"\. "\u015eub"\. "Mar"\. "Nis"\. "May"\. "Haz"\. "Tem"\. "A\u011fu"\. "Eyl"\. "Eki"\. "Kas"\. "Ara"\. ""]. ::msgcat::mcset tr MONTHS_FULL [list \. "Ocak"\. "\u015eubat"\. "Mart"\. "Nisan"\. "May\u0131s"\. "Haziran"\. "Temmuz"\. "A\u011fustos"\. "Eyl\u00fcl"\. "Ekim"\. "Kas\u0131m"\. "Aral\u0131k"\. ""]. ::msgcat::mcset tr D

C:\Users\user\AppData\Local\Update\tcl\msgs\uk.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2113
Entropy (8bit):	4.227105489438195
Encrypted:	false
SSDEEP:
MD5:	458A38F894B296C83F85A53A92FF8520
SHA1:	CE26187875E334C712FDAB73E6B526247C6FE1CF
SHA-256:	CF2E78EF3322F0121E958098EF5F92DA008344657A73439EAC658CB6BF3D72BD
SHA-512:	3B8730C331CF29EF9DEDBC9D5A53C50D429931B8DA01EE0C20DAE25B995114966DB9BC576BE0696DEC088DB1D88B50DE2C376275AB5251F49F6544E546BBC531
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset uk DAYS_OF_WEEK_ABBREV [list \. "\u043d\u0434"\. "\u043f\u043d"\. "\u0432\u0442"\. "\u0441\u0440"\. "\u0447\u0442"\. "\u043f\u0442"\. "\u0441\u0431"]. ::msgcat::mcset uk DAYS_OF_WEEK_FULL [list \. "\u043d\u0435\u0434\u0456\u043b\u044f"\. "\u043f\u043e\u043d\u0435\u0434\u0456\u043b\u043e\u043a"\. "\u0432\u0456\u0432\u0442\u043e\u0440\u043e\u043a"\. "\u0441\u0435\u0440\u0435\u0434\u0430"\. "\u0447\u0435\u0442\u0432\u0435\u0440"\. "\u043f'\u044f\u0442\u043d\u0438\u0446\u044f"\. "\u0441\u0443\u0431\u043e\u0442\u0430"]. ::msgcat::mcset uk MONTHS_ABBREV [list \. "\u0441\u0456\u0447"\. "\u043b\u044e\u0442"\. "\u0431\u0435\u0440"\. "\u043a\u0432\u0456\u0442"\. "\u0442\u0440\u0430\u0432"\. "\u0447\u0435\u0440\u0432"\. "\u043b\u0438\u043f"\. "\

C:\Users\user\AppData\Local\Update\tcl\msgs\vi.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1421
Entropy (8bit):	4.382223858419589
Encrypted:	false
SSDEEP:
MD5:	3BD0AB95976D1B80A30547E4B23FD595
SHA1:	B3E5DC095973E46D8808326B2A1FC45046B5267F
SHA-256:	9C69094C0BD52D5AE8448431574EAE8EE4BE31EC2E8602366DF6C6BF4BC89A58
SHA-512:	2A68A7ADC385EDEA02E4558884A24DCC6328CC9F7D459CC03CC9F2D2F58CF6FF2103AD5B45C6D05B7E13F28408C6B05CDDF1DF60E822E5095F86A49052E19E59
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset vi DAYS_OF_WEEK_ABBREV [list \. "Th 2"\. "Th 3"\. "Th 4"\. "Th 5"\. "Th 6"\. "Th 7"\. "CN"]. ::msgcat::mcset vi DAYS_OF_WEEK_FULL [list \. "Th\u01b0\u0301 hai"\. "Th\u01b0\u0301 ba"\. "Th\u01b0\u0301 t\u01b0"\. "Th\u01b0\u0301 n\u0103m"\. "Th\u01b0\u0301 s\u00e1u"\. "Th\u01b0\u0301 ba\u0309y"\. "Chu\u0309 nh\u00e2\u0323t"]. ::msgcat::mcset vi MONTHS_ABBREV [list \. "Thg 1"\. "Thg 2"\. "Thg 3"\. "Thg 4"\. "Thg 5"\. "Thg 6"\. "Thg 7"\. "Thg 8"\. "Thg 9"\. "Thg 10"\. "Thg 11"\. "Thg 12"\. ""]. ::msgcat::mcset vi MONTHS_FULL [list \. "Th\u00e1ng m\u00f4\u0323t"\. "Th\u00e1ng hai"\. "Th\u00e1ng ba"\. "Th\u00e1ng t\u01b0"\. "Th\u00e1ng n\u0103m"\. "Th\u00e1ng s\

C:\Users\user\AppData\Local\Update\tcl\msgs\zh.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3330
Entropy (8bit):	4.469203967086526
Encrypted:	false
SSDEEP:
MD5:	9C33FFDD4C13D2357AB595EC3BA70F04
SHA1:	A87F20F7A331DEFC33496ECDA50D855C8396E040
SHA-256:	EF81B41EC69F67A394ECE2B3983B67B3D0C8813624C2BFA1D8A8C15B21608AC9
SHA-512:	E31EEE90660236BCD958F3C540F56B2583290BAD6086AE78198A0819A92CF2394C62DE3800FDDD466A8068F4CABDFBCA46A648D419B1D0103381BF428D721B13
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset zh DAYS_OF_WEEK_ABBREV [list \. "\u661f\u671f\u65e5"\. "\u661f\u671f\u4e00"\. "\u661f\u671f\u4e8c"\. "\u661f\u671f\u4e09"\. "\u661f\u671f\u56db"\. "\u661f\u671f\u4e94"\. "\u661f\u671f\u516d"]. ::msgcat::mcset zh DAYS_OF_WEEK_FULL [list \. "\u661f\u671f\u65e5"\. "\u661f\u671f\u4e00"\. "\u661f\u671f\u4e8c"\. "\u661f\u671f\u4e09"\. "\u661f\u671f\u56db"\. "\u661f\u671f\u4e94"\. "\u661f\u671f\u516d"]. ::msgcat::mcset zh MONTHS_ABBREV [list \. "\u4e00\u6708"\. "\u4e8c\u6708"\. "\u4e09\u6708"\. "\u56db\u6708"\. "\u4e94\u6708"\. "\u516d\u6708"\. "\u4e03\u6708"\. "\u516b\u6708"\. "\u4e5d\u6708"\. "\u5341\u6708"\. "\u5341\u4e00\u6708"\. "\u5341\u4e8c\u6708"\. ""]. ::msgcat::mcset zh MONTHS_FULL [list \.

C:\Users\user\AppData\Local\Update\tcl\msgs\zh_cn.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	312
Entropy (8bit):	5.1281364096481665
Encrypted:	false
SSDEEP:
MD5:	EB94B41551EAAFFA5DF4F406C7ACA3A4
SHA1:	B0553108BDE43AA7ED362E2BFFAF1ABCA1567491
SHA-256:	85F91CF6E316774AA5D0C1ECA85C88E591FD537165BB79929C5E6A1CA99E56C8
SHA-512:	A0980A6F1AD9236647E4F18CC104999DB2C523153E8716FD0CFE57320E906DF80378A5C0CDE132F2C53F160F5304EAF34910D7D1BB5753987D74AFBC0B6F75F3
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset zh_CN DATE_FORMAT "%Y-%m-%e". ::msgcat::mcset zh_CN TIME_FORMAT "%k:%M:%S". ::msgcat::mcset zh_CN TIME_FORMAT_12 "%P%I\u65f6%M\u5206%S\u79d2". ::msgcat::mcset zh_CN DATE_TIME_FORMAT "%Y-%m-%e %k:%M:%S %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\zh_hk.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	752
Entropy (8bit):	4.660158381384211
Encrypted:	false
SSDEEP:
MD5:	D8C6BFBFCE44B6A8A038BA44CB3DB550
SHA1:	FBD609576E65B56EDA67FD8A1801A27B43DB5486
SHA-256:	D123E0B4C2614F680808B58CCA0C140BA187494B2C8BCF8C604C7EB739C70882
SHA-512:	3455145CF5C77FC847909AB1A283452D0C877158616C8AA7BDFFC141B86B2E66F9FF45C3BB6A4A9D758D2F8FFCB1FE919477C4553EFE527C0EDC912EBBCAABCD
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset zh_HK DAYS_OF_WEEK_ABBREV [list \. "\u65e5"\. "\u4e00"\. "\u4e8c"\. "\u4e09"\. "\u56db"\. "\u4e94"\. "\u516d"]. ::msgcat::mcset zh_HK MONTHS_ABBREV [list \. "1\u6708"\. "2\u6708"\. "3\u6708"\. "4\u6708"\. "5\u6708"\. "6\u6708"\. "7\u6708"\. "8\u6708"\. "9\u6708"\. "10\u6708"\. "11\u6708"\. "12\u6708"\. ""]. ::msgcat::mcset zh_HK DATE_FORMAT "%Y\u5e74%m\u6708%e\u65e5". ::msgcat::mcset zh_HK TIME_FORMAT_12 "%P%I:%M:%S". ::msgcat::mcset zh_HK DATE_TIME_FORMAT "%Y\u5e74%m\u6708%e\u65e5 %P%I:%M:%S %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\zh_sg.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.020358587042703
Encrypted:	false
SSDEEP:
MD5:	E0BC93B8F050D6D80B8173FF4FA4D7B7
SHA1:	231FF1B6F859D0261F15D2422DF09E756CE50CCB
SHA-256:	2683517766AF9DA0D87B7A862DE9ADEA82D9A1454FC773A9E3C1A6D92ABA947A
SHA-512:	8BA6EAC5F71167B83A58B47123ACF7939C348FE2A0CA2F092FE9F60C0CCFB901ADA0E8F2101C282C39BAE86C918390985731A8F66E481F8074732C37CD50727F
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset zh_SG AM "\u4e0a\u5348". ::msgcat::mcset zh_SG PM "\u4e2d\u5348". ::msgcat::mcset zh_SG DATE_FORMAT "%d %B %Y". ::msgcat::mcset zh_SG TIME_FORMAT_12 "%P %I:%M:%S". ::msgcat::mcset zh_SG DATE_TIME_FORMAT "%d %B %Y %P %I:%M:%S %z".}.

C:\Users\user\AppData\Local\Update\tcl\msgs\zh_tw.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	346
Entropy (8bit):	5.08314435797197
Encrypted:	false
SSDEEP:
MD5:	9CD17E7F28186E0E71932CC241D1CBB1
SHA1:	AF1EE536AABB8198BA88D3474ED49F76A37E89FF
SHA-256:	D582406C51A3DB1EADF6507C50A1F85740FDA7DA8E27FC1438FEB6242900CB12
SHA-512:	4712DD6A27A09EA339615FC3D17BC8E4CD64FF12B2B8012E01FD4D3E7789263899FA05EDDB77044DC7B7D32B3DC55A52B8320D93499DF9A6799A8E4D07174525
Malicious:	false
Preview:	# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset zh_TW BCE "\u6c11\u570b\u524d". ::msgcat::mcset zh_TW CE "\u6c11\u570b". ::msgcat::mcset zh_TW DATE_FORMAT "%Y/%m/%e". ::msgcat::mcset zh_TW TIME_FORMAT_12 "%P %I:%M:%S". ::msgcat::mcset zh_TW DATE_TIME_FORMAT "%Y/%m/%e %P %I:%M:%S %z".}.

C:\Users\user\AppData\Local\Update\tcl\opt0.4\optparse.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	32718
Entropy (8bit):	4.5415166585248645
Encrypted:	false
SSDEEP:
MD5:	1A7DF33BC47D63F9CE1D4FF70A974FA3
SHA1:	513EC2215E2124D9A6F6DF2549C1442109E117C0
SHA-256:	C5D74E1C927540A3F524E6B929D0956EFBA0797FB8D55918EF69D27DF57DEDA3
SHA-512:	F671D5A46382EDFBDA49A6EDB9E6CF2D5CEBD83CE4ADD6B717A478D52748332D41DA3743182D4555B801B96A318D29DFC6AC36B32983ADB32D329C24F8A3D713
Malicious:	false
Preview:	# optparse.tcl --.#.# (private) Option parsing package.# Primarily used internally by the safe:: code..#.#.WARNING: This code will go away in a future release.#.of Tcl. It is NOT supported and you should not rely.#.on it. If your code does rely on this package you.#.may directly incorporate this code into your application...package require Tcl 8.2.# When this version number changes, update the pkgIndex.tcl file.# and the install directory in the Makefiles..package provide opt 0.4.6..namespace eval ::tcl {.. # Exported APIs. namespace export OptKeyRegister OptKeyDelete OptKeyError OptKeyParse \. OptProc OptProcArgGiven OptParse \.. Lempty Lget \. Lassign Lvarpop Lvarpop1 Lvarset Lvarincr \. SetMax SetMin...################# Example of use / 'user documentation' ###################.. proc OptCreateTestProc {} {...# Defines ::tcl::OptParseTest as a test proc with parsed arguments..# (can't be defined before the code below is

C:\Users\user\AppData\Local\Update\tcl\opt0.4\pkgIndex.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	607
Entropy (8bit):	4.652658850873767
Encrypted:	false
SSDEEP:
MD5:	92FF1E42CFC5FECCE95068FC38D995B3
SHA1:	B2E71842F14D5422A9093115D52F19BCCA1BF881
SHA-256:	EB9925A8F0FCC7C2A1113968AB0537180E10C9187B139C8371ADF821C7B56718
SHA-512:	608D436395D055C5449A53208F3869B8793DF267B8476AD31BCDD9659A222797814832720C495D938E34BF7D253FFC3F01A73CC0399C0DFB9C85D2789C7F11C0
Malicious:	false
Preview:	# Tcl package index file, version 1.1.# This file is generated by the "pkg_mkIndex -direct" command.# and sourced either when an application starts up or.# by a "package unknown" script. It invokes the.# "package ifneeded" command to set up package-related.# information so that packages will be loaded automatically.# in response to "package require" commands. When this.# script is sourced, the variable $dir must contain the.# full path name of this file's directory...if {![package vsatisfies [package provide Tcl] 8.2]} {return}.package ifneeded opt 0.4.6 [list source [file join $dir optparse.tcl]].

C:\Users\user\AppData\Local\Update\tcl\package.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	22959
Entropy (8bit):	4.836555290409911
Encrypted:	false
SSDEEP:
MD5:	55E2DB5DCF8D49F8CD5B7D64FEA640C7
SHA1:	8FDC28822B0CC08FA3569A14A8C96EDCA03BFBBD
SHA-256:	47B6AF117199B1511F6103EC966A58E2FD41F0ABA775C44692B2069F6ED10BAD
SHA-512:	824C210106DE7EAE57A480E3F6E3A5C8FB8AC4BBF0A0A386D576D3EB2A3AC849BDFE638428184056DA9E81767E2B63EFF8E18068A1CF5149C9F8A018F817D3E5
Malicious:	false
Preview:	# package.tcl --.#.# utility procs formerly in init.tcl which can be loaded on demand.# for package management..#.# Copyright (c) 1991-1993 The Regents of the University of California..# Copyright (c) 1994-1998 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..namespace eval tcl::Pkg {}..# ::tcl::Pkg::CompareExtension --.#.# Used internally by pkg_mkIndex to compare the extension of a file to a given.# extension. On Windows, it uses a case-insensitive comparison because the.# file system can be file insensitive..#.# Arguments:.# fileName.name of a file whose extension is compared.# ext..(optional) The extension to compare against; you must.#..provide the starting dot..#..Defaults to [info sharedlibextension].#.# Results:.# Returns 1 if the extension matches, 0 otherwise..proc tcl::Pkg::CompareExtension {fileName {ext {}}} {. global tcl_platform. if {$ext eq ""} {set ext

C:\Users\user\AppData\Local\Update\tcl\parray.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	816
Entropy (8bit):	4.833285375693491
Encrypted:	false
SSDEEP:
MD5:	FCDAF75995F2CCE0A5D5943E9585590D
SHA1:	A0B1BD4E68DCE1768D3C5E0D3C7B31E28021D3BA
SHA-256:	EBE5A2B4CBBCD7FD3F7A6F76D68D7856301DB01B350C040942A7B806A46E0014
SHA-512:	A632D0169EE3B6E6B7EF73F5FBA4B7897F9491BDB389D78165E297252424546EFB43895D3DD530864B9FCF2ECF5BCE7DA8E55BA5B4F20E23E1E45ADDAF941C11
Malicious:	false
Preview:	# parray:.# Print the contents of a global array on stdout..#.# Copyright (c) 1991-1993 The Regents of the University of California..# Copyright (c) 1994 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..proc parray {a {pattern }} {. upvar 1 $a array. if {![array exists array]} {..return -code error "\"$a\" isn't an array". }. set maxl 0. set names [lsort [array names array $pattern]]. foreach name $names {..if {[string length $name] > $maxl} {.. set maxl [string length $name]..}. }. set maxl [expr {$maxl + [string length $a] + 2}]. foreach name $names {..set nameString [format %s(%s) $a $name]..puts stdout [format "%-s = %s" $maxl $nameString $array($name)]. }.}.

C:\Users\user\AppData\Local\Update\tcl\safe.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	33439
Entropy (8bit):	4.750571844372246
Encrypted:	false
SSDEEP:
MD5:	325A573F30C9EA70FD891E85664E662C
SHA1:	6EC3F21EBCFD269847C43891DAD96189FACF20E4
SHA-256:	89B74D2417EB27FEEA32B8666B08D28BC1FFE5DCF1652DBD8799F7555D79C71F
SHA-512:	149FE725A3234A2F8C3EE1B03119440E3CB16586F04451B6E62CED0097B1AD227C97B55F5A66631033A888E860AB61CAF7DDD014696276BC9226D87F15164E2F
Malicious:	false
Preview:	# safe.tcl --.#.# This file provide a safe loading/sourcing mechanism for safe interpreters..# It implements a virtual path mecanism to hide the real pathnames from the.# slave. It runs in a master interpreter and sets up data structure and.# aliases that will be invoked when used from a slave interpreter..#.# See the safe.n man page for details..#.# Copyright (c) 1996-1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution of.# this file, and for a DISCLAIMER OF ALL WARRANTIES...#.# The implementation is based on namespaces. These naming conventions are.# followed:.# Private procs starts with uppercase..# Public procs are exported and starts with lowercase.#..# Needed utilities package.package require opt 0.4.1..# Create the safe namespace.namespace eval ::safe {. # Exported API:. namespace export interpCreate interpInit interpConfigure interpDelete \..interpAddToAccessPath interpFindInAccessPath setLogCmd.}..# Helper function to

C:\Users\user\AppData\Local\Update\tcl\tclIndex Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5415
Entropy (8bit):	4.701682771925196
Encrypted:	false
SSDEEP:
MD5:	E127196E9174B429CC09C040158F6AAB
SHA1:	FF850F5D1BD8EFC1A8CB765FE8221330F0C6C699
SHA-256:	ABF7D9D1E86DE931096C21820BFA4FD70DB1F55005D2DB4AA674D86200867806
SHA-512:	C4B98EBC65E25DF41E6B9A93E16E608CF309FA0AE712578EE4974D84F7F33BCF2A6ED7626E88A343350E13DA0C5C1A88E24A87FCBD44F7DA5983BB3EF036A162
Malicious:	false
Preview:	# Tcl autoload index file, version 2.0.# -- tcl --.# This file is generated by the "auto_mkindex" command.# and sourced to set up indexing information for one or.# more commands. Typically each line is a command that.# sets an element in the auto_index array, where the.# element name is the name of a command and the value is.# a script that loads the command...set auto_index(auto_reset) [list source [file join $dir auto.tcl]].set auto_index(tcl_findLibrary) [list source [file join $dir auto.tcl]].set auto_index(auto_mkindex) [list source [file join $dir auto.tcl]].set auto_index(auto_mkindex_old) [list source [file join $dir auto.tcl]].set auto_index(::auto_mkindex_parser::init) [list source [file join $dir auto.tcl]].set auto_index(::auto_mkindex_parser::cleanup) [list source [file join $dir auto.tcl]].set auto_index(::auto_mkindex_parser::mkindex) [list source [file join $dir auto.tcl]].set auto_index(::auto_mkindex_parser::hook) [list source [file join $dir auto.tcl]].set auto_in

C:\Users\user\AppData\Local\Update\tcl\tm.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11633
Entropy (8bit):	4.706526847377957
Encrypted:	false
SSDEEP:
MD5:	F9ED2096EEA0F998C6701DB8309F95A6
SHA1:	BCDB4F7E3DB3E2D78D25ED4E9231297465B45DB8
SHA-256:	6437BD7040206D3F2DB734FA482B6E79C68BCC950FBA80C544C7F390BA158F9B
SHA-512:	E4FB8F28DC72EA913F79CEDF5776788A0310608236D6607ADC441E7F3036D589FD2B31C446C187EF5827FD37DCAA26D9E94D802513E3BF3300E94DD939695B30
Malicious:	false
Preview:	# -- tcl --.#.# Searching for Tcl Modules. Defines a procedure, declares it as the primary.# command for finding packages, however also uses the former 'package unknown'.# command as a fallback..#.# Locates all possible packages in a directory via a less restricted glob. The.# targeted directory is derived from the name of the requested package, i.e..# the TM scan will look only at directories which can contain the requested.# package. It will register all packages it found in the directory so that.# future requests have a higher chance of being fulfilled by the ifneeded.# database without having to come to us again..#.# We do not remember where we have been and simply rescan targeted directories.# when invoked again. The reasoning is this:.#.# - The only way we get back to the same directory is if someone is trying to.# [package require] something that wasn't there on the first scan..#.# Either.# 1) It is there now: If we rescan, you get it; if not you don't..#.# This co

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Abidjan Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	141
Entropy (8bit):	4.951583909886815
Encrypted:	false
SSDEEP:
MD5:	6FB79707FD3A183F8A3C780CA2669D27
SHA1:	E703AB552B4231827ACD7872364C36C70988E4C0
SHA-256:	A5DC7BFB4F569361D438C8CF13A146CC2641A1A884ACF905BB51DA28FF29A900
SHA-512:	CDD3AD9AFFD246F4DFC40C1699E368FB2924E73928060B1178D298DCDB11DBD0E88BC10ED2FED265F7F7271AC5CCE14A60D65205084E9249154B8D54C2309E52
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Abidjan) {. {-9223372036854775808 -968 0 LMT}. {-1830383032 0 0 GMT}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Accra Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1393
Entropy (8bit):	3.9087586646312253
Encrypted:	false
SSDEEP:
MD5:	FFEDB06126D6DA9F3BECA614428F51E9
SHA1:	2C549D1CF8636541D42BDC56D8E534A222E4642C
SHA-256:	567A0AD3D2C9E356A2E38A76AF4D5C4B8D5B950AF7B648A027FE816ACAE455AE
SHA-512:	E057EA59A47C881C60B2196554C9B24C00CB26345CA7E311B5409F6FBB31EBEDD13C41A4C3B0B68AE8B93F4819158D94610DE795112E77209F391AC31332BA2A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Accra) {. {-9223372036854775808 -52 0 LMT}. {-1640995148 0 0 GMT}. {-1556841600 1200 1 GMT}. {-1546388400 0 0 GMT}. {-1525305600 1200 1 GMT}. {-1514852400 0 0 GMT}. {-1493769600 1200 1 GMT}. {-1483316400 0 0 GMT}. {-1462233600 1200 1 GMT}. {-1451780400 0 0 GMT}. {-1430611200 1200 1 GMT}. {-1420158000 0 0 GMT}. {-1399075200 1200 1 GMT}. {-1388622000 0 0 GMT}. {-1367539200 1200 1 GMT}. {-1357086000 0 0 GMT}. {-1336003200 1200 1 GMT}. {-1325550000 0 0 GMT}. {-1304380800 1200 1 GMT}. {-1293927600 0 0 GMT}. {-1272844800 1200 1 GMT}. {-1262391600 0 0 GMT}. {-1241308800 1200 1 GMT}. {-1230855600 0 0 GMT}. {-1209772800 1200 1 GMT}. {-1199319600 0 0 GMT}. {-1178150400 1200 1 GMT}. {-1167697200 0 0 GMT}. {-1146614400 1200 1 GMT}. {-1136161200 0 0 GMT}. {-1115078400 1200 1 GMT}. {-1104625200 0 0 GMT}. {-1083542400 1200 1 GMT}. {-1073

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Addis_Ababa Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	184
Entropy (8bit):	4.766991307890532
Encrypted:	false
SSDEEP:
MD5:	C203A97FC500E408AC841A6A5B21E14E
SHA1:	ED4C4AA578A16EB83220F37199460BFE207D2B44
SHA-256:	3EBC66964609493524809AD0A730FFFF036C38D9AB3770412841F80DFFC717D5
SHA-512:	2F1A4500F49AFD013BCA70089B1E24748D7E45D41F2C9D3D9AFDCC1778E750FFB020D34F622B071E80F80CC0FEFF080E8ACC1E7A8ABE8AD12C0F1A1DAA937FE5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Addis_Ababa) $TZData(:Africa/Nairobi).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Algiers Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1041
Entropy (8bit):	4.110061823095588
Encrypted:	false
SSDEEP:
MD5:	8221A83520B1D3DE02E886CFB1948DE3
SHA1:	0806A0898FDE6F5AE502C64515A1345D71B1F7D2
SHA-256:	5EE3B25676E813D89ED866D03B5C3388567D8307A2A60D1C4A34D938CBADF710
SHA-512:	2B8A837F7CF6DE43DF4072BF4A54226235DA8B8CA78EF55649C7BF133B2E002C614FE7C693004E3B17C25FBCECAAD5CD9B0A8CB0A5D32ADF68EA019203EE8704
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Algiers) {. {-9223372036854775808 732 0 LMT}. {-2486679072 561 0 PMT}. {-1855958961 0 0 WET}. {-1689814800 3600 1 WEST}. {-1680397200 0 0 WET}. {-1665363600 3600 1 WEST}. {-1648342800 0 0 WET}. {-1635123600 3600 1 WEST}. {-1616893200 0 0 WET}. {-1604278800 3600 1 WEST}. {-1585443600 0 0 WET}. {-1574038800 3600 1 WEST}. {-1552266000 0 0 WET}. {-1539997200 3600 1 WEST}. {-1531443600 0 0 WET}. {-956365200 3600 1 WEST}. {-950486400 0 0 WET}. {-942012000 3600 0 CET}. {-812502000 7200 1 CEST}. {-796262400 3600 0 CET}. {-781052400 7200 1 CEST}. {-766630800 3600 0 CET}. {-733280400 0 0 WET}. {-439430400 3600 0 CET}. {-212029200 0 0 WET}. {41468400 3600 1 WEST}. {54774000 0 0 WET}. {231724800 3600 1 WEST}. {246240000 3600 0 CET}. {259545600 7200 1 CEST}. {275274000 3600 0 CET}. {309740400 0 0 WET}. {325468800 3600 1 WEST}. {3418020

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Asmara Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	179
Entropy (8bit):	4.750118730136804
Encrypted:	false
SSDEEP:
MD5:	F8CEC826666174899C038EC9869576ED
SHA1:	4CAA32BB070F31BE919F5A03141711DB22072E2C
SHA-256:	D9C940B3BE2F9E424BC6F69D665C21FBCA7F33789E1FE1D27312C0B38B75E097
SHA-512:	DA890F5A6806AE6774CFC061DFD4AE069F78212AB063287146245692383022AABB3637DEB49C1D512DA3499DC4295541962DAC05729302B3314E7BF306E6CB41
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Asmara) $TZData(:Africa/Nairobi).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Asmera Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	179
Entropy (8bit):	4.755468133981916
Encrypted:	false
SSDEEP:
MD5:	8B5DCBBDB2309381EAA8488E1551655F
SHA1:	65065868620113F759C5D37B89843A334E64D210
SHA-256:	F7C8CEE9FA2A4BF9F41ABA18010236AC4CCD914ACCA9E568C87EDA0503D54014
SHA-512:	B8E61E6D5057CD75D178B292CD19CBCED2A127099D95046A7448438BCC035DE4066FDD637E9055AC3914E4A8EAA1B0123FA0E90E4F7042B2C4551BB009F1D2E9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Asmera) $TZData(:Africa/Nairobi).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Bamako Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	179
Entropy (8bit):	4.83500517532947
Encrypted:	false
SSDEEP:
MD5:	FCBE668127DFD81CB0F730C878EB2F1A
SHA1:	F27C9D96A04A12AC7423A60A756732B360D6847D
SHA-256:	6F462C2C5E190EFCA68E882CD61D5F3A8EF4890761376F22E9905B1B1B6FDE9F
SHA-512:	B0E6E4F5B46A84C2D02A0519831B98F336AA79079FF2CB9F290D782335FB4FB39A3453520424ED3761D801B9FBE39228B1D045C40EDD70B29801C26592F9805A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Bamako) $TZData(:Africa/Abidjan).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Bangui Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.834042129935993
Encrypted:	false
SSDEEP:
MD5:	7A017656AB8048BD67250207CA265717
SHA1:	F2BB86BC7B7AB886738A33ADA37C444D6873DB94
SHA-256:	E31F69E16450B91D79798C1064FEA18DE89D5FE343D2DE4A5190BCF15225E69D
SHA-512:	695FA7369341F1F4BC1B629CDAB1666BEFE2E7DB32D75E5038DC17526A3CCE293DB36AFEB0955B06F5834D43AEF140F7A66EC52598444DBE8C8B70429DBE5FC5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Bangui) $TZData(:Africa/Lagos).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Banjul Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	179
Entropy (8bit):	4.839691887198201
Encrypted:	false
SSDEEP:
MD5:	149DD4375235B088386A2D187ED03FFB
SHA1:	5E879B778E2AB110AC7815D3D62A607A76AAB93B
SHA-256:	1769E15721DAFF477E655FF7A8491F4954FB2F71496287C6F9ED265FE5588E00
SHA-512:	4F997EDE6F04A89240E0950D605BB43D6814DCCA433F3A75F330FA13EE8729A10D20E9A0AAD6E6912370E350ABD5A65B878B914FCC9A5CA8503E3A5485E57B3E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Banjul) $TZData(:Africa/Abidjan).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Bissau Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	169
Entropy (8bit):	4.797400281087303
Encrypted:	false
SSDEEP:
MD5:	BA4959590575031330280A4ADC7017D1
SHA1:	34FBC2AFD2E13575D286062050D98ABC4BF7C7A6
SHA-256:	2C06A94A43AC7F0079E6FE371F0D5A06A7BF23A868AC3B10135BFC4266CD2D4E
SHA-512:	65E6161CB6AF053B53C7ABE1E4CAAD4F40E350D52BADCB95EB37138268D17CF48DDB0CA771F450ECD8E6A57C99BE2E8C2227A28B5C4AF3DE7F6D74F255118F04
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Bissau) {. {-9223372036854775808 -3740 0 LMT}. {-1830380400 -3600 0 -01}. {157770000 0 0 GMT}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Blantyre Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	178
Entropy (8bit):	4.856245693637169
Encrypted:	false
SSDEEP:
MD5:	3F6E187410D0109D05410EFC727FB5E5
SHA1:	CAB54D985823218E01EDF9165CABAB7A984EE93E
SHA-256:	9B2EEB0EF36F851349E254E1745D11B65CB30A16A2EE4A87004765688A5E0452
SHA-512:	E12D6DBEA8DE9E3FB236011B962FFE1AEB95E3353B13303C343565B60AA664508D51A011C66C3CE2460C52A901495F46D0500C9B74E19399AE66231E5D6200A0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Blantyre) $TZData(:Africa/Maputo).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Brazzaville Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	178
Entropy (8bit):	4.853052123353996
Encrypted:	false
SSDEEP:
MD5:	4F5159996C16A171D9B011C79FDDBF63
SHA1:	51BCA6487762E42528C845CCA33173B3ED707B3F
SHA-256:	E73ADC4283ECA7D8504ABC6CB28D98EB071ED867F77DE9FADA777181533AD1D0
SHA-512:	6E5D4DF903968395DFDB834FBD4B2A0294E945A9939D05BED8533674EA0ACE8393731DDCDFACF7F2C9A00D38DC8F5EDB173B4025CF05122B0927829D07ED203F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Brazzaville) $TZData(:Africa/Lagos).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Bujumbura Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	179
Entropy (8bit):	4.900915013374923
Encrypted:	false
SSDEEP:
MD5:	9E81B383C593422481B5066CF23B8CE1
SHA1:	8DD0408272CBE6DF1D5051CB4D9319B5A1BD770E
SHA-256:	9ADCD7CB6309049979ABF8D128C1D1BA35A02F405DB8DA8C39D474E8FA675E38
SHA-512:	9939ED703EC26350DE9CC59BF7A8C76B6B3FE3C67E47CCDDE86D87870711224ADEEC61D93AC7926905351B8333AD01FF235276A5AB766474B5884F8A0329C2CB
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Bujumbura) $TZData(:Africa/Maputo).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Cairo Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3720
Entropy (8bit):	3.687670811431724
Encrypted:	false
SSDEEP:
MD5:	1B38D083FC54E17D82935D400051F571
SHA1:	AE34C08176094F4C4BFEB4E1BBAE6034BCD03A11
SHA-256:	11283B69DE0D02EAB1ECF78392E3A4B32288CCFEF946F0432EC83327A51AEDDC
SHA-512:	581161079EC0F77EEB119C96879FD586AE49997BAD2C5124C360BCACF9136FF0A6AD70AE7D4C88F96BC94EEB87F628E8890E65DB9B0C96017659058D35436307
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Cairo) {. {-9223372036854775808 7509 0 LMT}. {-2185409109 7200 0 EET}. {-929844000 10800 1 EEST}. {-923108400 7200 0 EET}. {-906170400 10800 1 EEST}. {-892868400 7200 0 EET}. {-875844000 10800 1 EEST}. {-857790000 7200 0 EET}. {-844308000 10800 1 EEST}. {-825822000 7200 0 EET}. {-812685600 10800 1 EEST}. {-794199600 7200 0 EET}. {-779853600 10800 1 EEST}. {-762663600 7200 0 EET}. {-399088800 10800 1 EEST}. {-386650800 7200 0 EET}. {-368330400 10800 1 EEST}. {-355114800 7200 0 EET}. {-336790800 10800 1 EEST}. {-323654400 7200 0 EET}. {-305168400 10800 1 EEST}. {-292032000 7200 0 EET}. {-273632400 10800 1 EEST}. {-260496000 7200 0 EET}. {-242096400 10800 1 EEST}. {-228960000 7200 0 EET}. {-210560400 10800 1 EEST}. {-197424000 7200 0 EET}. {-178938000 10800 1 EEST}. {-165801600 7200 0 EET}. {-147402000 10800 1 EEST}. {-134265600 72

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Casablanca Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1567
Entropy (8bit):	3.593430930151928
Encrypted:	false
SSDEEP:
MD5:	9DB3A6EB1162C5D814B98265FB58D004
SHA1:	63ACAD6C18B49EF6794610ADED9865C8600A4D5C
SHA-256:	EF30CFFD1285339F4CC1B655CB4CB8C5D864C4B575D66F18919A35C084AA4E5F
SHA-512:	0581F6640BDDD8C33E82983F2186EB0952946C70A4B3F524EC78D1BE3EC1FA10BC3672A99CBA3475B28C0798D62A14F298207160F04EE0861EDDA352DA2BCCA0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Casablanca) {. {-9223372036854775808 -1820 0 LMT}. {-1773012580 0 0 +00}. {-956361600 3600 1 +00}. {-950490000 0 0 +00}. {-942019200 3600 1 +00}. {-761187600 0 0 +00}. {-617241600 3600 1 +00}. {-605149200 0 0 +00}. {-81432000 3600 1 +00}. {-71110800 0 0 +00}. {141264000 3600 1 +00}. {147222000 0 0 +00}. {199756800 3600 1 +00}. {207702000 0 0 +00}. {231292800 3600 1 +00}. {244249200 0 0 +00}. {265507200 3600 1 +00}. {271033200 0 0 +00}. {448243200 3600 0 +01}. {504918000 0 0 +00}. {1212278400 3600 1 +00}. {1220223600 0 0 +00}. {1243814400 3600 1 +00}. {1250809200 0 0 +00}. {1272758400 3600 1 +00}. {1281222000 0 0 +00}. {1301788800 3600 1 +00}. {1312066800 0 0 +00}. {1335664800 3600 1 +00}. {1342749600 0 0 +00}. {1345428000 3600 1 +00}. {1348970400 0 0 +00}. {1367114400 3600 1 +00}. {1373162400 0 0 +00}. {1376100000 3600

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Ceuta Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7277
Entropy (8bit):	3.744402699283941
Encrypted:	false
SSDEEP:
MD5:	261E339A2575F28099CD783B52F0980C
SHA1:	F7EB8B3DAE9C07382D5123225B3EAA4B5BFD47D6
SHA-256:	9C7D0E75AFC5681579D1018D7259733473EEDFFAF7313016B60159CB2A4DCAB5
SHA-512:	8E622174CB6DB4D0172DBC2E408867F03EBB7D1D54AA51D99C4465945CFF369AAFAF17D1D0F9277E69CBE3AD6AAF9A0C6EE056017474DF171E94BD28BBA9C04A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Ceuta) {. {-9223372036854775808 -1276 0 LMT}. {-2177452800 0 0 WET}. {-1630112400 3600 1 WEST}. {-1616810400 0 0 WET}. {-1451692800 0 0 WET}. {-1442451600 3600 1 WEST}. {-1427673600 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364774400 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333324800 0 0 WET}. {-1316390400 3600 1 WEST}. {-1301270400 0 0 WET}. {-1293840000 0 0 WET}. {-94694400 0 0 WET}. {-81432000 3600 1 WEST}. {-71110800 0 0 WET}. {141264000 3600 1 WEST}. {147222000 0 0 WET}. {199756800 3600 1 WEST}. {207702000 0 0 WET}. {231292800 3600 1 WEST}. {244249200 0 0 WET}. {265507200 3600 1 WEST}. {271033200 0 0 WET}. {448243200 3600 0 CET}. {504918000 3600 0 CET}. {512528400 7200 1 CEST}. {528253200 3600 0 CET}. {543978000 7200 1 CEST}. {559702800 3600 0 CET}. {575427600 7200 1 CEST}. {591152400 3600 0 CET}. {606877200 7200 1 CEST}

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Conakry Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	180
Entropy (8bit):	4.832452688412801
Encrypted:	false
SSDEEP:
MD5:	DC007D4B9C02AAD2DBD48E73624B893E
SHA1:	9BEE9D21566D6C6D4873EFF9429AE3D3F85BA4E4
SHA-256:	3BF37836C9358EC0ABD9691D8F59E69E8F6084A133A50650239890C458D4AA41
SHA-512:	45D3BC383A33F7079A6D04079112FD73DB2DDBB7F81BFF8172FABCAA949684DC31C8B156E647F77AF8BA26581D3812D510C250CDC4D7EEEC788DDB2B77CD47E8
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Conakry) $TZData(:Africa/Abidjan).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Dakar Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	178
Entropy (8bit):	4.8075658510312484
Encrypted:	false
SSDEEP:
MD5:	CDA180DB8DF825268DB06298815C96F0
SHA1:	20B082082CFA0DF49C0DF4FD698EBD061280A2BB
SHA-256:	95D31A4B3D9D9977CBDDD55275492A5A954F431B1FD1442C519255FBC0DBA615
SHA-512:	2D35698DE3BF1E90AB37C84ED4E3D0B57F02555A8AEB98659717EEC1D5EED17044D446E12B5AAC12A9721A3F9667343C5CACD7AB00BF986285B8084FF9384654
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Dakar) $TZData(:Africa/Abidjan).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Dar_es_Salaam Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	186
Entropy (8bit):	4.795449330458551
Encrypted:	false
SSDEEP:
MD5:	AF8E3E86312E3A789B82CECEDDB019CE
SHA1:	6B353BAB18E897151BF274D6ACF410CDFF6F00F0
SHA-256:	F39E4CABE33629365C2CEF6037871D698B942F0672F753212D768E865480B822
SHA-512:	9891AA26C4321DD5C4A9466F2EE84B14F18D3FFD71D6E8D2DE5CAFE4DC563D85A934B7B4E55926B30181761EF8C9B6C97746F522718BAE9DCBE4BDDE70C42B53
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Dar_es_Salaam) $TZData(:Africa/Nairobi).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Djibouti Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	181
Entropy (8bit):	4.779330261863059
Encrypted:	false
SSDEEP:
MD5:	1440C37011F8F31213AE5833A3FCD5E1
SHA1:	9EEE9D7BB3A1E29EDDE90D7DBE63ED50513A909B
SHA-256:	A4E0E775206EDBA439A454649A7AC94AE3AFEADC8717CBD47FD7B8AC41ADB06F
SHA-512:	D82FF9C46C8845A6F15DC96AF8D98866C601EF0B4F7F5F0260AD571DD46931E90443FFEB5910D5805C5A43F6CC8866116066565646AE2C96E1D260999D1641F0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Djibouti) $TZData(:Africa/Nairobi).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Douala Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.800219030063992
Encrypted:	false
SSDEEP:
MD5:	18C0C9E9D5154E20CC9301D5012066B9
SHA1:	8395E917261467EC5C27034C980EDD05F2242F40
SHA-256:	0595C402B8499FC1B67C196BEE24BCA4DE14D3E10B8DBBD2840D2B4C88D9DF28
SHA-512:	C53540E25B76DF8EC3E2A5F27B473F1D6615BFBD043E133867F3391B057D8552350F912DF55DD11C1357765EF76D8E286BBBE839F28295D09751243DC0201BDF
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Douala) $TZData(:Africa/Lagos).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\El_Aaiun Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	3.6551425401331312
Encrypted:	false
SSDEEP:
MD5:	8E9FF3CB18879B1C69A04F45715D24BB
SHA1:	EF391BF1C3E1DEC08D8158B82B2FB0ED3E69866E
SHA-256:	A6CFC4359B7E2D650B1851D805FF5CD4562D0D1253793EA0978819B9A2FCC0E2
SHA-512:	6BFF03EE8973E2204181967987930EECDD39789DB353DB2EFC786027A8013CFF4835FAB9E3F0AF935D2A2D49CCEBE565FD481BA230EDF4D22A7848D4781C877C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/El_Aaiun) {. {-9223372036854775808 -3168 0 LMT}. {-1136070432 -3600 0 -01}. {198291600 0 0 +00}. {199756800 3600 1 +00}. {207702000 0 0 +00}. {231292800 3600 1 +00}. {244249200 0 0 +00}. {265507200 3600 1 +00}. {271033200 0 0 +00}. {1212278400 3600 1 +00}. {1220223600 0 0 +00}. {1243814400 3600 1 +00}. {1250809200 0 0 +00}. {1272758400 3600 1 +00}. {1281222000 0 0 +00}. {1301788800 3600 1 +00}. {1312066800 0 0 +00}. {1335664800 3600 1 +00}. {1342749600 0 0 +00}. {1345428000 3600 1 +00}. {1348970400 0 0 +00}. {1367114400 3600 1 +00}. {1373162400 0 0 +00}. {1376100000 3600 1 +00}. {1382839200 0 0 +00}. {1396144800 3600 1 +00}. {1403920800 0 0 +00}. {1406944800 3600 1 +00}. {1414288800 0 0 +00}. {1427594400 3600 1 +00}. {1434247200 0 0 +00}. {1437271200 3600 1 +00}. {1445738400 0 0 +00}. {1459044000 3600 1 +00}. {146509200

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Freetown Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	181
Entropy (8bit):	4.817633094200984
Encrypted:	false
SSDEEP:
MD5:	035B36DF91F67179C8696158F58D0CE8
SHA1:	E43BFF33090324110048AC19CBA16C4ED8D8B3FE
SHA-256:	3101942D9F3B2E852C1D1EA7ED85826AB9EA0F8953B9A0E6BAC32818A2EC9EDD
SHA-512:	A7B52154C6085E5D234D6D658BA48D2C8EC093A429C3907BE7D16654F6EE9EBE8E3100187650956E5164B18340AB0C0979C1F4FA90EFE0CC423FBA5F14F45215
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Freetown) $TZData(:Africa/Abidjan).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Gaborone Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	178
Entropy (8bit):	4.8512443534123255
Encrypted:	false
SSDEEP:
MD5:	BA2C7443CFCB3E29DB84FEC16B3B3843
SHA1:	2BA7D68C48A79000B1C27588A20A751AA04C5779
SHA-256:	28C1453496C2604AA5C42A88A060157BDFE22F28EDD1FBC7CC63B02324ED8445
SHA-512:	B275ABAADA7352D303EFEAD66D897BE3099A33B80EA849F9F1D98D522AA9A3DC44E1D979C0ABF2D7886BACF2F86D25837C971ECE6B2AF731BE2EE0363939CBDE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Gaborone) $TZData(:Africa/Maputo).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Harare Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	176
Entropy (8bit):	4.835896095919456
Encrypted:	false
SSDEEP:
MD5:	59137CFDB8E4B48599FB417E0D8A4A70
SHA1:	F13F9932C0445911E395377FB51B859E4F72862A
SHA-256:	E633C6B619782DA7C21D548E06E6C46A845033936346506EA0F2D4CCCDA46028
SHA-512:	2DCEB9A9FA59512ADCDE4946F055718A8C8236A912F6D521087FC348D52FFF462B5712633FDA5505876C500F5FD472381B3AC90CF1AEDF0C96EA08E0A0D3B7BA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Harare) $TZData(:Africa/Maputo).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Johannesburg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	298
Entropy (8bit):	4.638948195674004
Encrypted:	false
SSDEEP:
MD5:	256740512DCB35B4743D05CC24C636DB
SHA1:	1FD418712B3D7191549BC0808CF180A682AF7FC1
SHA-256:	768E9B2D9BE96295C35120414522FA6DD3EDA4500FE86B6D398AD452CAF6FA4B
SHA-512:	DCFF6C02D1328297BE24E0A640F5823BFD23BDE67047671AC18EB0B1F450C717E273B27A48857F54A18D6877AB8132AAED94B2D87D2F962DA43FE473FC3DDC94
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Johannesburg) {. {-9223372036854775808 6720 0 LMT}. {-2458173120 5400 0 SAST}. {-2109288600 7200 0 SAST}. {-860976000 10800 1 SAST}. {-845254800 7200 0 SAST}. {-829526400 10800 1 SAST}. {-813805200 7200 0 SAST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Juba Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1059
Entropy (8bit):	3.9545766161038602
Encrypted:	false
SSDEEP:
MD5:	79FCA072C6AABA65FB2DC83F33BFA17E
SHA1:	AC86AA9B0EAACAB1E4FDB14AECD8D884F8329A5A
SHA-256:	C084565CC6C217147C00DCA7D885AC917CFC8AF4A33CBA146F28586AD6F9832C
SHA-512:	9F19DEA8E21CE3D3DCA0AFC5588203DBB6F5A13BBE10CFDA0CEBE4A417384B85DB3BFFC48687EF7AD27268715FC154E235C106EC91875BA646C6759D285F1027
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Juba) {. {-9223372036854775808 7588 0 LMT}. {-1230775588 7200 0 CAT}. {10360800 10800 1 CAST}. {24786000 7200 0 CAT}. {41810400 10800 1 CAST}. {56322000 7200 0 CAT}. {73432800 10800 1 CAST}. {87944400 7200 0 CAT}. {104882400 10800 1 CAST}. {119480400 7200 0 CAT}. {136332000 10800 1 CAST}. {151016400 7200 0 CAT}. {167781600 10800 1 CAST}. {182552400 7200 0 CAT}. {199231200 10800 1 CAST}. {214174800 7200 0 CAT}. {230680800 10800 1 CAST}. {245710800 7200 0 CAT}. {262735200 10800 1 CAST}. {277246800 7200 0 CAT}. {294184800 10800 1 CAST}. {308782800 7200 0 CAT}. {325634400 10800 1 CAST}. {340405200 7200 0 CAT}. {357084000 10800 1 CAST}. {371941200 7200 0 CAT}. {388533600 10800 1 CAST}. {403477200 7200 0 CAT}. {419983200 10800 1 CAST}. {435013200 7200 0 CAT}. {452037600 10800 1 CAST}. {466635600 7200 0 CAT}. {483487200 10800 1 CAST

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Kampala Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	180
Entropy (8bit):	4.787605387034664
Encrypted:	false
SSDEEP:
MD5:	8CF1CA04CD5FC03D3D96DC49E98D42D4
SHA1:	4D326475E9216089C872D5716C54DEB94590FCDE
SHA-256:	A166E17E3A4AB7C5B2425A17F905484EBFDBA971F88A221155BCA1EC5D28EA96
SHA-512:	1301B9469ED396198A2B87CBA254C66B148036C0117D7D4A8286CB8729296AD735DF16581AEF0715CEE24213E91970F181824F3A64BCF91435FDAD85DCD78C84
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Kampala) $TZData(:Africa/Nairobi).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Khartoum Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	3.9616554773567083
Encrypted:	false
SSDEEP:
MD5:	A00B0C499DE60158C9990CFE9628FEA4
SHA1:	44B768C63E170331396B4B81ABF0E3EDD8B0D864
SHA-256:	FCFF440D525F3493447C0ACFE32BB1E8BCDF3F1A20ADC3E0F5D2B245E2DB10E9
SHA-512:	30BF22857AA4C26FC6178C950AB6EAB472F2AC77D2D8EB3A209DCDEF2DDC8312B0AB6DA3428936CA16225ABE652DDB8536D870DB1905027AD7BD7FF245871556
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Khartoum) {. {-9223372036854775808 7808 0 LMT}. {-1230775808 7200 0 CAT}. {10360800 10800 1 CAST}. {24786000 7200 0 CAT}. {41810400 10800 1 CAST}. {56322000 7200 0 CAT}. {73432800 10800 1 CAST}. {87944400 7200 0 CAT}. {104882400 10800 1 CAST}. {119480400 7200 0 CAT}. {136332000 10800 1 CAST}. {151016400 7200 0 CAT}. {167781600 10800 1 CAST}. {182552400 7200 0 CAT}. {199231200 10800 1 CAST}. {214174800 7200 0 CAT}. {230680800 10800 1 CAST}. {245710800 7200 0 CAT}. {262735200 10800 1 CAST}. {277246800 7200 0 CAT}. {294184800 10800 1 CAST}. {308782800 7200 0 CAT}. {325634400 10800 1 CAST}. {340405200 7200 0 CAT}. {357084000 10800 1 CAST}. {371941200 7200 0 CAT}. {388533600 10800 1 CAST}. {403477200 7200 0 CAT}. {419983200 10800 1 CAST}. {435013200 7200 0 CAT}. {452037600 10800 1 CAST}. {466635600 7200 0 CAT}. {483487200 10800 1

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Kigali Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	176
Entropy (8bit):	4.8623059127375585
Encrypted:	false
SSDEEP:
MD5:	32AE0D7A7E7F0DF7AD0054E959A53B09
SHA1:	AE455C96401EBB1B2BDE5674A71A182D9E12D7BD
SHA-256:	7273FA039D250CABAE2ACCE926AB483B0BF16B0D77B9C2A7B499B9BDFB9E1CBB
SHA-512:	DC8E89A75D7212D398A253E6FF3D10AF72B7E14CBC07CA53C6CB01C8CE40FB12375E50AD4291C973C872566F8D875D1E1A2CF0A38F02C91355B957095004563E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Kigali) $TZData(:Africa/Maputo).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Kinshasa Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	175
Entropy (8bit):	4.816805447465336
Encrypted:	false
SSDEEP:
MD5:	90EC372D6C8677249C8C2841432F0FB7
SHA1:	5D5E549496962420F56897BC01887B09EC863D78
SHA-256:	56F7CA006294049FA92704EDEAD78669C1E9EABE007C41F722E972BE2FD58A37
SHA-512:	93FD7C8F5C6527DCCFBF21043AB5EED21862A22DA1FDB3ED7635723060C9252D76541DAD3A76EBF8C581A82A6DBEF2766DD428ACE3A9D6A45954A787B686B1CA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Kinshasa) $TZData(:Africa/Lagos).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Lagos Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	141
Entropy (8bit):	4.965079502032549
Encrypted:	false
SSDEEP:
MD5:	51D7AC832AE95CFDE6098FFA6FA2B1C7
SHA1:	9DA61FDA03B4EFDA7ACC3F83E8AB9495706CCEF1
SHA-256:	EEDA5B96968552C12B916B39217005BF773A99CA17996893BC87BCC09966B954
SHA-512:	128C8D3A0AA7CF4DFAE326253F236058115028474BF122F14AB9461D910A03252FEEB420014CA91ACFBF94DF05FBFCADE98217FC59A86A2581BB68CDC83E88C8
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Lagos) {. {-9223372036854775808 816 0 LMT}. {-1588464816 3600 0 WAT}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Libreville Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	177
Entropy (8bit):	4.816649832558406
Encrypted:	false
SSDEEP:
MD5:	D1387B464CFCFE6CB2E10BA82D4EEE0E
SHA1:	F672B694551AB4228D4FC938D0CC2DA635EB8878
SHA-256:	BEE63E4DF9D03D2F5E4100D0FCF4E6D555173083A4470540D4ADC848B788A2FC
SHA-512:	DEB95AAB852772253B60F83DA9CE5E24144386DFBFB1F1E9A77905511181EC84FD13B00200602D6C276820527206EE0078DDE81CC0F1B1276B8BF4360C2CDB1E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Libreville) $TZData(:Africa/Lagos).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Lome Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	177
Entropy (8bit):	4.813464796454866
Encrypted:	false
SSDEEP:
MD5:	D2AA823E78DD8E0A0C83508B6378DE5D
SHA1:	C26E03EF84C3C0B6001F0D4471907A94154E6850
SHA-256:	345F3F9422981CC1591FBC1B5B17A96F2F00F0C191DF23582328D44158041CF0
SHA-512:	908F8D096DA6A336703E7601D03477CECBCDC8D404C2410C7F419986379A14943BB61B0D92D87160D5F1EF5B229971B2B9D122D2B3F70746CED0D4D6B10D7412
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Lome) $TZData(:Africa/Abidjan).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Luanda Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.807298951345495
Encrypted:	false
SSDEEP:
MD5:	E851465BCA70F325B0B07E782D6A759E
SHA1:	3B3E0F3FD7AF99F941A3C70A2A2564C9301C8CFB
SHA-256:	F7E1DCBAE881B199F2E2BF18754E145DDED230518C691E7CB34DAE3C922A6063
SHA-512:	5F655B45D7A16213CE911EDAD935C1FEE7A947C0F5157CE20712A00B2A12A34AE51D5C05A392D2FF3A0B2DA7787D6C614FF100DDE7788CA01AAE21F10DD1CC3A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Luanda) $TZData(:Africa/Lagos).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Lubumbashi Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	180
Entropy (8bit):	4.893308860167744
Encrypted:	false
SSDEEP:
MD5:	CD638B7929FB8C474293D5ECF1FE94D3
SHA1:	149AD0F3CF8AC1795E84B97CFF5CEB1FD26449C4
SHA-256:	41D32824F28AE235661EE0C959E0F555C44E3E78604D6D2809BBA2254FD47258
SHA-512:	D762C49B13961A01526C0DD9D7A55E202448E1B46BA64F701FB2E0ABE0F44B2C3DF743864B9E62DC07FD6CEA7197945CE246C89CDACB1FEC0F924F3ECC46B170
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Lubumbashi) $TZData(:Africa/Maputo).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Lusaka Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	176
Entropy (8bit):	4.857012096036922
Encrypted:	false
SSDEEP:
MD5:	3769866ADC24DA6F46996E43079C3545
SHA1:	546FA9C76A1AE5C6763B31FC7214B8A2B18C3C52
SHA-256:	5BAF390EA1CE95227F586423523377BABD141F0B5D4C31C6641E59C6E29FFAE0
SHA-512:	DEA8CAB330F6321AD9444DB9FEC58E2CBCC79404B9E5539EABB52DBC9C3AC01BA1E8A3E1EC32906F02E4E4744271D84B626A5C32A8CD8B22210C42DD0E774A9C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Lusaka) $TZData(:Africa/Maputo).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Malabo Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.807416212132411
Encrypted:	false
SSDEEP:
MD5:	37C13E1D11C817BA70DDC84E768F8891
SHA1:	0765A45CC37EB71F4A5D2B8D3359AEE554C647FF
SHA-256:	8F4F0E1C85A33E80BF7C04CF7E0574A1D829141CC949D2E38BDCC174337C5BAE
SHA-512:	1E31BBA68E85A8603FBDD27DA68382CBC6B0E1AB0763E86516D3EFD15CFF106DE02812756F504AEE799BF6742423DF5732352D488B3F05B889BE5E48594F558D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Malabo) $TZData(:Africa/Lagos).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Maputo Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	143
Entropy (8bit):	4.906945970372021
Encrypted:	false
SSDEEP:
MD5:	5497C01E507E7C392944946FCD984852
SHA1:	4C3FD215E931CE36FF095DD9D23165340D6EECFE
SHA-256:	C87A6E7B3B84CFFA4856C4B6C37C5C8BA5BBB339BDDCD9D2FD34CF17E5553F5D
SHA-512:	83A2AA0ED1EB22056FFD3A847FB63DD09302DA213FE3AB660C41229795012035B5EA64A3236D3871285A8E271458C2DA6FCD599E5747F2F842E742C11222671A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Maputo) {. {-9223372036854775808 7820 0 LMT}. {-2109291020 7200 0 CAT}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Maseru Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	194
Entropy (8bit):	4.91873415322653
Encrypted:	false
SSDEEP:
MD5:	71A4197C8062BBFCCC62DCEFA87A25F9
SHA1:	7490FAA5A0F5F20F456E71CBF51AA6DEB1F1ACC8
SHA-256:	4B33414E2B59E07028E9742FA4AE34D28C08FD074DDC6084EDB1DD179198B3C1
SHA-512:	A71CCB957FB5102D493320F48C94ADB642CCAA5F7F28BDDE05D1BB175C29BCBAC4D19DBC481AC0C80CE48F8E3840746C126CBC9CE511CA48D4E53DE22B3D66E7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Johannesburg)]} {. LoadTimeZoneFile Africa/Johannesburg.}.set TZData(:Africa/Maseru) $TZData(:Africa/Johannesburg).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Mbabane Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	195
Entropy (8bit):	4.911369740193625
Encrypted:	false
SSDEEP:
MD5:	8F4C02CE326FAEEBD926F94B693BFF9E
SHA1:	9E8ABB12E4CFE341F24F5B050C75DDE3D8D0CB53
SHA-256:	029AD8C75A779AED71FD233263643DADE6DF878530C47CF140FC8B7755DDA616
SHA-512:	4B7D2D1D8DA876ABCD1E44FD5E4C992287F2B62B7C7BC3D6FD353E6312053F6762DBD11C0F27056EF8E37C8A2AF8E5111CF09D4EB6BB32EC1FF77F4C0C37917B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Johannesburg)]} {. LoadTimeZoneFile Africa/Johannesburg.}.set TZData(:Africa/Mbabane) $TZData(:Africa/Johannesburg).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Mogadishu Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	182
Entropy (8bit):	4.828470940863702
Encrypted:	false
SSDEEP:
MD5:	B686E9408AB6EC58F3301D954A068C7E
SHA1:	C1259C31F93EB776F0F401920F076F162F3FFB2D
SHA-256:	79DB89294DAE09C215B9F71C61906E49AFAA5F5F27B4BC5B065992A45B2C183D
SHA-512:	CF96C687D33E68EB498A63EC262FC968858504410F670C6F492532F7C22F507BEACD41888B0A7527C30974DC545CCA9C015898E2D7C0C6D14C14C88F8BBED5C5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Mogadishu) $TZData(:Africa/Nairobi).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Monrovia Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	200
Entropy (8bit):	4.81604007062907
Encrypted:	false
SSDEEP:
MD5:	8F9D1916FF86E2F8C5C9D4ABCC405D53
SHA1:	286BFEC8F7CE6729F84FD6CFEE6A40B7277A4DFF
SHA-256:	182F2608422FF14C53DC8AC1EDFFE054AE011275C1B5C2423E286AD95910F44C
SHA-512:	7EEF6840E54313EF1127694F550986BF97BB1C8BD51DED0AB6D5842B74B5BF0406C65B293F1106E69DDFA0B01AD46756492DEDD9ECCBD077BB75FDA95A9E1912
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Monrovia) {. {-9223372036854775808 -2588 0 LMT}. {-2776979812 -2588 0 MMT}. {-1604359012 -2670 0 MMT}. {63593070 0 0 GMT}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Nairobi Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	235
Entropy (8bit):	4.70181156382821
Encrypted:	false
SSDEEP:
MD5:	B6562D5A53E05FAAD80671C88A9E01D3
SHA1:	0014B14CFDDE47E603962935F8297C4C46533084
SHA-256:	726980DCC13E0596094E01B8377E17029A2FCCE6FE93538C61E61BA620DD0971
SHA-512:	D9C2838C89B0537C7F7A7319600D69D09AC004BD72358B452425A3B4861140246F71A94F004C2EF739620E81062F37ED9DA6D518F74956630006DD5674925A63
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Nairobi) {. {-9223372036854775808 8836 0 LMT}. {-1309746436 10800 0 EAT}. {-1262314800 9000 0 +0230}. {-946780200 9900 0 +0245}. {-315629100 10800 0 EAT}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Ndjamena Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	200
Entropy (8bit):	4.8064239600480985
Encrypted:	false
SSDEEP:
MD5:	459DA3ECBE5C32019D1130DDEAB10BAA
SHA1:	DD1F6653A7B7B091A57EC59E271197CEC1892594
SHA-256:	F36F8581755E1B40084442C43C60CC904C908285C4D719708F2CF1EADB778E2E
SHA-512:	FF74D540157DE358E657E968C9C040B8FE5C806D22782D878575BFAC68779303E6071DC84D6773BC06D299AC971B0EB6B38CA50439161574B5A50FF6F1704046
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Ndjamena) {. {-9223372036854775808 3612 0 LMT}. {-1830387612 3600 0 WAT}. {308703600 7200 1 WAST}. {321314400 3600 0 WAT}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Niamey Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.822255424633636
Encrypted:	false
SSDEEP:
MD5:	3142A6EAC3F36C872E7C32F8AF43A0F8
SHA1:	0EACF849944A55D4AB8198DDD0D3C5494D1986DA
SHA-256:	1704A1A82212E6DB71DA54E799D81EFA3279CD53A6BFA980625EE11126603B4C
SHA-512:	BB3DADC393D0CF87934629BBFAFAD3AD9149B80843FC5447670812357CC4DFBCAF71F7104EBF743C06517BB42111B0DB9028B22F401A50E17085431C9200DAB2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Niamey) $TZData(:Africa/Lagos).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Nouakchott Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	183
Entropy (8bit):	4.862257004762335
Encrypted:	false
SSDEEP:
MD5:	6849FA8FFC1228286B08CE0950FEB4DD
SHA1:	7F8E8069BA31E2E549566011053DA01DEC5444E9
SHA-256:	2071F744BC880E61B653E2D84CED96D0AD2485691DDE9FFD38D3063B91E4F41F
SHA-512:	30211297C2D8255D4B5195E9781931861A4DF55C431FFC6F83FE9C00A0089ED56179C07D33B1376C5DE8C0A9ABF2CFE473EF32AD14239DFD9599EA66BC286556
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Nouakchott) $TZData(:Africa/Abidjan).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Porto-Novo Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	177
Entropy (8bit):	4.845403930433216
Encrypted:	false
SSDEEP:
MD5:	9A4C8187E8AC86B1CF4177702A2D933A
SHA1:	6B54BBBE6D7ABC780EE11922F3AC50CDE3740A1F
SHA-256:	6292CC41FE34D465E3F38552BDE22F456E16ABCBAC0E0B813AE7566DF3725E83
SHA-512:	8008DB5E6F4F8144456021BB6B112B24ADB1194B1D544BBCB3E101E0684B63F4673F06A264C651A4BC0296CB81F7B4D73D47EAC7E1EC98468908E8B0086B2DDD
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Porto-Novo) $TZData(:Africa/Lagos).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Sao_Tome Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	200
Entropy (8bit):	4.8463501042309645
Encrypted:	false
SSDEEP:
MD5:	D28C0D0628DE3E5D9662A3376B20D5B4
SHA1:	464351F257655F10732CA9A1E59CF6587B33F8A1
SHA-256:	B9F317EAA504A195BD658BA7EE9EE22D816BF46A1FFDB8D8DA573D311A5FF78A
SHA-512:	B056E7A16CE8E5CC420F88AF26E893348117306D66ED2DF4C6A6C2CA9F48783714E08AACF94BC646A1B4A2B3FB2080A4E53EDF4633C9AE259BBBA3F8ABE4DEE3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Sao_Tome) {. {-9223372036854775808 1616 0 LMT}. {-2713912016 -2205 0 LMT}. {-1830384000 0 0 GMT}. {1514768400 3600 0 WAT}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Timbuktu Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	181
Entropy (8bit):	4.85737401659099
Encrypted:	false
SSDEEP:
MD5:	AF295B9595965712D77952D692F02C6B
SHA1:	BC6737BD9BFD52FE538376A1441C59FB4FC1A038
SHA-256:	13A06D69AEB38D7A2D35DF3802CEE1A6E15FA1F5A6648328A9584DD55D11E58C
SHA-512:	E47C5EA2DFBC22CF9EAC865F67D01F5593D3CDDB51FDE24CDD13C8957B70F50111675D8E94CA859EC9B6FAA109B3EFA522C3985A69FE5334156FEE66B607006E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Timbuktu) $TZData(:Africa/Abidjan).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Tripoli Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	920
Entropy (8bit):	4.074538534246205
Encrypted:	false
SSDEEP:
MD5:	A53F5CD6FE7C2BDD8091E38F26EEA4D1
SHA1:	90FB5EE343FCC78173F88CA59B35126CC8C07447
SHA-256:	D2FCC1AD3BFE20954795F2CDFFFE96B483E1A82640B79ADAA6062B96D143E3C7
SHA-512:	965E42972994AE79C9144323F87C904F393BA0CDF75186C346DA77CFAA1A2868C68AF8F2F1D63D5F06C5D1D4B96BA724DD4BC0DF7F5C4BD77E379AA674AE12DA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Tripoli) {. {-9223372036854775808 3164 0 LMT}. {-1577926364 3600 0 CET}. {-574902000 7200 1 CEST}. {-512175600 7200 1 CEST}. {-449888400 7200 1 CEST}. {-347158800 7200 0 EET}. {378684000 3600 0 CET}. {386463600 7200 1 CEST}. {402271200 3600 0 CET}. {417999600 7200 1 CEST}. {433807200 3600 0 CET}. {449622000 7200 1 CEST}. {465429600 3600 0 CET}. {481590000 7200 1 CEST}. {496965600 3600 0 CET}. {512953200 7200 1 CEST}. {528674400 3600 0 CET}. {544230000 7200 1 CEST}. {560037600 3600 0 CET}. {575852400 7200 1 CEST}. {591660000 3600 0 CET}. {607388400 7200 1 CEST}. {623196000 3600 0 CET}. {641775600 7200 0 EET}. {844034400 3600 0 CET}. {860108400 7200 1 CEST}. {875919600 7200 0 EET}. {1352505600 3600 0 CET}. {1364515200 7200 1 CEST}. {1382662800 7200 0 EET}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Tunis Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1072
Entropy (8bit):	4.074604685883076
Encrypted:	false
SSDEEP:
MD5:	1899EDCB30CDDE3A13FB87C026CD5D87
SHA1:	4C7E25A36E0A62F3678BCD720FCB8911547BAC8D
SHA-256:	F0E01AA40BB39FE64A2EB2372E0E053D59AA65D64496792147FEFBAB476C4EC3
SHA-512:	FD22A2A7F9F8B66396152E27872CCBA6DA967F279BAF21BC91EF76E86B59505B3C21D198032B853427D9FFAB394FBB570F849B257D6F6821916C9AB29E7C37A1
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Tunis) {. {-9223372036854775808 2444 0 LMT}. {-2797202444 561 0 PMT}. {-1855958961 3600 0 CET}. {-969242400 7200 1 CEST}. {-950493600 3600 0 CET}. {-941940000 7200 1 CEST}. {-891136800 3600 0 CET}. {-877827600 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-842918400 3600 0 CET}. {-842223600 7200 1 CEST}. {-828230400 3600 0 CET}. {-812502000 7200 1 CEST}. {-796269600 3600 0 CET}. {-781052400 7200 1 CEST}. {-766634400 3600 0 CET}. {231202800 7200 1 CEST}. {243903600 3600 0 CET}. {262825200 7200 1 CEST}. {276044400 3600 0 CET}. {581122800 7200 1 CEST}. {591145200 3600 0 CET}. {606870000 7200 1 CEST}. {622594800 3600 0 CET}. {641516400 7200 1 CEST}. {654649200 3600 0 CET}. {1114902000 7200 1 CEST}. {1128038400 3600 0 CET}. {1143334800 7200 1 CEST}. {1162083600 3600 0 CET}. {1174784400 7200 1 CEST}. {1193533200

C:\Users\user\AppData\Local\Update\tcl\tzdata\Africa\Windhoek Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1591
Entropy (8bit):	3.915421470240155
Encrypted:	false
SSDEEP:
MD5:	18BD78EB14E153DAAAAE70B0A6A2510C
SHA1:	A91BA216A2AB62B138B1F0247D75FBA14A5F05C0
SHA-256:	639A57650A4EA5B866EAAA2EEC0562233DC92CF9D6955AC387AD954391B850B1
SHA-512:	88F34732F843E95F2A2AD4FAA0B5F945DD69B65FDDB4BB7DD957B95283B7AE995F52050B45A6332864C1C5CC4611390F6827D82569D343B5E1B9DDFE0AE5A633
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Windhoek) {. {-9223372036854775808 4104 0 LMT}. {-2458170504 5400 0 +0130}. {-2109288600 7200 0 SAST}. {-860976000 10800 1 SAST}. {-845254800 7200 0 SAST}. {637970400 7200 0 CAT}. {764200800 3600 1 WAT}. {778640400 7200 0 CAT}. {796780800 3600 1 WAT}. {810090000 7200 0 CAT}. {828835200 3600 1 WAT}. {841539600 7200 0 CAT}. {860284800 3600 1 WAT}. {873594000 7200 0 CAT}. {891734400 3600 1 WAT}. {905043600 7200 0 CAT}. {923184000 3600 1 WAT}. {936493200 7200 0 CAT}. {954633600 3600 1 WAT}. {967942800 7200 0 CAT}. {986083200 3600 1 WAT}. {999392400 7200 0 CAT}. {1018137600 3600 1 WAT}. {1030842000 7200 0 CAT}. {1049587200 3600 1 WAT}. {1062896400 7200 0 CAT}. {1081036800 3600 1 WAT}. {1094346000 7200 0 CAT}. {1112486400 3600 1 WAT}. {1125795600 7200 0 CAT}. {1143936000 3600 1 WAT}. {1157245200 7200 0 CAT}. {1175385600 3600 1 WAT}

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Adak Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8171
Entropy (8bit):	3.783938143940452
Encrypted:	false
SSDEEP:
MD5:	DD838D2C8CF84B775BBCBA7868E7FFB5
SHA1:	509CFC15E2CBFC2F183B4A3CDEC42C8427EBA825
SHA-256:	01A88ADE038DDD264B74ED921441642CAA93830CEF9594F70188CCF6D19C4664
SHA-512:	9D520CADC0134E7812B5643311246CED011A22D50240A03260478C90B69EC325AE5BD7548BA266E00253AC3288605A912C5DBB026EA1516CB2030F302BFCDF0E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Adak) {. {-9223372036854775808 44002 0 LMT}. {-3225223727 -42398 0 LMT}. {-2188944802 -39600 0 NST}. {-883573200 -39600 0 NST}. {-880196400 -36000 1 NWT}. {-769395600 -36000 1 NPT}. {-765374400 -39600 0 NST}. {-757342800 -39600 0 NST}. {-86878800 -39600 0 BST}. {-31496400 -39600 0 BST}. {-21466800 -36000 1 BDT}. {-5745600 -39600 0 BST}. {9982800 -36000 1 BDT}. {25704000 -39600 0 BST}. {41432400 -36000 1 BDT}. {57758400 -39600 0 BST}. {73486800 -36000 1 BDT}. {89208000 -39600 0 BST}. {104936400 -36000 1 BDT}. {120657600 -39600 0 BST}. {126709200 -36000 1 BDT}. {152107200 -39600 0 BST}. {162392400 -36000 1 BDT}. {183556800 -39600 0 BST}. {199285200 -36000 1 BDT}. {215611200 -39600 0 BST}. {230734800 -36000 1 BDT}. {247060800 -39600 0 BST}. {262789200 -36000 1 BDT}. {278510400 -39600 0 BST}. {294238800 -36000 1 BDT}. {309960000 -3

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Anchorage Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8410
Entropy (8bit):	3.882284820226162
Encrypted:	false
SSDEEP:
MD5:	30468928CFDD0B6AAC8EA5BF84956E21
SHA1:	0B146D4D789CD49F0A7FEDFFE85FFD31C0926D9C
SHA-256:	202A45DEBFD6E92EF21E2FFF37281C1DE5B4AF4C79DC59A642013EBB37FE5AF0
SHA-512:	721049A2C751BC3F90B0D757C85F59971B46C70942B2F8A20B0E0E0834B89BBE9A5F16D20AEB5F58C1B6268D71DD5F39F9135C60FDE692E3E472598E054C1D96
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Anchorage) {. {-9223372036854775808 50424 0 LMT}. {-3225223727 -35976 0 LMT}. {-2188951224 -36000 0 AST}. {-883576800 -36000 0 AST}. {-880200000 -32400 1 AWT}. {-769395600 -32400 1 APT}. {-765378000 -36000 0 AST}. {-86882400 -36000 0 AHST}. {-31500000 -36000 0 AHST}. {-21470400 -32400 1 AHDT}. {-5749200 -36000 0 AHST}. {9979200 -32400 1 AHDT}. {25700400 -36000 0 AHST}. {41428800 -32400 1 AHDT}. {57754800 -36000 0 AHST}. {73483200 -32400 1 AHDT}. {89204400 -36000 0 AHST}. {104932800 -32400 1 AHDT}. {120654000 -36000 0 AHST}. {126705600 -32400 1 AHDT}. {152103600 -36000 0 AHST}. {162388800 -32400 1 AHDT}. {183553200 -36000 0 AHST}. {199281600 -32400 1 AHDT}. {215607600 -36000 0 AHST}. {230731200 -32400 1 AHDT}. {247057200 -36000 0 AHST}. {262785600 -32400 1 AHDT}. {278506800 -36000 0 AHST}. {294235200 -32400 1 AHDT}. {309956400 -360

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Anguilla Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	203
Entropy (8bit):	4.9101657646476164
Encrypted:	false
SSDEEP:
MD5:	F7D915076ABE4FF032E13F8769D38433
SHA1:	F930A8943E87105EE8523F640EA6F65BD4C9CE78
SHA-256:	9D368458140F29D95CAB9B5D0259DE27B52B1F2E987B4FA1C12F287082F4FE56
SHA-512:	63C99FFA65F749B7637D0DF5A73A21AC34DFEAD364479DE992E215258A82B9C15AB0D45AAF29BD2F259766346FDB901412413DD44C5D45BB8DF6B582C34F48B3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Anguilla) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Antigua Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	202
Entropy (8bit):	4.90033942341457
Encrypted:	false
SSDEEP:
MD5:	25CA3996DDB8F1964D3008660338BA72
SHA1:	B66D73B5B38C2CCCA78232ADC3572BBBEB79365D
SHA-256:	A2ABBD9BCFCE1DB1D78C99F4993AC0D414A08DB4AC5CE915B81119E17C4DA76F
SHA-512:	A25AFE4FD981F458FE194A5D87C35BE5FC7D4426C1EEE8311AE655BB53364CD4AAC0710C0D7E6A91C0F248E2A6916902F4FD43A220CFF7A6474B77D93CF35C81
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Antigua) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Araguaina Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1722
Entropy (8bit):	3.6435096006301833
Encrypted:	false
SSDEEP:
MD5:	6349567E3ED0FD11DD97056D2CFF11EE
SHA1:	404F1B311D7072A6372351366BA15BB94F3AC7D2
SHA-256:	41C816E9C0217A01D9288014013CD1D315B2CEB719F8BB310670D02B664A4462
SHA-512:	782910DFA0FF8FEDB94D622271FA0FF983BC50A4FEE95FFC8EC3E89FB123B82C26701D81A994A8248F1C1CA0B1EF49C2752C4D7B498A0A623D79E2B6753DA432
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Araguaina) {. {-9223372036854775808 -11568 0 LMT}. {-1767214032 -10800 0 -03}. {-1206957600 -7200 1 -03}. {-1191362400 -10800 0 -03}. {-1175374800 -7200 1 -03}. {-1159826400 -10800 0 -03}. {-633819600 -7200 1 -03}. {-622069200 -10800 0 -03}. {-602283600 -7200 1 -03}. {-591832800 -10800 0 -03}. {-570747600 -7200 1 -03}. {-560210400 -10800 0 -03}. {-539125200 -7200 1 -03}. {-531352800 -10800 0 -03}. {-191365200 -7200 1 -03}. {-184197600 -10800 0 -03}. {-155163600 -7200 1 -03}. {-150069600 -10800 0 -03}. {-128898000 -7200 1 -03}. {-121125600 -10800 0 -03}. {-99954000 -7200 1 -03}. {-89589600 -10800 0 -03}. {-68418000 -7200 1 -03}. {-57967200 -10800 0 -03}. {499748400 -7200 1 -03}. {511236000 -10800 0 -03}. {530593200 -7200 1 -03}. {540266400 -10800 0 -03}. {562129200 -7200 1 -03}. {571197600 -10800 0 -03}. {592974000 -7200 1 -03}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Argentina\Buenos_Aires Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1981
Entropy (8bit):	3.6790048972731686
Encrypted:	false
SSDEEP:
MD5:	93B8CF61EDC7378C39BE33A77A4222FC
SHA1:	8A01D2B22F8FC163B0FDCED4305C3FA08336AF7D
SHA-256:	35E05545A12E213DCBC0C2F7FDCA5C79CD522E7D2684EDF959E8A0A991BEF3C8
SHA-512:	68333AB0C9348AF0994DB26FB6D34FF67ABF56AF1FBABB77F2C9EFF20E9A2DB2B59C5B81DF0C42299DE459B03DF13E07071B84576E62597920D1848F1E1FC9E3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Buenos_Aires) {. {-9223372036854775808 -14028 0 LMT}. {-2372097972 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-73378

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Argentina\Catamarca Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2009
Entropy (8bit):	3.6543367491742913
Encrypted:	false
SSDEEP:
MD5:	7FCA355F863158D180B3179782A6E8C8
SHA1:	CDFBC98923F7315388009F22F9C37626B677321F
SHA-256:	C3FE34E5BE68503D78D63A2AFB5C970584D0854C63648D7FE6E2412A4E5B008F
SHA-512:	6C2F9598C714BEBA7A538AAB7FA68C1962001C426C80B21F2A9560C72BCEA87B956821E68AF30B4576C1ECDB07E33D616934BD49943DA2E45841B10D483833C5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Catamarca) {. {-9223372036854775808 -15788 0 LMT}. {-2372096212 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-73378080

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Argentina\ComodRivadavia Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	237
Entropy (8bit):	4.672788403288451
Encrypted:	false
SSDEEP:
MD5:	42D568B6100D68F9E5698F301F4EC136
SHA1:	E0A5F43A80EB0FAAFBD45127DCAF793406A4CF3A
SHA-256:	D442E5BBB801C004A7903F6C217149FCDA521088705AC9FECB0BC3B3058981BF
SHA-512:	99580239B40247AF75FFAA44E930CDECB71F6769E3597AC85F19A8816F7D0859F6A0D5499AFAC2FA35C32BA05B75B27C77F36DE290DD0D442C0769D6F41E96DA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Catamarca)]} {. LoadTimeZoneFile America/Argentina/Catamarca.}.set TZData(:America/Argentina/ComodRivadavia) $TZData(:America/Argentina/Catamarca).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Argentina\Cordoba Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1976
Entropy (8bit):	3.659938468164974
Encrypted:	false
SSDEEP:
MD5:	C6A4EED52A2829671089F9E84D986BFB
SHA1:	F5BBDD0C3347C7519282249AA48543C01DA95B7A
SHA-256:	50541A1FBACAD2C93F08CD402A609C4984AF66E27DB9FAA7F64FDA93DDC57939
SHA-512:	52EA5BB27C91C753275EAC90E082EEBE98B5997B830D8DD579174558355E3FED0AAF4AA02679B0866591951F04F358AFB113423872D57820143E75FEB4415B60
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Cordoba) {. {-9223372036854775808 -15408 0 LMT}. {-2372096592 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Argentina\Jujuy Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1974
Entropy (8bit):	3.659895575974408
Encrypted:	false
SSDEEP:
MD5:	A7F2318729F0B4B04C9176CB5257691E
SHA1:	0EAD91CBDC640DB67F64A34209359674AC47062A
SHA-256:	E33962F99E6022ED1825898990B38C10F505DE6EC44DAFB00C75E3A7C1A61C8A
SHA-512:	CB80580383309CCA4837556ED0444F2B931E1B3B13582023BFB715393C94C4F1279D8EC18CACB06BB13E3D32A535495DF2D093E225DF7B6DFFD3571A3B3573B2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Jujuy) {. {-9223372036854775808 -15672 0 LMT}. {-2372096328 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800 -1

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Argentina\La_Rioja Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2037
Entropy (8bit):	3.655968476161033
Encrypted:	false
SSDEEP:
MD5:	49BB6DAD5560E7C6EAEA6F3CF9EB1F67
SHA1:	56E0D9DD4E6B12522A75F0ABFEBB6AE019614CB5
SHA-256:	13CBECD826DD5DE4D8576285FC6C4DE39F2E9CF03F4A61F75316776CAED9F878
SHA-512:	CA7EF1A94A6635EAB644C5EAAC2B890E7401745CFA97609BDA410D031B990C87EB2F97160731A45B5A8ADE48D883EAB529AE2379406852129102F0FDF92247D8
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/La_Rioja) {. {-9223372036854775808 -16044 0 LMT}. {-2372095956 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Argentina\Mendoza Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2009
Entropy (8bit):	3.649537276151328
Encrypted:	false
SSDEEP:
MD5:	69F8A1AC33BE03C008EC5FEBD1CE4CAA
SHA1:	858362EFEA0C68C1EC9295A9FCE647B41DBF429D
SHA-256:	B02DDE8DCF8E68B2B1DBF66ADF5B247E9833FEC347DFBC487C391FADA5706AD3
SHA-512:	8373EAEEBF5EA028CC0673B10E9DFE84F4DFC2F9E9E8320D59E6CE6125643B31F5E61FC894E420A8D7E9C2FF242617DF911ABF0884AF5B32316A098C8524772D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Mendoza) {. {-9223372036854775808 -16516 0 LMT}. {-2372095484 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Argentina\Rio_Gallegos Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2012
Entropy (8bit):	3.6703415662732746
Encrypted:	false
SSDEEP:
MD5:	AC8E561F7573280594BDD898324E9442
SHA1:	7DC6248ED29719700189FF3A69D06AAC7B54EB6B
SHA-256:	0833962C0DE220BC601D764EE14442E98F83CB581816B74E5867540348227250
SHA-512:	2FDD23ABA891EBEF01944F3C8F1A9E6844C182B0EB2CBEC0F942F268BAE51F0D7775370E262B500FE7151210F8849DD54BA5CEB2160AE03A5747A48A10933F05
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Rio_Gallegos) {. {-9223372036854775808 -16612 0 LMT}. {-2372095388 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-73378

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Argentina\Salta Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1945
Entropy (8bit):	3.653135248071002
Encrypted:	false
SSDEEP:
MD5:	70FB90E24FEEF5211C9488C938295F02
SHA1:	5C903A669B51A1635284AD80877E0C6789D8EB26
SHA-256:	FBDACFA5D82DC23ECDD9D9F8A4EF71F7DBB579BF4A621C545062A7AE0296141D
SHA-512:	4C36B34B2203F6D4C78CC6F0E061BF35C4B98121D50096C8015EBA6DBEFA989DD2F2E32436EEE3055F1CF466BC3D4FD787A89873EEE4914CB51B273E335C90C3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Salta) {. {-9223372036854775808 -15700 0 LMT}. {-2372096300 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800 -1

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Argentina\San_Juan Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2037
Entropy (8bit):	3.6597750686514887
Encrypted:	false
SSDEEP:
MD5:	BBB4D4B341E7FEC2E5A937267AADCD0F
SHA1:	9AB509F97DCBAAE5ACA7F67853E86429438ED8DC
SHA-256:	BAC6CC41865DD3D4F042FE6106176279F3DEB9127BE0146AF75AE1E47098AF43
SHA-512:	49E32BD5BDBA773D99C883080660B431E8D4C806164C0354C848CF3AB0042797DBE7F6226BA234634A1DF254B0464ED5F714B054454520263536B0A77D7053D9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/San_Juan) {. {-9223372036854775808 -16444 0 LMT}. {-2372095556 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Argentina\San_Luis Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2013
Entropy (8bit):	3.6516068215670687
Encrypted:	false
SSDEEP:
MD5:	767F99822C382327A318EAC0779321F3
SHA1:	1352B21F20C7F742D57CB734013143C9B58DA221
SHA-256:	B4590DF5AC1993E10F508CC5183809775F5248B565400BA05AE5F87B69D4E26B
SHA-512:	C8FF21DC573DE5CB327DDA536391071012A038B8266C4E39922EC0F0EC975000E5D7AFBBE81D1C28DB8733E8B01E1E4D6BE0968D9EFCFC50DB102CC09BDABEA6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/San_Luis) {. {-9223372036854775808 -15924 0 LMT}. {-2372096076 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Argentina\Tucuman Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2036
Entropy (8bit):	3.653313944168433
Encrypted:	false
SSDEEP:
MD5:	892E23EEB82C4EF52CB830C607E3DD6D
SHA1:	9A9334DC1F9FBA0152C1B5CAA954F2FF1775B78C
SHA-256:	F3D19E51463B4D04BE1CD4F36CD9DD5E3954B6186ADD6A176B78C3C4F399CCA1
SHA-512:	4FCC3F61E261D57788756921AE21E54D387AB533ACF56182579B9082EC0791CD655D50BEDDAF996233CDBDE549F743855C191BCB581EF3D7877C4CE26B14EEC2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Tucuman) {. {-9223372036854775808 -15652 0 LMT}. {-2372096348 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Argentina\Ushuaia Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2007
Entropy (8bit):	3.6562927023582197
Encrypted:	false
SSDEEP:
MD5:	EA31C60D08FFE56504DEC62A539F51D9
SHA1:	79F31368AC9C141B5F0F5804A0D903C12B75A386
SHA-256:	4E3A4539FE0D8E0401C8304E5A79F40C420333C92BF1227BCBB5DB242444ECD6
SHA-512:	EB58A3122DE8FC7887622D3716E1D9D615625FC47C30BA0BD8112894B595263F04B37D43E142C43251C48D2CD703BB6F56966B965C5475DA83F2C290B6F564E8
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Ushuaia) {. {-9223372036854775808 -16392 0 LMT}. {-2372095608 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Aruba Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	182
Entropy (8bit):	4.760006229014668
Encrypted:	false
SSDEEP:
MD5:	84605CB5AC93D51FF8C0C3D46B6A566F
SHA1:	8B56DBDAD33684743E5828EFBD638F082E9AA20D
SHA-256:	680651D932753C9F9E856018B7C1B6D944536111900CB56685ABA958DE9EC9C1
SHA-512:	A5FA747C4743130308A8D8832AD33CF10B2DA2F214DEE129CAC9543D6F88FF232B4387026976578D037DF7816D0F4177835866A35F497438DD2526FEBACA2AF6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Curacao)]} {. LoadTimeZoneFile America/Curacao.}.set TZData(:America/Aruba) $TZData(:America/Curacao).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Asuncion Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7685
Entropy (8bit):	3.4198614734785875
Encrypted:	false
SSDEEP:
MD5:	625A707182C6E0027D49F0FFD775AC51
SHA1:	6423A50DB875051656A1C3C5B6C6AF556F8FBE0A
SHA-256:	CD884C5C99949F5723DC94FBFF011B97AE0989EF2EDE089B30C2CD4893AFCE08
SHA-512:	C5787953997D7D1B583AEE7F68FCC255AC1FAC5C9A7025C8093F274206A0C8163DE221B4823F7750B5B30AF32D673F88D5956C0E510851EBA72CC2360AC35D18
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Asuncion) {. {-9223372036854775808 -13840 0 LMT}. {-2524507760 -13840 0 AMT}. {-1206389360 -14400 0 -04}. {86760000 -10800 0 -03}. {134017200 -14400 0 -04}. {162878400 -14400 0 -04}. {181368000 -10800 1 -04}. {194497200 -14400 0 -04}. {212990400 -10800 1 -04}. {226033200 -14400 0 -04}. {244526400 -10800 1 -04}. {257569200 -14400 0 -04}. {276062400 -10800 1 -04}. {291783600 -14400 0 -04}. {307598400 -10800 1 -04}. {323406000 -14400 0 -04}. {339220800 -10800 1 -04}. {354942000 -14400 0 -04}. {370756800 -10800 1 -04}. {386478000 -14400 0 -04}. {402292800 -10800 1 -04}. {418014000 -14400 0 -04}. {433828800 -10800 1 -04}. {449636400 -14400 0 -04}. {465451200 -10800 1 -04}. {481172400 -14400 0 -04}. {496987200 -10800 1 -04}. {512708400 -14400 0 -04}. {528523200 -10800 1 -04}. {544244400 -14400 0 -04}. {560059200 -10800 1 -04}. {57586

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Atikokan Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	332
Entropy (8bit):	4.582750266902939
Encrypted:	false
SSDEEP:
MD5:	66777BB05E04E030FABBC70649290851
SHA1:	97118A1C4561FC1CC9B7D18EE2C7D805778970B8
SHA-256:	2C6BBDE21C77163CD32465D773F6EBBA3332CA1EAEEF88BB95F1C98CBCA1562D
SHA-512:	B00F01A72A5306C71C30B1F0742E14E23202E03924887B2418CA6F5513AE59E12BC45F62B614716BBE50A7BEA8D62310E1B67BB39B84F7B1B40C5D2D19086B7C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Atikokan) {. {-9223372036854775808 -21988 0 LMT}. {-2366733212 -21600 0 CST}. {-1632067200 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-923248800 -18000 1 CDT}. {-880214400 -18000 0 CWT}. {-769395600 -18000 1 CPT}. {-765388800 -18000 0 EST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Atka Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	172
Entropy (8bit):	4.761501750421919
Encrypted:	false
SSDEEP:
MD5:	E641C6615E1EF015427202803761AADD
SHA1:	E254129517335E60D82DFE00C6D5AF722D36565A
SHA-256:	9C546927B107BB4AB345F618A91C0F8C03D8A366028B2F0FCBF0A3CE29E6588E
SHA-512:	B7D34B1EA0D6722D7BFCD91F082D79EE009B97A2B5684D76A3F04CB59079637134275CF9A0306B9F4423A03CC0C2AB43994207D1B209161C893C2C6F3F3B6311
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Adak)]} {. LoadTimeZoneFile America/Adak.}.set TZData(:America/Atka) $TZData(:America/Adak).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Bahia Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1944
Entropy (8bit):	3.6123892296166242
Encrypted:	false
SSDEEP:
MD5:	E52095DB1E77EC4553A0AF56665CDE51
SHA1:	CED0966E8D89443F2CCBBE9F44DA683F7D2D688B
SHA-256:	30A4658BD46F88A1585ACABB9EB6BA03DB929EAF7D2F430BC4864D194A6CC0DD
SHA-512:	D6F3D51393F9D8F6414023A8435213EC6BD4FCAA5084B664B828CCDE8D57821E3E284B3D5A27414B4C2AB0B71E31D775D1F924C926C849F591D361DAA8681D8A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Bahia) {. {-9223372036854775808 -9244 0 LMT}. {-1767216356 -10800 0 -03}. {-1206957600 -7200 1 -03}. {-1191362400 -10800 0 -03}. {-1175374800 -7200 1 -03}. {-1159826400 -10800 0 -03}. {-633819600 -7200 1 -03}. {-622069200 -10800 0 -03}. {-602283600 -7200 1 -03}. {-591832800 -10800 0 -03}. {-570747600 -7200 1 -03}. {-560210400 -10800 0 -03}. {-539125200 -7200 1 -03}. {-531352800 -10800 0 -03}. {-191365200 -7200 1 -03}. {-184197600 -10800 0 -03}. {-155163600 -7200 1 -03}. {-150069600 -10800 0 -03}. {-128898000 -7200 1 -03}. {-121125600 -10800 0 -03}. {-99954000 -7200 1 -03}. {-89589600 -10800 0 -03}. {-68418000 -7200 1 -03}. {-57967200 -10800 0 -03}. {499748400 -7200 1 -03}. {511236000 -10800 0 -03}. {530593200 -7200 1 -03}. {540266400 -10800 0 -03}. {562129200 -7200 1 -03}. {571197600 -10800 0 -03}. {592974000 -7200 1 -03}. {602

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Bahia_Banderas Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6625
Entropy (8bit):	3.791871111929614
Encrypted:	false
SSDEEP:
MD5:	6A18936EC3AA0FCEC8A230ADAF90FF1E
SHA1:	B13B8BF1FD2EEED44F63A0DC71F0BCE8AC15C783
SHA-256:	974481F867DEA51B6D8C6C21432F9F6F7D6A951EC1C34B49D5445305A6FB29B7
SHA-512:	75AA7A3AE63ED41AFF6CF0F6DC3CA649786A86A64293E715962B003383D31A8AD2B99C72CE6B788EC4DFF1AF7820F011B3F1FD353B37C326EF02289CE4A061BF
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Bahia_Banderas) {. {-9223372036854775808 -25260 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {-873828000 -25200 0 MST}. {-661539600 -28800 0 PST}. {28800 -25200 0 MST}. {828867600 -21600 1 MDT}. {846403200 -25200 0 MST}. {860317200 -21600 1 MDT}. {877852800 -25200 0 MST}. {891766800 -21600 1 MDT}. {909302400 -25200 0 MST}. {923216400 -21600 1 MDT}. {941356800 -25200 0 MST}. {954666000 -21600 1 MDT}. {972806400 -25200 0 MST}. {989139600 -21600 1 MDT}. {1001836800 -25200 0 MST}. {1018170000 -21600 1 MDT}. {1035705600 -25200 0 MST}. {1049619600 -21600 1 MDT}. {1067155200 -25200 0 MST}. {1081069200 -21600 1 MDT}. {1099209600 -25200 0 MST}. {1112518800 -21600 1 MDT}. {1130659200 -25200 0 MST}. {1143968400 -

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Barbados Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	413
Entropy (8bit):	4.429320498710922
Encrypted:	false
SSDEEP:
MD5:	49EED111AB16F289E7D2D145A2641720
SHA1:	2F0A37524209FC26421C2951F169B4352250ED9E
SHA-256:	E7415944397EF395DDBD8EACB6D68662908A25E2DB18E4A3411016CBB6B8AFC6
SHA-512:	3AD4511798BA763C4E4A549340C807FE2FDF6B107C74A977E425734BBADDFF44ADAA68B5AE1F96170902A10208BC4BBF551C596EB1A3E292071549B8F3012A35
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Barbados) {. {-9223372036854775808 -14309 0 LMT}. {-1451678491 -14309 0 BMT}. {-1199217691 -14400 0 AST}. {234943200 -10800 1 ADT}. {244616400 -14400 0 AST}. {261554400 -10800 1 ADT}. {276066000 -14400 0 AST}. {293004000 -10800 1 ADT}. {307515600 -14400 0 AST}. {325058400 -10800 1 ADT}. {338706000 -14400 0 AST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Belem Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	996
Entropy (8bit):	3.799419505060255
Encrypted:	false
SSDEEP:
MD5:	2F3314B71810C1AC0280F292F09F37BE
SHA1:	B8702125A9768AE530354CE2A765BC07BABAEF34
SHA-256:	9ECA949D328915C6CB02A2E6084F3E0730D49F1C53C6D6AA12751F852C51BF02
SHA-512:	C4E1ADD2E580BFD4100EE776305530BCEA017D57A65205881536A1CDDA3A299816C133B5B1F4B40A99E47BB94AE2A7E727F3D24D06131705818CC0C1AA12E5BD
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Belem) {. {-9223372036854775808 -11636 0 LMT}. {-1767213964 -10800 0 -03}. {-1206957600 -7200 1 -03}. {-1191362400 -10800 0 -03}. {-1175374800 -7200 1 -03}. {-1159826400 -10800 0 -03}. {-633819600 -7200 1 -03}. {-622069200 -10800 0 -03}. {-602283600 -7200 1 -03}. {-591832800 -10800 0 -03}. {-570747600 -7200 1 -03}. {-560210400 -10800 0 -03}. {-539125200 -7200 1 -03}. {-531352800 -10800 0 -03}. {-191365200 -7200 1 -03}. {-184197600 -10800 0 -03}. {-155163600 -7200 1 -03}. {-150069600 -10800 0 -03}. {-128898000 -7200 1 -03}. {-121125600 -10800 0 -03}. {-99954000 -7200 1 -03}. {-89589600 -10800 0 -03}. {-68418000 -7200 1 -03}. {-57967200 -10800 0 -03}. {499748400 -7200 1 -03}. {511236000 -10800 0 -03}. {530593200 -7200 1 -03}. {540266400 -10800 0 -03}. {562129200 -7200 1 -03}. {571197600 -10800 0 -03}. {590032800 -10800 0 -03}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Belize Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1854
Entropy (8bit):	3.8463726575443573
Encrypted:	false
SSDEEP:
MD5:	1BFD01ECF77E031C23BDA5ED371E061F
SHA1:	7A38C5665A834B812613E4D10FE4D1E45F606407
SHA-256:	BDF09D97876E3A3C0422C655562252806B4EF914679FDCAB6DD78BD2B84DD932
SHA-512:	D7A2C2645129C4BAB1F0170A29A084396AD8CF07237DE339512C3A5C7227B017BF1D4B78EBD5A7274CAF1D172ECB2DB6F912887BFF1C6AC73E9D645E333A75A3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Belize) {. {-9223372036854775808 -21168 0 LMT}. {-1822500432 -21600 0 CST}. {-1616954400 -19800 1 -0530}. {-1606069800 -21600 0 CST}. {-1585504800 -19800 1 -0530}. {-1574015400 -21600 0 CST}. {-1554055200 -19800 1 -0530}. {-1542565800 -21600 0 CST}. {-1522605600 -19800 1 -0530}. {-1511116200 -21600 0 CST}. {-1490551200 -19800 1 -0530}. {-1479666600 -21600 0 CST}. {-1459101600 -19800 1 -0530}. {-1448217000 -21600 0 CST}. {-1427652000 -19800 1 -0530}. {-1416162600 -21600 0 CST}. {-1396202400 -19800 1 -0530}. {-1384713000 -21600 0 CST}. {-1364752800 -19800 1 -0530}. {-1353263400 -21600 0 CST}. {-1333303200 -19800 1 -0530}. {-1321813800 -21600 0 CST}. {-1301248800 -19800 1 -0530}. {-1290364200 -21600 0 CST}. {-1269799200 -19800 1 -0530}. {-1258914600 -21600 0 CST}. {-1238349600 -19800 1 -0530}. {-1226860200 -21600 0 CST}. {-1206900000 -1980

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Blanc-Sablon Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	331
Entropy (8bit):	4.599775510303771
Encrypted:	false
SSDEEP:
MD5:	5ACBD50E1CB87B4E7B735A8B5281917B
SHA1:	3E92C60B365C7E1F9BF5F312B007CBFD4175DB8F
SHA-256:	E61F3762B827971147772A01D51763A18CC5BED8F736000C64B4BDFF32973803
SHA-512:	9284FFDF115C7D7E548A06A6513E3591F88EE3E5197106B71B54CD82F27890D12773381218BCA69720F074A6762282F25830422DFA402FF19301D6834FD9FF7D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Blanc-Sablon) {. {-9223372036854775808 -13708 0 LMT}. {-2713896692 -14400 0 AST}. {-1632074400 -10800 1 ADT}. {-1615143600 -14400 0 AST}. {-880221600 -10800 1 AWT}. {-769395600 -10800 1 APT}. {-765399600 -14400 0 AST}. {14400 -14400 0 AST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Boa_Vista Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1159
Entropy (8bit):	3.7116873200926586
Encrypted:	false
SSDEEP:
MD5:	0858FCA5A59C9C6EE38B7E8A61307412
SHA1:	685597A5FD8BFEBF3EC558DB8ABF11903F63E05E
SHA-256:	825E89E4B35C9BA92CF53380475960C36307BF11FD87057891DF6EEBA984A88D
SHA-512:	7369EE42CD73CFD635505BF784E16A36C9BBDE0BDAAAB405CB8401EBC508F4CE0B0155206756C1905E915756F1D3CDC381C6B9C357A01EAE0ECC4C448978844A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Boa_Vista) {. {-9223372036854775808 -14560 0 LMT}. {-1767211040 -14400 0 -04}. {-1206954000 -10800 1 -04}. {-1191358800 -14400 0 -04}. {-1175371200 -10800 1 -04}. {-1159822800 -14400 0 -04}. {-633816000 -10800 1 -04}. {-622065600 -14400 0 -04}. {-602280000 -10800 1 -04}. {-591829200 -14400 0 -04}. {-570744000 -10800 1 -04}. {-560206800 -14400 0 -04}. {-539121600 -10800 1 -04}. {-531349200 -14400 0 -04}. {-191361600 -10800 1 -04}. {-184194000 -14400 0 -04}. {-155160000 -10800 1 -04}. {-150066000 -14400 0 -04}. {-128894400 -10800 1 -04}. {-121122000 -14400 0 -04}. {-99950400 -10800 1 -04}. {-89586000 -14400 0 -04}. {-68414400 -10800 1 -04}. {-57963600 -14400 0 -04}. {499752000 -10800 1 -04}. {511239600 -14400 0 -04}. {530596800 -10800 1 -04}. {540270000 -14400 0 -04}. {562132800 -10800 1 -04}. {571201200 -14400 0 -04}. {590036400 -1

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Bogota Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	237
Entropy (8bit):	4.649012348678967
Encrypted:	false
SSDEEP:
MD5:	4B3B0F66FB3BC69A5AB5DA79D02F7E34
SHA1:	79B84C0578BBB0E4C07E99977D02EDE45F11CC8A
SHA-256:	E7C45CA67F1BA913E7DC1632C166973FDA8DA4734F8BCF3AB1157A45454C8D7B
SHA-512:	96289B4D179F146D6C5FB5DDAA4336CBCB60CF27BABCC20B9691387920897B293903DF41F5D9DE7237A689013A9266134B32AB4B4656796419B46E8378D84358
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Bogota) {. {-9223372036854775808 -17776 0 LMT}. {-2707671824 -17776 0 BMT}. {-1739041424 -18000 0 -05}. {704869200 -14400 1 -05}. {733896000 -18000 0 -05}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Boise Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8324
Entropy (8bit):	3.772029913040983
Encrypted:	false
SSDEEP:
MD5:	239425659E7345C757E6A44ABF258A22
SHA1:	9659217B4D55795333DFA5E08451B69D17F514AD
SHA-256:	6D6D377DDF237B1C5AB012DDDEB5F4FAA39D1D51240AA5C4C34EE96556D2D2F4
SHA-512:	3891D7BC1F84FF6B01B6C2DF6F0413C9E168E5B84CE445030F1B871766DD38B2FF7418501AB7C0DCEAB8381E538D65DF4E7708502EE924546A28DF1AC9BB7129
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Boise) {. {-9223372036854775808 -27889 0 LMT}. {-2717640000 -28800 0 PST}. {-1633269600 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-1601820000 -25200 1 PDT}. {-1583679600 -28800 0 PST}. {-1471788000 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-52930800 -21600 1 MDT}. {-37209600 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {9968400 -21600 1 MDT}. {25689600 -25200 0 MST}. {41418000 -21600 1 MDT}. {57744000 -25200 0 MST}. {73472400 -21600 1 MDT}. {89193600 -25200 0 MST}. {104922000 -21600 1 MDT}. {120643200 -25200 0 MST}. {126255600 -25200 0 MST}. {129114000 -21600 0 MDT}. {152092800 -25200 0 MST}. {162378000 -21600 1 MDT}. {183542400 -25200 0 MST}. {199270800 -21600 1 MDT}. {215596800 -25200 0 MST}. {2307

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Buenos_Aires Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	234
Entropy (8bit):	4.775296176809929
Encrypted:	false
SSDEEP:
MD5:	861DAA3C2FFF1D3E9F81FB5C63EA71F1
SHA1:	8E219E63E6D7E702FD0644543E05778CE786601A
SHA-256:	1D32F22CF50C7586CB566E45988CA05538E61A05DF09FD8F824D870717832307
SHA-512:	71B47C369DF1958C560E71B114616B999FB4B091FAA6DD203B29D2555FFE419D6FC5EF82FA810DC56E6F00722E13B03BFBED2516B4C5C2321F21E03F0198B91B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Buenos_Aires)]} {. LoadTimeZoneFile America/Argentina/Buenos_Aires.}.set TZData(:America/Buenos_Aires) $TZData(:America/Argentina/Buenos_Aires).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Cambridge_Bay Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7487
Entropy (8bit):	3.787618233072156
Encrypted:	false
SSDEEP:
MD5:	839C797E403B4C102D466B1E759A6CC4
SHA1:	D95864FF269AD16B35CDAAC95AE03D8306B8DE1F
SHA-256:	37E219C4C7AEBCC8919293114280A247E8072F2760E69F083E9FDD6BE460B9BC
SHA-512:	A74F3B3C83815F62F6BDF4199EA471872AE539D6C0C595BA41E6D2DF033075D74CC00995C8F99C3ADD4B1E5E04A12D663BE9BED4CE600FC5F067D7CDDED4D7F5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Cambridge_Bay) {. {-9223372036854775808 0 0 -00}. {-1577923200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-147891600 -18000 1 MDDT}. {-131562000 -25200 0 MST}. {325674000 -21600 1 MDT}. {341395200 -25200 0 MST}. {357123600 -21600 1 MDT}. {372844800 -25200 0 MST}. {388573200 -21600 1 MDT}. {404899200 -25200 0 MST}. {420022800 -21600 1 MDT}. {436348800 -25200 0 MST}. {452077200 -21600 1 MDT}. {467798400 -25200 0 MST}. {483526800 -21600 1 MDT}. {499248000 -25200 0 MST}. {514976400 -21600 1 MDT}. {530697600 -25200 0 MST}. {544611600 -21600 1 MDT}. {562147200 -25200 0 MST}. {576061200 -21600 1 MDT}. {594201600 -25200 0 MST}. {607510800 -21600 1 MDT}. {625651200 -25200 0 MST}. {638960400 -21600 1 MDT}. {657100800 -25200 0 MST}. {671014800 -21600 1 MDT}. {688550400 -25200 0 MST}. {

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Campo_Grande Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7652
Entropy (8bit):	3.4267759764212906
Encrypted:	false
SSDEEP:
MD5:	87CB052D17717B696F3D9158B237E4FB
SHA1:	79B3947A50ED15C908CFC2D699D2B7F11468E7B2
SHA-256:	113E8ADCECE14A96261A59E0C26073EA5CFF864C4FF2DA6FAB5C61129A549043
SHA-512:	2BF788FD51E7268A1989F1C564E7B81B002B876381AEC561564D4BCE8D76C9D3F621A2F1AB26C1EAB5E5C64A3C41A536A1E21A5322D678CB11CB608333515144
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Campo_Grande) {. {-9223372036854775808 -13108 0 LMT}. {-1767212492 -14400 0 -04}. {-1206954000 -10800 1 -04}. {-1191358800 -14400 0 -04}. {-1175371200 -10800 1 -04}. {-1159822800 -14400 0 -04}. {-633816000 -10800 1 -04}. {-622065600 -14400 0 -04}. {-602280000 -10800 1 -04}. {-591829200 -14400 0 -04}. {-570744000 -10800 1 -04}. {-560206800 -14400 0 -04}. {-539121600 -10800 1 -04}. {-531349200 -14400 0 -04}. {-191361600 -10800 1 -04}. {-184194000 -14400 0 -04}. {-155160000 -10800 1 -04}. {-150066000 -14400 0 -04}. {-128894400 -10800 1 -04}. {-121122000 -14400 0 -04}. {-99950400 -10800 1 -04}. {-89586000 -14400 0 -04}. {-68414400 -10800 1 -04}. {-57963600 -14400 0 -04}. {499752000 -10800 1 -04}. {511239600 -14400 0 -04}. {530596800 -10800 1 -04}. {540270000 -14400 0 -04}. {562132800 -10800 1 -04}. {571201200 -14400 0 -04}. {592977600

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Cancun Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1365
Entropy (8bit):	3.9551252054637245
Encrypted:	false
SSDEEP:
MD5:	2EC91D30699B64FA8199004F97C63645
SHA1:	4C4E00857B1FB3970E7C16C4EFAA9347ED2C3629
SHA-256:	4EB4C729FF11E170D683310422D8F10BCE78992CF13DACCB06662308C76CCA3B
SHA-512:	D7811C32E4D2B3B9FAEE730D580BC813EC41B63765DE34BB3A30A0D9BBEF2F090E2DA59C6D9A4D8FC91885DDEA2B6E3B1FD3FD434E42D805AF66E578E66AE6FE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Cancun) {. {-9223372036854775808 -20824 0 LMT}. {-1514743200 -21600 0 CST}. {377935200 -18000 0 EST}. {828860400 -14400 1 EDT}. {846396000 -18000 0 EST}. {860310000 -14400 1 EDT}. {877845600 -18000 0 EST}. {891759600 -14400 1 EDT}. {902041200 -18000 0 CDT}. {909298800 -21600 0 CST}. {923212800 -18000 1 CDT}. {941353200 -21600 0 CST}. {954662400 -18000 1 CDT}. {972802800 -21600 0 CST}. {989136000 -18000 1 CDT}. {1001833200 -21600 0 CST}. {1018166400 -18000 1 CDT}. {1035702000 -21600 0 CST}. {1049616000 -18000 1 CDT}. {1067151600 -21600 0 CST}. {1081065600 -18000 1 CDT}. {1099206000 -21600 0 CST}. {1112515200 -18000 1 CDT}. {1130655600 -21600 0 CST}. {1143964800 -18000 1 CDT}. {1162105200 -21600 0 CST}. {1175414400 -18000 1 CDT}. {1193554800 -21600 0 CST}. {1207468800 -18000 1 CDT}. {1225004400 -21600 0 CST}. {1238918400 -18000 1 CD

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Caracas Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	274
Entropy (8bit):	4.527582804527589
Encrypted:	false
SSDEEP:
MD5:	D47486658B408AAF7F91569435B49D19
SHA1:	C69EDC17F2E77723A5C711342822BF21ECCB9C8E
SHA-256:	555A66624909220ACCCB35D852079D44944E188A81DF6A07CBA7433AC2478E5E
SHA-512:	35A4AF702405BD36F6EF7E42F1E1AEAD841A5710D04306C1C3390B3CC134E88F1221F284F489F6926C58E8FD50BD7E6BE0E5904AAE2ACBEA817EFCE0AAE61169
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Caracas) {. {-9223372036854775808 -16064 0 LMT}. {-2524505536 -16060 0 CMT}. {-1826739140 -16200 0 -0430}. {-157750200 -14400 0 -04}. {1197183600 -16200 0 -0430}. {1462086000 -14400 0 -04}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Catamarca Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	222
Entropy (8bit):	4.615632762186706
Encrypted:	false
SSDEEP:
MD5:	359226FA8A7EAFCA0851F658B4EBBCDC
SHA1:	611A24C24462DF5994B5D043E65770B778A6443B
SHA-256:	F2782781F1FB7FD12FF85D36BB244887D1C2AD52746456B3C3FEAC2A63EC2157
SHA-512:	6F9DD2D1662103EC5A34A8858BDFA69AC9F74D3337052AB47EA61DC4D76216886A0644CF1284940E8862A09CBA3E0A87784DFDB6414434C92E45004AAF312614
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Catamarca)]} {. LoadTimeZoneFile America/Argentina/Catamarca.}.set TZData(:America/Catamarca) $TZData(:America/Argentina/Catamarca).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Cayenne Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	178
Entropy (8bit):	4.781235086647991
Encrypted:	false
SSDEEP:
MD5:	1FFD7817EE1DC55EF72AD686749AE9CE
SHA1:	AE972D5395F3562F052780AD014BA2C0767943B6
SHA-256:	9CE77C0A01BFDA002EE3B2DCEF316DB7C9AC80B270DFC3A0D7769021E731D849
SHA-512:	480D8D56F7B8829F6E82D8AFF1A0A161C3C45402D85A588027E98F2FA20C6E6F35549FFC5F38F0EEA9C4190A70B334066FCD406D39FF06EE7B7855AF75CD0FC3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Cayenne) {. {-9223372036854775808 -12560 0 LMT}. {-1846269040 -14400 0 -04}. {-71092800 -10800 0 -03}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Cayman Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	180
Entropy (8bit):	4.723325073771884
Encrypted:	false
SSDEEP:
MD5:	E03755B574F4962030DB1E21D1317963
SHA1:	5B5FA4787DA7AE358EFEA81787EB2AB48E4D7247
SHA-256:	8E85F05135DB89CB304689081B22535002DBD184D5DCDBF6487CD0A2FBE4621E
SHA-512:	8B85E51BD8DC04AE768A4D42F8DF0E0D60F23FAB2607E3DCAD4E10695E50C2A3F2124DA7E3A87E97DB7AF090EF70C9A5B5C2D34F7D1B6F74FEFEA9148FEB15AB
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Panama)]} {. LoadTimeZoneFile America/Panama.}.set TZData(:America/Cayman) $TZData(:America/Panama).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Chicago Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11003
Entropy (8bit):	3.728817385585057
Encrypted:	false
SSDEEP:
MD5:	6175956F3052F3BE172F6110EF6342EE
SHA1:	532E2600DFAFAACCD3A187A233956462383401A6
SHA-256:	FC172494A4943F8D1C3FC35362D96F3D12D6D352984B93BC1DE7BDCB7C85F15E
SHA-512:	36B47003183EB9D7886F9980538DB3BDDC231BB27D4F14006CDBE0CB9042215A02559D97085679F8320DED6109FC7745DC43859EBA99B87365B09C4526D28193
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Chicago) {. {-9223372036854775808 -21036 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-1577901600 -21600 0 CST}. {-1563724800 -18000 1 CDT}. {-1551632400 -21600 0 CST}. {-1538928000 -18000 1 CDT}. {-1520182800 -21600 0 CST}. {-1504454400 -18000 1 CDT}. {-1491757200 -21600 0 CST}. {-1473004800 -18000 1 CDT}. {-1459702800 -21600 0 CST}. {-1441555200 -18000 1 CDT}. {-1428253200 -21600 0 CST}. {-1410105600 -18000 1 CDT}. {-1396803600 -21600 0 CST}. {-1378656000 -18000 1 CDT}. {-1365354000 -21600 0 CST}. {-1347206400 -18000 1 CDT}. {-1333904400 -21600 0 CST}. {-1315152000 -18000 1 CDT}. {-1301850000 -21600 0 CST}. {-1283702400 -18000 1 CDT}. {-1270400400 -21600 0 CST}. {-1252252800 -18000 1 CDT}. {-1238950800 -21600 0 CST}. {-1220803200

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Chihuahua Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6593
Entropy (8bit):	3.795313170000037
Encrypted:	false
SSDEEP:
MD5:	B0CA4CFF6571AFBFF25FAC72CDDB5B08
SHA1:	1BF3ACEC369AEA504AAA248459A115E61CF79C4B
SHA-256:	C689A3BEED80D26EAB96C95C85874428F80699F7E136A44377776E52B5855D00
SHA-512:	398496EBA4344EDF78AFBF51BD6024481D3A12546D0EE597B7C593A1CD1BF575AFDE62FFADE7A0DDFEDA79CF235612E6F4DA74D7305A6E48F5942EA10D8A4F8E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Chihuahua) {. {-9223372036854775808 -25460 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {820476000 -21600 0 CST}. {828864000 -18000 1 CDT}. {846399600 -21600 0 CST}. {860313600 -18000 1 CDT}. {877849200 -21600 0 CST}. {883634400 -21600 0 CST}. {891766800 -21600 0 MDT}. {909302400 -25200 0 MST}. {923216400 -21600 1 MDT}. {941356800 -25200 0 MST}. {954666000 -21600 1 MDT}. {972806400 -25200 0 MST}. {989139600 -21600 1 MDT}. {1001836800 -25200 0 MST}. {1018170000 -21600 1 MDT}. {1035705600 -25200 0 MST}. {1049619600 -21600 1 MDT}. {1067155200 -25200 0 MST}. {1081069200 -21600 1 MDT}. {1099209600 -25200 0 MST}. {1112518800 -21600 1 MDT}. {1130659200 -25200 0 MST}. {1143968400 -21600 1 MDT}. {1162108800 -25

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Coral_Harbour Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	193
Entropy (8bit):	4.822360211437507
Encrypted:	false
SSDEEP:
MD5:	2541EC94D1EA371AB1361118EEC98CC6
SHA1:	950E460C1BB680B591BA3ADA0CAA73EF07C229FE
SHA-256:	50E6EE06C0218FF19D5679D539983CEB2349E5D25F67FD05E142921431DC63D6
SHA-512:	2E6B66815565A9422015CAB8E972314055DC4141B5C21B302ABD671F30D0FBAE1A206F3474409826B65C30EDBEDD46E92A99251AB6316D59B09FC5A8095E7562
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Atikokan)]} {. LoadTimeZoneFile America/Atikokan.}.set TZData(:America/Coral_Harbour) $TZData(:America/Atikokan).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Cordoba Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	214
Entropy (8bit):	4.74004515366486
Encrypted:	false
SSDEEP:
MD5:	89870B2001C2EE737755A692E7CA2F18
SHA1:	F67F6C22BF681C105068BEEB494A59B3809C5ED8
SHA-256:	38C3DD7DAF75DBF0179DBFC387CE7E64678232497AF0DACF35DC76050E9424F7
SHA-512:	EFA8A5A90BE6FAAA7C6F5F39CBBBA3C7D44C7943E1BB1B0F7E966FEE4F00F0E4BF1D999A377D4E5230271B120B059EB020BD93E7DA46CF1FFA54AB13D7EC3FFE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Cordoba)]} {. LoadTimeZoneFile America/Argentina/Cordoba.}.set TZData(:America/Cordoba) $TZData(:America/Argentina/Cordoba).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Costa_Rica Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	416
Entropy (8bit):	4.443696146912203
Encrypted:	false
SSDEEP:
MD5:	D47A1FBA5AD701E1CA168A356D0DA0A9
SHA1:	6738EA6B4F54CC76B9723917AA373034F6865AF1
SHA-256:	51F08C1671F07D21D69E2B7868AA5B9BDBFA6C31D57EB84EB5FF37A06002C5CD
SHA-512:	DB6AD81466500F22820941DF3369155BA03CFA42FA9D267984A28A6D15F88E1A71625E3DC578370B5F97727355EBB7C338482FA33A7701ADB85A160C09BAD232
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Costa_Rica) {. {-9223372036854775808 -20173 0 LMT}. {-2524501427 -20173 0 SJMT}. {-1545071027 -21600 0 CST}. {288770400 -18000 1 CDT}. {297234000 -21600 0 CST}. {320220000 -18000 1 CDT}. {328683600 -21600 0 CST}. {664264800 -18000 1 CDT}. {678344400 -21600 0 CST}. {695714400 -18000 1 CDT}. {700635600 -21600 0 CST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Creston Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	211
Entropy (8bit):	4.798554218839104
Encrypted:	false
SSDEEP:
MD5:	9E3726148A53940507998FA1A5EEE6DB
SHA1:	2493B72DF895ED2AE91D09D43BDDADDB41E4DEBC
SHA-256:	E809F227E92542C6FB4BAC82E6079661EEF7700964079AA4D7E289B5B400EC49
SHA-512:	F5ED4085160A06DE672DB93CEE700C420D0438DE9AC3548B291DA236AA8CCC84F97270DA3956E49432AE1E281CCECEB6DF92E71EB305106655B4DF231E04B558
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Creston) {. {-9223372036854775808 -27964 0 LMT}. {-2713882436 -25200 0 MST}. {-1680454800 -28800 0 PST}. {-1627833600 -25200 0 MST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Cuiaba Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7646
Entropy (8bit):	3.4194836403778353
Encrypted:	false
SSDEEP:
MD5:	7309EBE8210C3C84C24D459289484EFA
SHA1:	31EFE19E3CA2DB512C7AC9CAFD72991EF0517FD3
SHA-256:	FE7543FF576D7EDC3A3FF82759E5C244DE8EB57A95744E20610CEDF6E29AB4C9
SHA-512:	41C94E4093F015B61ACEFCEA067C101AA1ECB855789CFDB8FA4D17589D20868FB7A1456D21C90B5261445D970E5E7F134CBAF17EA926278C9E6DFC471D29F896
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Cuiaba) {. {-9223372036854775808 -13460 0 LMT}. {-1767212140 -14400 0 -04}. {-1206954000 -10800 1 -04}. {-1191358800 -14400 0 -04}. {-1175371200 -10800 1 -04}. {-1159822800 -14400 0 -04}. {-633816000 -10800 1 -04}. {-622065600 -14400 0 -04}. {-602280000 -10800 1 -04}. {-591829200 -14400 0 -04}. {-570744000 -10800 1 -04}. {-560206800 -14400 0 -04}. {-539121600 -10800 1 -04}. {-531349200 -14400 0 -04}. {-191361600 -10800 1 -04}. {-184194000 -14400 0 -04}. {-155160000 -10800 1 -04}. {-150066000 -14400 0 -04}. {-128894400 -10800 1 -04}. {-121122000 -14400 0 -04}. {-99950400 -10800 1 -04}. {-89586000 -14400 0 -04}. {-68414400 -10800 1 -04}. {-57963600 -14400 0 -04}. {499752000 -10800 1 -04}. {511239600 -14400 0 -04}. {530596800 -10800 1 -04}. {540270000 -14400 0 -04}. {562132800 -10800 1 -04}. {571201200 -14400 0 -04}. {592977600 -1080

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Curacao Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	181
Entropy (8bit):	4.858195118945703
Encrypted:	false
SSDEEP:
MD5:	CE0F18F27502E771B27236C5BF7D3317
SHA1:	D2E68415B8544A8BAC2A4F335854FC048BD4B34C
SHA-256:	118EC9D89937FDA05FCE45F694F8C3841664BBE9DFADB86347B375BF437F9BD6
SHA-512:	B04B5DAB30384FF05ABFC235DA4F9BFE96F400076DEB7CBBA0938F93E66BFF5E86B18E95E9BC0448D812722C8F2D4AFD78AC75180FD80D992F96DFA0CEC156AC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Curacao) {. {-9223372036854775808 -16547 0 LMT}. {-1826738653 -16200 0 -0430}. {-157750200 -14400 0 AST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Danmarkshavn Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1089
Entropy (8bit):	3.793747183330894
Encrypted:	false
SSDEEP:
MD5:	E83072C1351121C5CFD74E110ECA9B4B
SHA1:	360B468851EBFF266E4A8F40FE5D196BC6809E65
SHA-256:	6A12AD52CBCF0B3F8BB449C7BC51A784BE560F4BD13545D04426E76B2511D8F9
SHA-512:	539C53AA1D02E3AABF65873CA830782697AC9D55EC6694B68B95C325608F8703882B1182215D2B4E2B6066784AC880BCF0F4EBC5A72B2E637BD9B2C3A61D2979
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Danmarkshavn) {. {-9223372036854775808 -4480 0 LMT}. {-1686091520 -10800 0 -03}. {323845200 -7200 0 -02}. {338950800 -10800 0 -03}. {354675600 -7200 1 -02}. {370400400 -10800 0 -03}. {386125200 -7200 1 -02}. {401850000 -10800 0 -03}. {417574800 -7200 1 -02}. {433299600 -10800 0 -03}. {449024400 -7200 1 -02}. {465354000 -10800 0 -03}. {481078800 -7200 1 -02}. {496803600 -10800 0 -03}. {512528400 -7200 1 -02}. {528253200 -10800 0 -03}. {543978000 -7200 1 -02}. {559702800 -10800 0 -03}. {575427600 -7200 1 -02}. {591152400 -10800 0 -03}. {606877200 -7200 1 -02}. {622602000 -10800 0 -03}. {638326800 -7200 1 -02}. {654656400 -10800 0 -03}. {670381200 -7200 1 -02}. {686106000 -10800 0 -03}. {701830800 -7200 1 -02}. {717555600 -10800 0 -03}. {733280400 -7200 1 -02}. {749005200 -10800 0 -03}. {764730000 -7200 1 -02}. {780454800 -10800 0

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Dawson Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7609
Entropy (8bit):	3.785302701923574
Encrypted:	false
SSDEEP:
MD5:	4DBA9C83ECAD5B5A099CC1AA78D391B0
SHA1:	FFCC77D7964BD16BD8A554FB437BCF4F2FC8958E
SHA-256:	3A89A6834DDBE4A3A6A1CB8C1A1F9579259E7FD6C6C55DE21DCD4807753D8E48
SHA-512:	21212AFE8917C0F3BBED433B510C4FCE671B0DA887A1C7338A18CD5409B1A95E766510A9E636E5AA3AB0BA21D7D2C00A462FEBB10D4567A343B85AFE6A3E2394
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Dawson) {. {-9223372036854775808 -33460 0 LMT}. {-2188996940 -32400 0 YST}. {-1632056400 -28800 1 YDT}. {-1615125600 -32400 0 YST}. {-1596978000 -28800 1 YDT}. {-1583164800 -32400 0 YST}. {-880203600 -28800 1 YWT}. {-769395600 -28800 1 YPT}. {-765381600 -32400 0 YST}. {-147884400 -25200 1 YDDT}. {-131554800 -32400 0 YST}. {315561600 -28800 0 PST}. {325677600 -25200 1 PDT}. {341398800 -28800 0 PST}. {357127200 -25200 1 PDT}. {372848400 -28800 0 PST}. {388576800 -25200 1 PDT}. {404902800 -28800 0 PST}. {420026400 -25200 1 PDT}. {436352400 -28800 0 PST}. {452080800 -25200 1 PDT}. {467802000 -28800 0 PST}. {483530400 -25200 1 PDT}. {499251600 -28800 0 PST}. {514980000 -25200 1 PDT}. {530701200 -28800 0 PST}. {544615200 -25200 1 PDT}. {562150800 -28800 0 PST}. {576064800 -25200 1 PDT}. {594205200 -28800 0 PST}. {607514400 -25200 1 PDT}

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Dawson_Creek Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1876
Entropy (8bit):	3.9458112723626755
Encrypted:	false
SSDEEP:
MD5:	D7E4978775F290809B7C042674F46903
SHA1:	E94DB1EBB6A1594ED1A5AEA48B52395482D06085
SHA-256:	2E6CFFE8E0C1FE93F55B1BD01F96AA1F3CE645BC802C061CB4917318E30C4494
SHA-512:	1FF3CD58A4C4DEC7538F0816E93E6577C51B0045CF36190FF4D327E81FB8282ADDB0EF20BD78A838ABD507EBAD1C187F2A20CC7840E2325B9C326EC449897B45
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Dawson_Creek) {. {-9223372036854775808 -28856 0 LMT}. {-2713881544 -28800 0 PST}. {-1632060000 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-725817600 -28800 0 PST}. {-715788000 -25200 1 PDT}. {-702486000 -28800 0 PST}. {-684338400 -25200 1 PDT}. {-671036400 -28800 0 PST}. {-652888800 -25200 1 PDT}. {-639586800 -28800 0 PST}. {-620834400 -25200 1 PDT}. {-608137200 -28800 0 PST}. {-589384800 -25200 1 PDT}. {-576082800 -28800 0 PST}. {-557935200 -25200 1 PDT}. {-544633200 -28800 0 PST}. {-526485600 -25200 1 PDT}. {-513183600 -28800 0 PST}. {-495036000 -25200 1 PDT}. {-481734000 -28800 0 PST}. {-463586400 -25200 1 PDT}. {-450284400 -28800 0 PST}. {-431532000 -25200 1 PDT}. {-418230000 -28800 0 PST}. {-400082400 -25200 1 PDT}. {-386780400 -28800 0 PST}. {-

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Denver Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8629
Entropy (8bit):	3.76966035849006
Encrypted:	false
SSDEEP:
MD5:	F641A7F5DE8FCF4ADC1E5A1A2C9DEC53
SHA1:	B013EBBE8002C91C0C45A2D389245A1A9194077A
SHA-256:	DF5459068DB3C771E41BE8D62FB89A2822CB2A33CF9A5640C6C666AB20ECE608
SHA-512:	C2EA07FF21FD6D1A45A87C6AD85DD3929C2B56E66A52D23103DDFF7B2B3B6433EC5EBFC17BED0F9C0A9AF036F0DF965E12EA3D4463207A128AEF5F6BC12970D7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Denver) {. {-9223372036854775808 -25196 0 LMT}. {-2717643600 -25200 0 MST}. {-1633273200 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1601823600 -21600 1 MDT}. {-1583683200 -25200 0 MST}. {-1577898000 -25200 0 MST}. {-1570374000 -21600 1 MDT}. {-1551628800 -25200 0 MST}. {-1538924400 -21600 1 MDT}. {-1534089600 -25200 0 MST}. {-883587600 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-757357200 -25200 0 MST}. {-147884400 -21600 1 MDT}. {-131558400 -25200 0 MST}. {-116434800 -21600 1 MDT}. {-100108800 -25200 0 MST}. {-94669200 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-52930800 -21600 1 MDT}. {-37209600 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {9968400 -21600 1 MDT}. {25689600 -25200 0 MST}. {41418000 -21600 1 MDT}. {57744000 -25200

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Detroit Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8010
Entropy (8bit):	3.742999180017181
Encrypted:	false
SSDEEP:
MD5:	177B0815E8BD6BFA6E62895FE12A61E5
SHA1:	EC2400FA644023D6B3100B52381DB65EAF2606F0
SHA-256:	402EC5AB0E99EF6EBB33F4D482EEA5198EC686C7EAE75FC4F7D9B4EF4AC0A9E9
SHA-512:	CFA4226A21FDB23C723335F7385EA15436D8A0752EE50C67DA4C1D839BFFD4792EE9AB6E408498CD06C6B8A99A96E95E0B591F7EA17B41C1895ED396438C6D5A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Detroit) {. {-9223372036854775808 -19931 0 LMT}. {-2051202469 -21600 0 CST}. {-1724083200 -18000 0 EST}. {-883594800 -18000 0 EST}. {-880218000 -14400 1 EWT}. {-769395600 -14400 1 EPT}. {-765396000 -18000 0 EST}. {-757364400 -18000 0 EST}. {-684349200 -14400 1 EDT}. {-671047200 -18000 0 EST}. {94712400 -18000 0 EST}. {104914800 -14400 1 EDT}. {120636000 -18000 0 EST}. {126687600 -14400 1 EDT}. {152085600 -18000 0 EST}. {157784400 -18000 0 EST}. {167814000 -14400 0 EDT}. {183535200 -18000 0 EST}. {199263600 -14400 1 EDT}. {215589600 -18000 0 EST}. {230713200 -14400 1 EDT}. {247039200 -18000 0 EST}. {262767600 -14400 1 EDT}. {278488800 -18000 0 EST}. {294217200 -14400 1 EDT}. {309938400 -18000 0 EST}. {325666800 -14400 1 EDT}. {341388000 -18000 0 EST}. {357116400 -14400 1 EDT}. {372837600 -18000 0 EST}. {388566000 -14400 1 EDT}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Dominica Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	203
Entropy (8bit):	4.856609165175433
Encrypted:	false
SSDEEP:
MD5:	F85ADC16127A74C9B35D16C631E11F4F
SHA1:	F7716E20F546AA04697FB0F4993A14BAFDD1825E
SHA-256:	67ACF237962E3D12E0C746AEDC7CDBC8579DC7C0A7998AC6B6E169C58A687C17
SHA-512:	89E8F9DC6A306912B2DAEE77705E2DCD76E32F403352C23ED6BE34F8BEBB12C3604C20DA11DB921553D20E3FC43EC7984C7103D8D1396AB83B104E70BA6D13B1
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Dominica) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Edmonton Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8435
Entropy (8bit):	3.7724320820194475
Encrypted:	false
SSDEEP:
MD5:	FECBDD64036247B2FBB723ADD8F798F6
SHA1:	60B1719958AD6151CDB174A319A396D5F48C7CF1
SHA-256:	EC95041E0A97B37A60EF16A6FA2B6BCB1EBEFABBC9468B828D0F467595132BC2
SHA-512:	7CF94EC5040F4C8FA3C6ED30CFDAB59A199C18AA0CDA9A66D1A477F15563D2B7CB872CEEF1E2295E0F3B9A85508A03AEC29E3ECEBE11D9B089A92794D510BA00
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Edmonton) {. {-9223372036854775808 -27232 0 LMT}. {-1998663968 -25200 0 MST}. {-1632063600 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1600614000 -21600 1 MDT}. {-1596816000 -25200 0 MST}. {-1567954800 -21600 1 MDT}. {-1551628800 -25200 0 MST}. {-1536505200 -21600 1 MDT}. {-1523203200 -25200 0 MST}. {-1504450800 -21600 1 MDT}. {-1491753600 -25200 0 MST}. {-1473001200 -21600 1 MDT}. {-1459699200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-715791600 -21600 1 MDT}. {-702489600 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {73472400 -21600 1 MDT}. {89193600 -25200 0 MST}. {104922000 -21600 1 MDT}. {120643200 -25200 0 MST}. {136371600 -21600 1 MDT}. {152092800 -25200 0 MST}. {167821200 -21600 1 MDT}. {183542400

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Eirunepe Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1189
Entropy (8bit):	3.7118381376452767
Encrypted:	false
SSDEEP:
MD5:	D6945DF73BA7E12D3B23889CC34F6CFB
SHA1:	8C1317F3EF82225A14751318DFDA8904F908C457
SHA-256:	71F15943EAD942224B8807CCBB21F9AE34F04619FD76176404633BDB49D9E88C
SHA-512:	088C2D7BE44650A044B7632337A1FF8C3CF8A6188F24507C846B9B648FE796466B22D4A322B602B75C2943653FC43C7B9A99AE0AACF9AB7BCC86388EC3953F8A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Eirunepe) {. {-9223372036854775808 -16768 0 LMT}. {-1767208832 -18000 0 -05}. {-1206950400 -14400 1 -05}. {-1191355200 -18000 0 -05}. {-1175367600 -14400 1 -05}. {-1159819200 -18000 0 -05}. {-633812400 -14400 1 -05}. {-622062000 -18000 0 -05}. {-602276400 -14400 1 -05}. {-591825600 -18000 0 -05}. {-570740400 -14400 1 -05}. {-560203200 -18000 0 -05}. {-539118000 -14400 1 -05}. {-531345600 -18000 0 -05}. {-191358000 -14400 1 -05}. {-184190400 -18000 0 -05}. {-155156400 -14400 1 -05}. {-150062400 -18000 0 -05}. {-128890800 -14400 1 -05}. {-121118400 -18000 0 -05}. {-99946800 -14400 1 -05}. {-89582400 -18000 0 -05}. {-68410800 -14400 1 -05}. {-57960000 -18000 0 -05}. {499755600 -14400 1 -05}. {511243200 -18000 0 -05}. {530600400 -14400 1 -05}. {540273600 -18000 0 -05}. {562136400 -14400 1 -05}. {571204800 -18000 0 -05}. {590040000 -18

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\El_Salvador Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	269
Entropy (8bit):	4.7060952459188305
Encrypted:	false
SSDEEP:
MD5:	77BE2E0759A3B7227B4DAC601A670D03
SHA1:	1FB09211F291E5B1C5CC9848EB53106AF48EE830
SHA-256:	40994535FE02326EA9E373F54CB60804BA7AE7162B52EA5F73497E7F72F2D482
SHA-512:	EB5E6A4A912053E399F6225A02DDC524A223D4A5724165CAD9009F1FA10B042F971E52CE17B395A86BC80FCC6897FD2CCC3B00708506FEF39E4D71812F5DF595
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/El_Salvador) {. {-9223372036854775808 -21408 0 LMT}. {-1546279392 -21600 0 CST}. {547020000 -18000 1 CDT}. {559717200 -21600 0 CST}. {578469600 -18000 1 CDT}. {591166800 -21600 0 CST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Ensenada Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	185
Entropy (8bit):	4.786739478919165
Encrypted:	false
SSDEEP:
MD5:	74AB4664E80A145D808CAB004A22859B
SHA1:	2AF7665C4E155A227B3F76D1C4BC87854C25A6CB
SHA-256:	BDD0893AA5D170F388B1E93CE5FE2EDF438866707E52033E49898AFC499F86C5
SHA-512:	CCC2E75E07BA1CAAFD1149A22D07668D191594272922AA2A1CE6DE628A8FF49AD90AA8BFE75C005328820C700B991AD87A6F40DEB5AD519B2708D8F7BF04E5A0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Tijuana)]} {. LoadTimeZoneFile America/Tijuana.}.set TZData(:America/Ensenada) $TZData(:America/Tijuana).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Fort_Nelson Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4427
Entropy (8bit):	3.8109873978594053
Encrypted:	false
SSDEEP:
MD5:	90BBD338049233FAC5596CC63AA0D5B6
SHA1:	D96282F5B57CBF823D5A1C1FDDE7907B74DAD770
SHA-256:	DD21597BA97FD6591750E83CC00773864D658F32653017C4B52285670FFE52E3
SHA-512:	3B0F5801E55EBBB7B4C0F74DDBD3469B8F4C2BFC1B44CC80B0D36DA2152C837C8176695945F61FA75664C04F1266BCA0564815307A2C27E783CD3348C4451E4A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Fort_Nelson) {. {-9223372036854775808 -29447 0 LMT}. {-2713880953 -28800 0 PST}. {-1632060000 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-757353600 -28800 0 PST}. {-725817600 -28800 0 PST}. {-715788000 -25200 1 PDT}. {-702486000 -28800 0 PST}. {-684338400 -25200 1 PDT}. {-671036400 -28800 0 PST}. {-652888800 -25200 1 PDT}. {-639586800 -28800 0 PST}. {-620834400 -25200 1 PDT}. {-608137200 -28800 0 PST}. {-589384800 -25200 1 PDT}. {-576082800 -28800 0 PST}. {-557935200 -25200 1 PDT}. {-544633200 -28800 0 PST}. {-526485600 -25200 1 PDT}. {-513183600 -28800 0 PST}. {-495036000 -25200 1 PDT}. {-481734000 -28800 0 PST}. {-463586400 -25200 1 PDT}. {-450284400 -28800 0 PST}. {-431532000 -25200 1 PDT}. {-418230000 -28800 0 PST}. {-400082400 -25200 1 PDT}. {-3

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Fort_Wayne Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	226
Entropy (8bit):	4.730673843485836
Encrypted:	false
SSDEEP:
MD5:	4685E4E850E0B6669F72B8E1B4314A0A
SHA1:	BC6CCD58A2977A1E125B21D7B8FD57E800E624E1
SHA-256:	D35F335D6F575F95CEA4FF53382C0BE0BE94BE7EB8B1E0CA3B7C50E8F7614E4E
SHA-512:	867003B33A5FC6E42D546FBFC7A8AB351DE72232B89BA1BEC6DB566F6DCE135E65C08DE9112837190EB21D677E2F83E7E0F6049EC70CB9E36F223DE3A68E000A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Indiana/Indianapolis)]} {. LoadTimeZoneFile America/Indiana/Indianapolis.}.set TZData(:America/Fort_Wayne) $TZData(:America/Indiana/Indianapolis).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Fortaleza Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1375
Entropy (8bit):	3.695923796037783
Encrypted:	false
SSDEEP:
MD5:	2BCCE3C71898F3D7F2327419950C5838
SHA1:	CE45568E951C227CB3D88D20B337E5E1E1D4B1EF
SHA-256:	AA2CF8DA8D63FC4DE912A4F220CF7E49379021F5E51ABA1AFCFC7C9164D5A381
SHA-512:	420066E5D39446AA53547CBF1A015A4745F02D1059B2530B7735AC4C28BD2BFC431AEB7531C2C49C2BDF8E31405F15717D88DE0DE3F5F42BAA96A8289A014D06
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Fortaleza) {. {-9223372036854775808 -9240 0 LMT}. {-1767216360 -10800 0 -03}. {-1206957600 -7200 1 -03}. {-1191362400 -10800 0 -03}. {-1175374800 -7200 1 -03}. {-1159826400 -10800 0 -03}. {-633819600 -7200 1 -03}. {-622069200 -10800 0 -03}. {-602283600 -7200 1 -03}. {-591832800 -10800 0 -03}. {-570747600 -7200 1 -03}. {-560210400 -10800 0 -03}. {-539125200 -7200 1 -03}. {-531352800 -10800 0 -03}. {-191365200 -7200 1 -03}. {-184197600 -10800 0 -03}. {-155163600 -7200 1 -03}. {-150069600 -10800 0 -03}. {-128898000 -7200 1 -03}. {-121125600 -10800 0 -03}. {-99954000 -7200 1 -03}. {-89589600 -10800 0 -03}. {-68418000 -7200 1 -03}. {-57967200 -10800 0 -03}. {499748400 -7200 1 -03}. {511236000 -10800 0 -03}. {530593200 -7200 1 -03}. {540266400 -10800 0 -03}. {562129200 -7200 1 -03}. {571197600 -10800 0 -03}. {592974000 -7200 1 -03}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Glace_Bay Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8099
Entropy (8bit):	3.737123408653655
Encrypted:	false
SSDEEP:
MD5:	3A839112950BFDFD3B5FBD440A2981E4
SHA1:	FFDF034F7E26647D1C18C1F6C49C776AD5BA93ED
SHA-256:	3D0325012AB7076FB31A68E33EE0EABC8556DFA78FBA16A3E41F986D523858FF
SHA-512:	1E06F4F607252C235D2D69E027D7E0510027D8DB0EE49CF291C39D6FD010868EF6899437057DA489DD30981949243DDFA6599FD07CE80E05A1994147B78A76CE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Glace_Bay) {. {-9223372036854775808 -14388 0 LMT}. {-2131646412 -14400 0 AST}. {-1632074400 -10800 1 ADT}. {-1615143600 -14400 0 AST}. {-880221600 -10800 1 AWT}. {-769395600 -10800 1 APT}. {-765399600 -14400 0 AST}. {-536443200 -14400 0 AST}. {-526500000 -10800 1 ADT}. {-513198000 -14400 0 AST}. {-504907200 -14400 0 AST}. {63086400 -14400 0 AST}. {73461600 -10800 1 ADT}. {89182800 -14400 0 AST}. {104911200 -10800 1 ADT}. {120632400 -14400 0 AST}. {126244800 -14400 0 AST}. {136360800 -10800 1 ADT}. {152082000 -14400 0 AST}. {167810400 -10800 1 ADT}. {183531600 -14400 0 AST}. {199260000 -10800 1 ADT}. {215586000 -14400 0 AST}. {230709600 -10800 1 ADT}. {247035600 -14400 0 AST}. {262764000 -10800 1 ADT}. {278485200 -14400 0 AST}. {294213600 -10800 1 ADT}. {309934800 -14400 0 AST}. {325663200 -10800 1 ADT}. {341384400 -14400 0 AST}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Godthab Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7186
Entropy (8bit):	3.4539479411234977
Encrypted:	false
SSDEEP:
MD5:	F7C502D77495455080AC3125CE2B42EA
SHA1:	B4883AF71068903AFA372DBFA9E73A39B658A8FF
SHA-256:	058FBB47D5CD3001C0E5A0B5D92ACE1F8A720527A673A78AB71925198AC0ACA1
SHA-512:	B0361D7FB7B02C996B9E608F9B8B1D8DB76FC7D298FA9AC841C4C51A0469FF05A06E0F7829E6C7D810D13BDF3B792A9547B70F6721CA9D7544CBD94028364CAB
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Godthab) {. {-9223372036854775808 -12416 0 LMT}. {-1686083584 -10800 0 -03}. {323845200 -7200 0 -02}. {338950800 -10800 0 -03}. {354675600 -7200 1 -02}. {370400400 -10800 0 -03}. {386125200 -7200 1 -02}. {401850000 -10800 0 -03}. {417574800 -7200 1 -02}. {433299600 -10800 0 -03}. {449024400 -7200 1 -02}. {465354000 -10800 0 -03}. {481078800 -7200 1 -02}. {496803600 -10800 0 -03}. {512528400 -7200 1 -02}. {528253200 -10800 0 -03}. {543978000 -7200 1 -02}. {559702800 -10800 0 -03}. {575427600 -7200 1 -02}. {591152400 -10800 0 -03}. {606877200 -7200 1 -02}. {622602000 -10800 0 -03}. {638326800 -7200 1 -02}. {654656400 -10800 0 -03}. {670381200 -7200 1 -02}. {686106000 -10800 0 -03}. {701830800 -7200 1 -02}. {717555600 -10800 0 -03}. {733280400 -7200 1 -02}. {749005200 -10800 0 -03}. {764730000 -7200 1 -02}. {780454800 -10800 0 -03

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Goose_Bay Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10015
Entropy (8bit):	3.780383775128893
Encrypted:	false
SSDEEP:
MD5:	77DEEF08876F92042F71E1DEFA666857
SHA1:	7E21B51B3ED8EBEB85193374174C6E2BCA7FEB7F
SHA-256:	87E9C6E265BFA58885FBEC128263D5E5D86CC32B8FFEDECAFE96F773192C18BE
SHA-512:	C9AB8C9147354A388AEC5FE04C6C5317481478A07893461706CDC9FD5B42E31733EAC01C95C357F3C5DC3556C49F20374F58A6E0A120755D5E96744DE3A95A81
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Goose_Bay) {. {-9223372036854775808 -14500 0 LMT}. {-2713895900 -12652 0 NST}. {-1640982548 -12652 0 NST}. {-1632076148 -9052 1 NDT}. {-1615145348 -12652 0 NST}. {-1609446548 -12652 0 NST}. {-1096921748 -12600 0 NST}. {-1072989000 -12600 0 NST}. {-1061670600 -9000 1 NDT}. {-1048973400 -12600 0 NST}. {-1030221000 -9000 1 NDT}. {-1017523800 -12600 0 NST}. {-998771400 -9000 1 NDT}. {-986074200 -12600 0 NST}. {-966717000 -9000 1 NDT}. {-954624600 -12600 0 NST}. {-935267400 -9000 1 NDT}. {-922570200 -12600 0 NST}. {-903817800 -9000 1 NDT}. {-891120600 -12600 0 NST}. {-872368200 -9000 0 NWT}. {-769395600 -9000 1 NPT}. {-765401400 -12600 0 NST}. {-757369800 -12600 0 NST}. {-746044200 -9000 1 NDT}. {-733347000 -12600 0 NST}. {-714594600 -9000 1 NDT}. {-701897400 -12600 0 NST}. {-683145000 -9000 1 NDT}. {-670447800 -12600 0 NST}. {-6516954

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Grand_Turk Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7307
Entropy (8bit):	3.755018614919114
Encrypted:	false
SSDEEP:
MD5:	8582299C1262010B6843306D65DB436C
SHA1:	70DB6B507D7F51B1E2C96E087CD7987EB69E9A1D
SHA-256:	7CFBA4D1B1E6106A0EC6D6B5600791D6A33AD527B7D47325C3AB9524B17B1829
SHA-512:	CC12912C38D85B23242C69211BA2B58167C55836D51DB02E6D820CDBD6368F835893AF656FC81F73EA745FD786E9134EC4A3E8D325D1515A01540E8A7EBEF03B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Grand_Turk) {. {-9223372036854775808 -17072 0 LMT}. {-2524504528 -18430 0 KMT}. {-1827687170 -18000 0 EST}. {284014800 -18000 0 EST}. {294217200 -14400 1 EDT}. {309938400 -18000 0 EST}. {325666800 -14400 1 EDT}. {341388000 -18000 0 EST}. {357116400 -14400 1 EDT}. {372837600 -18000 0 EST}. {388566000 -14400 1 EDT}. {404892000 -18000 0 EST}. {420015600 -14400 1 EDT}. {436341600 -18000 0 EST}. {452070000 -14400 1 EDT}. {467791200 -18000 0 EST}. {483519600 -14400 1 EDT}. {499240800 -18000 0 EST}. {514969200 -14400 1 EDT}. {530690400 -18000 0 EST}. {544604400 -14400 1 EDT}. {562140000 -18000 0 EST}. {576054000 -14400 1 EDT}. {594194400 -18000 0 EST}. {607503600 -14400 1 EDT}. {625644000 -18000 0 EST}. {638953200 -14400 1 EDT}. {657093600 -18000 0 EST}. {671007600 -14400 1 EDT}. {688543200 -18000 0 EST}. {702457200 -14400 1 EDT}. {71

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Grenada Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	202
Entropy (8bit):	4.877543794488217
Encrypted:	false
SSDEEP:
MD5:	C62E81B423F5BA10709D331FEBAB1839
SHA1:	F7BC5E7055E472DE33DED5077045F680843B1AA7
SHA-256:	0806C0E907DB13687BBAD2D22CEF5974D37A407D00E0A97847EC12AF972BCFF3
SHA-512:	7D7090C3A6FEBE67203EB18E06717B39EC62830757BAD5A40E0A7F97572ABB81E81CAB614AA4CD3089C3787DAA6293D6FED0137BB57EF3AE358A92FCDDCF52A8
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Grenada) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Guadeloupe Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	205
Entropy (8bit):	4.914669229343752
Encrypted:	false
SSDEEP:
MD5:	026A098D231C9BE8557A7F4A673C1BE2
SHA1:	192EECA778E1E713053D37353AF6D3C168D2BFF5
SHA-256:	FFE0E204D43000121944C57D2B2A846E792DDC73405C02FC5E8017136CD55BCB
SHA-512:	B49BD0FC12CC8D475E7E5116B8BDEA1584912BFA433734451F4338E42B5E042F3EC259E81C009E85798030E21F658158FA9F4EFC60078972351F706F852425E3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Guadeloupe) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Guatemala Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	385
Entropy (8bit):	4.450029420195016
Encrypted:	false
SSDEEP:
MD5:	6E3FD9D19E0CD26275B0F95412F13F4C
SHA1:	A1B6D6219DEBDBC9B5FFF5848E5DF14F8F4B1158
SHA-256:	1DC103227CA0EDEEBA8EE8A41AE54B3E11459E4239DC051B0694CF7DF3636F1A
SHA-512:	BF615D16BB55186AFC7216B47250EE84B7834FD08077E29E0A8F49C65AACAAD8D27539EA751202EBFF5E0B00702EC59B0A7D95F5FB585BFED68AC6206416110D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Guatemala) {. {-9223372036854775808 -21724 0 LMT}. {-1617040676 -21600 0 CST}. {123055200 -18000 1 CDT}. {130914000 -21600 0 CST}. {422344800 -18000 1 CDT}. {433054800 -21600 0 CST}. {669708000 -18000 1 CDT}. {684219600 -21600 0 CST}. {1146376800 -18000 1 CDT}. {1159678800 -21600 0 CST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Guayaquil Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	240
Entropy (8bit):	4.690879495223713
Encrypted:	false
SSDEEP:
MD5:	58E0902DC63F2F584AD72E6855A68BB8
SHA1:	C8ED225C95DB512CB860D798E6AF648A321B82E7
SHA-256:	D940627FFCBE6D690E34406B62EE4A032F116DF1AB81631E27A61E16BD4051E2
SHA-512:	EF2523F2C55890BE4CE78DA2274833647587CF6F48B144C8261EB69B24BA73946B63244F03FEDF37A990FCAFECB2D88F4ECE302993F115C06323721E570EDD99
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Guayaquil) {. {-9223372036854775808 -19160 0 LMT}. {-2524502440 -18840 0 QMT}. {-1230749160 -18000 0 -05}. {722926800 -14400 1 -05}. {728884800 -18000 0 -05}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Guyana Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	208
Entropy (8bit):	4.687194013851928
Encrypted:	false
SSDEEP:
MD5:	CF5AD3AFBD735A42E3F7D85064C16AFC
SHA1:	B8160F8D5E677836051643622262F13E3AE1B0BE
SHA-256:	AF2EC2151402DF377E011618512BBC25A5A6AC64165E2C42212E2C2EC182E8F1
SHA-512:	F69F10822AB115D25C0B5F705D294332FAAA66EB0BA2D98A6610A35E1FA5ED05F02B3DDBB4E37B9B4A77946C05E28C98113DBF11EDF8DB2661A2D8ED40711182
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Guyana) {. {-9223372036854775808 -13960 0 LMT}. {-1730578040 -13500 0 -0345}. {176010300 -10800 0 -03}. {662698800 -14400 0 -04}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Halifax Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10763
Entropy (8bit):	3.724988391778253
Encrypted:	false
SSDEEP:
MD5:	7DE8E355A725B3D9B3FD06A838B9715F
SHA1:	41C6AAEA03FC7FEED50CFFFC4DFF7F35E2B1C23D
SHA-256:	5F65F38FFA6B05C59B21DB98672EB2124E4283530ACB01B22093EAEFB256D116
SHA-512:	4C61A15DDF28124343C1E6EFE068D15E48F0662534486EC38A4E2731BE085CDA5856F884521EF32A6E0EDD610A8A491A722220BDD1BAF2A9652D8457778AF696
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Halifax) {. {-9223372036854775808 -15264 0 LMT}. {-2131645536 -14400 0 AST}. {-1696276800 -10800 1 ADT}. {-1680469200 -14400 0 AST}. {-1640980800 -14400 0 AST}. {-1632074400 -10800 1 ADT}. {-1615143600 -14400 0 AST}. {-1609444800 -14400 0 AST}. {-1566763200 -10800 1 ADT}. {-1557090000 -14400 0 AST}. {-1535486400 -10800 1 ADT}. {-1524949200 -14400 0 AST}. {-1504468800 -10800 1 ADT}. {-1493413200 -14400 0 AST}. {-1472414400 -10800 1 ADT}. {-1461963600 -14400 0 AST}. {-1440964800 -10800 1 ADT}. {-1429390800 -14400 0 AST}. {-1409515200 -10800 1 ADT}. {-1396731600 -14400 0 AST}. {-1376856000 -10800 1 ADT}. {-1366491600 -14400 0 AST}. {-1346616000 -10800 1 ADT}. {-1333832400 -14400 0 AST}. {-1313956800 -10800 1 ADT}. {-1303678800 -14400 0 AST}. {-1282507200 -10800 1 ADT}. {-1272661200 -14400 0 AST}. {-1251057600 -10800 1 ADT}. {-1240088400

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Havana Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8444
Entropy (8bit):	3.7372403334059547
Encrypted:	false
SSDEEP:
MD5:	C436FDCDBA98987601FEFC2DBFD5947B
SHA1:	A04CF2A5C9468C634AED324CB79F9EE3544514B7
SHA-256:	32F8B4D03E4ACB466353D72DAA2AA9E1E42D454DBBA001D0B880667E6346B8A1
SHA-512:	56C25003685582AF2B8BA4E32EFF03EF10F4360D1A12E0F1294355000161ADDF7024CBD047D1830AB884BE2C385FD8ABE8DA5C30E9A0671C22E84EE3BF957D85
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Havana) {. {-9223372036854775808 -19768 0 LMT}. {-2524501832 -19776 0 HMT}. {-1402813824 -18000 0 CST}. {-1311534000 -14400 1 CDT}. {-1300996800 -18000 0 CST}. {-933534000 -14400 1 CDT}. {-925675200 -18000 0 CST}. {-902084400 -14400 1 CDT}. {-893620800 -18000 0 CST}. {-870030000 -14400 1 CDT}. {-862171200 -18000 0 CST}. {-775681200 -14400 1 CDT}. {-767822400 -18000 0 CST}. {-744231600 -14400 1 CDT}. {-736372800 -18000 0 CST}. {-144702000 -14400 1 CDT}. {-134251200 -18000 0 CST}. {-113425200 -14400 1 CDT}. {-102542400 -18000 0 CST}. {-86295600 -14400 1 CDT}. {-72907200 -18000 0 CST}. {-54154800 -14400 1 CDT}. {-41457600 -18000 0 CST}. {-21495600 -14400 1 CDT}. {-5774400 -18000 0 CST}. {9954000 -14400 1 CDT}. {25675200 -18000 0 CST}. {41403600 -14400 1 CDT}. {57729600 -18000 0 CST}. {73458000 -14400 1 CDT}. {87364800 -18000 0 CST}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Hermosillo Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	595
Entropy (8bit):	4.2803367804689785
Encrypted:	false
SSDEEP:
MD5:	9D1A1746614CE2CEE26D066182938CDC
SHA1:	967590403A84E80ED299B8D548A2B37C8EEB21CE
SHA-256:	493DB3E7B56B2E6B266A5C212CD1F75F1E5CF57533DA03BB1C1F2449543B9F48
SHA-512:	DFAE6BC48F2E4B75DD6744AEE57D31D6A6E764D02DCA5731C7B516AD87B9BAB2FEB355A012EC38BDD53008B501B0744953EB7E0677F02B9EAF083D2E66042B37
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Hermosillo) {. {-9223372036854775808 -26632 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {-873828000 -25200 0 MST}. {-661539600 -28800 0 PST}. {28800 -25200 0 MST}. {828867600 -21600 1 MDT}. {846403200 -25200 0 MST}. {860317200 -21600 1 MDT}. {877852800 -25200 0 MST}. {891766800 -21600 1 MDT}. {909302400 -25200 0 MST}. {915174000 -25200 0 MST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Indiana\Indianapolis Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6996
Entropy (8bit):	3.799188069575817
Encrypted:	false
SSDEEP:
MD5:	154A332C3ACF6D6F358B07D96B91EBD1
SHA1:	FC16E7CBE179B3AB4E0C2A61AB5E0E8C23E50D50
SHA-256:	C0C7964EBF9EA332B46D8B928B52FDE2ED15ED2B25EC664ACD33DA7BF3F987AE
SHA-512:	5831905E1E6C6FA9DD309104B3A2EE476941D6FF159764123A477E2690C697B0F19EDEA0AD0CD3BBBECF96D64DC4B981027439E7865FCB1632661C8539B3BD6C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Indianapolis) {. {-9223372036854775808 -20678 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-1577901600 -21600 0 CST}. {-900259200 -18000 1 CDT}. {-891795600 -21600 0 CST}. {-883591200 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-733942800 -21600 0 CST}. {-715795200 -18000 1 CDT}. {-702493200 -21600 0 CST}. {-684345600 -18000 1 CDT}. {-671043600 -21600 0 CST}. {-652896000 -18000 1 CDT}. {-639594000 -21600 0 CST}. {-620841600 -18000 1 CDT}. {-608144400 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-557942400 -18000 1 CDT}. {-544640400 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Indiana\Knox Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8470
Entropy (8bit):	3.7546412701514034
Encrypted:	false
SSDEEP:
MD5:	E8AFD9E320A7F4310B413F8086462F31
SHA1:	7BEE624AAC096E9C280B4FC84B0671381C657F6C
SHA-256:	BE74C1765317898834A18617352DF3B2952D69DE4E294616F1554AB95824DAF0
SHA-512:	C76620999A293FA3A93CA4615AB78F19395F12CC08C242F56BFD4C4CAF8BC769DDEBF33FF10F7DA5A3EFD8ED18792362780188636075419014A8C099A897C43C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Knox) {. {-9223372036854775808 -20790 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-725824800 -21600 0 CST}. {-715795200 -18000 1 CDT}. {-702493200 -21600 0 CST}. {-684345600 -18000 1 CDT}. {-671043600 -21600 0 CST}. {-652896000 -18000 1 CDT}. {-639594000 -21600 0 CST}. {-620841600 -18000 1 CDT}. {-608144400 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-557942400 -18000 1 CDT}. {-544640400 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-463593600 -18000 1 CDT}. {-447267600 -21600 0 CST}. {-431539200 -18000 1 CDT}. {-415818000 -21600 0 CST}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Indiana\Marengo Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7037
Entropy (8bit):	3.786429098558221
Encrypted:	false
SSDEEP:
MD5:	456422A0D5BE8FBF5DBD0E75D8650894
SHA1:	737AC21F019A7E89689B9C8B465C8482FF4F403E
SHA-256:	C92D86CACFF85344453E1AFBC124CE11085DE7F6DC52CB4CBE6B89B01D5FE2F3
SHA-512:	372AEBB2F13A50536C36A025881874E5EE3162F0168B71B2083965BECBBFCA3DAC726117D205D708CC2B4F7ABE65CCC2B3FE6625F1403D97001950524D545470
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Marengo) {. {-9223372036854775808 -20723 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-599594400 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-463593600 -18000 1 CDT}. {-450291600 -21600 0 CST}. {-431539200 -18000 1 CDT}. {-418237200 -21600 0 CST}. {-400089600 -18000 1 CDT}. {-386787600 -21600 0 CST}. {-368640000 -18000 1 CDT}. {-355338000 -21600 0 CST}. {-337190400 -18000 1 CDT}. {-323888400 -21600 0 CST}. {-305740800 -18000 1 CDT}. {-292438800 -21600 0 CST}. {-273686400 -18000 0 EST}. {-31518000 -18000 0 EST}. {-21488400 -14400 1 EDT}. {-5767200 -18000 0 EST}. {

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Indiana\Petersburg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7364
Entropy (8bit):	3.79636789874872
Encrypted:	false
SSDEEP:
MD5:	9614153F9471187A2F92B674733369A0
SHA1:	199E8D5018A374EDB9592483CE4DDB30712006E3
SHA-256:	5323EBC8D450CC1B53AED18AD209ADEB3A6EEB5A00A80D63E26DB1C85B6476ED
SHA-512:	2A1E26D711F62C51A5EE7014584FAF41C1780BD62573247D45D467500C6AB9A9EAD5A382A1986A9D768D7BB927E4D391EA1B7A4AD9A54D3B05D8AD2385156C33
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Petersburg) {. {-9223372036854775808 -20947 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-473364000 -21600 0 CST}. {-462996000 -18000 1 CDT}. {-450291600 -21600 0 CST}. {-431539200 -18000 1 CDT}. {-418237200 -21600 0 CST}. {-400089600 -18000 1 CDT}. {-386787600 -21600 0 CST}. {-368640000 -18000 1 CDT}. {-355338000 -21600 0 CST}. {-337190400 -18000 1 CDT}. {-323888400 -21600 0 CST}. {-305740800 -18000 1 CDT}. {-292438800 -21600 0 CST}. {-273686400 -18000 1 CDT}. {-257965200 -21600 0 CST}. {-242236800 -18000 1 CDT}. {-226515600 -21600 0 CST}. {-210787200 -18000 1 CDT}. {-195066000 -21600 0 CST}. {-179337600 -18000 1 CDT}. {-163616400 -21600 0 CST

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Indiana\Tell_City Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6992
Entropy (8bit):	3.7768650637181533
Encrypted:	false
SSDEEP:
MD5:	D0F40504B578D996E93DAE6DA583116A
SHA1:	4D4D24021B826BFED2735D42A46EEC1C9EBEA8E3
SHA-256:	F4A0572288D2073D093A256984A2EFEC6DF585642EA1C4A2860B38341D376BD8
SHA-512:	BA9D994147318FF5A53D45EC432E118B5F349207D58448D568E0DB316452EF9FD620EE4623FD4EAD123BC2A6724E1BAE2809919C58223E6FD4C7A20F004155E0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Tell_City) {. {-9223372036854775808 -20823 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-733942800 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-462996000 -18000 1 CDT}. {-450291600 -21600 0 CST}. {-431539200 -18000 1 CDT}. {-418237200 -21600 0 CST}. {-400089600 -18000 1 CDT}. {-386787600 -21600 0 CST}. {-368640000 -18000 1 CDT}. {-355338000 -21600 0 CST}. {-337190400 -18000 1 CDT}. {-323888400 -21600 0 CST}. {-305740800 -18000 1 CDT}. {-289414800 -21600 0 CST}. {-273686400 -18000 1 CDT}. {-260989200 -21600 0 CST}

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Indiana\Vevay Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6350
Entropy (8bit):	3.782861360101505
Encrypted:	false
SSDEEP:
MD5:	35A64C161E0083DCE8CD1E8E1D6EBE85
SHA1:	9BC295C23783C07587D82DA2CC25C1A4586284B2
SHA-256:	75E89796C6FB41D75D4DDA6D94E4D27979B0572487582DC980575AF6656A7822
SHA-512:	7BAF735DA0DE899653F60EED6EEF53DD8A1ABC6F61F052B8E37B404BC9B37355E94563827BC296D8E980C4247864A57A117B7B1CB58A2C242991BBDC8FE7174E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Vevay) {. {-9223372036854775808 -20416 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-495043200 -18000 0 EST}. {-31518000 -18000 0 EST}. {-21488400 -14400 1 EDT}. {-5767200 -18000 0 EST}. {9961200 -14400 1 EDT}. {25682400 -18000 0 EST}. {41410800 -14400 1 EDT}. {57736800 -18000 0 EST}. {73465200 -14400 1 EDT}. {89186400 -18000 0 EST}. {94712400 -18000 0 EST}. {1136091600 -18000 0 EST}. {1143961200 -14400 1 EDT}. {1162101600 -18000 0 EST}. {1173596400 -14400 1 EDT}. {1194156000 -18000 0 EST}. {1205046000 -14400 1 EDT}. {1225605600 -18000 0 EST}. {1236495600 -14400 1 EDT}. {1257055200 -18000 0 EST}. {1268550000 -14400 1 EDT}. {1289109600 -18000

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Indiana\Vincennes Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6992
Entropy (8bit):	3.795913753683276
Encrypted:	false
SSDEEP:
MD5:	AD8B44BD0DBBEB06786B2B281736A82B
SHA1:	7480D3916F0ED66379FC534F20DC31001A3F14AF
SHA-256:	18F35F24AEF9A937CD9E91E723F611BC5D802567A03C5484FAB7AEEC1F2A0ED0
SHA-512:	7911EC3F1FD564C50DEAF074ED99A502A9B5262B63E3E0D2901E21F27E90FBD5656A53831E61B43A096BA1FF18BB4183CCCE2B903782C2189DAAFDD7A90B3083
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Vincennes) {. {-9223372036854775808 -21007 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-733942800 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-462996000 -18000 1 CDT}. {-450291600 -21600 0 CST}. {-431539200 -18000 1 CDT}. {-418237200 -21600 0 CST}. {-400089600 -18000 1 CDT}. {-386787600 -21600 0 CST}. {-368640000 -18000 1 CDT}. {-355338000 -21600 0 CST}. {-337190400 -18000 1 CDT}. {-323888400 -21600 0 CST}. {-305740800 -18000 1 CDT}. {-289414800 -21600 0 CST}. {-273686400 -18000 1 CDT}. {-260989200 -21600 0 CST}

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Indiana\Winamac Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7170
Entropy (8bit):	3.7942292979267767
Encrypted:	false
SSDEEP:
MD5:	40D8E05D8794C9D11DF018E3C8B8D7C0
SHA1:	58161F320CB46EC72B9AA6BAD9086F18B2E0141B
SHA-256:	A13D6158CCD4283FE94389FD341853AD90EA4EC505D37CE23BD7A6E7740F03F6
SHA-512:	BC45B6EFF1B879B01F517D4A4012D0AFBA0F6A9D92E862EF9A960FE07CBE216C8C929FE790044C566DC95981EC4BEAB3DCBD45A1FE597606CF601214A78AEA08
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Winamac) {. {-9223372036854775808 -20785 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-733942800 -21600 0 CST}. {-715795200 -18000 1 CDT}. {-702493200 -21600 0 CST}. {-684345600 -18000 1 CDT}. {-671043600 -21600 0 CST}. {-652896000 -18000 1 CDT}. {-639594000 -21600 0 CST}. {-620841600 -18000 1 CDT}. {-608144400 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-557942400 -18000 1 CDT}. {-544640400 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-463593600 -18000 1 CDT}. {-447267600 -21600 0 CST}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Indianapolis Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	228
Entropy (8bit):	4.655121947675421
Encrypted:	false
SSDEEP:
MD5:	CB79BE371FAB0B0A5EBEB1BA101AA8BA
SHA1:	6A24348AB24D6D55A8ABDEE1500ED03D5D1357F3
SHA-256:	6AABF28AC5A766828DD91F2EE2783F50E9C6C6307D8942FCD4DFAE21DB2F1855
SHA-512:	156E1E7046D7A0938FE4BF40BC586F0A7BEF1B0ED7B887665E9C6041980B511F079AA739B7BD42A89794CB9E82DB6629E81DD39D2F8161DFABDED539E272FB6E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Indiana/Indianapolis)]} {. LoadTimeZoneFile America/Indiana/Indianapolis.}.set TZData(:America/Indianapolis) $TZData(:America/Indiana/Indianapolis).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Inuvik Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7389
Entropy (8bit):	3.778898781146325
Encrypted:	false
SSDEEP:
MD5:	EFEFB694C4F54583C0ED45A955E823AF
SHA1:	6FF35D151E8E1DED0DC362671FFF904B3CFF59B4
SHA-256:	72C48C0CCC1B8C1BD80E5BB5B8879A07A2DBE82317667568523BBE1F855E4883
SHA-512:	52BDACF02C5A595927FF9B7DC0151367C81B259C8831A91F66A0C10D5271DCDF834763F44868CCF7EDA497295D9D55C49C8F8FD43EEC383C29BC3CABAA4B6B0F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Inuvik) {. {-9223372036854775808 0 0 -00}. {-536457600 -28800 0 PST}. {-147888000 -21600 1 PDDT}. {-131558400 -28800 0 PST}. {315558000 -25200 0 MST}. {325674000 -21600 1 MDT}. {341395200 -25200 0 MST}. {357123600 -21600 1 MDT}. {372844800 -25200 0 MST}. {388573200 -21600 1 MDT}. {404899200 -25200 0 MST}. {420022800 -21600 1 MDT}. {436348800 -25200 0 MST}. {452077200 -21600 1 MDT}. {467798400 -25200 0 MST}. {483526800 -21600 1 MDT}. {499248000 -25200 0 MST}. {514976400 -21600 1 MDT}. {530697600 -25200 0 MST}. {544611600 -21600 1 MDT}. {562147200 -25200 0 MST}. {576061200 -21600 1 MDT}. {594201600 -25200 0 MST}. {607510800 -21600 1 MDT}. {625651200 -25200 0 MST}. {638960400 -21600 1 MDT}. {657100800 -25200 0 MST}. {671014800 -21600 1 MDT}. {688550400 -25200 0 MST}. {702464400 -21600 1 MDT}. {720000000 -25200 0 MST}. {733914000 -

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Iqaluit Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7421
Entropy (8bit):	3.7475594770809835
Encrypted:	false
SSDEEP:
MD5:	67B9C859DCD38D60EB892500D7287387
SHA1:	E91BE702B1D97039528A3F540D1FFFF553683CE9
SHA-256:	34D907D9F2B36DC562DCD4E972170011B4DA98F9F6EDA819C50C130A51F1DBED
SHA-512:	239B0BA842C1432DB5A6DE4E0A63CDE4B4800FC76AE237B0E723116426F0700FFF418634FB1B5641B87E7792709E16A9ED679E37A570E9D723E3561C2B6B45B5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Iqaluit) {. {-9223372036854775808 0 0 -00}. {-865296000 -14400 0 EWT}. {-769395600 -14400 1 EPT}. {-765396000 -18000 0 EST}. {-147898800 -10800 1 EDDT}. {-131569200 -18000 0 EST}. {325666800 -14400 1 EDT}. {341388000 -18000 0 EST}. {357116400 -14400 1 EDT}. {372837600 -18000 0 EST}. {388566000 -14400 1 EDT}. {404892000 -18000 0 EST}. {420015600 -14400 1 EDT}. {436341600 -18000 0 EST}. {452070000 -14400 1 EDT}. {467791200 -18000 0 EST}. {483519600 -14400 1 EDT}. {499240800 -18000 0 EST}. {514969200 -14400 1 EDT}. {530690400 -18000 0 EST}. {544604400 -14400 1 EDT}. {562140000 -18000 0 EST}. {576054000 -14400 1 EDT}. {594194400 -18000 0 EST}. {607503600 -14400 1 EDT}. {625644000 -18000 0 EST}. {638953200 -14400 1 EDT}. {657093600 -18000 0 EST}. {671007600 -14400 1 EDT}. {688543200 -18000 0 EST}. {702457200 -14400 1 EDT}. {71999280

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Jamaica Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	818
Entropy (8bit):	4.132568007446054
Encrypted:	false
SSDEEP:
MD5:	5C35FFB7D73B7F46DB4A508CF7AB1C54
SHA1:	5C631104044E9413C86F95E072A630C2AD9EA56D
SHA-256:	7FDD008C250308942D0D1DE485B05670A6A4276CB61F5F052385769B7E1906C1
SHA-512:	7B3FF2C945598DDBF43B0BD0650192D6C70B333BF89916013C35F56DC1489CB65A72BA70FB0AE7341C71A71D4B73805F9D597A5B5FA525F4BFB1DF0F582641AE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Jamaica) {. {-9223372036854775808 -18430 0 LMT}. {-2524503170 -18430 0 KMT}. {-1827687170 -18000 0 EST}. {126248400 -18000 0 EST}. {126687600 -14400 1 EDT}. {152085600 -18000 0 EST}. {162370800 -14400 1 EDT}. {183535200 -18000 0 EST}. {199263600 -14400 1 EDT}. {215589600 -18000 0 EST}. {230713200 -14400 1 EDT}. {247039200 -18000 0 EST}. {262767600 -14400 1 EDT}. {278488800 -18000 0 EST}. {294217200 -14400 1 EDT}. {309938400 -18000 0 EST}. {325666800 -14400 1 EDT}. {341388000 -18000 0 EST}. {357116400 -14400 1 EDT}. {372837600 -18000 0 EST}. {388566000 -14400 1 EDT}. {404892000 -18000 0 EST}. {420015600 -14400 1 EDT}. {436341600 -18000 0 EST}. {441781200 -18000 0 EST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Jujuy Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	206
Entropy (8bit):	4.89710274358395
Encrypted:	false
SSDEEP:
MD5:	320C83EFE59FD60EB9F5D4CF0845B948
SHA1:	5A71DFAE7DF9E3D8724DFA533A37744B9A34FFEC
SHA-256:	67740B2D5427CFCA70FB53ABD2356B62E01B782A51A805A324C4DFAD9ACA0CFA
SHA-512:	D7A6378372386C45C907D3CB48B923511A719794B0C0BFA3694DBCE094A46A48249720653836C2F10CBB2178DD8EEEEA6B5019E4CC6C6B650FD7BE256BE1CA99
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Jujuy)]} {. LoadTimeZoneFile America/Argentina/Jujuy.}.set TZData(:America/Jujuy) $TZData(:America/Argentina/Jujuy).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Juneau Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8406
Entropy (8bit):	3.8821515247187883
Encrypted:	false
SSDEEP:
MD5:	7D338E0224E7DDC690766CDC3E436805
SHA1:	89BB26B7731AC40DE75FFCD854BA4D30A0F1B716
SHA-256:	B703FC5AA56667A5F27FD80E5042AFE0F22F5A7EF7C5174646B2C10297E16810
SHA-512:	7B52EDD2FE3ECAB682138EC867B4D654A08BEA9C4A3BB20E1ED69F03DD9EF91A3B707C78D25CA5A32938152157E98188A253AD2D2D283EF24ECE7352BCB88B67
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Juneau) {. {-9223372036854775808 54139 0 LMT}. {-3225223727 -32261 0 LMT}. {-2188954939 -28800 0 PST}. {-883584000 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-757353600 -28800 0 PST}. {-31507200 -28800 0 PST}. {-21477600 -25200 1 PDT}. {-5756400 -28800 0 PST}. {9972000 -25200 1 PDT}. {25693200 -28800 0 PST}. {41421600 -25200 1 PDT}. {57747600 -28800 0 PST}. {73476000 -25200 1 PDT}. {89197200 -28800 0 PST}. {104925600 -25200 1 PDT}. {120646800 -28800 0 PST}. {126698400 -25200 1 PDT}. {152096400 -28800 0 PST}. {162381600 -25200 1 PDT}. {183546000 -28800 0 PST}. {199274400 -25200 1 PDT}. {215600400 -28800 0 PST}. {230724000 -25200 1 PDT}. {247050000 -28800 0 PST}. {262778400 -25200 1 PDT}. {278499600 -28800 0 PST}. {294228000 -25200 1 PDT}. {309949200 -28800 0 PST}. {325677600

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Kentucky\Louisville Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9332
Entropy (8bit):	3.769996646995791
Encrypted:	false
SSDEEP:
MD5:	D9BC20AFD7DA8643A2091EB1A4B48CB3
SHA1:	9B567ABF6630E7AB231CAD867AD541C82D9599FF
SHA-256:	B4CC987A6582494779799A32A9FB3B4A0D0298425E71377EB80E2FB4AAAEB873
SHA-512:	0BC769A53E63B41341C25A0E2093B127064B589F86483962BD24DB4082C4466E12F4CD889B82AD0134C992E984EF0897113F28321522B57BA45A98C15FF7E172
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Kentucky/Louisville) {. {-9223372036854775808 -20582 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-1546279200 -21600 0 CST}. {-1535904000 -18000 1 CDT}. {-1525280400 -21600 0 CST}. {-905097600 -18000 1 CDT}. {-891795600 -21600 0 CST}. {-883591200 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-744224400 -21600 0 CST}. {-715795200 -18000 1 CDT}. {-684349200 -18000 1 CDT}. {-652899600 -18000 1 CDT}. {-620845200 -18000 1 CDT}. {-608144400 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-557942400 -18000 1 CDT}. {-544640400 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Kentucky\Monticello Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8279
Entropy (8bit):	3.785637200740036
Encrypted:	false
SSDEEP:
MD5:	0C6F5C9D1514DF2D0F8044BE27080EE2
SHA1:	70CBA0561E4319027C60FB0DCF29C9783BFE8A75
SHA-256:	1515460FBA496FE8C09C87C51406F4DA5D77C11D1FF2A2C8351DF5030001450F
SHA-512:	17B519BCC044FE6ED2F16F2DFBCB6CCE7FA83CF17B9FC4A40FDA21DEFBA9DE7F022A50CF5A264F3090D57D51362662E01C3C60BD125430AEECA0887BB8520DB1
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Kentucky/Monticello) {. {-9223372036854775808 -20364 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-63136800 -21600 0 CST}. {-52934400 -18000 1 CDT}. {-37213200 -21600 0 CST}. {-21484800 -18000 1 CDT}. {-5763600 -21600 0 CST}. {9964800 -18000 1 CDT}. {25686000 -21600 0 CST}. {41414400 -18000 1 CDT}. {57740400 -21600 0 CST}. {73468800 -18000 1 CDT}. {89190000 -21600 0 CST}. {104918400 -18000 1 CDT}. {120639600 -21600 0 CST}. {126691200 -18000 1 CDT}. {152089200 -21600 0 CST}. {162374400 -18000 1 CDT}. {183538800 -21600 0 CST}. {199267200 -18000 1 CDT}. {215593200 -21600 0 CST}. {230716800 -18000 1 CDT}. {247042800 -21600 0 C

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Knox_IN Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	199
Entropy (8bit):	4.8191308888643345
Encrypted:	false
SSDEEP:
MD5:	465D405C9720EB7EC4BB007A279E88ED
SHA1:	7D80B8746816ECF4AF45166AED24C731B60CCFC6
SHA-256:	BE85C86FBD7D396D2307E7DCC945214977829E1314D1D71EFAE509E98AC15CF7
SHA-512:	C476022D2CC840793BF7B5841051F707A30CCAB1022E30FB1E45B420077417F517BEDA5564EFB154283C7C018A9CA09D10845C6A1BFE2A2DE7C939E307BDCE6F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Indiana/Knox)]} {. LoadTimeZoneFile America/Indiana/Knox.}.set TZData(:America/Knox_IN) $TZData(:America/Indiana/Knox).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Kralendijk Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	187
Entropy (8bit):	4.810917109656368
Encrypted:	false
SSDEEP:
MD5:	4763D6524D2D8FC62720BCD020469FF6
SHA1:	EE567965467E4F3BDFE4094604E526A49305FDD8
SHA-256:	A794B43E498484FFD83702CFB9250932058C01627F6F6F4EE1432C80A9B37CD6
SHA-512:	37462E0A3C24D5BAEBDD1ADCF8EE94EA07682960D710D57D5FD05AF9C5F09FF30312528D79516A16A0A84A2D351019DBB33308FC39EC468033B18FB0AC872C13
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Curacao)]} {. LoadTimeZoneFile America/Curacao.}.set TZData(:America/Kralendijk) $TZData(:America/Curacao).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\La_Paz Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	210
Entropy (8bit):	4.853705210019575
Encrypted:	false
SSDEEP:
MD5:	FE113AA98220A177DA9DD5BF588EB317
SHA1:	083F2C36FF97185E2078B389F6DB2B3B04E95672
SHA-256:	AF2A931C2CC39EED49710B9AFDBB3E56F1E4A1A5B9B1C813565BE43D6668493A
SHA-512:	B6A34966F4150E3E3785563DFEB543726868923DB3980F693B4F2504B773A6CFD4102225C24897C81F1B3D22F35D1BE92D5ECE19F03028AC485A6B975896BB8F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/La_Paz) {. {-9223372036854775808 -16356 0 LMT}. {-2524505244 -16356 0 CMT}. {-1205954844 -12756 1 BST}. {-1192307244 -14400 0 -04}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Lima Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	444
Entropy (8bit):	4.171707948838632
Encrypted:	false
SSDEEP:
MD5:	D20722EC3E24AA65C23DB94006246684
SHA1:	3E9D446FFA6163ED658D947BB582C9F566374777
SHA-256:	593FEBC924D0DE7DA5FC482952282F1B1E3432D7509798F475B13743047286DA
SHA-512:	326E300C837981DEFC497B5E467EA70DC2F6F10765FAB39977A2F03F3BEF0A0917EFD0524E2B66CBCFE0EE424273594437E098C6503EFC73002673678016C605
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Lima) {. {-9223372036854775808 -18492 0 LMT}. {-2524503108 -18516 0 LMT}. {-1938538284 -14400 0 -05}. {-1002052800 -18000 0 -05}. {-986756400 -14400 1 -05}. {-971035200 -18000 0 -05}. {-955306800 -14400 1 -05}. {-939585600 -18000 0 -05}. {512712000 -18000 0 -05}. {544248000 -18000 0 -05}. {638942400 -18000 0 -05}. {765172800 -18000 0 -05}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Los_Angeles Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9409
Entropy (8bit):	3.767062784666229
Encrypted:	false
SSDEEP:
MD5:	A661407CC08E68459018A636C8EF0EC1
SHA1:	5524A613B07C4B4CA7404504EAD917E5B0A00112
SHA-256:	C39E5A4C1482B13E862B4D36F4F4590BDF230BE44BAC30BDAB015CDBE02BE9C9
SHA-512:	F5BD08D99E0B54911AC3ABFD413A1D98A0EB7F39A41E348E17D38EA9226A9320BA0CFE9CEB0954D158AB9B8761F0A9ECFB6F82DF033CD9B2234BC71A2D163B3A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Los_Angeles) {. {-9223372036854775808 -28378 0 LMT}. {-2717640000 -28800 0 PST}. {-1633269600 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-1601820000 -25200 1 PDT}. {-1583679600 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-757353600 -28800 0 PST}. {-687967140 -25200 1 PDT}. {-662655600 -28800 0 PST}. {-620838000 -25200 1 PDT}. {-608137200 -28800 0 PST}. {-589388400 -25200 1 PDT}. {-576082800 -28800 0 PST}. {-557938800 -25200 1 PDT}. {-544633200 -28800 0 PST}. {-526489200 -25200 1 PDT}. {-513183600 -28800 0 PST}. {-495039600 -25200 1 PDT}. {-481734000 -28800 0 PST}. {-463590000 -25200 1 PDT}. {-450284400 -28800 0 PST}. {-431535600 -25200 1 PDT}. {-418230000 -28800 0 PST}. {-400086000 -25200 1 PDT}. {-386780400 -28800 0 PST}. {-368636400 -25200 1 PDT}. {-355330800 -28800 0 PST}. {

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Lower_Princes Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	190
Entropy (8bit):	4.81236985301262
Encrypted:	false
SSDEEP:
MD5:	EBB062CC0AA5C21F7C4278B79B9EAE6C
SHA1:	6DFC8303BBE1FB990D7CB258E7DBC6270A5CFE64
SHA-256:	4842420076033349DD9560879505326FFAB91BED75D6C133143FFBBFB8725975
SHA-512:	5087C6257CA797317D049424324F5DC31BBD938436DCEB4CF4FE3D2520F7745F1C023E3EC48689957E389900EF2AACB3F5E9E49FD154DF51FF89F9A7173818CD
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Curacao)]} {. LoadTimeZoneFile America/Curacao.}.set TZData(:America/Lower_Princes) $TZData(:America/Curacao).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Maceio Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1487
Entropy (8bit):	3.655866753080831
Encrypted:	false
SSDEEP:
MD5:	3BC7560FE4E357A36D53F6DCC1E6F176
SHA1:	F9F647E5021344A3A350CD895A26B049331E7CF1
SHA-256:	184EC961CA5D1233A96A030D75D0D47A4111717B793EE25C82C0540E25168BDD
SHA-512:	0805146230F55E12D7524F3F4EDB53D9C6C41C6926FA0603B3958AA82E85C9531D8CBDF4DFF085189908F293A2B29FDFA1BAEFB0FDADF34134D6C4D2FCF19397
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Maceio) {. {-9223372036854775808 -8572 0 LMT}. {-1767217028 -10800 0 -03}. {-1206957600 -7200 1 -03}. {-1191362400 -10800 0 -03}. {-1175374800 -7200 1 -03}. {-1159826400 -10800 0 -03}. {-633819600 -7200 1 -03}. {-622069200 -10800 0 -03}. {-602283600 -7200 1 -03}. {-591832800 -10800 0 -03}. {-570747600 -7200 1 -03}. {-560210400 -10800 0 -03}. {-539125200 -7200 1 -03}. {-531352800 -10800 0 -03}. {-191365200 -7200 1 -03}. {-184197600 -10800 0 -03}. {-155163600 -7200 1 -03}. {-150069600 -10800 0 -03}. {-128898000 -7200 1 -03}. {-121125600 -10800 0 -03}. {-99954000 -7200 1 -03}. {-89589600 -10800 0 -03}. {-68418000 -7200 1 -03}. {-57967200 -10800 0 -03}. {499748400 -7200 1 -03}. {511236000 -10800 0 -03}. {530593200 -7200 1 -03}. {540266400 -10800 0 -03}. {562129200 -7200 1 -03}. {571197600 -10800 0 -03}. {592974000 -7200 1 -03}. {60

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Managua Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	590
Entropy (8bit):	4.233264210289004
Encrypted:	false
SSDEEP:
MD5:	6BF9AB156020E7AC62F93F561B314CB8
SHA1:	7484A57EADCFD870490395BB4D6865A2E024B791
SHA-256:	D45B4690B43C46A7CD8001F8AE950CD6C0FF7B01CD5B3623E3DD92C62FD5E473
SHA-512:	CF02E62650679D8E2D58D0D70DE2322CAAA6508AF4FF7A60E415AA8AA3A9D26D1A191CFAE986ACAF0AEF1DFC4C2E34F9A5B6EDC2018E0B7E9000917D429FB587
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Managua) {. {-9223372036854775808 -20708 0 LMT}. {-2524500892 -20712 0 MMT}. {-1121105688 -21600 0 CST}. {105084000 -18000 0 EST}. {161758800 -21600 0 CST}. {290584800 -18000 1 CDT}. {299134800 -21600 0 CST}. {322034400 -18000 1 CDT}. {330584400 -21600 0 CST}. {694260000 -18000 0 EST}. {717310800 -21600 0 CST}. {725868000 -18000 0 EST}. {852094800 -21600 0 CST}. {1113112800 -18000 1 CDT}. {1128229200 -21600 0 CST}. {1146384000 -18000 1 CDT}. {1159682400 -21600 0 CST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Manaus Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1127
Entropy (8bit):	3.6965365214193797
Encrypted:	false
SSDEEP:
MD5:	BFCC0D7639AE2D973CDBD504E99A58B8
SHA1:	E8C43C5B026891D3E9B291446ABC050E7A100C71
SHA-256:	1237FF765AA4C5530E5250F928DFAB5BB687C72C990A37B87E9DB8135C5D9CBD
SHA-512:	DAD87E612161A136606E50944C50401AFD4C11D51A016704BDD070E52ED3BAC56E0E7BCFD83E7DA392FC8D2278E5F9EF6C0C466372F58AFA1005C4156CDA189D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Manaus) {. {-9223372036854775808 -14404 0 LMT}. {-1767211196 -14400 0 -04}. {-1206954000 -10800 1 -04}. {-1191358800 -14400 0 -04}. {-1175371200 -10800 1 -04}. {-1159822800 -14400 0 -04}. {-633816000 -10800 1 -04}. {-622065600 -14400 0 -04}. {-602280000 -10800 1 -04}. {-591829200 -14400 0 -04}. {-570744000 -10800 1 -04}. {-560206800 -14400 0 -04}. {-539121600 -10800 1 -04}. {-531349200 -14400 0 -04}. {-191361600 -10800 1 -04}. {-184194000 -14400 0 -04}. {-155160000 -10800 1 -04}. {-150066000 -14400 0 -04}. {-128894400 -10800 1 -04}. {-121122000 -14400 0 -04}. {-99950400 -10800 1 -04}. {-89586000 -14400 0 -04}. {-68414400 -10800 1 -04}. {-57963600 -14400 0 -04}. {499752000 -10800 1 -04}. {511239600 -14400 0 -04}. {530596800 -10800 1 -04}. {540270000 -14400 0 -04}. {562132800 -10800 1 -04}. {571201200 -14400 0 -04}. {590036400 -1440

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Marigot Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	202
Entropy (8bit):	4.890561068654966
Encrypted:	false
SSDEEP:
MD5:	3340CD9706ECBB2C6BCB16F1D75C5428
SHA1:	FE230B53F0DCCE15C14C91F43796E46DA5C1A2CE
SHA-256:	BC2F908758F074D593C033F7B1C7D7B4F81618A4ED46E7907CD434E0CCFEE9F4
SHA-512:	016AB54B9E99600A296D99A036A555BB79E3C5FDB0F1BEB516AFFE17B7763D864CB076B9C2D95547ED44BA2F6FC372CDFF25708C5423E1CF643AB6F0AA78E0E3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Marigot) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Martinique Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	242
Entropy (8bit):	4.7982301339896285
Encrypted:	false
SSDEEP:
MD5:	2F7A1415403071E5D2E545C1DAA96A15
SHA1:	6A8FB2ABAD2B2D25AF569624C6C9AAE9821EF70B
SHA-256:	40F3C68A518F294062AC3DD5361BB9884308E1C490EF11D2CFDC93CB219C3D26
SHA-512:	3E4D94AB6A46E6C3BB97304F3A5596A06041C0E0935CC840F4A6EB56D0892778F853959A742C5B832CD8F07AB9B74539C45599F22C080577503B2E34B6CE28C5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Martinique) {. {-9223372036854775808 -14660 0 LMT}. {-2524506940 -14660 0 FFMT}. {-1851537340 -14400 0 AST}. {323841600 -10800 1 ADT}. {338958000 -14400 0 AST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Matamoros Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6526
Entropy (8bit):	3.7582526108760064
Encrypted:	false
SSDEEP:
MD5:	2BBAA150389EAAE284D905A159A61167
SHA1:	0001B50C25FC0CDF015A60150963AAF895EEDEEF
SHA-256:	A7966B95DBE643291FB68E228B60E2DC780F8155E064D96B670C8290F104E4AB
SHA-512:	87CE18E7E4C2C59A953CD47005EF406F4923730459996B1BF09B04FFD9CD5F963A9E50299ECCDBF4B24C565412B706B1ABC39890D659E6F409F1BA50308E57F9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Matamoros) {. {-9223372036854775808 -24000 0 LMT}. {-1514743200 -21600 0 CST}. {568015200 -21600 0 CST}. {576057600 -18000 1 CDT}. {594198000 -21600 0 CST}. {599637600 -21600 0 CST}. {828864000 -18000 1 CDT}. {846399600 -21600 0 CST}. {860313600 -18000 1 CDT}. {877849200 -21600 0 CST}. {891763200 -18000 1 CDT}. {909298800 -21600 0 CST}. {923212800 -18000 1 CDT}. {941353200 -21600 0 CST}. {954662400 -18000 1 CDT}. {972802800 -21600 0 CST}. {989136000 -18000 1 CDT}. {1001833200 -21600 0 CST}. {1018166400 -18000 1 CDT}. {1035702000 -21600 0 CST}. {1049616000 -18000 1 CDT}. {1067151600 -21600 0 CST}. {1081065600 -18000 1 CDT}. {1099206000 -21600 0 CST}. {1112515200 -18000 1 CDT}. {1130655600 -21600 0 CST}. {1143964800 -18000 1 CDT}. {1162105200 -21600 0 CST}. {1175414400 -18000 1 CDT}. {1193554800 -21600 0 CST}. {1207468800 -18000 1 C

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Mazatlan Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6619
Entropy (8bit):	3.788952004807415
Encrypted:	false
SSDEEP:
MD5:	4D63766E65BF3E772CCEC2D6DB3E2D3E
SHA1:	DB541D2908159C7EF98F912D8DBC36755FFD13F3
SHA-256:	81CEA4A397AF6190FD250325CF513976B3508209AE3A88FDFD55490A5016A36D
SHA-512:	DFAF1B3547B1B1B78B33F1F0F5E9624C693492687EC5D060FC4C6CBE2AFBB61B2E9B618133636DD62364D28B2450F741561AADFDE7B811F579BBC7247343A041
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Mazatlan) {. {-9223372036854775808 -25540 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {-873828000 -25200 0 MST}. {-661539600 -28800 0 PST}. {28800 -25200 0 MST}. {828867600 -21600 1 MDT}. {846403200 -25200 0 MST}. {860317200 -21600 1 MDT}. {877852800 -25200 0 MST}. {891766800 -21600 1 MDT}. {909302400 -25200 0 MST}. {923216400 -21600 1 MDT}. {941356800 -25200 0 MST}. {954666000 -21600 1 MDT}. {972806400 -25200 0 MST}. {989139600 -21600 1 MDT}. {1001836800 -25200 0 MST}. {1018170000 -21600 1 MDT}. {1035705600 -25200 0 MST}. {1049619600 -21600 1 MDT}. {1067155200 -25200 0 MST}. {1081069200 -21600 1 MDT}. {1099209600 -25200 0 MST}. {1112518800 -21600 1 MDT}. {1130659200 -25200 0 MST}. {1143968400 -21600

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Mendoza Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	214
Entropy (8bit):	4.76389929825594
Encrypted:	false
SSDEEP:
MD5:	A6EFD8F443D4CB54A5FB238D4D975808
SHA1:	8F25C6C0EA9D73DC8D1964C4A28A4E2E783880CC
SHA-256:	39B34B406339F06A8D187F8CCC1B6BF2550E49329F7DCE223619190F560E75F8
SHA-512:	4B5D48472D56AF19B29AD2377573CC8CB3ED9EF1AF53C00C907B6576FA852EA3D1E9F9B3A78A280DC44F8ADBE5B81D6AEC2609BE08FFA08507CD0F4139878F46
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Mendoza)]} {. LoadTimeZoneFile America/Argentina/Mendoza.}.set TZData(:America/Mendoza) $TZData(:America/Argentina/Mendoza).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Menominee Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8136
Entropy (8bit):	3.7460641906933345
Encrypted:	false
SSDEEP:
MD5:	0D0DC4A816CDAE4707CDF4DF51A18D30
SHA1:	7ED2835AA8F723B958A6631092019A779554CADE
SHA-256:	3C659C1EAC7848BBE8DF00F857F8F81D2F64B56BD1CEF3495641C53C007434FA
SHA-512:	930F2FDC2C1EAE4106F9B37A16BCBBAF618A2CCBBA98C712E8215555CF09B9303D71842DEC38EFAF930DB71E14E8208B14E41E10B54EF98335E01435D0FC3518
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Menominee) {. {-9223372036854775808 -21027 0 LMT}. {-2659759773 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-733942800 -21600 0 CST}. {-116438400 -18000 1 CDT}. {-100112400 -21600 0 CST}. {-21484800 -18000 0 EST}. {104914800 -21600 0 CST}. {104918400 -18000 1 CDT}. {120639600 -21600 0 CST}. {126691200 -18000 1 CDT}. {152089200 -21600 0 CST}. {162374400 -18000 1 CDT}. {183538800 -21600 0 CST}. {199267200 -18000 1 CDT}. {215593200 -21600 0 CST}. {230716800 -18000 1 CDT}. {247042800 -21600 0 CST}. {262771200 -18000 1 CDT}. {278492400 -21600 0 CST}. {294220800 -18000 1 CDT}. {309942000 -21600 0 CST}. {325670400 -18000 1

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Merida Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6435
Entropy (8bit):	3.757504464563519
Encrypted:	false
SSDEEP:
MD5:	A7C5CFE3FA08D4CEDF6324457EA5766E
SHA1:	83BB96398C0B1B34771940C8F7A19CB78C5EF72F
SHA-256:	A1D7DE7285DC78ADDE1B0A04E05DA44D0D46D4696F67A682D0D28313A53825FE
SHA-512:	092DD7CEF6A5861472965E082171937EEDCFB3AE1821E3C88AA1BDFAB1EC48F765CAC497E3E5C78C19653C78B087C7CE28A8AB76F9073558963234901EF4B4A4
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Merida) {. {-9223372036854775808 -21508 0 LMT}. {-1514743200 -21600 0 CST}. {377935200 -18000 0 EST}. {407653200 -21600 0 CST}. {828864000 -18000 1 CDT}. {846399600 -21600 0 CST}. {860313600 -18000 1 CDT}. {877849200 -21600 0 CST}. {891763200 -18000 1 CDT}. {909298800 -21600 0 CST}. {923212800 -18000 1 CDT}. {941353200 -21600 0 CST}. {954662400 -18000 1 CDT}. {972802800 -21600 0 CST}. {989136000 -18000 1 CDT}. {1001833200 -21600 0 CST}. {1018166400 -18000 1 CDT}. {1035702000 -21600 0 CST}. {1049616000 -18000 1 CDT}. {1067151600 -21600 0 CST}. {1081065600 -18000 1 CDT}. {1099206000 -21600 0 CST}. {1112515200 -18000 1 CDT}. {1130655600 -21600 0 CST}. {1143964800 -18000 1 CDT}. {1162105200 -21600 0 CST}. {1175414400 -18000 1 CDT}. {1193554800 -21600 0 CST}. {1207468800 -18000 1 CDT}. {1225004400 -21600 0 CST}. {1238918400 -18000 1 CD

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Metlakatla Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6462
Entropy (8bit):	3.906655458013535
Encrypted:	false
SSDEEP:
MD5:	897140EE4C46A300FBA4B66692A77D2B
SHA1:	D5F2F3C8561A19EA0C5DAF0236696D5DB98D4220
SHA-256:	8B48C28A0AB6728CEDBCC82197355A5F9DD7D73E270EE949D996BB788777623B
SHA-512:	17E52B3C00C4EDE3B2FA10A4BE0601889B12581D31936D075E85118F37329716C4083D2B16F7081F7AA73EC9774ED7B4CF67615BE6090F8A506BF77AADE0CAFD
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Metlakatla) {. {-9223372036854775808 54822 0 LMT}. {-3225223727 -31578 0 LMT}. {-2188955622 -28800 0 PST}. {-883584000 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-757353600 -28800 0 PST}. {-31507200 -28800 0 PST}. {-21477600 -25200 1 PDT}. {-5756400 -28800 0 PST}. {9972000 -25200 1 PDT}. {25693200 -28800 0 PST}. {41421600 -25200 1 PDT}. {57747600 -28800 0 PST}. {73476000 -25200 1 PDT}. {89197200 -28800 0 PST}. {104925600 -25200 1 PDT}. {120646800 -28800 0 PST}. {126698400 -25200 1 PDT}. {152096400 -28800 0 PST}. {162381600 -25200 1 PDT}. {183546000 -28800 0 PST}. {199274400 -25200 1 PDT}. {215600400 -28800 0 PST}. {230724000 -25200 1 PDT}. {247050000 -28800 0 PST}. {262778400 -25200 1 PDT}. {278499600 -28800 0 PST}. {294228000 -25200 1 PDT}. {309949200 -28800 0 PST}. {325677

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Mexico_City Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6807
Entropy (8bit):	3.761365047166545
Encrypted:	false
SSDEEP:
MD5:	C675DA8A44A9841C417C585C2661EF13
SHA1:	147DDE5DD00E520DA889AC9931088E6232CE6FEA
SHA-256:	82B9AAD03408A9DFC0B6361EC923FEAEF97DBB4B3129B772B902B9DAE345D63E
SHA-512:	00615A5EC0D08BABF009C3CAAF3D631B1F4E2E4324E91B0F29ADD7E61B51C80D5D495D20BD131A9370C3005B2E510C8A4E4869A5032D82BC33C875E909CDE086
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Mexico_City) {. {-9223372036854775808 -23796 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {-975261600 -18000 1 CDT}. {-963169200 -21600 0 CST}. {-917114400 -18000 1 CDT}. {-907354800 -21600 0 CST}. {-821901600 -18000 1 CWT}. {-810068400 -21600 0 CST}. {-627501600 -18000 1 CDT}. {-612990000 -21600 0 CST}. {828864000 -18000 1 CDT}. {846399600 -21600 0 CST}. {860313600 -18000 1 CDT}. {877849200 -21600 0 CST}. {891763200 -18000 1 CDT}. {909298800 -21600 0 CST}. {923212800 -18000 1 CDT}. {941353200 -21600 0 CST}. {954662400 -18000 1 CDT}. {972802800 -21600 0 CST}. {989136000 -18000 1 CDT}. {1001836800 -21600 0 CST}. {1014184800 -21600 0 CST}. {1018166400 -18000 1 CDT}. {1035702000 -21600 0 CST}. {1049616000

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Miquelon Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6846
Entropy (8bit):	3.44227328239419
Encrypted:	false
SSDEEP:
MD5:	0C7122725D98CDE5CB9B22624D24A26C
SHA1:	1889279EBE1377DB3460B706CAA4ECF803651517
SHA-256:	86BB088047FB5A6041C7B0792D15F9CB453F49A54F78529CC415B7FF2C41265A
SHA-512:	C23D3AE8D579FAC56521A0C06178550C4976E906A4CD149554821A2550B0EAB43344C6536166271EAA22EC77AF8529D9164696D7A5A740B02FA34C4272D43F26
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Miquelon) {. {-9223372036854775808 -13480 0 LMT}. {-1850328920 -14400 0 AST}. {326001600 -10800 0 -03}. {536468400 -10800 0 -02}. {544597200 -7200 1 -02}. {562132800 -10800 0 -02}. {576046800 -7200 1 -02}. {594187200 -10800 0 -02}. {607496400 -7200 1 -02}. {625636800 -10800 0 -02}. {638946000 -7200 1 -02}. {657086400 -10800 0 -02}. {671000400 -7200 1 -02}. {688536000 -10800 0 -02}. {702450000 -7200 1 -02}. {719985600 -10800 0 -02}. {733899600 -7200 1 -02}. {752040000 -10800 0 -02}. {765349200 -7200 1 -02}. {783489600 -10800 0 -02}. {796798800 -7200 1 -02}. {814939200 -10800 0 -02}. {828853200 -7200 1 -02}. {846388800 -10800 0 -02}. {860302800 -7200 1 -02}. {877838400 -10800 0 -02}. {891752400 -7200 1 -02}. {909288000 -10800 0 -02}. {923202000 -7200 1 -02}. {941342400 -10800 0 -02}. {954651600 -7200 1 -02}. {972792000 -10800 0 -

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Moncton Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10165
Entropy (8bit):	3.73501024949866
Encrypted:	false
SSDEEP:
MD5:	C1F34BD1FB4402481FFA5ABEE1573085
SHA1:	46B9AD38086417554549C36A40487140256BED57
SHA-256:	A4C2F586D7F59A192D6D326AD892C8BE20753FB4D315D506F4C2ED9E3F657B9A
SHA-512:	115D3E65A6A3834E748ED1917CF03A835F74EC0F8DB789C2B99EB78879EA3A5A2AFEB35981BA221D868E6A5B579374CFB3F865ACF6D4271B918EBCC2C3C69579
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Moncton) {. {-9223372036854775808 -15548 0 LMT}. {-2715882052 -18000 0 EST}. {-2131642800 -14400 0 AST}. {-1632074400 -10800 1 ADT}. {-1615143600 -14400 0 AST}. {-1167595200 -14400 0 AST}. {-1153681200 -10800 1 ADT}. {-1145822400 -14400 0 AST}. {-1122231600 -10800 1 ADT}. {-1114372800 -14400 0 AST}. {-1090782000 -10800 1 ADT}. {-1082923200 -14400 0 AST}. {-1059332400 -10800 1 ADT}. {-1051473600 -14400 0 AST}. {-1027882800 -10800 1 ADT}. {-1020024000 -14400 0 AST}. {-996433200 -10800 1 ADT}. {-988574400 -14400 0 AST}. {-965674800 -10800 1 ADT}. {-955396800 -14400 0 AST}. {-934743600 -10800 1 ADT}. {-923947200 -14400 0 AST}. {-904503600 -10800 1 ADT}. {-891892800 -14400 0 AST}. {-883598400 -14400 0 AST}. {-880221600 -10800 1 AWT}. {-769395600 -10800 1 APT}. {-765399600 -14400 0 AST}. {-757368000 -14400 0 AST}. {-747252000 -10800 1 ADT}

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Monterrey Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6496
Entropy (8bit):	3.75909042772931
Encrypted:	false
SSDEEP:
MD5:	255A5A8E27CA1F0127D71E09033C6D9B
SHA1:	4F1C5E6D3F9E5BC9F8958FA50C195FDADD0F4022
SHA-256:	C753DEF7056E26D882DCD842729816890D42B6C7E31522111467C0C39A24B2F2
SHA-512:	96A67C3CC54EC39086D4DF681DDA39B4167FE80F0C45600045480F28C282071915F793BD672146119A22E0C15339F162DFF9DF326E7132E723684EF079666F58
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Monterrey) {. {-9223372036854775808 -24076 0 LMT}. {-1514743200 -21600 0 CST}. {568015200 -21600 0 CST}. {576057600 -18000 1 CDT}. {594198000 -21600 0 CST}. {599637600 -21600 0 CST}. {828864000 -18000 1 CDT}. {846399600 -21600 0 CST}. {860313600 -18000 1 CDT}. {877849200 -21600 0 CST}. {891763200 -18000 1 CDT}. {909298800 -21600 0 CST}. {923212800 -18000 1 CDT}. {941353200 -21600 0 CST}. {954662400 -18000 1 CDT}. {972802800 -21600 0 CST}. {989136000 -18000 1 CDT}. {1001833200 -21600 0 CST}. {1018166400 -18000 1 CDT}. {1035702000 -21600 0 CST}. {1049616000 -18000 1 CDT}. {1067151600 -21600 0 CST}. {1081065600 -18000 1 CDT}. {1099206000 -21600 0 CST}. {1112515200 -18000 1 CDT}. {1130655600 -21600 0 CST}. {1143964800 -18000 1 CDT}. {1162105200 -21600 0 CST}. {1175414400 -18000 1 CDT}. {1193554800 -21600 0 CST}. {1207468800 -18000 1 C

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Montevideo Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2840
Entropy (8bit):	3.549378422404712
Encrypted:	false
SSDEEP:
MD5:	87A9F18CE5E5EE97D943316EE93DC664
SHA1:	C221C82FA644943AF05C5737B4A68418BEFE66D7
SHA-256:	E8DB201FDAF1FD43BE39422062CEB2A25F25764934C481A95CD7BB3F93949495
SHA-512:	AC7D6BA85A37585BEC2101AAF0F46B04BF49F56B449A2BEC4E32D009576CA4D0CB687981EFA96DA8DAB00453F0020925E5FB9681BF8071AC6EFFC4F938E0D891
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Montevideo) {. {-9223372036854775808 -13491 0 LMT}. {-1942690509 -13491 0 MMT}. {-1567455309 -14400 0 -04}. {-1459627200 -10800 0 -0330}. {-1443819600 -12600 0 -0330}. {-1428006600 -10800 1 -0330}. {-1412283600 -12600 0 -0330}. {-1396470600 -10800 1 -0330}. {-1380747600 -12600 0 -0330}. {-1141590600 -10800 1 -0330}. {-1128286800 -12600 0 -0330}. {-1110141000 -10800 1 -0330}. {-1096837200 -12600 0 -0330}. {-1078691400 -10800 1 -0330}. {-1065387600 -12600 0 -0330}. {-1047241800 -10800 1 -0330}. {-1033938000 -12600 0 -0330}. {-1015187400 -10800 1 -0330}. {-1002488400 -12600 0 -0330}. {-983737800 -10800 1 -0330}. {-971038800 -12600 0 -0330}. {-954707400 -10800 1 -0330}. {-938984400 -12600 0 -0330}. {-920838600 -10800 1 -0330}. {-907534800 -12600 0 -0330}. {-896819400 -10800 1 -0330}. {-853621200 -9000 0 -03}. {-845847000 -10800 0 -03}. {-33

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Montreal Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	185
Entropy (8bit):	4.696915330047381
Encrypted:	false
SSDEEP:
MD5:	F4631583229AD8B12C548E624AAF4A9F
SHA1:	C56022CEACBD910C9CBF8C39C974021294AEE9DA
SHA-256:	884575BE85D1276A1AE3426F33153B3D4787AC5238FDBE0991C6608E7EB0DF07
SHA-512:	48FB9910D8A75AD9451C860716746D38B29319CA04DF9E8690D62FB875A5BEBCC7A8C546A60878821BD68A83271C69671D483C3133E4F807F2C3AC899CEBF065
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Toronto)]} {. LoadTimeZoneFile America/Toronto.}.set TZData(:America/Montreal) $TZData(:America/Toronto).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Montserrat Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	205
Entropy (8bit):	4.865859395466201
Encrypted:	false
SSDEEP:
MD5:	705E51A8FB38AA8F9714256AFB55DA8A
SHA1:	97D96BE4C08F128E739D541A43057F08D24DDDCF
SHA-256:	0FED15D7D58E8A732110FF6765D0D148D15ACBB0251EE867CE7596933E999865
SHA-512:	4D7E42ECDB16F7A8A62D9EDA1E365325F3CBFAA1EF0E9FEE2790E24BA8DEAAA716D41F9389B849C69DC3973DA61D575146932FB2C8AC81579C65C18E45AE386E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Montserrat) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Nassau Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8260
Entropy (8bit):	3.7353311910027376
Encrypted:	false
SSDEEP:
MD5:	6F9F530A792FC34E2B0CEE4BC3DB3809
SHA1:	4DF8A4A6993E47DD5A710BEE921D88FEF44858E7
SHA-256:	9F62117DDA0A21D37B63C9083B3C50572399B22D640262F427D68123078B32F9
SHA-512:	C2BF93FDBE8430113FA63561D1A08145DCF31CD679AB7230098993C7A19EF0F29F486C962656F8A62505CB1BFE993FBD3BB5FB0BAE7B6E7E190DE2865C445408
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Nassau) {. {-9223372036854775808 -18570 0 LMT}. {-1825095030 -18000 0 EST}. {-179341200 -14400 1 EDT}. {-163620000 -18000 0 EST}. {-147891600 -14400 1 EDT}. {-131565600 -18000 0 EST}. {-116442000 -14400 1 EDT}. {-100116000 -18000 0 EST}. {-84387600 -14400 1 EDT}. {-68666400 -18000 0 EST}. {-52938000 -14400 1 EDT}. {-37216800 -18000 0 EST}. {-21488400 -14400 1 EDT}. {-5767200 -18000 0 EST}. {9961200 -14400 1 EDT}. {25682400 -18000 0 EST}. {41410800 -14400 1 EDT}. {57736800 -18000 0 EST}. {73465200 -14400 1 EDT}. {89186400 -18000 0 EST}. {104914800 -14400 1 EDT}. {120636000 -18000 0 EST}. {136364400 -14400 1 EDT}. {152085600 -18000 0 EST}. {167814000 -14400 1 EDT}. {183535200 -18000 0 EST}. {189320400 -18000 0 EST}. {199263600 -14400 1 EDT}. {215589600 -18000 0 EST}. {230713200 -14400 1 EDT}. {247039200 -18000 0 EST}. {262767600

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\New_York Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11004
Entropy (8bit):	3.725417189649631
Encrypted:	false
SSDEEP:
MD5:	C9D78AB6CF796A9D504BE2903F00B49C
SHA1:	A6C0E4135986A1A6F36B62276BFAB396DA1A4A9B
SHA-256:	1AB6E47D96BC34F57D56B936233F58B5C748B65E06AFF6449C3E3C317E411EFE
SHA-512:	6D20B13F337734CB58198396477B7C0E9CB89ED4D7AB328C22A4A528CAF187D10F42540DBB4514A0C139E6F4AE9A1A71AED02E3735D1D4F12C5314014C0C1EB6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/New_York) {. {-9223372036854775808 -17762 0 LMT}. {-2717650800 -18000 0 EST}. {-1633280400 -14400 1 EDT}. {-1615140000 -18000 0 EST}. {-1601830800 -14400 1 EDT}. {-1583690400 -18000 0 EST}. {-1577905200 -18000 0 EST}. {-1570381200 -14400 1 EDT}. {-1551636000 -18000 0 EST}. {-1536512400 -14400 1 EDT}. {-1523210400 -18000 0 EST}. {-1504458000 -14400 1 EDT}. {-1491760800 -18000 0 EST}. {-1473008400 -14400 1 EDT}. {-1459706400 -18000 0 EST}. {-1441558800 -14400 1 EDT}. {-1428256800 -18000 0 EST}. {-1410109200 -14400 1 EDT}. {-1396807200 -18000 0 EST}. {-1378659600 -14400 1 EDT}. {-1365357600 -18000 0 EST}. {-1347210000 -14400 1 EDT}. {-1333908000 -18000 0 EST}. {-1315155600 -14400 1 EDT}. {-1301853600 -18000 0 EST}. {-1283706000 -14400 1 EDT}. {-1270404000 -18000 0 EST}. {-1252256400 -14400 1 EDT}. {-1238954400 -18000 0 EST}. {-122080680

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Nipigon Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7836
Entropy (8bit):	3.7462966187089535
Encrypted:	false
SSDEEP:
MD5:	3D389AA51D3E29E8A1E8ED07646AA0DD
SHA1:	2E3DF9406B14662ADEDDC0F891CD81DF23D98157
SHA-256:	3A0FB897E5CCB31B139E009B909053DCE36BB5791ACF23529D874AFA9F0BB405
SHA-512:	AFF7B30355ECB6EBD43D1E6C943C250AB98CC82BDC8DDC7595769E4CE188A23591AEFCF18A028CC6479CF6AA20F65980E37C74F6CEE907537366136FAF29B66E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Nipigon) {. {-9223372036854775808 -21184 0 LMT}. {-2366734016 -18000 0 EST}. {-1632070800 -14400 1 EDT}. {-1615140000 -18000 0 EST}. {-923252400 -14400 1 EDT}. {-880218000 -14400 0 EWT}. {-769395600 -14400 1 EPT}. {-765396000 -18000 0 EST}. {136364400 -14400 1 EDT}. {152085600 -18000 0 EST}. {167814000 -14400 1 EDT}. {183535200 -18000 0 EST}. {199263600 -14400 1 EDT}. {215589600 -18000 0 EST}. {230713200 -14400 1 EDT}. {247039200 -18000 0 EST}. {262767600 -14400 1 EDT}. {278488800 -18000 0 EST}. {294217200 -14400 1 EDT}. {309938400 -18000 0 EST}. {325666800 -14400 1 EDT}. {341388000 -18000 0 EST}. {357116400 -14400 1 EDT}. {372837600 -18000 0 EST}. {388566000 -14400 1 EDT}. {404892000 -18000 0 EST}. {420015600 -14400 1 EDT}. {436341600 -18000 0 EST}. {452070000 -14400 1 EDT}. {467791200 -18000 0 EST}. {483519600 -14400 1 EDT}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Noronha Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1349
Entropy (8bit):	3.6915980783248976
Encrypted:	false
SSDEEP:
MD5:	10B0C457561BA600E9A39CE20CD22B72
SHA1:	07946FBB04D0C8D7CA92204E3E2DF3AB755196AB
SHA-256:	96AEE3A529C11C8DBDE3431C65C8C2315DBCFB5686957419EFCEB3D49208AB11
SHA-512:	A60AFB3DD064EAB9C4AE5F0A112DA5A7903BDB99DCF78BB99FE13DBB72310E8D47A2A62A58DAD2AB4F33971001F5B9787D663649E05FBD47B75994113CD5E8ED
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Noronha) {. {-9223372036854775808 -7780 0 LMT}. {-1767217820 -7200 0 -02}. {-1206961200 -3600 1 -02}. {-1191366000 -7200 0 -02}. {-1175378400 -3600 1 -02}. {-1159830000 -7200 0 -02}. {-633823200 -3600 1 -02}. {-622072800 -7200 0 -02}. {-602287200 -3600 1 -02}. {-591836400 -7200 0 -02}. {-570751200 -3600 1 -02}. {-560214000 -7200 0 -02}. {-539128800 -3600 1 -02}. {-531356400 -7200 0 -02}. {-191368800 -3600 1 -02}. {-184201200 -7200 0 -02}. {-155167200 -3600 1 -02}. {-150073200 -7200 0 -02}. {-128901600 -3600 1 -02}. {-121129200 -7200 0 -02}. {-99957600 -3600 1 -02}. {-89593200 -7200 0 -02}. {-68421600 -3600 1 -02}. {-57970800 -7200 0 -02}. {499744800 -3600 1 -02}. {511232400 -7200 0 -02}. {530589600 -3600 1 -02}. {540262800 -7200 0 -02}. {562125600 -3600 1 -02}. {571194000 -7200 0 -02}. {592970400 -3600 1 -02}. {602038800 -7200

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\North_Dakota\Beulah Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8278
Entropy (8bit):	3.7975723806562063
Encrypted:	false
SSDEEP:
MD5:	15AABAE9ABE4AF7ABEADF24A510E9583
SHA1:	3DEF11310D02F0492DF09591A039F46A8A72D086
SHA-256:	B328CC893D217C4FB6C84AA998009940BFBAE240F944F40E7EB900DEF1C7A5CF
SHA-512:	7A12A25EB6D6202C47CFDD9F3CE71342406F0EDA3D1D68B842BCFE97EFF1F2E0C11AD34D4EE0A61DF7E0C7E8F400C8CCA73230BDB3C677F8D15CE5CBA44775D7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/North_Dakota/Beulah) {. {-9223372036854775808 -24427 0 LMT}. {-2717643600 -25200 0 MST}. {-1633273200 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1601823600 -21600 1 MDT}. {-1583683200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-52930800 -21600 1 MDT}. {-37209600 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {9968400 -21600 1 MDT}. {25689600 -25200 0 MST}. {41418000 -21600 1 MDT}. {57744000 -25200 0 MST}. {73472400 -21600 1 MDT}. {89193600 -25200 0 MST}. {104922000 -21600 1 MDT}. {120643200 -25200 0 MST}. {126694800 -21600 1 MDT}. {152092800 -25200 0 MST}. {162378000 -21600 1 MDT}. {183542400 -25200 0 MST}. {199270800 -21600 1 MDT}. {215596800 -25200 0 MST}. {230720400 -21600 1 MDT}. {247046400 -25200 0 MS

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\North_Dakota\Center Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8278
Entropy (8bit):	3.7834920003907664
Encrypted:	false
SSDEEP:
MD5:	AC804124F4CE4626F5C1FDA2BC043011
SHA1:	4B3E8CC90671BA543112CEE1AB5450C6EA4615DF
SHA-256:	E90121F7D275FDCC7B8DCDEC5F8311194D432510FEF5F5F0D6F211A4AACB78EF
SHA-512:	056EF65693C16CB58EC5A223528C636346DB37B75000397D03663925545979792BBC50B20B5AA20139ECE9A9D6B73DA80C2319AA4F0609D6FC1A6D30D0567C58
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/North_Dakota/Center) {. {-9223372036854775808 -24312 0 LMT}. {-2717643600 -25200 0 MST}. {-1633273200 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1601823600 -21600 1 MDT}. {-1583683200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-52930800 -21600 1 MDT}. {-37209600 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {9968400 -21600 1 MDT}. {25689600 -25200 0 MST}. {41418000 -21600 1 MDT}. {57744000 -25200 0 MST}. {73472400 -21600 1 MDT}. {89193600 -25200 0 MST}. {104922000 -21600 1 MDT}. {120643200 -25200 0 MST}. {126694800 -21600 1 MDT}. {152092800 -25200 0 MST}. {162378000 -21600 1 MDT}. {183542400 -25200 0 MST}. {199270800 -21600 1 MDT}. {215596800 -25200 0 MST}. {230720400 -21600 1 MDT}. {247046400 -25200 0 MS

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\North_Dakota\New_Salem Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8281
Entropy (8bit):	3.795939700557522
Encrypted:	false
SSDEEP:
MD5:	E26FC508DFD73B610C5543487C763FF5
SHA1:	8FBDE67AF561037AAA2EDF93E9456C7E534F4B5A
SHA-256:	387D3C57EDE8CCAAD0655F19B35BC0D124C016D16F06B6F2498C1151E4792778
SHA-512:	8A10B7370D1521EDF18AB4D5192C930ABC68AB9AE718ADF3D175EACE9A1F5DAC690A76B02EFB4059374761962D8C2660497F8E951DFE9812FB3CFCFDF9165E45
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/North_Dakota/New_Salem) {. {-9223372036854775808 -24339 0 LMT}. {-2717643600 -25200 0 MST}. {-1633273200 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1601823600 -21600 1 MDT}. {-1583683200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-52930800 -21600 1 MDT}. {-37209600 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {9968400 -21600 1 MDT}. {25689600 -25200 0 MST}. {41418000 -21600 1 MDT}. {57744000 -25200 0 MST}. {73472400 -21600 1 MDT}. {89193600 -25200 0 MST}. {104922000 -21600 1 MDT}. {120643200 -25200 0 MST}. {126694800 -21600 1 MDT}. {152092800 -25200 0 MST}. {162378000 -21600 1 MDT}. {183542400 -25200 0 MST}. {199270800 -21600 1 MDT}. {215596800 -25200 0 MST}. {230720400 -21600 1 MDT}. {247046400 -25200 0

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Ojinaga Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6621
Entropy (8bit):	3.7945318113967823
Encrypted:	false
SSDEEP:
MD5:	D88A28F381C79410D816F8D2D1610A02
SHA1:	81949A1CACD5907CA5A8649385C03813EEFCDDE0
SHA-256:	F65C0F8532387AFE703FACDEE325BF8D7F3D1232DEE92D65426FF917DD582CB3
SHA-512:	9A9B0C65ECDFF690EF2933B323B3A1CF2D67D0A43F285BB9FEEFF275316148A07F5AC044C48F64E3D8CFA7C1DE44AF220A6855DC01225F8BFFF63AEC946B944A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Ojinaga) {. {-9223372036854775808 -25060 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {820476000 -21600 0 CST}. {828864000 -18000 1 CDT}. {846399600 -21600 0 CST}. {860313600 -18000 1 CDT}. {877849200 -21600 0 CST}. {883634400 -21600 0 CST}. {891766800 -21600 0 MDT}. {909302400 -25200 0 MST}. {923216400 -21600 1 MDT}. {941356800 -25200 0 MST}. {954666000 -21600 1 MDT}. {972806400 -25200 0 MST}. {989139600 -21600 1 MDT}. {1001836800 -25200 0 MST}. {1018170000 -21600 1 MDT}. {1035705600 -25200 0 MST}. {1049619600 -21600 1 MDT}. {1067155200 -25200 0 MST}. {1081069200 -21600 1 MDT}. {1099209600 -25200 0 MST}. {1112518800 -21600 1 MDT}. {1130659200 -25200 0 MST}. {1143968400 -21600 1 MDT}. {1162108800 -2520

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Panama Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	179
Entropy (8bit):	4.924365872261203
Encrypted:	false
SSDEEP:
MD5:	771816CABF25492752C5DA76C5EF74A5
SHA1:	6494F467187F99C9A51AB670CD8DC35078D63904
SHA-256:	0E323D15EA84D4B6E838D5DCD99AEE68666AF97A770DA2AF84B7BDCA4AB1DBBA
SHA-512:	C32D918E121D800B9DFD5CE1F13A4BF2505C0EDCE0085639C8EDF48073E0888906F1A28EF375BDCF549DB14CD33F7C405E28BC35DDF22445C224FBC64146B4EC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Panama) {. {-9223372036854775808 -19088 0 LMT}. {-2524502512 -19176 0 CMT}. {-1946918424 -18000 0 EST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Pangnirtung Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7484
Entropy (8bit):	3.768929501362495
Encrypted:	false
SSDEEP:
MD5:	2701DA468F9F1C819301374E807AAA27
SHA1:	F08D7525639EA752D52F36A6D14F14C5514CED8E
SHA-256:	6C7DFDE581AC9DE7B4ED6A525A40F905B7550BD2AE7E55D7E2E1B81B771D030B
SHA-512:	98BD9EDD40D2982E20A169B8B8E8D411382E5707634BB4F8365CFFF73DB17B8C042D7ED1A59B9511A3A7EB587895119532CCED69F5EFBC49D74FFDC9CA91966F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Pangnirtung) {. {-9223372036854775808 0 0 -00}. {-1546300800 -14400 0 AST}. {-880221600 -10800 1 AWT}. {-769395600 -10800 1 APT}. {-765399600 -14400 0 AST}. {-147902400 -7200 1 ADDT}. {-131572800 -14400 0 AST}. {325663200 -10800 1 ADT}. {341384400 -14400 0 AST}. {357112800 -10800 1 ADT}. {372834000 -14400 0 AST}. {388562400 -10800 1 ADT}. {404888400 -14400 0 AST}. {420012000 -10800 1 ADT}. {436338000 -14400 0 AST}. {452066400 -10800 1 ADT}. {467787600 -14400 0 AST}. {483516000 -10800 1 ADT}. {499237200 -14400 0 AST}. {514965600 -10800 1 ADT}. {530686800 -14400 0 AST}. {544600800 -10800 1 ADT}. {562136400 -14400 0 AST}. {576050400 -10800 1 ADT}. {594190800 -14400 0 AST}. {607500000 -10800 1 ADT}. {625640400 -14400 0 AST}. {638949600 -10800 1 ADT}. {657090000 -14400 0 AST}. {671004000 -10800 1 ADT}. {688539600 -14400 0 AST}. {702

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Paramaribo Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	244
Entropy (8bit):	4.731092370398455
Encrypted:	false
SSDEEP:
MD5:	5D11C2A86B0CDE60801190BFC8FA5E0B
SHA1:	38A63200995E359E61F1DEA00C5716938ED7A499
SHA-256:	D2078D8D396D5189E1D3555628960990FD63694D08256FF814EE841E01A3F56E
SHA-512:	D4D83019E5AE05C3FCDE3518672DC08925C0DECC9FCA6927D75ADA969647CE8EF2D1C67FFD1A075969309CD1B1AADDF15DB21ABDAF241EAA450D2C9E038AEF6A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Paramaribo) {. {-9223372036854775808 -13240 0 LMT}. {-1861906760 -13252 0 PMT}. {-1104524348 -13236 0 PMT}. {-765317964 -12600 0 -0330}. {465449400 -10800 0 -03}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Phoenix Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	479
Entropy (8bit):	4.379302206927978
Encrypted:	false
SSDEEP:
MD5:	1B5C5CBC4168FCCC9100487D3145AF6D
SHA1:	6E9E3074B783108032469C8E601D2C63A573B840
SHA-256:	9E28F87C0D9EE6AD6791A220742C10C135448965E1F66A7EB04D6477D8FA11B0
SHA-512:	4A6527FF5C7F0A0FDC574629714399D9A475EDC1338BF4C9EEEEDCC8CA23E14D2DE4DCA421D46FABA813A65236CD7B8ADBE103B641A763C6BC508738BF73A58C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Phoenix) {. {-9223372036854775808 -26898 0 LMT}. {-2717643600 -25200 0 MST}. {-1633273200 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1601823600 -21600 1 MDT}. {-1583683200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-820519140 -25200 0 MST}. {-796841940 -25200 0 MST}. {-94669200 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-56221200 -25200 0 MST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Port-au-Prince Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6398
Entropy (8bit):	3.770736282266079
Encrypted:	false
SSDEEP:
MD5:	7802A7D0CAEECF52062EA9AAC665051A
SHA1:	D965CD157A99FD258331A45F5E86B8F17A444D2B
SHA-256:	3D1BEDC932E5CB6315438C7EF060824C927C547009EEA25E8CF16C9D8C4A28B6
SHA-512:	4D369FF44CC1B1CBA75C0249B032581BA792830479D22C418C5B0599975E715B8983D93F52B00793F2A419F530BC8877D2DA251393592FD6B865499A97875FD8
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Port-au-Prince) {. {-9223372036854775808 -17360 0 LMT}. {-2524504240 -17340 0 PPMT}. {-1670483460 -18000 0 EST}. {421218000 -14400 1 EDT}. {436334400 -18000 0 EST}. {452062800 -14400 1 EDT}. {467784000 -18000 0 EST}. {483512400 -14400 1 EDT}. {499233600 -18000 0 EST}. {514962000 -14400 1 EDT}. {530683200 -18000 0 EST}. {546411600 -14400 1 EDT}. {562132800 -18000 0 EST}. {576050400 -14400 1 EDT}. {594194400 -18000 0 EST}. {607500000 -14400 1 EDT}. {625644000 -18000 0 EST}. {638949600 -14400 1 EDT}. {657093600 -18000 0 EST}. {671004000 -14400 1 EDT}. {688543200 -18000 0 EST}. {702453600 -14400 1 EDT}. {719992800 -18000 0 EST}. {733903200 -14400 1 EDT}. {752047200 -18000 0 EST}. {765352800 -14400 1 EDT}. {783496800 -18000 0 EST}. {796802400 -14400 1 EDT}. {814946400 -18000 0 EST}. {828856800 -14400 1 EDT}. {846396000 -18000 0 EST}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Port_of_Spain Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	155
Entropy (8bit):	5.077805073731929
Encrypted:	false
SSDEEP:
MD5:	8169D55899164E2168EF50E219115727
SHA1:	42848A510C120D4E834BE61FC76A1C539BA88C8A
SHA-256:	6C8718C65F99AB43377609705E773C93F7993FBB3B425E1989E8231308C475AF
SHA-512:	1590D42E88DD92542CADC022391C286842C156DA4795877EA67FEF045E0A831615C3935E08098DD71CF29C972EDC79084FFCC9AFAB7813AE74EEE14D6CFEFB9D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Port_of_Spain) {. {-9223372036854775808 -14764 0 LMT}. {-1825098836 -14400 0 AST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Porto_Acre Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	196
Entropy (8bit):	4.818272118524638
Encrypted:	false
SSDEEP:
MD5:	1C0C736D0593654230FCBB0DC275313B
SHA1:	00518615F97BCFF2F6862116F4DF834B70E2D4CA
SHA-256:	5C97E6DF0FC03F13A0814274A9C3A983C474000AE3E78806B38DF9208372FD54
SHA-512:	2252D17CB4F770124586BBF35974077212B92C1587071C9F552F1EFAC15CBF92128E61C456F9F5154D212F7D66CC5BD85B76B1187D5A6F24E89E14EDF322D67F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Rio_Branco)]} {. LoadTimeZoneFile America/Rio_Branco.}.set TZData(:America/Porto_Acre) $TZData(:America/Rio_Branco).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Porto_Velho Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1016
Entropy (8bit):	3.7660008200834842
Encrypted:	false
SSDEEP:
MD5:	5E4CB713378D22D90A1A86F0AF33D6E8
SHA1:	CF4B2A68873BF778257D40AEA887D4BCBEE6CC72
SHA-256:	6D7F49E0A67C69A3945DA4BC780653C8D875650536A810610A6518080CC483DB
SHA-512:	06559B6E80BCDD42120398E19CCB3AEE8A1B08E09D0DF07DB9CCD68A863A7670D6D6457018CE3D9E23FE359D3E2EC0D249134EE0D969C0312665975B67DB8E80
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Porto_Velho) {. {-9223372036854775808 -15336 0 LMT}. {-1767210264 -14400 0 -04}. {-1206954000 -10800 1 -04}. {-1191358800 -14400 0 -04}. {-1175371200 -10800 1 -04}. {-1159822800 -14400 0 -04}. {-633816000 -10800 1 -04}. {-622065600 -14400 0 -04}. {-602280000 -10800 1 -04}. {-591829200 -14400 0 -04}. {-570744000 -10800 1 -04}. {-560206800 -14400 0 -04}. {-539121600 -10800 1 -04}. {-531349200 -14400 0 -04}. {-191361600 -10800 1 -04}. {-184194000 -14400 0 -04}. {-155160000 -10800 1 -04}. {-150066000 -14400 0 -04}. {-128894400 -10800 1 -04}. {-121122000 -14400 0 -04}. {-99950400 -10800 1 -04}. {-89586000 -14400 0 -04}. {-68414400 -10800 1 -04}. {-57963600 -14400 0 -04}. {499752000 -10800 1 -04}. {511239600 -14400 0 -04}. {530596800 -10800 1 -04}. {540270000 -14400 0 -04}. {562132800 -10800 1 -04}. {571201200 -14400 0 -04}. {590036400

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Puerto_Rico Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	273
Entropy (8bit):	4.728240676465187
Encrypted:	false
SSDEEP:
MD5:	2FB893819124F19A7068F802D6A59357
SHA1:	6B35C198F74FF5880714A3182407858193CE37A4
SHA-256:	F05530CFBCE7242847BE265C2D26C8B95B00D927817B050A523FFB139991B09E
SHA-512:	80739F431F6B3548EFD4F70FE3630F66F70CB29B66845B8072D26393ADD7DAB22675BE6DA5FBDC7561D4F3F214816AAD778B6CD0EE45264B4D6FFA48B3AC7C43
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Puerto_Rico) {. {-9223372036854775808 -15865 0 LMT}. {-2233035335 -14400 0 AST}. {-873057600 -10800 0 AWT}. {-769395600 -10800 1 APT}. {-765399600 -14400 0 AST}. {-757368000 -14400 0 AST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Punta_Arenas Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3576
Entropy (8bit):	3.5316229197228632
Encrypted:	false
SSDEEP:
MD5:	1FFFED9AA83AA3CA9E7330AA27E8D188
SHA1:	9B45F2662C1F3F0799ED4221E843483674878F43
SHA-256:	FECDC08709D5852A07D8F5C7DD7DBDBCD3D864A0893248E3D3932A2F848EB4B2
SHA-512:	8F6D51F94A91168EE092972316E150C2B487808EA3506F77FD028F84436FE29AD5BAD50A8DB65BCFB524D5A12DC1C66C5C0BC9A7FC6AE8A0EAAED6F4BA5ADED7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Punta_Arenas) {. {-9223372036854775808 -17020 0 LMT}. {-2524504580 -16966 0 SMT}. {-1892661434 -18000 0 -05}. {-1688410800 -16966 0 SMT}. {-1619205434 -14400 0 -04}. {-1593806400 -16966 0 SMT}. {-1335986234 -18000 0 -05}. {-1335985200 -14400 1 -05}. {-1317585600 -18000 0 -05}. {-1304362800 -14400 1 -05}. {-1286049600 -18000 0 -05}. {-1272826800 -14400 1 -05}. {-1254513600 -18000 0 -05}. {-1241290800 -14400 1 -05}. {-1222977600 -18000 0 -05}. {-1209754800 -14400 1 -05}. {-1191355200 -18000 0 -05}. {-1178132400 -14400 0 -04}. {-870552000 -18000 0 -05}. {-865278000 -14400 0 -04}. {-718056000 -18000 0 -05}. {-713649600 -14400 0 -04}. {-36619200 -10800 1 -04}. {-23922000 -14400 0 -04}. {-3355200 -10800 1 -04}. {7527600 -14400 0 -04}. {24465600 -10800 1 -04}. {37767600 -14400 0 -04}. {55915200 -10800 1 -04}. {69217200 -14400 0 -04}. {87

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Rainy_River Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7840
Entropy (8bit):	3.75014960690837
Encrypted:	false
SSDEEP:
MD5:	9C10496730E961187C33C1AE91C8A60D
SHA1:	A77E3508859FB6F76A7445CD13CD42348CB4EBC7
SHA-256:	136F0A49742F30B05B7C6BF3BF014CC999104F4957715D0BEB39F5440D5216DF
SHA-512:	70936E65D0B439F6BE6E31E27032F10BA2EB54672647DA615744ABC7A767F197F0C7FDBCCEE0D335CBCECB6855B7BD899D1A5B97BA5083FFA42AF5F30343EA7F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Rainy_River) {. {-9223372036854775808 -22696 0 LMT}. {-2366732504 -21600 0 CST}. {-1632067200 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-923248800 -18000 1 CDT}. {-880214400 -18000 0 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {136368000 -18000 1 CDT}. {152089200 -21600 0 CST}. {167817600 -18000 1 CDT}. {183538800 -21600 0 CST}. {199267200 -18000 1 CDT}. {215593200 -21600 0 CST}. {230716800 -18000 1 CDT}. {247042800 -21600 0 CST}. {262771200 -18000 1 CDT}. {278492400 -21600 0 CST}. {294220800 -18000 1 CDT}. {309942000 -21600 0 CST}. {325670400 -18000 1 CDT}. {341391600 -21600 0 CST}. {357120000 -18000 1 CDT}. {372841200 -21600 0 CST}. {388569600 -18000 1 CDT}. {404895600 -21600 0 CST}. {420019200 -18000 1 CDT}. {436345200 -21600 0 CST}. {452073600 -18000 1 CDT}. {467794800 -21600 0 CST}. {483523200 -18000 1 CDT}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Rankin_Inlet Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7366
Entropy (8bit):	3.749928775816306
Encrypted:	false
SSDEEP:
MD5:	54F6D5098A0CF940F066EADEEA234A57
SHA1:	20B9FE5F6F70E97420A6D9939AA43C4CCFA8231B
SHA-256:	AA68088E41A018002E5CE12B14F8910E5ECE5F26D5854092E351BAAC2F90DB2B
SHA-512:	9EC1AF599604CEE266D9A4377B6CDABF94E61D0177CBC2158122406BF551AE0E3EE4CF147B28A382277B015CCB8F4405DB3EB3AE6425431EBB43CCDE08AEA3E1
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Rankin_Inlet) {. {-9223372036854775808 0 0 -00}. {-410227200 -21600 0 CST}. {-147895200 -14400 1 CDDT}. {-131565600 -21600 0 CST}. {325670400 -18000 1 CDT}. {341391600 -21600 0 CST}. {357120000 -18000 1 CDT}. {372841200 -21600 0 CST}. {388569600 -18000 1 CDT}. {404895600 -21600 0 CST}. {420019200 -18000 1 CDT}. {436345200 -21600 0 CST}. {452073600 -18000 1 CDT}. {467794800 -21600 0 CST}. {483523200 -18000 1 CDT}. {499244400 -21600 0 CST}. {514972800 -18000 1 CDT}. {530694000 -21600 0 CST}. {544608000 -18000 1 CDT}. {562143600 -21600 0 CST}. {576057600 -18000 1 CDT}. {594198000 -21600 0 CST}. {607507200 -18000 1 CDT}. {625647600 -21600 0 CST}. {638956800 -18000 1 CDT}. {657097200 -21600 0 CST}. {671011200 -18000 1 CDT}. {688546800 -21600 0 CST}. {702460800 -18000 1 CDT}. {719996400 -21600 0 CST}. {733910400 -18000 1 CDT}. {75205

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Recife Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	3.6943875149362064
Encrypted:	false
SSDEEP:
MD5:	1567A3F3419D1A4FCF817A6EDC11769E
SHA1:	2970F9EDD76B77A843D31F518587C17A05EC4C43
SHA-256:	3F62246DF3A378815772D9D942033FB235B048B62F5EF52A3DCD6DB3871E0DB5
SHA-512:	567BEAC48AE0FEEB32FE40EEA73EB4601DBDBF72FA963777E5F5C3E9972E2AD7A359301E80E574592AFB3045414A177D0ABD38DF958BD5317B02D4DFD2DCE607
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Recife) {. {-9223372036854775808 -8376 0 LMT}. {-1767217224 -10800 0 -03}. {-1206957600 -7200 1 -03}. {-1191362400 -10800 0 -03}. {-1175374800 -7200 1 -03}. {-1159826400 -10800 0 -03}. {-633819600 -7200 1 -03}. {-622069200 -10800 0 -03}. {-602283600 -7200 1 -03}. {-591832800 -10800 0 -03}. {-570747600 -7200 1 -03}. {-560210400 -10800 0 -03}. {-539125200 -7200 1 -03}. {-531352800 -10800 0 -03}. {-191365200 -7200 1 -03}. {-184197600 -10800 0 -03}. {-155163600 -7200 1 -03}. {-150069600 -10800 0 -03}. {-128898000 -7200 1 -03}. {-121125600 -10800 0 -03}. {-99954000 -7200 1 -03}. {-89589600 -10800 0 -03}. {-68418000 -7200 1 -03}. {-57967200 -10800 0 -03}. {499748400 -7200 1 -03}. {511236000 -10800 0 -03}. {530593200 -7200 1 -03}. {540266400 -10800 0 -03}. {562129200 -7200 1 -03}. {571197600 -10800 0 -03}. {592974000 -7200 1 -03}. {60

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Regina Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1723
Entropy (8bit):	3.956012642028802
Encrypted:	false
SSDEEP:
MD5:	7D955B277C43D51F19377A91B987FAF9
SHA1:	F2F3E11E955C3E58E21654F3D841B5B1528C0913
SHA-256:	A1FA7BF002B3BA8DCA4D52AA0BB41C047DDAF88B2E542E1FCF81CB3AAF91AA75
SHA-512:	719DEE7A932EDB9255D711E82AC0CA3FCFB07AF3EFE2EE0D887D7137F6059BEBE07F85D910CC0005391D244B4EADA16257BE49787938386FD4B5DB6D8E31D513
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Regina) {. {-9223372036854775808 -25116 0 LMT}. {-2030202084 -25200 0 MST}. {-1632063600 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1251651600 -21600 1 MDT}. {-1238349600 -25200 0 MST}. {-1220202000 -21600 1 MDT}. {-1206900000 -25200 0 MST}. {-1188752400 -21600 1 MDT}. {-1175450400 -25200 0 MST}. {-1156698000 -21600 1 MDT}. {-1144000800 -25200 0 MST}. {-1125248400 -21600 1 MDT}. {-1111946400 -25200 0 MST}. {-1032714000 -21600 1 MDT}. {-1016992800 -25200 0 MST}. {-1001264400 -21600 1 MDT}. {-986148000 -25200 0 MST}. {-969814800 -21600 1 MDT}. {-954093600 -25200 0 MST}. {-937760400 -21600 1 MDT}. {-922039200 -25200 0 MST}. {-906310800 -21600 1 MDT}. {-890589600 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-748450800 -21600 1 MDT}. {-732729600 -25200 0 MST}. {-715791600 -21600 1 MDT}

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Resolute Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7362
Entropy (8bit):	3.7460671071064846
Encrypted:	false
SSDEEP:
MD5:	07FFF43B350D520D13D91701618AD72E
SHA1:	8D4B36A6D3257509C209D0B78B58982709FB8807
SHA-256:	39E13235F87A1B8621ADA62C9AD2EBF8E17687C5533658E075EFA70A04D5C78D
SHA-512:	37397A2621F0A1EA6B46F6769D583CAEA9703924A2C652B8B58FA4C7DBA8E789BA8FE442FB2C77504E495617591FB138AD733063E3A4A0153ED2B26D4B863018
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Resolute) {. {-9223372036854775808 0 0 -00}. {-704937600 -21600 0 CST}. {-147895200 -14400 1 CDDT}. {-131565600 -21600 0 CST}. {325670400 -18000 1 CDT}. {341391600 -21600 0 CST}. {357120000 -18000 1 CDT}. {372841200 -21600 0 CST}. {388569600 -18000 1 CDT}. {404895600 -21600 0 CST}. {420019200 -18000 1 CDT}. {436345200 -21600 0 CST}. {452073600 -18000 1 CDT}. {467794800 -21600 0 CST}. {483523200 -18000 1 CDT}. {499244400 -21600 0 CST}. {514972800 -18000 1 CDT}. {530694000 -21600 0 CST}. {544608000 -18000 1 CDT}. {562143600 -21600 0 CST}. {576057600 -18000 1 CDT}. {594198000 -21600 0 CST}. {607507200 -18000 1 CDT}. {625647600 -21600 0 CST}. {638956800 -18000 1 CDT}. {657097200 -21600 0 CST}. {671011200 -18000 1 CDT}. {688546800 -21600 0 CST}. {702460800 -18000 1 CDT}. {719996400 -21600 0 CST}. {733910400 -18000 1 CDT}. {752050800

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Rio_Branco Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1075
Entropy (8bit):	3.7557219407321303
Encrypted:	false
SSDEEP:
MD5:	9AA66AEB91380EFD3313338A2DCBE432
SHA1:	2D86915D1F331CC7050BBFAAE3315CE1440813C1
SHA-256:	53DB45CF4CB369DA06C31478A793E787541DA0E77C042EBC7A10175A6BB6EFF6
SHA-512:	C9B4F6544B4A1E77BFF6D423A9AD5E003E32FA77B00ECC2A7AF6D2279ACC849ABE331E5DE27C450A6BF86ECC2450CEBFAB4880AB69C54649D4C7EE0AF05CD377
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Rio_Branco) {. {-9223372036854775808 -16272 0 LMT}. {-1767209328 -18000 0 -05}. {-1206950400 -14400 1 -05}. {-1191355200 -18000 0 -05}. {-1175367600 -14400 1 -05}. {-1159819200 -18000 0 -05}. {-633812400 -14400 1 -05}. {-622062000 -18000 0 -05}. {-602276400 -14400 1 -05}. {-591825600 -18000 0 -05}. {-570740400 -14400 1 -05}. {-560203200 -18000 0 -05}. {-539118000 -14400 1 -05}. {-531345600 -18000 0 -05}. {-191358000 -14400 1 -05}. {-184190400 -18000 0 -05}. {-155156400 -14400 1 -05}. {-150062400 -18000 0 -05}. {-128890800 -14400 1 -05}. {-121118400 -18000 0 -05}. {-99946800 -14400 1 -05}. {-89582400 -18000 0 -05}. {-68410800 -14400 1 -05}. {-57960000 -18000 0 -05}. {499755600 -14400 1 -05}. {511243200 -18000 0 -05}. {530600400 -14400 1 -05}. {540273600 -18000 0 -05}. {562136400 -14400 1 -05}. {571204800 -18000 0 -05}. {590040000 -

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Rosario Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	214
Entropy (8bit):	4.752946571641783
Encrypted:	false
SSDEEP:
MD5:	4FC460A084DF33A73F2F87B7962B0084
SHA1:	45E70D5D68FC2DE0ACFF76B062ADA17E0021460F
SHA-256:	D1F5FFD2574A009474230E0AA764256B039B1D78D91A1CB944B21776377B5B70
SHA-512:	40045420FE88FA54DE4A656534C0A51357FBAB3EA3B9120DA15526A9DEC7EEC2C9799F4D9A72B6050474AD67490BC28540FDA0F17B7FCAF125D41CBCA96ECCDE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Cordoba)]} {. LoadTimeZoneFile America/Argentina/Cordoba.}.set TZData(:America/Rosario) $TZData(:America/Argentina/Cordoba).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Santa_Isabel Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	189
Entropy (8bit):	4.820569634622523
Encrypted:	false
SSDEEP:
MD5:	75EA3845AFED3FBBF8496824A353DA32
SHA1:	207A1520F041B09CCD5034E6E87D3F7A4FBD460E
SHA-256:	2FACC167377FC1F592D2926829EB2980F58BE38D50424F64DFA04A2ECBBE1559
SHA-512:	B9D4DB95CEA1DADCE27264BBD198676465854E9C55D6BB175966D860D9AF7014F6635A945510602C0A9FBF08596B064DAE7D30589886960F06B2F8E69786CFF6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Tijuana)]} {. LoadTimeZoneFile America/Tijuana.}.set TZData(:America/Santa_Isabel) $TZData(:America/Tijuana).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Santarem Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1043
Entropy (8bit):	3.7336343389566795
Encrypted:	false
SSDEEP:
MD5:	8F5EAA4F5099B82EDD68893C5D99A0EF
SHA1:	1B21DAD0CD54E083A6EADCFD57CA8F58759189AD
SHA-256:	1A46357BC4FE682AF78FFAB10A6A88893BEF50AECC6ACA217A5EBC1B98C01C07
SHA-512:	2C82822CCA208E900383A1B55882BFC3559EC116C5B5AD2452BA367594AEF36F34C316FFA18B2BAB71A82FC382559069385947548EE9902FEDCDED084801ABF2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Santarem) {. {-9223372036854775808 -13128 0 LMT}. {-1767212472 -14400 0 -04}. {-1206954000 -10800 1 -04}. {-1191358800 -14400 0 -04}. {-1175371200 -10800 1 -04}. {-1159822800 -14400 0 -04}. {-633816000 -10800 1 -04}. {-622065600 -14400 0 -04}. {-602280000 -10800 1 -04}. {-591829200 -14400 0 -04}. {-570744000 -10800 1 -04}. {-560206800 -14400 0 -04}. {-539121600 -10800 1 -04}. {-531349200 -14400 0 -04}. {-191361600 -10800 1 -04}. {-184194000 -14400 0 -04}. {-155160000 -10800 1 -04}. {-150066000 -14400 0 -04}. {-128894400 -10800 1 -04}. {-121122000 -14400 0 -04}. {-99950400 -10800 1 -04}. {-89586000 -14400 0 -04}. {-68414400 -10800 1 -04}. {-57963600 -14400 0 -04}. {499752000 -10800 1 -04}. {511239600 -14400 0 -04}. {530596800 -10800 1 -04}. {540270000 -14400 0 -04}. {562132800 -10800 1 -04}. {571201200 -14400 0 -04}. {590036400 -14

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Santiago Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8582
Entropy (8bit):	3.4381885094053835
Encrypted:	false
SSDEEP:
MD5:	47BED3B60EF45B00267B4D628A2F18C4
SHA1:	B3827DF571CF2CA16074188CE0E3061E296B8B26
SHA-256:	51BB12A2397CAD3D412C9E8F3BA06DD98CC379F999DB3D00ED651A84DA1D6D1C
SHA-512:	8DA831A0EAB180C982395F2BA85952959A676AADA87823E56C5B643FEB7082B6605FD3645D880B19F3F9EE5B25353002309CDB37AE68F1B3A192AE1280B74404
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Santiago) {. {-9223372036854775808 -16966 0 LMT}. {-2524504634 -16966 0 SMT}. {-1892661434 -18000 0 -05}. {-1688410800 -16966 0 SMT}. {-1619205434 -14400 0 -04}. {-1593806400 -16966 0 SMT}. {-1335986234 -18000 0 -05}. {-1335985200 -14400 1 -05}. {-1317585600 -18000 0 -05}. {-1304362800 -14400 1 -05}. {-1286049600 -18000 0 -05}. {-1272826800 -14400 1 -05}. {-1254513600 -18000 0 -05}. {-1241290800 -14400 1 -05}. {-1222977600 -18000 0 -05}. {-1209754800 -14400 1 -05}. {-1191355200 -18000 0 -05}. {-1178132400 -14400 0 -04}. {-870552000 -18000 0 -05}. {-865278000 -14400 0 -04}. {-740520000 -10800 1 -03}. {-736376400 -14400 0 -04}. {-718056000 -18000 0 -05}. {-713649600 -14400 0 -04}. {-36619200 -10800 1 -04}. {-23922000 -14400 0 -04}. {-3355200 -10800 1 -04}. {7527600 -14400 0 -04}. {24465600 -10800 1 -04}. {37767600 -14400 0 -04}. {55

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Santo_Domingo Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	595
Entropy (8bit):	4.2614212422453726
Encrypted:	false
SSDEEP:
MD5:	04F2A2C789E041270354376C3FD90D2D
SHA1:	D0B89262D559021FAC035A519C96D2A2FA417F9C
SHA-256:	42EF317EA851A781B041DC1951EA5A3EA1E924149C4B868ECD75F24672B28FA8
SHA-512:	F8D072527ED38C2FF1C9E08219104213352B2EFA1171C0D1E02B6B1542B4929D0C4640B441326791CC86F23206621CD4E0D3247CBAB1F99B63E65DB667F3DFED
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Santo_Domingo) {. {-9223372036854775808 -16776 0 LMT}. {-2524504824 -16800 0 SDMT}. {-1159773600 -18000 0 EST}. {-100119600 -14400 1 EDT}. {-89668800 -18000 0 EST}. {-5770800 -16200 1 -0430}. {4422600 -18000 0 EST}. {25678800 -16200 1 -0430}. {33193800 -18000 0 EST}. {57733200 -16200 1 -0430}. {64816200 -18000 0 EST}. {89182800 -16200 1 -0430}. {96438600 -18000 0 EST}. {120632400 -16200 1 -0430}. {127974600 -18000 0 EST}. {152082000 -14400 0 AST}. {975823200 -14400 0 AST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Sao_Paulo Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7552
Entropy (8bit):	3.4588792656032914
Encrypted:	false
SSDEEP:
MD5:	DEA27A3FE65A22BE42A97C6AB58E9687
SHA1:	CD50184C4D1739CF5568E21683980FC63C9BFF24
SHA-256:	AFA706258270F20F9317FF5B84957A2DF77842D564922C15DC302F7A8AB59CEC
SHA-512:	34C306EC889C10988B3D9C236903417BCA1590E96CD60AE700882C064CCC410132265F106BB10D9593AFFA32B923728FBDDFB6DEE77CAF4A058C877F4D5F1EF1
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Sao_Paulo) {. {-9223372036854775808 -11188 0 LMT}. {-1767214412 -10800 0 -03}. {-1206957600 -7200 1 -03}. {-1191362400 -10800 0 -03}. {-1175374800 -7200 1 -03}. {-1159826400 -10800 0 -03}. {-633819600 -7200 1 -03}. {-622069200 -10800 0 -03}. {-602283600 -7200 1 -03}. {-591832800 -10800 0 -03}. {-570747600 -7200 1 -03}. {-560210400 -10800 0 -03}. {-539125200 -7200 1 -03}. {-531352800 -10800 0 -03}. {-195429600 -7200 1 -02}. {-189381600 -7200 0 -03}. {-184197600 -10800 0 -03}. {-155163600 -7200 1 -03}. {-150069600 -10800 0 -03}. {-128898000 -7200 1 -03}. {-121125600 -10800 0 -03}. {-99954000 -7200 1 -03}. {-89589600 -10800 0 -03}. {-68418000 -7200 1 -03}. {-57967200 -10800 0 -03}. {499748400 -7200 1 -03}. {511236000 -10800 0 -03}. {530593200 -7200 1 -03}. {540266400 -10800 0 -03}. {562129200 -7200 1 -03}. {571197600 -10800 0 -03}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Scoresbysund Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6593
Entropy (8bit):	3.4670685654529194
Encrypted:	false
SSDEEP:
MD5:	7E7EF4D67CCD455833603F7EF9E374A6
SHA1:	4AD722F75FC88572DD5A2CD1845FF5F68ED4B58A
SHA-256:	2B5B2A00793545C8D32437D7DAA2A36B42D3B1B7421054621841E2919F713294
SHA-512:	0688EB3EBDE78E18EE5E31DE57F1CBE0BF10071A6EDC97D284B2B3E1E22975262190934446C202E90EFD161686F4790342EDDBCACADB3A65B0AC6C1A9099C79F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Scoresbysund) {. {-9223372036854775808 -5272 0 LMT}. {-1686090728 -7200 0 -02}. {323841600 -3600 0 -01}. {338961600 -7200 0 -02}. {354679200 0 0 +00}. {370400400 -3600 0 -01}. {386125200 0 1 +00}. {401850000 -3600 0 -01}. {417574800 0 1 +00}. {433299600 -3600 0 -01}. {449024400 0 1 +00}. {465354000 -3600 0 -01}. {481078800 0 1 +00}. {496803600 -3600 0 -01}. {512528400 0 1 +00}. {528253200 -3600 0 -01}. {543978000 0 1 +00}. {559702800 -3600 0 -01}. {575427600 0 1 +00}. {591152400 -3600 0 -01}. {606877200 0 1 +00}. {622602000 -3600 0 -01}. {638326800 0 1 +00}. {654656400 -3600 0 -01}. {670381200 0 1 +00}. {686106000 -3600 0 -01}. {701830800 0 1 +00}. {717555600 -3600 0 -01}. {733280400 0 1 +00}. {749005200 -3600 0 -01}. {764730000 0 1 +00}. {780454800 -3600 0 -01}. {796179600 0 1 +00}. {811904400 -3600 0 -01}. {828234000

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Shiprock Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	182
Entropy (8bit):	4.840231755053259
Encrypted:	false
SSDEEP:
MD5:	65307038DB12A7A447284DF4F3E6A3E8
SHA1:	DC28D6863986D7A158CEF239D46BE9F5033DF897
SHA-256:	3FD862C9DB2D5941DFDBA5622CC53487A7FC5039F7012B78D3EE4B58753D078D
SHA-512:	91BC29B7EC9C49D4020DC26F682D0EFBBBEE83D10D79C766A08C78D5FF04D9C0A09288D9696A378E777B65E0C2C2AC8A218C12F86C45BD6E7B5E204AE5FC2335
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Denver)]} {. LoadTimeZoneFile America/Denver.}.set TZData(:America/Shiprock) $TZData(:America/Denver).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Sitka Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8376
Entropy (8bit):	3.8793735356495116
Encrypted:	false
SSDEEP:
MD5:	2F2C91BD29B32A281F9FB1F811953ACB
SHA1:	49102C37397CC9B7CDCDCE6A76F9BE03D0B446AB
SHA-256:	6ABBF55FEE7839B9EEEBB97EA53E185E1A0E189843531257708258841A35EB76
SHA-512:	FB06D4FE28BD9DD9D56A7365F1E2CC7434678B8850CECF99A232F07B4B720F092980EC337C279E599A12E54548DE6AC253547FE4C255BEFA7B545F8C93375589
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Sitka) {. {-9223372036854775808 53927 0 LMT}. {-3225223727 -32473 0 LMT}. {-2188954727 -28800 0 PST}. {-883584000 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-757353600 -28800 0 PST}. {-31507200 -28800 0 PST}. {-21477600 -25200 1 PDT}. {-5756400 -28800 0 PST}. {9972000 -25200 1 PDT}. {25693200 -28800 0 PST}. {41421600 -25200 1 PDT}. {57747600 -28800 0 PST}. {73476000 -25200 1 PDT}. {89197200 -28800 0 PST}. {104925600 -25200 1 PDT}. {120646800 -28800 0 PST}. {126698400 -25200 1 PDT}. {152096400 -28800 0 PST}. {162381600 -25200 1 PDT}. {183546000 -28800 0 PST}. {199274400 -25200 1 PDT}. {215600400 -28800 0 PST}. {230724000 -25200 1 PDT}. {247050000 -28800 0 PST}. {262778400 -25200 1 PDT}. {278499600 -28800 0 PST}. {294228000 -25200 1 PDT}. {309949200 -28800 0 PST}. {325677600 -

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\St_Barthelemy Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	208
Entropy (8bit):	4.905980413237828
Encrypted:	false
SSDEEP:
MD5:	B6E45D20EB8CC73A77B9A75578E5C246
SHA1:	19C6BB6ED12B6943CF7BDFFE4C8A8D72DB491E44
SHA-256:	31E60EAC8ABFA8D3DAD501D3BCDCA7C4DB7031B65ADDA24EC11A6DEE1E3D14C3
SHA-512:	C0F3BF8D106E77C1000E45D0A6C8E7C05B7B97EFA2EECCA45FEF48EB42FBDD5336FD551C794064EADFB6919A12813FF66B2F95722877432B4A48B1FBA6C5409D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/St_Barthelemy) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\St_Johns Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10917
Entropy (8bit):	3.7872036312069963
Encrypted:	false
SSDEEP:
MD5:	F87531D6DC9AAFB2B0F79248C5ADA772
SHA1:	E14C52B0F564FA3A3536B7576A2B27D4738CA76B
SHA-256:	0439DA60D4C52F0E777431BF853D366E2B5D89275505201080954D88F6CA9478
SHA-512:	5B43CE25D970EEEFD09865D89137388BD879C599191DE8ACE37DA657C142B6DF63143DBF9DED7659CBD5E45BAB699E2A3AFDD28C76A7CB2F300EBD9B74CDA59D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/St_Johns) {. {-9223372036854775808 -12652 0 LMT}. {-2713897748 -12652 0 NST}. {-1664130548 -9052 1 NDT}. {-1650137348 -12652 0 NST}. {-1640982548 -12652 0 NST}. {-1632076148 -9052 1 NDT}. {-1615145348 -12652 0 NST}. {-1609446548 -12652 0 NST}. {-1598650148 -9052 1 NDT}. {-1590100148 -12652 0 NST}. {-1567286948 -9052 1 NDT}. {-1551565748 -12652 0 NST}. {-1535837348 -9052 1 NDT}. {-1520116148 -12652 0 NST}. {-1503782948 -9052 1 NDT}. {-1488666548 -12652 0 NST}. {-1472333348 -9052 1 NDT}. {-1457216948 -12652 0 NST}. {-1440883748 -9052 1 NDT}. {-1425767348 -12652 0 NST}. {-1409434148 -9052 1 NDT}. {-1394317748 -12652 0 NST}. {-1377984548 -9052 1 NDT}. {-1362263348 -12652 0 NST}. {-1346534948 -9052 1 NDT}. {-1330813748 -12652 0 NST}. {-1314480548 -9052 1 NDT}. {-1299364148 -12652 0 NST}. {-1283030948 -9052 1 NDT}. {-1267914548 -12652 0 NS

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\St_Kitts Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	203
Entropy (8bit):	4.878034750755565
Encrypted:	false
SSDEEP:
MD5:	B149DC2A23F741BA943E5511E35370D3
SHA1:	3C8D3CFDB329B7ECB90C19D3EB3DE6F33A063ADD
SHA-256:	36046A74F6BB23EA8EABA25AD3B93241EBB509EF1821CC4BEC860489F5EC6DCA
SHA-512:	CEB38EC2405A3B0A4E09CDD2D69A11884CCB28DA0FD7CF8B344E1472642A0571674D3ED33C639E745DDEEE741E52B0948B86DFFFD324BB07A9F1A6B9F38F898E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/St_Kitts) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\St_Lucia Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	203
Entropy (8bit):	4.89157166321909
Encrypted:	false
SSDEEP:
MD5:	7B7FCA150465F48FAC9F392C079B6376
SHA1:	1B501288CC00E8B90A2FAD82619B49A9DDBE4475
SHA-256:	87203A4BF42B549FEBF467CC51E8BCAE01BE1A44C193BED7E2D697B1C3D268C9
SHA-512:	5E4F7EE08493547A012144884586D45020D83B5838254C257FD341B8B6D3F9E279013D068EFC7D6DF7569DDD20122B3B23E9C93A0017FB64E941A50311ED1F18
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/St_Lucia) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\St_Thomas Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	204
Entropy (8bit):	4.888871207225013
Encrypted:	false
SSDEEP:
MD5:	7E272CE31D788C2556FF7421F6832314
SHA1:	A7D89A1A9AC2B61D98690126D1E4C1595E160C8F
SHA-256:	F0E10D45C929477A803085B2D4CE02EE31FD1DB24855836D02861AD246BC34D9
SHA-512:	CCDF0B1B5971B77F6FA27F25900DB1AB9A4A4C69E15DCDF4EA35E1E1FC31AAD957C2E5862B411B0155BB1E25E2DD417A89168295317B1E603DA59142D76CE80A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/St_Thomas) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\St_Vincent Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	205
Entropy (8bit):	4.876306758637305
Encrypted:	false
SSDEEP:
MD5:	52DAAF1636B5B70E0BA2015E9F322A74
SHA1:	4BD05207601CF6DB467C27052EBB25C9A64DAC96
SHA-256:	A5B3687BBA1D14D52599CB355BA5F4399632BF98DF4CEB258F9C479B1EA73586
SHA-512:	E3DE0447236F6EA24D173CCB46EA1A4A31B5FFBCE2A442CD542DA8C54DAD22391FD1CA301776C0FB07CBCF256FC708E61B7BBA682C02EEBE03BECCEA2B6D3BD0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/St_Vincent) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Swift_Current Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	845
Entropy (8bit):	4.182525430299964
Encrypted:	false
SSDEEP:
MD5:	1502A6DD85B55B9619E42D1E08C09738
SHA1:	70FF58E29CCDB53ABABA7EBD449A9B34AC152AA6
SHA-256:	54E541D1F410AFF34CE898BBB6C7CC945B66DFC9D7C4E986BD9514D14560CC6F
SHA-512:	99F0EFF9F2DA4CDD6AB508BB85002F38B01BDFDE0CBA1EB2F4B5CA8EAD8AAB645A3C26BECF777DE49574111B37F847EFF9320331AC07E84C8E892B688B01D36B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Swift_Current) {. {-9223372036854775808 -25880 0 LMT}. {-2030201320 -25200 0 MST}. {-1632063600 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-747241200 -21600 0 MDT}. {-732729600 -25200 0 MST}. {-715791600 -21600 1 MDT}. {-702489600 -25200 0 MST}. {-684342000 -21600 1 MDT}. {-671040000 -25200 0 MST}. {-652892400 -21600 1 MDT}. {-639590400 -25200 0 MST}. {-631126800 -25200 0 MST}. {-400086000 -21600 1 MDT}. {-384364800 -25200 0 MST}. {-337186800 -21600 1 MDT}. {-321465600 -25200 0 MST}. {-305737200 -21600 1 MDT}. {-292435200 -25200 0 MST}. {-273682800 -21600 1 MDT}. {-260985600 -25200 0 MST}. {73472400 -21600 0 CST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Tegucigalpa Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	329
Entropy (8bit):	4.580220354026118
Encrypted:	false
SSDEEP:
MD5:	004588073FADF67C3167FF007759BCEA
SHA1:	64A6344776A95E357071D4FC65F71673382DAF9D
SHA-256:	55C18EA96D3BA8FD9E8C4F01D4713EC133ACCD2C917EC02FD5E74A4E0089BFBF
SHA-512:	ADC834C393C5A3A7BFD86A933E7C7F594AC970A3BD1E38110467A278DC4266D81C3E96394C102E565F05DE7FBBDA623C673597E19BEC1EA26AB12E4354991066
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Tegucigalpa) {. {-9223372036854775808 -20932 0 LMT}. {-1538503868 -21600 0 CST}. {547020000 -18000 1 CDT}. {559717200 -21600 0 CST}. {578469600 -18000 1 CDT}. {591166800 -21600 0 CST}. {1146981600 -18000 1 CDT}. {1154926800 -21600 0 CST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Thule Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6666
Entropy (8bit):	3.7481713130223295
Encrypted:	false
SSDEEP:
MD5:	8FFE81344C31A51489A254DE97E83C3E
SHA1:	4397D9EDAC304668D95921EF03DFD90F967E772F
SHA-256:	EF6AF4A3FA500618B37AF3CDD40C475E54347D7510274051006312A42C79F20C
SHA-512:	F34A6D44499DE5A4E328A8EAFBA5E77B1B8C04A843160D74978398F1545C821C3034FCBD5ADBFAD8D14D1688907C57E7570023ABD3096D4E4C19E3D3C04428B3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Thule) {. {-9223372036854775808 -16508 0 LMT}. {-1686079492 -14400 0 AST}. {670399200 -10800 1 ADT}. {686120400 -14400 0 AST}. {701848800 -10800 1 ADT}. {717570000 -14400 0 AST}. {733903200 -10800 1 ADT}. {752043600 -14400 0 AST}. {765352800 -10800 1 ADT}. {783493200 -14400 0 AST}. {796802400 -10800 1 ADT}. {814942800 -14400 0 AST}. {828856800 -10800 1 ADT}. {846392400 -14400 0 AST}. {860306400 -10800 1 ADT}. {877842000 -14400 0 AST}. {891756000 -10800 1 ADT}. {909291600 -14400 0 AST}. {923205600 -10800 1 ADT}. {941346000 -14400 0 AST}. {954655200 -10800 1 ADT}. {972795600 -14400 0 AST}. {986104800 -10800 1 ADT}. {1004245200 -14400 0 AST}. {1018159200 -10800 1 ADT}. {1035694800 -14400 0 AST}. {1049608800 -10800 1 ADT}. {1067144400 -14400 0 AST}. {1081058400 -10800 1 ADT}. {1099198800 -14400 0 AST}. {1112508000 -10800 1 ADT}. {1

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Thunder_Bay Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8058
Entropy (8bit):	3.7473289441354263
Encrypted:	false
SSDEEP:
MD5:	CE6E17F16AA8BAD3D9DB8BD2E61A6406
SHA1:	7DF466E7BB5EDD8E1CDF0ADC8740248EF31ECB15
SHA-256:	E29F83A875E2E59EC99A836EC9203D5ABC2355D6BD4683A5AEAF31074928D572
SHA-512:	833300D17B7767DE74E6F2757513058FF5B25A9E7A04AB97BBBFFAC5D9ADCC43366A5737308894266A056382D2589D0778EEDD85D56B0F336C84054AB05F1079
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Thunder_Bay) {. {-9223372036854775808 -21420 0 LMT}. {-2366733780 -21600 0 CST}. {-1893434400 -18000 0 EST}. {-883594800 -18000 0 EST}. {-880218000 -14400 1 EWT}. {-769395600 -14400 1 EPT}. {-765396000 -18000 0 EST}. {18000 -18000 0 EST}. {9961200 -14400 1 EDT}. {25682400 -18000 0 EST}. {41410800 -14400 1 EDT}. {57736800 -18000 0 EST}. {73465200 -14400 1 EDT}. {89186400 -18000 0 EST}. {94712400 -18000 0 EST}. {126248400 -18000 0 EST}. {136364400 -14400 1 EDT}. {152085600 -18000 0 EST}. {167814000 -14400 1 EDT}. {183535200 -18000 0 EST}. {199263600 -14400 1 EDT}. {215589600 -18000 0 EST}. {230713200 -14400 1 EDT}. {247039200 -18000 0 EST}. {262767600 -14400 1 EDT}. {278488800 -18000 0 EST}. {294217200 -14400 1 EDT}. {309938400 -18000 0 EST}. {325666800 -14400 1 EDT}. {341388000 -18000 0 EST}. {357116400 -14400 1 EDT}. {372837600

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Tijuana Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8470
Entropy (8bit):	3.767364707906483
Encrypted:	false
SSDEEP:
MD5:	F76D5FB5BC773872B556A6EDF660E5CC
SHA1:	3FD19FCD0FFD3308D2E7D9A3553C14B6A6C3A903
SHA-256:	170540AA3C0962AFE4267F83AC679241B2D135B1C18E8E7220C2608B94DDDE0E
SHA-512:	7FC5D2BC39EF3A3C902A56272474E28CD9C56DE37A7AE9FAEADE974993677CCF3A9E6CE64C064D69B7587BD47951BFFFD751412D97F4066656CBB42AD9B619DF
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Tijuana) {. {-9223372036854775808 -28084 0 LMT}. {-1514736000 -25200 0 MST}. {-1451667600 -28800 0 PST}. {-1343062800 -25200 0 MST}. {-1234803600 -28800 0 PST}. {-1222963200 -25200 1 PDT}. {-1207242000 -28800 0 PST}. {-873820800 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-761677200 -28800 0 PST}. {-686073600 -25200 1 PDT}. {-661539600 -28800 0 PST}. {-504892800 -28800 0 PST}. {-495039600 -25200 1 PDT}. {-481734000 -28800 0 PST}. {-463590000 -25200 1 PDT}. {-450284400 -28800 0 PST}. {-431535600 -25200 1 PDT}. {-418230000 -28800 0 PST}. {-400086000 -25200 1 PDT}. {-386780400 -28800 0 PST}. {-368636400 -25200 1 PDT}. {-355330800 -28800 0 PST}. {-337186800 -25200 1 PDT}. {-323881200 -28800 0 PST}. {-305737200 -25200 1 PDT}. {-292431600 -28800 0 PST}. {-283968000 -28800 0 PST}. {189331200 -28800 0 PST}. {199274400 -25200 1 PDT}. {21560

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Toronto Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10883
Entropy (8bit):	3.7202964099536917
Encrypted:	false
SSDEEP:
MD5:	9C60AFDFA3BA2002BA68673B778194CF
SHA1:	D6D17C82AEC4B85BA7B0F6FCB36A7582CA26A82B
SHA-256:	7744DB6EFE39D636F1C88F8325ED3EB6BF8FA615F52A60333A58BCE579983E87
SHA-512:	3C793BB00725CF37474683EAB70A0F2B2ACAE1656402CDD7E75182988DC20361A8651A624A5220983E3E05333B9817DCBEAF20D34BD55C5128F55474A02A9455
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Toronto) {. {-9223372036854775808 -19052 0 LMT}. {-2366736148 -18000 0 EST}. {-1632070800 -14400 1 EDT}. {-1615140000 -18000 0 EST}. {-1609441200 -18000 0 EST}. {-1601753400 -14400 1 EDT}. {-1583697600 -18000 0 EST}. {-1567357200 -14400 1 EDT}. {-1554667200 -18000 0 EST}. {-1534698000 -14400 1 EDT}. {-1524074400 -18000 0 EST}. {-1503248400 -14400 1 EDT}. {-1492365600 -18000 0 EST}. {-1471798800 -14400 1 EDT}. {-1460916000 -18000 0 EST}. {-1440954000 -14400 1 EDT}. {-1428861600 -18000 0 EST}. {-1409504400 -14400 1 EDT}. {-1397412000 -18000 0 EST}. {-1378054800 -14400 1 EDT}. {-1365962400 -18000 0 EST}. {-1346605200 -14400 1 EDT}. {-1333908000 -18000 0 EST}. {-1315155600 -14400 1 EDT}. {-1301853600 -18000 0 EST}. {-1283706000 -14400 1 EDT}. {-1270404000 -18000 0 EST}. {-1252256400 -14400 1 EDT}. {-1238954400 -18000 0 EST}. {-1220806800

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Tortola Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	202
Entropy (8bit):	4.854311472609309
Encrypted:	false
SSDEEP:
MD5:	B931564D937C807282F1432FF6EA52A6
SHA1:	7ECA025D97717EEA7C91B5390122D3A47A25CAD0
SHA-256:	FF5CF153C4EC65E7E57A608A481F12939B6E4ACC8D62C5B01FEB5A04769A6F07
SHA-512:	97271500C7D7959B90A6AC0A98D5D0D29DA00E92F9FC973594267DF906DEE767243698DBA2F3A0CF00156E949E29CDDD45A151F263583514090717CFDF1FB4DD
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Tortola) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Vancouver Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9495
Entropy (8bit):	3.7630000632404426
Encrypted:	false
SSDEEP:
MD5:	1ACC41DA124C0CA5E67432760FDC91EC
SHA1:	13F56C3F53076E0027BB8C5814EC81256A37F4AF
SHA-256:	DFC19B5231F6A0AB9E9B971574FB612695A425A3B290699DF2819D46F1250DB0
SHA-512:	2F2E358F5743248DE946B90877EFCCCACAF039956249F17D24B7DA026830A181A125045E2C8937A6ACD674E32887049F2D36A1941F09803DF514ADCDA4055CC5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Vancouver) {. {-9223372036854775808 -29548 0 LMT}. {-2713880852 -28800 0 PST}. {-1632060000 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-747237600 -25200 1 PDT}. {-732726000 -28800 0 PST}. {-715788000 -25200 1 PDT}. {-702486000 -28800 0 PST}. {-684338400 -25200 1 PDT}. {-671036400 -28800 0 PST}. {-652888800 -25200 1 PDT}. {-639586800 -28800 0 PST}. {-620834400 -25200 1 PDT}. {-608137200 -28800 0 PST}. {-589384800 -25200 1 PDT}. {-576082800 -28800 0 PST}. {-557935200 -25200 1 PDT}. {-544633200 -28800 0 PST}. {-526485600 -25200 1 PDT}. {-513183600 -28800 0 PST}. {-495036000 -25200 1 PDT}. {-481734000 -28800 0 PST}. {-463586400 -25200 1 PDT}. {-450284400 -28800 0 PST}. {-431532000 -25200 1 PDT}. {-418230000 -28800 0 PST}. {-400082400 -25200 1 PDT}. {-386

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Virgin Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	201
Entropy (8bit):	4.901732290886438
Encrypted:	false
SSDEEP:
MD5:	DEB77B4016D310DFB38E6587190886FB
SHA1:	B308A2D187C153D3ED821B205A4F2D0F73DA94B0
SHA-256:	A6B8CFE8B9381EC61EAB553CFA2A815F93BBB224A6C79D74C08AC54BE4B8413B
SHA-512:	04A0D598A24C0F3A1881D3412352F65C610F75281CC512B46248847A798A12AEA551E3DE9EA3FD5BB6B3687A0BB65746392F301F72746876D30697D66B3A3604
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Virgin) $TZData(:America/Port_of_Spain).

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Whitehorse Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7613
Entropy (8bit):	3.789738507183991
Encrypted:	false
SSDEEP:
MD5:	CBCFD98E08FCCEB580F66AFE8E670AF5
SHA1:	7E922CCD99CD7758709205E4C9210A2F09F09800
SHA-256:	72992080AA9911184746633C7D6E47570255EE85CC6FE5E843F62331025B2A61
SHA-512:	18290654E5330186B739DEDBC7D6860FD017D089DAE19E480F868E1FB56A3CF2E685D0099C4CF1D4F2AE5F36D0B72ABE52FBAC29AD4F6AB8A45C4C420D90E2D5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Whitehorse) {. {-9223372036854775808 -32412 0 LMT}. {-2188997988 -32400 0 YST}. {-1632056400 -28800 1 YDT}. {-1615125600 -32400 0 YST}. {-1596978000 -28800 1 YDT}. {-1583164800 -32400 0 YST}. {-880203600 -28800 1 YWT}. {-769395600 -28800 1 YPT}. {-765381600 -32400 0 YST}. {-147884400 -25200 1 YDDT}. {-131554800 -32400 0 YST}. {315561600 -28800 0 PST}. {325677600 -25200 1 PDT}. {341398800 -28800 0 PST}. {357127200 -25200 1 PDT}. {372848400 -28800 0 PST}. {388576800 -25200 1 PDT}. {404902800 -28800 0 PST}. {420026400 -25200 1 PDT}. {436352400 -28800 0 PST}. {452080800 -25200 1 PDT}. {467802000 -28800 0 PST}. {483530400 -25200 1 PDT}. {499251600 -28800 0 PST}. {514980000 -25200 1 PDT}. {530701200 -28800 0 PST}. {544615200 -25200 1 PDT}. {562150800 -28800 0 PST}. {576064800 -25200 1 PDT}. {594205200 -28800 0 PST}. {607514400 -25200 1

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Yakutat Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8407
Entropy (8bit):	3.8776961667057868
Encrypted:	false
SSDEEP:
MD5:	9C0E781669E3E5549F82ED378EE3423B
SHA1:	32184EA198156731C58616A0D88F169441C8CC7F
SHA-256:	FE1C632FE9AF7E54A8CC9ED839818FAE98F14928921FD78C92A8D8E22F07A415
SHA-512:	D1CDAB3DBAFFB4C30F6EEBDD413D748980C156437FBE99E7DF0C1E17AFA4CC33876AF2BB44C90E1FE5347071E64E83823EED47AE9BE39863C12989CB3EA44BDA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Yakutat) {. {-9223372036854775808 52865 0 LMT}. {-3225223727 -33535 0 LMT}. {-2188953665 -32400 0 YST}. {-883580400 -32400 0 YST}. {-880203600 -28800 1 YWT}. {-769395600 -28800 1 YPT}. {-765381600 -32400 0 YST}. {-757350000 -32400 0 YST}. {-31503600 -32400 0 YST}. {-21474000 -28800 1 YDT}. {-5752800 -32400 0 YST}. {9975600 -28800 1 YDT}. {25696800 -32400 0 YST}. {41425200 -28800 1 YDT}. {57751200 -32400 0 YST}. {73479600 -28800 1 YDT}. {89200800 -32400 0 YST}. {104929200 -28800 1 YDT}. {120650400 -32400 0 YST}. {126702000 -28800 1 YDT}. {152100000 -32400 0 YST}. {162385200 -28800 1 YDT}. {183549600 -32400 0 YST}. {199278000 -28800 1 YDT}. {215604000 -32400 0 YST}. {230727600 -28800 1 YDT}. {247053600 -32400 0 YST}. {262782000 -28800 1 YDT}. {278503200 -32400 0 YST}. {294231600 -28800 1 YDT}. {309952800 -32400 0 YST}. {325681200

C:\Users\user\AppData\Local\Update\tcl\tzdata\America\Yellowknife Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7485
Entropy (8bit):	3.781666511020802
Encrypted:	false
SSDEEP:
MD5:	C9050AC32086644B15631E6FBE4D6292
SHA1:	8C074D0E04CAFB1BDD11953AE77687CFBC53C449
SHA-256:	447B801066A92624F58C00DA66FBB90B54195F4AB06886AE4796228244E19E85
SHA-512:	E7C73E67B247F912E774EF245D2323B24DDF75054C7BE9095BC19E3C58CB5AE287747076B2436ABF735738A969DAFCDB128F0BA2C76A0AFAB5449CF157BEB190
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Yellowknife) {. {-9223372036854775808 0 0 -00}. {-1104537600 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-147891600 -18000 1 MDDT}. {-131562000 -25200 0 MST}. {315558000 -25200 0 MST}. {325674000 -21600 1 MDT}. {341395200 -25200 0 MST}. {357123600 -21600 1 MDT}. {372844800 -25200 0 MST}. {388573200 -21600 1 MDT}. {404899200 -25200 0 MST}. {420022800 -21600 1 MDT}. {436348800 -25200 0 MST}. {452077200 -21600 1 MDT}. {467798400 -25200 0 MST}. {483526800 -21600 1 MDT}. {499248000 -25200 0 MST}. {514976400 -21600 1 MDT}. {530697600 -25200 0 MST}. {544611600 -21600 1 MDT}. {562147200 -25200 0 MST}. {576061200 -21600 1 MDT}. {594201600 -25200 0 MST}. {607510800 -21600 1 MDT}. {625651200 -25200 0 MST}. {638960400 -21600 1 MDT}. {657100800 -25200 0 MST}. {671014800 -21600 1 MDT}. {68

C:\Users\user\AppData\Local\Update\tcl\tzdata\Antarctica\Casey Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	316
Entropy (8bit):	4.338100448107153
Encrypted:	false
SSDEEP:
MD5:	4AD8AC155D466E47A6BF075508DC05ED
SHA1:	2C911F651B26C27C07756111B5291C63C6954D34
SHA-256:	282A352404B30C4336C0E09F3C5371393511C602B9E55648FB0251EACC9C715D
SHA-512:	4A7305653D700FF565C9747C8A4E69A79609EB4748F3FFAA60C5A8548BBFAEC541EB8EAF830FF9202508BEAFAC2A0895BC4A52473FA51EBC74FAD83FCD0EB8F5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Casey) {. {-9223372036854775808 0 0 -00}. {-31536000 28800 0 +08}. {1255802400 39600 0 +11}. {1267714800 28800 0 +08}. {1319738400 39600 0 +11}. {1329843600 28800 0 +08}. {1477065600 39600 0 +11}. {1520701200 28800 0 +08}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Antarctica\Davis Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	312
Entropy (8bit):	4.290371654524798
Encrypted:	false
SSDEEP:
MD5:	780DA74192C8F569B1450AACE54A0558
SHA1:	F2650D6D21A4B4AC8D931383ED343CE916252319
SHA-256:	88A4DBB222E9FD2FFC26D9B5A8657FA6552DF6B3B6A14D951CE1168B5646E8F8
SHA-512:	7F1E9E5C0F8E2A9D8AC68E19AF3D48D2BEE9840812A219A759475E7D036EA18CB122C40DDB88977079C1831AEF7EFBCB519C691616631D490B3C04382EB993C0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Davis) {. {-9223372036854775808 0 0 -00}. {-409190400 25200 0 +07}. {-163062000 0 0 -00}. {-28857600 25200 0 +07}. {1255806000 18000 0 +05}. {1268251200 25200 0 +07}. {1319742000 18000 0 +05}. {1329854400 25200 0 +07}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Antarctica\DumontDUrville Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	206
Entropy (8bit):	4.716730745171491
Encrypted:	false
SSDEEP:
MD5:	83B53540FADB1A36903E2A619954BFFC
SHA1:	C9F520043A641104F43FB5422971B4D7A39A421C
SHA-256:	0E50BA70DE94E6BABC4847C15865867D0F821F6BDDDC0B9750CB6BF13EF5DF3B
SHA-512:	0AE7FE58EED7EAC03CBFFA2EA32CCBF726DBED0A3B1C20CF1D549CDA801CEB2B54F106787BD15B17DA3D9404E2D84936D50E4A2F63D1A72B0FEBCD8F8EA3195F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/DumontDUrville) {. {-9223372036854775808 0 0 -00}. {-725846400 36000 0 +10}. {-566992800 0 0 -00}. {-415497600 36000 0 +10}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Antarctica\Macquarie Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2800
Entropy (8bit):	3.8632793034261463
Encrypted:	false
SSDEEP:
MD5:	A3E1A9DFB6D6F061E60739865E6E0D18
SHA1:	10C014CB444DEEF093854EE6A415DC17D7C2A4C5
SHA-256:	975026D38C4BF136769D31215F2908867EC37E568380F864983DD57FFADA4676
SHA-512:	9425CF1B717FBDFD4EA04AAC06CF5ACE365A4FCC911D85130B910D022ED4261F1FFF431CE63BA538871C7D3CA1EF65490A30BEE975884EB39FC1E5C2D88009D0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Macquarie) {. {-9223372036854775808 0 0 -00}. {-2214259200 36000 0 AEST}. {-1680508800 39600 1 AEDT}. {-1669892400 39600 0 AEDT}. {-1665392400 36000 0 AEST}. {-1601719200 0 0 -00}. {-94730400 36000 0 AEST}. {-71136000 39600 1 AEDT}. {-55411200 36000 0 AEST}. {-37267200 39600 1 AEDT}. {-25776000 36000 0 AEST}. {-5817600 39600 1 AEDT}. {5673600 36000 0 AEST}. {25632000 39600 1 AEDT}. {37728000 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {89136000 39600 1 AEDT}. {100022400 36000 0 AEST}. {120585600 39600 1 AEDT}. {131472000 36000 0 AEST}. {152035200 39600 1 AEDT}. {162921600 36000 0 AEST}. {183484800 39600 1 AEDT}. {194976000 36000 0 AEST}. {215539200 39600 1 AEDT}. {226425600 36000 0 AEST}. {246988800 39600 1 AEDT}. {257875200 36000 0 AEST}. {278438400 39600 1 AEDT}. {289324800 36000 0 AEST}. {309888000 39

C:\Users\user\AppData\Local\Update\tcl\tzdata\Antarctica\Mawson Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.6965808819415695
Encrypted:	false
SSDEEP:
MD5:	A07C6FA0B635EC81C5199F2515888C9E
SHA1:	587AC900E285F6298A7287F10466DFA4683B9A87
SHA-256:	2D8F0218800F6E0BD645A7270BEAF60A517AE20CBFFD64CF77E3CE4F8F959348
SHA-512:	76A3590748F698E51BF29A1D3C119A253A8C07E9F77835CCDFC6AC51C554B5888351C95E6012CDADB106B42A384D49E56537FBF8DB9DC5BB791CB115FDB623FD
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Mawson) {. {-9223372036854775808 0 0 -00}. {-501206400 21600 0 +06}. {1255809600 18000 0 +05}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Antarctica\McMurdo Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	190
Entropy (8bit):	4.832254042797831
Encrypted:	false
SSDEEP:
MD5:	0048A7427AC7880B9F6413208B216BC9
SHA1:	CBB4A29316581CFC7868A779E97DB94F75870F41
SHA-256:	487D4845885643700B4FF043AC5EA59E2355FD38357809BE12679ECAFFA93030
SHA-512:	EC107FA59203B7BCB58253E2715380EF70DF5470030B83E1DEA8D1AC4E7D3FB2908E8C7009D8136212871EC3DA8B4C4194FF3290E5A41EEE8E7D07CABE80ECC0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Auckland)]} {. LoadTimeZoneFile Pacific/Auckland.}.set TZData(:Antarctica/McMurdo) $TZData(:Pacific/Auckland).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Antarctica\Palmer Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2526
Entropy (8bit):	3.514598338545733
Encrypted:	false
SSDEEP:
MD5:	7738686109BCC8AF5271608FCD04EBFB
SHA1:	401217F0F69945ADA13F593681D8F13A368BCF94
SHA-256:	3EECDA7E4507A321A03171658187D2F50F7C6C46E8A1B0831E6B6B6AAFFAC4AC
SHA-512:	F7982BF9D82B2D7C2C1825AF1FF9178849BB699A50367872C11572E6F8A452619A63C9F97CEAF06FD5104075FBDE70936B8363B993F2571FD9A2B699A1D17521
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Palmer) {. {-9223372036854775808 0 0 -00}. {-157766400 -14400 0 -04}. {-152654400 -14400 0 -04}. {-132955200 -10800 1 -04}. {-121122000 -14400 0 -04}. {-101419200 -10800 1 -04}. {-86821200 -14400 0 -04}. {-71092800 -10800 1 -04}. {-54766800 -14400 0 -04}. {-39038400 -10800 1 -04}. {-23317200 -14400 0 -04}. {-7588800 -10800 0 -03}. {128142000 -7200 1 -03}. {136605600 -10800 0 -03}. {389070000 -14400 0 -04}. {403070400 -10800 1 -04}. {416372400 -14400 0 -04}. {434520000 -10800 1 -04}. {447822000 -14400 0 -04}. {466574400 -10800 1 -04}. {479271600 -14400 0 -04}. {498024000 -10800 1 -04}. {510721200 -14400 0 -04}. {529473600 -10800 1 -04}. {545194800 -14400 0 -04}. {560923200 -10800 1 -04}. {574225200 -14400 0 -04}. {592372800 -10800 1 -04}. {605674800 -14400 0 -04}. {624427200 -10800 1 -04}. {637124400 -14400 0 -04}. {653457600

C:\Users\user\AppData\Local\Update\tcl\tzdata\Antarctica\Rothera Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	145
Entropy (8bit):	4.778784990010973
Encrypted:	false
SSDEEP:
MD5:	8CAED0DB4C911E84AF29910478D0DBD6
SHA1:	80DE97C9959D58C6BF782A948EED735AB4C423CC
SHA-256:	9415FA3A573B98A6EBCBFAEEC15B1C52352F2574161648BB977F55072414002F
SHA-512:	28F27F7EDDF30EB08F8B37ED13219501D14D2AEA4EFA07AFAD36A643BD448E1BD992463C12C47152C99772D755E6EA0198B51B806A05B57743635A9059676EC2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Rothera) {. {-9223372036854775808 0 0 -00}. {218246400 -10800 0 -03}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Antarctica\South_Pole Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	193
Entropy (8bit):	4.858829912809126
Encrypted:	false
SSDEEP:
MD5:	51AC23110E7EAB20319EE8EC82F048D2
SHA1:	7B4DE168A3078041841762F468AE65A2EE6C5322
SHA-256:	D33E094979B3CE495BEF7109D78F7B77D470AB848E4E2951851A7C57140354BF
SHA-512:	13E800DFFA3D65F94FAD6B529FC8A29A26F40F4F29DBF19283392733458AD3C6B27E479218A8C123424E965711B4746976E39EB9FD54CD0B57281134FEAC4F31
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Auckland)]} {. LoadTimeZoneFile Pacific/Auckland.}.set TZData(:Antarctica/South_Pole) $TZData(:Pacific/Auckland).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Antarctica\Syowa Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	143
Entropy (8bit):	4.7487926695696006
Encrypted:	false
SSDEEP:
MD5:	AA415901BB9E53CF7FAEA47E546D9AED
SHA1:	CF12572D2C4D0ABF12B0450D366944E297744217
SHA-256:	F161CFAB3E40A0358FF0DEC2EB8ED9231D357FAC20710668B9CE31CDA68E8B96
SHA-512:	4F90E0EA7086EB729080E77A47C2E998F7AD3BCEA4997DAB06044BCDD2E2E1729A83C679EF2E1D78CD0255C37F24FCC6746518444CC4E96EBB2A0547312D8354
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Syowa) {. {-9223372036854775808 0 0 -00}. {-407808000 10800 0 +03}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Antarctica\Troll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5174
Entropy (8bit):	3.411985404081831
Encrypted:	false
SSDEEP:
MD5:	CA4730C864AB3CC903F79BDF0F9E8777
SHA1:	7B3E9DDB36766F95F9C651CF244EDA9ED22BDDC5
SHA-256:	E437539A85E91AD95CD100F9628142FEBB455553C95415DB1147FD25948EBF59
SHA-512:	32EE0CCA0AB92D68D6C21A925E5367730A172C49DC5245A61DA1A39E08317569154C52EC695E3FB43BB40D066C4C0E9625C835A7F6E2EB5DDF0768D48DB99F3C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Troll) {. {-9223372036854775808 0 0 -00}. {1108166400 0 0 +00}. {1111885200 7200 1 +02}. {1130634000 0 0 +00}. {1143334800 7200 1 +02}. {1162083600 0 0 +00}. {1174784400 7200 1 +02}. {1193533200 0 0 +00}. {1206838800 7200 1 +02}. {1224982800 0 0 +00}. {1238288400 7200 1 +02}. {1256432400 0 0 +00}. {1269738000 7200 1 +02}. {1288486800 0 0 +00}. {1301187600 7200 1 +02}. {1319936400 0 0 +00}. {1332637200 7200 1 +02}. {1351386000 0 0 +00}. {1364691600 7200 1 +02}. {1382835600 0 0 +00}. {1396141200 7200 1 +02}. {1414285200 0 0 +00}. {1427590800 7200 1 +02}. {1445734800 0 0 +00}. {1459040400 7200 1 +02}. {1477789200 0 0 +00}. {1490490000 7200 1 +02}. {1509238800 0 0 +00}. {1521939600 7200 1 +02}. {1540688400 0 0 +00}. {1553994000 7200 1 +02}. {1572138000 0 0 +00}. {1585443600 7200 1 +02}. {1603587600 0 0 +00}. {1616893200

C:\Users\user\AppData\Local\Update\tcl\tzdata\Antarctica\Vostok Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	144
Entropy (8bit):	4.773942010845718
Encrypted:	false
SSDEEP:
MD5:	A07C4769267AFA9501BE44BD406ADA34
SHA1:	86747047EFD1F47FEFC7DA44465EAB53F808C9FB
SHA-256:	92816E1C4FDE037D982596610A1F6E11D4E7FD408C3B1FAAB7BEC32B09911FE7
SHA-512:	051A327C898867228C8B1848162C2604BED8456B61533D4A40FBEB9A0069AE2EAF33F79803A0C6A80C6446C34F757A751F4ABC5AC5CCED6C125E2A42D46A022A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Vostok) {. {-9223372036854775808 0 0 -00}. {-380073600 21600 0 +06}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Arctic\Longyearbyen Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	176
Entropy (8bit):	4.922114908130109
Encrypted:	false
SSDEEP:
MD5:	0F69284483D337DC8202970461A28386
SHA1:	0D4592B8EBE070119CB3308534FE9A07A758F309
SHA-256:	3A5DB7C2C71F95C495D0884001F82599E794118452E2748E95A7565523546A8E
SHA-512:	D9F2618B153BFE4888E893A62128BE0BD59DFAFC824DA629454D5D541A9789536AC029BF73B6E9749409C522F450D53A270D302B2CF084444EA64D9138D77DFE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Oslo)]} {. LoadTimeZoneFile Europe/Oslo.}.set TZData(:Arctic/Longyearbyen) $TZData(:Europe/Oslo).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Aden Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	166
Entropy (8bit):	4.7788335911117095
Encrypted:	false
SSDEEP:
MD5:	BBAFEA8E55A739C72E69A619C406BD5D
SHA1:	0C2793114CA716C5DBAF081083DF1E137F1D0A63
SHA-256:	6E69C5C3C3E1C98F24F5F523EC666B82534C9F33132A93CCC1100F27E594027F
SHA-512:	7741F2281FDCA8F01A75ABEBF908F0B70320C4C026D90D4B0C283F3E2B8C47C95263569916EF83CAD40C87D5B6E714045D0B43370A263BC7BE80EC3DA62CC82F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Riyadh)]} {. LoadTimeZoneFile Asia/Riyadh.}.set TZData(:Asia/Aden) $TZData(:Asia/Riyadh).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Almaty Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1580
Entropy (8bit):	3.640808791765599
Encrypted:	false
SSDEEP:
MD5:	AC511C65052CE2D780FD583E50CB475C
SHA1:	6B9171A13F6E6F33F878A347173A03112BCF1B89
SHA-256:	C9739892527CCEBDF91D7E22A6FCD0FD57AAFA6A1B4535915AC82CF6F72F34A4
SHA-512:	12743486EB02C241C90ECCEDD323D0F560D5FA1F55CB3EBB5AF3A65331D362433F2EAF7285B19335F5C262DA033EB8BE5A4618794EA74DFCD4107C170035CE96
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Almaty) {. {-9223372036854775808 18468 0 LMT}. {-1441170468 18000 0 +05}. {-1247547600 21600 0 +06}. {354909600 25200 1 +06}. {370717200 21600 0 +06}. {386445600 25200 1 +06}. {402253200 21600 0 +06}. {417981600 25200 1 +06}. {433789200 21600 0 +06}. {449604000 25200 1 +06}. {465336000 21600 0 +06}. {481060800 25200 1 +06}. {496785600 21600 0 +06}. {512510400 25200 1 +06}. {528235200 21600 0 +06}. {543960000 25200 1 +06}. {559684800 21600 0 +06}. {575409600 25200 1 +06}. {591134400 21600 0 +06}. {606859200 25200 1 +06}. {622584000 21600 0 +06}. {638308800 25200 1 +06}. {654638400 21600 0 +06}. {670363200 18000 0 +05}. {670366800 21600 1 +05}. {686091600 18000 0 +05}. {695768400 21600 0 +06}. {701812800 25200 1 +06}. {717537600 21600 0 +06}. {733262400 25200 1 +06}. {748987200 21600 0 +06}. {764712000 25200 1 +06}. {780436800 21

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Amman Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7055
Entropy (8bit):	3.621680472512772
Encrypted:	false
SSDEEP:
MD5:	703F8A37D41186AC8CDBCB86B9FE6C1B
SHA1:	B2D7FCBD290DA0FEB31CD310BA29FE27A59822BE
SHA-256:	847FA8211956C5930930E2D7E760B1D7F551E8CDF99817DB630222C960069EB8
SHA-512:	66504E448469D2358C228966739F0FEB381BF862866A951B092A600A17DAD80E6331F6D88C4CFCE483F45E79451722A19B37291EDA75C7CD4D7E0A7E82096F47
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Amman) {. {-9223372036854775808 8624 0 LMT}. {-1230776624 7200 0 EET}. {108165600 10800 1 EEST}. {118270800 7200 0 EET}. {136591200 10800 1 EEST}. {149806800 7200 0 EET}. {168127200 10800 1 EEST}. {181342800 7200 0 EET}. {199749600 10800 1 EEST}. {215643600 7200 0 EET}. {231285600 10800 1 EEST}. {244501200 7200 0 EET}. {262735200 10800 1 EEST}. {275950800 7200 0 EET}. {481154400 10800 1 EEST}. {496962000 7200 0 EET}. {512949600 10800 1 EEST}. {528670800 7200 0 EET}. {544399200 10800 1 EEST}. {560120400 7200 0 EET}. {575848800 10800 1 EEST}. {592174800 7200 0 EET}. {610581600 10800 1 EEST}. {623624400 7200 0 EET}. {641167200 10800 1 EEST}. {655074000 7200 0 EET}. {671839200 10800 1 EEST}. {685918800 7200 0 EET}. {702856800 10800 1 EEST}. {717973200 7200 0 EET}. {733701600 10800 1 EEST}. {749422800 7200 0 EET}. {765151200 10800 1

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Anadyr Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2014
Entropy (8bit):	3.680306971172711
Encrypted:	false
SSDEEP:
MD5:	E0396BBBB3FDDD2B651D2DBB4EF90884
SHA1:	C1FFCDC6EB77B5F4CFAFA90EA8E1025DB142D5C5
SHA-256:	6A9B4EF8FBED758E8D1737C79D803F9DF4F5BF61F115064ED60DA2397B88FE19
SHA-512:	8FB6D19189142F11812B82F5803F4E5C85BF107689D317305D32EF71905DC9E0655DD2F2D4CE234B5872A6BF452670221F94EF1D48EF776C002AA5A484C2481B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Anadyr) {. {-9223372036854775808 42596 0 LMT}. {-1441194596 43200 0 +12}. {-1247572800 46800 0 +14}. {354884400 50400 1 +14}. {370692000 46800 0 +13}. {386420400 43200 0 +13}. {386424000 46800 1 +13}. {402231600 43200 0 +12}. {417960000 46800 1 +13}. {433767600 43200 0 +12}. {449582400 46800 1 +13}. {465314400 43200 0 +12}. {481039200 46800 1 +13}. {496764000 43200 0 +12}. {512488800 46800 1 +13}. {528213600 43200 0 +12}. {543938400 46800 1 +13}. {559663200 43200 0 +12}. {575388000 46800 1 +13}. {591112800 43200 0 +12}. {606837600 46800 1 +13}. {622562400 43200 0 +12}. {638287200 46800 1 +13}. {654616800 43200 0 +12}. {670341600 39600 0 +12}. {670345200 43200 1 +12}. {686070000 39600 0 +11}. {695746800 43200 0 +13}. {701791200 46800 1 +13}. {717516000 43200 0 +12}. {733240800 46800 1 +13}. {748965600 43200 0 +12}. {764690400 46

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Aqtau Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1607
Entropy (8bit):	3.623112789966889
Encrypted:	false
SSDEEP:
MD5:	410226AA30925F31BA963139FD594AEB
SHA1:	860E17C83D0DF2CBB4B8E73B9C7CB956994F5549
SHA-256:	69402CA6D56138A6A6D09964B90D1781A7CBEFBDFFE506B7292758EC24740B0E
SHA-512:	AE2610D1D779500132D5FA12E7529551ECD009848619C7D802F6EE89B0D2C3D6E7C91FB83DA7616180C166CE9C4499D7A2A4FEB5373621353640A71830B655A3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Aqtau) {. {-9223372036854775808 12064 0 LMT}. {-1441164064 14400 0 +04}. {-1247544000 18000 0 +05}. {370724400 21600 0 +06}. {386445600 18000 0 +05}. {386449200 21600 1 +05}. {402256800 18000 0 +05}. {417985200 21600 1 +05}. {433792800 18000 0 +05}. {449607600 21600 1 +05}. {465339600 18000 0 +05}. {481064400 21600 1 +05}. {496789200 18000 0 +05}. {512514000 21600 1 +05}. {528238800 18000 0 +05}. {543963600 21600 1 +05}. {559688400 18000 0 +05}. {575413200 21600 1 +05}. {591138000 18000 0 +05}. {606862800 21600 1 +05}. {622587600 18000 0 +05}. {638312400 21600 1 +05}. {654642000 18000 0 +05}. {670366800 14400 0 +04}. {670370400 18000 1 +04}. {686095200 14400 0 +04}. {695772000 18000 0 +05}. {701816400 21600 1 +05}. {717541200 18000 0 +05}. {733266000 21600 1 +05}. {748990800 18000 0 +05}. {764715600 21600 1 +05}. {780440400 180

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Aqtobe Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1608
Entropy (8bit):	3.6301391279603696
Encrypted:	false
SSDEEP:
MD5:	B8D914F33D568AE8EB46B7F3FC5BF944
SHA1:	91DE61EC025E8F74D9CD10816C3534B5F8D397F7
SHA-256:	9C1C30ADD1919951350C86DA6B716326178CF74A849A3350AE147DD2ADC34049
SHA-512:	A32B34C15D94C42E9DF13316ACB9E0C9AF151F2EF14F502BE1A75E40735A2BC5D9E59244A72ACFB68184DA0D62A48FCC7AB288F1BA85DBB4DC385FA04BF3075D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Aqtobe) {. {-9223372036854775808 13720 0 LMT}. {-1441165720 14400 0 +04}. {-1247544000 18000 0 +05}. {354913200 21600 1 +06}. {370720800 21600 0 +06}. {386445600 18000 0 +05}. {386449200 21600 1 +05}. {402256800 18000 0 +05}. {417985200 21600 1 +05}. {433792800 18000 0 +05}. {449607600 21600 1 +05}. {465339600 18000 0 +05}. {481064400 21600 1 +05}. {496789200 18000 0 +05}. {512514000 21600 1 +05}. {528238800 18000 0 +05}. {543963600 21600 1 +05}. {559688400 18000 0 +05}. {575413200 21600 1 +05}. {591138000 18000 0 +05}. {606862800 21600 1 +05}. {622587600 18000 0 +05}. {638312400 21600 1 +05}. {654642000 18000 0 +05}. {670366800 14400 0 +04}. {670370400 18000 1 +04}. {686095200 14400 0 +04}. {695772000 18000 0 +05}. {701816400 21600 1 +05}. {717541200 18000 0 +05}. {733266000 21600 1 +05}. {748990800 18000 0 +05}. {764715600 21

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Ashgabat Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	847
Entropy (8bit):	3.852939540326754
Encrypted:	false
SSDEEP:
MD5:	BFDAC4AE48AD49E5C0A048234586507E
SHA1:	ACFE49AED50D0FDF2978034BB3098331F6266CC8
SHA-256:	77FB5A9F578E75EEC3E3B83618C99F33A04C19C8BB9AFB314888091A8DD64AA3
SHA-512:	11B412E0856BD384080B982C9DE6CE196E8C71A68096F7ED22972B7617533F9BD92EFA4C153F2CEE7EA4F0DE206281B6B9066C5969AFFE913AF2FA5CF82EDD90
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Ashgabat) {. {-9223372036854775808 14012 0 LMT}. {-1441166012 14400 0 +04}. {-1247544000 18000 0 +05}. {354913200 21600 1 +05}. {370720800 18000 0 +05}. {386449200 21600 1 +05}. {402256800 18000 0 +05}. {417985200 21600 1 +05}. {433792800 18000 0 +05}. {449607600 21600 1 +05}. {465339600 18000 0 +05}. {481064400 21600 1 +05}. {496789200 18000 0 +05}. {512514000 21600 1 +05}. {528238800 18000 0 +05}. {543963600 21600 1 +05}. {559688400 18000 0 +05}. {575413200 21600 1 +05}. {591138000 18000 0 +05}. {606862800 21600 1 +05}. {622587600 18000 0 +05}. {638312400 21600 1 +05}. {654642000 18000 0 +05}. {670366800 14400 0 +04}. {670370400 18000 1 +04}. {686095200 14400 0 +04}. {695772000 18000 0 +05}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Ashkhabad Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	177
Entropy (8bit):	4.750782589043179
Encrypted:	false
SSDEEP:
MD5:	73E1F618FB430C503A1499E3A0298C97
SHA1:	29F31A7C9992F9D9B3447FCBC878F1AF8E4BD57F
SHA-256:	5917FC603270C0470D2EC416E6C85E999A52B6A384A2E1C5CFC41B29ABCA963A
SHA-512:	FAE39F158A4F47B4C37277A1DC77B8524DD4287EBAD5D8E6CBB906184E6DA275A308B55051114F4CD4908B449AE3C8FD48384271E3F7106801AD765E5958B4DD
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Ashgabat)]} {. LoadTimeZoneFile Asia/Ashgabat.}.set TZData(:Asia/Ashkhabad) $TZData(:Asia/Ashgabat).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Atyrau Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1608
Entropy (8bit):	3.6351436957032477
Encrypted:	false
SSDEEP:
MD5:	F2A86E76222B06103F6C1E8F89EB453E
SHA1:	D73938EBCA8C1340A7C86E865492EE581DFFC393
SHA-256:	211AB2318746486C356091EC2D3508D6FB79B9EBC78FC843BF2ADC96A38C4217
SHA-512:	B5F4F8FF11FA6D113B23F60D64E1737C7FABDDEBF12C37138F0FA05254E6C1643A2D3CA6C322943F4E877CE2E3736CF0F0741DD390C79E7EE94D56361B14BF45
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Atyrau) {. {-9223372036854775808 12464 0 LMT}. {-1441164464 10800 0 +03}. {-1247540400 18000 0 +05}. {370724400 21600 0 +06}. {386445600 18000 0 +05}. {386449200 21600 1 +05}. {402256800 18000 0 +05}. {417985200 21600 1 +05}. {433792800 18000 0 +05}. {449607600 21600 1 +05}. {465339600 18000 0 +05}. {481064400 21600 1 +05}. {496789200 18000 0 +05}. {512514000 21600 1 +05}. {528238800 18000 0 +05}. {543963600 21600 1 +05}. {559688400 18000 0 +05}. {575413200 21600 1 +05}. {591138000 18000 0 +05}. {606862800 21600 1 +05}. {622587600 18000 0 +05}. {638312400 21600 1 +05}. {654642000 18000 0 +05}. {670366800 14400 0 +04}. {670370400 18000 1 +04}. {686095200 14400 0 +04}. {695772000 18000 0 +05}. {701816400 21600 1 +05}. {717541200 18000 0 +05}. {733266000 21600 1 +05}. {748990800 18000 0 +05}. {764715600 21600 1 +05}. {780440400 18

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Baghdad Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1643
Entropy (8bit):	3.6348723729667975
Encrypted:	false
SSDEEP:
MD5:	2C0422E86BA0AECAA97CA01F3A27B797
SHA1:	C28FD8530B7895B4631EA0CAE03E6019561C4C40
SHA-256:	D5D69D7A4FE29761C5C3FFBB41A4F8B6B5F2101A34678B1FA9B1D39FC5478EA8
SHA-512:	3C346DE7E82B8EF1783F5A6D8A6099F7A530DD29AD48EDBB72F019ADC47155A703845503B1DD2589315BB67FA40AEF584313150686248DF45F983781F4B18710
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Baghdad) {. {-9223372036854775808 10660 0 LMT}. {-2524532260 10656 0 BMT}. {-1641005856 10800 0 +03}. {389048400 14400 0 +03}. {402264000 10800 0 +03}. {417906000 14400 1 +03}. {433800000 10800 0 +03}. {449614800 14400 1 +03}. {465422400 10800 0 +03}. {481150800 14400 1 +03}. {496792800 10800 0 +03}. {512517600 14400 1 +03}. {528242400 10800 0 +03}. {543967200 14400 1 +03}. {559692000 10800 0 +03}. {575416800 14400 1 +03}. {591141600 10800 0 +03}. {606866400 14400 1 +03}. {622591200 10800 0 +03}. {638316000 14400 1 +03}. {654645600 10800 0 +03}. {670464000 14400 1 +03}. {686275200 10800 0 +03}. {702086400 14400 1 +03}. {717897600 10800 0 +03}. {733622400 14400 1 +03}. {749433600 10800 0 +03}. {765158400 14400 1 +03}. {780969600 10800 0 +03}. {796694400 14400 1 +03}. {812505600 10800 0 +03}. {828316800 14400 1 +03}. {844128000 1

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Bahrain Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	166
Entropy (8bit):	4.732157428331905
Encrypted:	false
SSDEEP:
MD5:	6291D60E3A30B76FEB491CB944BC2003
SHA1:	3D31032CF518A712FBA49DEC42FF3D99DD468140
SHA-256:	A462F83DDB0CCC41AC10E0B5B98287B4D89DA8BBBCA869CCFB81979C70613C6C
SHA-512:	C62D44527EAD47D2281FF951B9CF84C297859CFDC9A497CB92A583B6012B2B9DAAE9924EF17BC6B7CD317B770FF4924D8E1E77ED2E0EBC02502530D132EDE35B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Qatar)]} {. LoadTimeZoneFile Asia/Qatar.}.set TZData(:Asia/Bahrain) $TZData(:Asia/Qatar).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Baku Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2075
Entropy (8bit):	3.5206282649651808
Encrypted:	false
SSDEEP:
MD5:	460EDC7D17FFA6AF834B6474D8262FB0
SHA1:	913E117814A5B4B7283A533F47525C8A0C68FD3C
SHA-256:	0A1FDA259EE5EBC779768BBADACC7E1CCAC56484AA6C03F7C1F79647AB79593D
SHA-512:	4047A7AD5F248F0B304FEF06C73EA655D603C39B6AC74629A2ADD49A93E74B23F458DC70E8150AD3F5BBF773F2387907B4BB69A95EB945B9FA432CA6B8AB173D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Baku) {. {-9223372036854775808 11964 0 LMT}. {-1441163964 10800 0 +03}. {-405140400 14400 0 +04}. {354916800 18000 1 +04}. {370724400 14400 0 +04}. {386452800 18000 1 +04}. {402260400 14400 0 +04}. {417988800 18000 1 +04}. {433796400 14400 0 +04}. {449611200 18000 1 +04}. {465343200 14400 0 +04}. {481068000 18000 1 +04}. {496792800 14400 0 +04}. {512517600 18000 1 +04}. {528242400 14400 0 +04}. {543967200 18000 1 +04}. {559692000 14400 0 +04}. {575416800 18000 1 +04}. {591141600 14400 0 +04}. {606866400 18000 1 +04}. {622591200 14400 0 +04}. {638316000 18000 1 +04}. {654645600 14400 0 +04}. {670370400 10800 0 +03}. {670374000 14400 1 +03}. {686098800 10800 0 +03}. {701823600 14400 1 +03}. {717548400 14400 0 +04}. {820440000 14400 0 +04}. {828234000 18000 1 +05}. {846378000 14400 0 +04}. {852062400 14400 0 +04}. {859680000 18000

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Bangkok Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	174
Entropy (8bit):	4.863210418273511
Encrypted:	false
SSDEEP:
MD5:	8291C9916E9D5E5C78DE38257798799D
SHA1:	F67A474337CF5FF8460911C7003930455AA0C530
SHA-256:	ED9D1C47D50461D312C7314D5C1403703E29EE14E6BAC97625EFB06F38E4942C
SHA-512:	9B552812A0001271980F87C270EF4149201403B911826BDF17F66EE1015B9AC859C1B2E7BB4EB6BC56E37CDB24097BF001201C34AD7D4C0C910AE17CFEC36C8B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Bangkok) {. {-9223372036854775808 24124 0 LMT}. {-2840164924 24124 0 BMT}. {-1570084924 25200 0 +07}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Barnaul Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2044
Entropy (8bit):	3.6106776173203916
Encrypted:	false
SSDEEP:
MD5:	DC7A71DAB17C7F4A348DC1EE2FC458C5
SHA1:	982FAB93A637D18A049DDBE96B0341736C66561D
SHA-256:	52DB3278189AA2380D84A81199A2E7F3B40E9706228D2291C6257FD513D78667
SHA-512:	90659D37D2A2E8574A88FD7F222C28D9572A9866FC3459B0CC1760FECBC7C4A0574B224C252877D723B06DD72165C4FE368D5B00DAB662B85D2E0F4CB2A89271
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Barnaul) {. {-9223372036854775808 20100 0 LMT}. {-1579844100 21600 0 +06}. {-1247551200 25200 0 +08}. {354906000 28800 1 +08}. {370713600 25200 0 +07}. {386442000 28800 1 +08}. {402249600 25200 0 +07}. {417978000 28800 1 +08}. {433785600 25200 0 +07}. {449600400 28800 1 +08}. {465332400 25200 0 +07}. {481057200 28800 1 +08}. {496782000 25200 0 +07}. {512506800 28800 1 +08}. {528231600 25200 0 +07}. {543956400 28800 1 +08}. {559681200 25200 0 +07}. {575406000 28800 1 +08}. {591130800 25200 0 +07}. {606855600 28800 1 +08}. {622580400 25200 0 +07}. {638305200 28800 1 +08}. {654634800 25200 0 +07}. {670359600 21600 0 +07}. {670363200 25200 1 +07}. {686088000 21600 0 +06}. {695764800 25200 0 +08}. {701809200 28800 1 +08}. {717534000 25200 0 +07}. {733258800 28800 1 +08}. {748983600 25200 0 +07}. {764708400 28800 1 +08}. {780433200 2

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Beirut Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7754
Entropy (8bit):	3.6329631010207892
Encrypted:	false
SSDEEP:
MD5:	2D3AE4AD36BD5F302F980EB5F1DD0E4A
SHA1:	02244056D6D4EC57937D1E187CC65E8FD18F67F0
SHA-256:	E9DD371FA47F8EF1BE04109F0FD3EBD9FC5E2B0A12C0630CDD20099C838CBEBB
SHA-512:	2E4528254102210B8A9A2263A8A8E72774D40F57C2431C2DD6B1761CD91FB6CEA1FAD23877E1E2D86217609882F3605D7FE477B771A398F91F8D8AD3EAF90BAC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Beirut) {. {-9223372036854775808 8520 0 LMT}. {-2840149320 7200 0 EET}. {-1570413600 10800 1 EEST}. {-1552186800 7200 0 EET}. {-1538359200 10800 1 EEST}. {-1522551600 7200 0 EET}. {-1507514400 10800 1 EEST}. {-1490583600 7200 0 EET}. {-1473645600 10800 1 EEST}. {-1460948400 7200 0 EET}. {-399866400 10800 1 EEST}. {-386650800 7200 0 EET}. {-368330400 10800 1 EEST}. {-355114800 7200 0 EET}. {-336794400 10800 1 EEST}. {-323578800 7200 0 EET}. {-305172000 10800 1 EEST}. {-291956400 7200 0 EET}. {-273636000 10800 1 EEST}. {-260420400 7200 0 EET}. {78012000 10800 1 EEST}. {86734800 7200 0 EET}. {105055200 10800 1 EEST}. {118270800 7200 0 EET}. {136591200 10800 1 EEST}. {149806800 7200 0 EET}. {168127200 10800 1 EEST}. {181342800 7200 0 EET}. {199749600 10800 1 EEST}. {212965200 7200 0 EET}. {231285600 10800 1 EEST}. {244501200 7200 0 EE

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Bishkek Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1611
Entropy (8bit):	3.653654369590701
Encrypted:	false
SSDEEP:
MD5:	1A3A4825B73F11024FD21F94AE85F9D2
SHA1:	E63443CC267B43EFEFFD1E3161293217526E7DC8
SHA-256:	D8205F34BB8B618E2F8B4EB6E613BE1B5CFBBF3B6CBFAFE868644E1A1648C164
SHA-512:	5C766BD6FB6195BEBD7CDF703B7E0A67FBB2BCF98052866AE9ACDC5B90469421508F52C60F22542BBA6ED8CC59B4889F20DB131B183918592139B6D135BC57A2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Bishkek) {. {-9223372036854775808 17904 0 LMT}. {-1441169904 18000 0 +05}. {-1247547600 21600 0 +06}. {354909600 25200 1 +06}. {370717200 21600 0 +06}. {386445600 25200 1 +06}. {402253200 21600 0 +06}. {417981600 25200 1 +06}. {433789200 21600 0 +06}. {449604000 25200 1 +06}. {465336000 21600 0 +06}. {481060800 25200 1 +06}. {496785600 21600 0 +06}. {512510400 25200 1 +06}. {528235200 21600 0 +06}. {543960000 25200 1 +06}. {559684800 21600 0 +06}. {575409600 25200 1 +06}. {591134400 21600 0 +06}. {606859200 25200 1 +06}. {622584000 21600 0 +06}. {638308800 25200 1 +06}. {654638400 21600 0 +06}. {670363200 18000 0 +05}. {670366800 21600 1 +05}. {683586000 18000 0 +05}. {703018800 21600 1 +05}. {717530400 18000 0 +05}. {734468400 21600 1 +05}. {748980000 18000 0 +05}. {765918000 21600 1 +05}. {780429600 18000 0 +05}. {797367600 2

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Brunei Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	175
Entropy (8bit):	4.792958708451203
Encrypted:	false
SSDEEP:
MD5:	95EE0EFC01271C3E3195ADC360F832C7
SHA1:	CDFA243F359AC5D2FA22032BF296169C8B2B942A
SHA-256:	241C47769C689823961D308B38D8282F6852BC0511E7DC196BF6BF4CFADBE401
SHA-512:	11CAE9804EF933A790F5B9B86CC03C133DBD1DB97FAA78F508D681662AAC3714B93166B596F248799FC5B86344B48764865D3371427119999CB02963C98E15C3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Brunei) {. {-9223372036854775808 27580 0 LMT}. {-1383464380 27000 0 +0730}. {-1167636600 28800 0 +08}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Calcutta Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.721946029615065
Encrypted:	false
SSDEEP:
MD5:	A967F010A398CD98871E1FF97F3E48AC
SHA1:	6C8C0AF614D6789CD1F9B6243D26FAC1F9B767EF
SHA-256:	B07250CD907CA11FE1C94F1DCCC999CECF8E9969F74442A9FCC00FC48EDE468B
SHA-512:	67E3207C8A63A5D8A1B7ED1A62D57639D695F9CD83126EB58A70EF076B816EC5C4FDBD23F1F32A4BB6F0F9131D30AF16B56CD92B1C42C240FD886C81BA8940DA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Kolkata)]} {. LoadTimeZoneFile Asia/Kolkata.}.set TZData(:Asia/Calcutta) $TZData(:Asia/Kolkata).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Chita Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2014
Entropy (8bit):	3.6060921590827193
Encrypted:	false
SSDEEP:
MD5:	A3FB98DC18AC53AE13337F3CC1C4CE68
SHA1:	F0280D5598AEB6B6851A8C2831D4370E27121B5F
SHA-256:	D0A984F2EDB6A5A4E3C3CFA812550782F6B34AD0C79B1DD742712EBA14B7B9FB
SHA-512:	A33E2E0EA093BB758539A761B4CF82204699BC35950ACD329DA9205A141469930CAF179E4331DF505408C7C4F97480416DC16C7E93E53B12392509E5A093E562
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Chita) {. {-9223372036854775808 27232 0 LMT}. {-1579419232 28800 0 +08}. {-1247558400 32400 0 +10}. {354898800 36000 1 +10}. {370706400 32400 0 +09}. {386434800 36000 1 +10}. {402242400 32400 0 +09}. {417970800 36000 1 +10}. {433778400 32400 0 +09}. {449593200 36000 1 +10}. {465325200 32400 0 +09}. {481050000 36000 1 +10}. {496774800 32400 0 +09}. {512499600 36000 1 +10}. {528224400 32400 0 +09}. {543949200 36000 1 +10}. {559674000 32400 0 +09}. {575398800 36000 1 +10}. {591123600 32400 0 +09}. {606848400 36000 1 +10}. {622573200 32400 0 +09}. {638298000 36000 1 +10}. {654627600 32400 0 +09}. {670352400 28800 0 +09}. {670356000 32400 1 +09}. {686080800 28800 0 +08}. {695757600 32400 0 +10}. {701802000 36000 1 +10}. {717526800 32400 0 +09}. {733251600 36000 1 +10}. {748976400 32400 0 +09}. {764701200 36000 1 +10}. {780426000 324

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Choibalsan Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1563
Entropy (8bit):	3.6863846285633057
Encrypted:	false
SSDEEP:
MD5:	799F0221A1834C723E6BBA2D00727156
SHA1:	569BBC1F20F7157ECF753A8DEB49156B260A96E0
SHA-256:	02FF47A619BE154A88530BA8C83F5D52277FA8E8F7941C0D33F89161CE1B5503
SHA-512:	535812754A92E251A9C86C20E3032A6B363F77F6839C95DAD6ED18200ACAA3075E602AD626F50B84EB931D1D33BD0E00CA5AE1D1D95DEBECDE57EE9E65A137DF
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Choibalsan) {. {-9223372036854775808 27480 0 LMT}. {-2032933080 25200 0 +07}. {252435600 28800 0 +08}. {417974400 36000 0 +09}. {433778400 32400 0 +09}. {449593200 36000 1 +09}. {465314400 32400 0 +09}. {481042800 36000 1 +09}. {496764000 32400 0 +09}. {512492400 36000 1 +09}. {528213600 32400 0 +09}. {543942000 36000 1 +09}. {559663200 32400 0 +09}. {575391600 36000 1 +09}. {591112800 32400 0 +09}. {606841200 36000 1 +09}. {622562400 32400 0 +09}. {638290800 36000 1 +09}. {654616800 32400 0 +09}. {670345200 36000 1 +09}. {686066400 32400 0 +09}. {701794800 36000 1 +09}. {717516000 32400 0 +09}. {733244400 36000 1 +09}. {748965600 32400 0 +09}. {764694000 36000 1 +09}. {780415200 32400 0 +09}. {796143600 36000 1 +09}. {811864800 32400 0 +09}. {828198000 36000 1 +09}. {843919200 32400 0 +09}. {859647600 36000 1 +09}. {875368800

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Chongqing Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	177
Entropy (8bit):	4.815975603028152
Encrypted:	false
SSDEEP:
MD5:	37D7B7C1E435E2539FDD83D71149DD9A
SHA1:	F4ADE88DDF244BD2FF5B23714BF7449A74907E08
SHA-256:	78611E8A0EBEBC4CA2A55611FAC1F00F8495CB044B2A6462214494C7D1F5DA6A
SHA-512:	E0C57229DC76746C6424606E41E10E97F0F08DD2B00659172DA35F3444BF48B4BC7E2F339A10ECC21628A683E2CB8B4FA5945B8AC68C6BAFEA720AFBB88C90C6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Shanghai)]} {. LoadTimeZoneFile Asia/Shanghai.}.set TZData(:Asia/Chongqing) $TZData(:Asia/Shanghai).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Chungking Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	177
Entropy (8bit):	4.840543487466552
Encrypted:	false
SSDEEP:
MD5:	6F21100628DD48B2FF4B1F2AF92E05CB
SHA1:	B74478D0EC95A577C2A58497692DB293BBD31586
SHA-256:	DB2C572E039D1A777FFC66558E2BEE46C52D8FE57401436AE18BB4D5892131CE
SHA-512:	2D3C37790B6A764FE4E1B8BD8EDF1D073D711F59CEA3EC5E6003E481898F7285B42A14E904C3D148422244BB083FBA42C6623DF7DA05923F6145EEE3FD259520
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Shanghai)]} {. LoadTimeZoneFile Asia/Shanghai.}.set TZData(:Asia/Chungking) $TZData(:Asia/Shanghai).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Colombo Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	356
Entropy (8bit):	4.4006537789533695
Encrypted:	false
SSDEEP:
MD5:	4074FBEF7DD0DF48AD74BDAED3106A75
SHA1:	FB1E5190EAF8BF9B64EED49F115E34926C1EAF53
SHA-256:	DB6A7EA0DC757706126114BED5E693565938AABFE3DA1670170647CCDE6BE6CD
SHA-512:	A469C09FA6A1DA1DB140BFFECB931DBC4B2315A13B82FCA8813C93954598D03818323B7DDE1106D1F1D815ED69523361369AF883CA4818CA562D728F7A88D8A7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Colombo) {. {-9223372036854775808 19164 0 LMT}. {-2840159964 19172 0 MMT}. {-2019705572 19800 0 +0530}. {-883287000 21600 1 +06}. {-862639200 23400 1 +0630}. {-764051400 19800 0 +0530}. {832962600 23400 0 +0630}. {846266400 21600 0 +06}. {1145039400 19800 0 +0530}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Dacca Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	164
Entropy (8bit):	4.733855608307331
Encrypted:	false
SSDEEP:
MD5:	629FC03B52D24615FB052C84B0F30452
SHA1:	80D24B1A70FC568AB9C555BD1CC70C17571F6061
SHA-256:	BD3E4EE002AFF8F84E74A6D53E08AF5B5F2CAF2B06C9E70B64B05FC8F0B6CA99
SHA-512:	1C912A5F323E84A82D60300F6AC55892F870974D4DEFE0AF0B8F6A87867A176D3F8D66C1A5B11D8560F549D738FFE377DC20EB055182615062D4649BBA011F32
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Dhaka)]} {. LoadTimeZoneFile Asia/Dhaka.}.set TZData(:Asia/Dacca) $TZData(:Asia/Dhaka).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Damascus Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8031
Entropy (8bit):	3.629699951300869
Encrypted:	false
SSDEEP:
MD5:	202E5950F6324878B0E6FD0056D2F186
SHA1:	A668D4DC3E73A292728CCE136EFFAC95D5952A81
SHA-256:	3BB43B71FF807AA3BF6A7F94680FB8BD586A1471218307A6A7A4CE73A5A3A55E
SHA-512:	5F9A7308E9C08267ECB8D502505EF9B32269D62FA490D6BC01F6927CB8D5B40CA17BB0CDFA3EE78D48C7686EAA7FD266666EB80E54125859F86CADFD7366DB6B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Damascus) {. {-9223372036854775808 8712 0 LMT}. {-1577931912 7200 0 EET}. {-1568592000 10800 1 EEST}. {-1554080400 7200 0 EET}. {-1537142400 10800 1 EEST}. {-1522630800 7200 0 EET}. {-1505692800 10800 1 EEST}. {-1491181200 7200 0 EET}. {-1474243200 10800 1 EEST}. {-1459126800 7200 0 EET}. {-242265600 10800 1 EEST}. {-228877200 7200 0 EET}. {-210556800 10800 1 EEST}. {-197427600 7200 0 EET}. {-178934400 10800 1 EEST}. {-165718800 7200 0 EET}. {-147398400 10800 1 EEST}. {-134269200 7200 0 EET}. {-116467200 10800 1 EEST}. {-102646800 7200 0 EET}. {-84326400 10800 1 EEST}. {-71110800 7200 0 EET}. {-52704000 10800 1 EEST}. {-39488400 7200 0 EET}. {-21168000 10800 1 EEST}. {-7952400 7200 0 EET}. {10368000 10800 1 EEST}. {23583600 7200 0 EET}. {41904000 10800 1 EEST}. {55119600 7200 0 EET}. {73526400 10800 1 EEST}. {86742000 7200 0 EET}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Dhaka Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	351
Entropy (8bit):	4.345019966462698
Encrypted:	false
SSDEEP:
MD5:	F5A6B4C90D50208EF512A728A2A03BB6
SHA1:	C9D3C712EDABDFCD1629E72AF363CEB2A0E2334E
SHA-256:	42BF62F13C2F808BEFD2601D668AFE5D49EA417FC1AC5391631C20ED7225FF46
SHA-512:	64D413D9299436877F287943FF454EB2AFD415D87DE13AACA50E7BD123828D16CFABD679677F36C891024AB53C62695559DAABDECCC127A669C3ECA0F155453B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Dhaka) {. {-9223372036854775808 21700 0 LMT}. {-2524543300 21200 0 HMT}. {-891582800 23400 0 +0630}. {-872058600 19800 0 +0530}. {-862637400 23400 0 +0630}. {-576138600 21600 0 +06}. {1230746400 21600 0 +06}. {1245430800 25200 1 +06}. {1262278800 21600 0 +06}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Dili Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	226
Entropy (8bit):	4.536797249025477
Encrypted:	false
SSDEEP:
MD5:	54EC6A256F6D636CD98DD48CDF0E48F1
SHA1:	571244C3D84A8A6EFFE55C787BFBCE7A6014462C
SHA-256:	88D61A495724F72DA6AB20CC997575F27797589C7B80F2C63C27F84BF1EB8D61
SHA-512:	EDD67865D3AD3D2F6D1AFFAE35B6B25E2439164E0BEF8E0E819F88F937F896C10EAB513467524DA0A5A2E3D4C78F55EA3F98F25979B8625DFC66801CBBE9301F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Dili) {. {-9223372036854775808 30140 0 LMT}. {-1830414140 28800 0 +08}. {-879152400 32400 0 +09}. {199897200 28800 0 +08}. {969120000 32400 0 +09}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Dubai Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	142
Entropy (8bit):	4.927936359970315
Encrypted:	false
SSDEEP:
MD5:	6CC252314EDA586C514C76E6981EEAEE
SHA1:	F58C9072FBBA31C735345162F629BB6CAAB9C871
SHA-256:	8D7409EBC94A817962C3512E07AFF32838B54B939068129C73EBBEEF8F858ED2
SHA-512:	40BC04B25F16247F9F6569A37D28EDCA1D7FB33586482A990A36B5B148BF7598CF5493D38C4D1CBDF664553302E4D6505D80EB7E7B5B9FB5141CB7F39B99A93D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Dubai) {. {-9223372036854775808 13272 0 LMT}. {-1577936472 14400 0 +04}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Dushanbe Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	791
Entropy (8bit):	3.8859952964866946
Encrypted:	false
SSDEEP:
MD5:	316F527821D632517866A6E7F97365B3
SHA1:	6F56985AF44E6533778CFB1FC04D206367A6C0BF
SHA-256:	5A8FFD24FF0E26C99536EB9D3FB308C28B3491042034B187140039B7A5DF6F1F
SHA-512:	7EA1ABD02CD8461DD91576B5BCB46B6E3AE25F94BC7936DC051C0964F4EA2F55C58CB1FA6C3A82334AAAAFCDBD6D6DBEBE33FB1C7C45FBDCA5EC43FD46A970A7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Dushanbe) {. {-9223372036854775808 16512 0 LMT}. {-1441168512 18000 0 +05}. {-1247547600 21600 0 +06}. {354909600 25200 1 +06}. {370717200 21600 0 +06}. {386445600 25200 1 +06}. {402253200 21600 0 +06}. {417981600 25200 1 +06}. {433789200 21600 0 +06}. {449604000 25200 1 +06}. {465336000 21600 0 +06}. {481060800 25200 1 +06}. {496785600 21600 0 +06}. {512510400 25200 1 +06}. {528235200 21600 0 +06}. {543960000 25200 1 +06}. {559684800 21600 0 +06}. {575409600 25200 1 +06}. {591134400 21600 0 +06}. {606859200 25200 1 +06}. {622584000 21600 0 +06}. {638308800 25200 1 +06}. {654638400 21600 0 +06}. {670363200 21600 1 +06}. {684363600 18000 0 +05}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Famagusta Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7341
Entropy (8bit):	3.6266031318601386
Encrypted:	false
SSDEEP:
MD5:	997FF37AE5C6E2E13664100C2FBF8E19
SHA1:	BF59628212564E50BCC5247C534658C8B7CFF0EE
SHA-256:	639F26A411E298948A4FAC560E218ED7079722FB4E4AAF8CE0688A3BE24868AE
SHA-512:	41FEF2026A3062ECA62729A555D10F9ABA777CCBE4E907489B74FC91C645E6010ECFABD2ACB4ED652ADF97E0A69935CB2FADA6732744ED3ADA95DD2EB3C08655
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Famagusta) {. {-9223372036854775808 8148 0 LMT}. {-1518920148 7200 0 EET}. {166572000 10800 1 EEST}. {182293200 7200 0 EET}. {200959200 10800 1 EEST}. {213829200 7200 0 EET}. {228866400 10800 1 EEST}. {243982800 7200 0 EET}. {260316000 10800 1 EEST}. {276123600 7200 0 EET}. {291765600 10800 1 EEST}. {307486800 7200 0 EET}. {323820000 10800 1 EEST}. {338936400 7200 0 EET}. {354664800 10800 1 EEST}. {370386000 7200 0 EET}. {386114400 10800 1 EEST}. {401835600 7200 0 EET}. {417564000 10800 1 EEST}. {433285200 7200 0 EET}. {449013600 10800 1 EEST}. {465339600 7200 0 EET}. {481068000 10800 1 EEST}. {496789200 7200 0 EET}. {512517600 10800 1 EEST}. {528238800 7200 0 EET}. {543967200 10800 1 EEST}. {559688400 7200 0 EET}. {575416800 10800 1 EEST}. {591138000 7200 0 EET}. {606866400 10800 1 EEST}. {622587600 7200 0 EET}. {638316000 108

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Gaza Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7974
Entropy (8bit):	3.660638074803316
Encrypted:	false
SSDEEP:
MD5:	45C8B6CB180839A1F3D500071D1AFC1D
SHA1:	59E900FB2D7BFF44AED578B9BD10AA0530B4F5D1
SHA-256:	FA459622B54CD0A5603323EA00CE64D63BBC957EC0BDCC9BE73D48916237619C
SHA-512:	5F485299D6DF9EBD620D2AEF7BDE21C7505EAD51467699874408691C644E9E6D8C63DD6061489E924B95672A227B5B9921E4281405981FCBBCA4619F80195AB5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Gaza) {. {-9223372036854775808 8272 0 LMT}. {-2185409872 7200 0 EEST}. {-933645600 10800 1 EEST}. {-857358000 7200 0 EEST}. {-844300800 10800 1 EEST}. {-825822000 7200 0 EEST}. {-812685600 10800 1 EEST}. {-794199600 7200 0 EEST}. {-779853600 10800 1 EEST}. {-762656400 7200 0 EEST}. {-748310400 10800 1 EEST}. {-731127600 7200 0 EEST}. {-682653600 7200 0 EET}. {-399088800 10800 1 EEST}. {-386650800 7200 0 EET}. {-368330400 10800 1 EEST}. {-355114800 7200 0 EET}. {-336790800 10800 1 EEST}. {-323654400 7200 0 EET}. {-305168400 10800 1 EEST}. {-292032000 7200 0 EET}. {-273632400 10800 1 EEST}. {-260496000 7200 0 EET}. {-242096400 10800 1 EEST}. {-228960000 7200 0 EET}. {-210560400 10800 1 EEST}. {-197424000 7200 0 EET}. {-178938000 10800 1 EEST}. {-165801600 7200 0 EET}. {-147402000 10800 1 EEST}. {-134265600 7200 0 EET}. {-115866000 1

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Harbin Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	174
Entropy (8bit):	4.814799933523261
Encrypted:	false
SSDEEP:
MD5:	2B286E58F2214F7A28D2A678B905CFA3
SHA1:	A76B2D8BA2EA264FE84C5C1ED3A6D3E13288132F
SHA-256:	6917C89A78ED54DD0C5C9968E5149D42727A9299723EC1D2EBD531A65AD37227
SHA-512:	0022B48003FE9C8722FD1762FFB8E07E731661900FCE40BD6FE82B70F162FF5D32888028519D51682863ADCAC6DD21D35634CA06489FD4B704DA5A8A018BF26F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Shanghai)]} {. LoadTimeZoneFile Asia/Shanghai.}.set TZData(:Asia/Harbin) $TZData(:Asia/Shanghai).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Hebron Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7950
Entropy (8bit):	3.6634483349947593
Encrypted:	false
SSDEEP:
MD5:	67602731E9D02418D0B1DCBCB9367870
SHA1:	13D896B6B8B553879D70BFBA6734AFDFE3A522A4
SHA-256:	9D89F879C6F47F05015C8B7D66639AAC8AF2D5A6F733CDA60CFF22EB0EB71221
SHA-512:	ECA8EB42144EF4097E606AC57795491248D02C331CE426E7C23D42490F873CD19924F1C2318E2FF1D18E275F3CAD60E9DFBB08B4B8334EA3FF1EE31452B9E167
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Hebron) {. {-9223372036854775808 8423 0 LMT}. {-2185410023 7200 0 EEST}. {-933645600 10800 1 EEST}. {-857358000 7200 0 EEST}. {-844300800 10800 1 EEST}. {-825822000 7200 0 EEST}. {-812685600 10800 1 EEST}. {-794199600 7200 0 EEST}. {-779853600 10800 1 EEST}. {-762656400 7200 0 EEST}. {-748310400 10800 1 EEST}. {-731127600 7200 0 EEST}. {-682653600 7200 0 EET}. {-399088800 10800 1 EEST}. {-386650800 7200 0 EET}. {-368330400 10800 1 EEST}. {-355114800 7200 0 EET}. {-336790800 10800 1 EEST}. {-323654400 7200 0 EET}. {-305168400 10800 1 EEST}. {-292032000 7200 0 EET}. {-273632400 10800 1 EEST}. {-260496000 7200 0 EET}. {-242096400 10800 1 EEST}. {-228960000 7200 0 EET}. {-210560400 10800 1 EEST}. {-197424000 7200 0 EET}. {-178938000 10800 1 EEST}. {-165801600 7200 0 EET}. {-147402000 10800 1 EEST}. {-134265600 7200 0 EET}. {-115866000

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Ho_Chi_Minh Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	381
Entropy (8bit):	4.352557338100764
Encrypted:	false
SSDEEP:
MD5:	41EF18FF071B8541A5CA830C131B22D3
SHA1:	65E502FD93FE025FD7B358B2953335F4B41BBC68
SHA-256:	95525205BC65B8DB626EF5257F6C3A93A4902AB6415C080EE67399B41D9AD7AA
SHA-512:	3889199D84CE456CC7231B0A81CCA7F4C976ED13015869BF486078075F24687C588F9FB52E09744ED4763CA71CC869048C588CDD42C2EA195A9B04EB9C18A123
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Ho_Chi_Minh) {. {-9223372036854775808 25600 0 LMT}. {-2004073600 25590 0 PLMT}. {-1851577590 25200 0 +07}. {-852105600 28800 0 +08}. {-782643600 32400 0 +09}. {-767869200 25200 0 +07}. {-718095600 28800 0 +08}. {-457776000 25200 0 +07}. {-315648000 28800 0 +08}. {171820800 25200 0 +07}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Hong_Kong Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2150
Entropy (8bit):	3.923186571913929
Encrypted:	false
SSDEEP:
MD5:	BBA59A5886F48DCEC5CEFDB689D36880
SHA1:	8207DE6AB5F7EC6077506ED3AE2EEA3AB35C5FAE
SHA-256:	F66F0F161B55571CC52167427C050327D4DB98AD58C6589FF908603CD53447F0
SHA-512:	D071D97E6773FC22ABCCE3C8BE133E0FDA40C385234FEB23F69C84ABB9042E319D6891BD9CA65F2E0A048E6F374DB91E8880DCD9711A86B79A3A058517A3DBFA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Hong_Kong) {. {-9223372036854775808 27402 0 LMT}. {-2056693002 28800 0 HKT}. {-907389000 32400 1 HKST}. {-891667800 28800 0 HKT}. {-884246400 32400 0 JST}. {-766746000 28800 0 HKT}. {-747981000 32400 1 HKST}. {-728544600 28800 0 HKT}. {-717049800 32400 1 HKST}. {-694503000 28800 0 HKT}. {-683785800 32400 1 HKST}. {-668064600 28800 0 HKT}. {-654755400 32400 1 HKST}. {-636615000 28800 0 HKT}. {-623305800 32400 1 HKST}. {-605165400 28800 0 HKT}. {-591856200 32400 1 HKST}. {-573715800 28800 0 HKT}. {-559801800 32400 1 HKST}. {-542352600 28800 0 HKT}. {-528352200 32400 1 HKST}. {-510211800 28800 0 HKT}. {-498112200 32400 1 HKST}. {-478762200 28800 0 HKT}. {-466662600 32400 1 HKST}. {-446707800 28800 0 HKT}. {-435213000 32400 1 HKST}. {-415258200 28800 0 HKT}. {-403158600 32400 1 HKST}. {-383808600 28800 0 HKT}. {-371709000 32400 1 HKST}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Hovd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1528
Entropy (8bit):	3.661748285763298
Encrypted:	false
SSDEEP:
MD5:	6CF9D198D7CC1F0E16DDFE91A6B4A1A5
SHA1:	D1DEE309E479271CDC3A306272CF4D94367EC68A
SHA-256:	7E189D7937E5B41CD94AB5208E40C645BE678F2A4F4B02EE1305595E5296E3D0
SHA-512:	56488F1DD1C694457FC7F8B13550B3D2B3BC737241E311783135115E2BD585FDD083A5146488A121BC02CC1F05EF40C05A88EED1AF391FB9E4653C1F25CC4AF7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Hovd) {. {-9223372036854775808 21996 0 LMT}. {-2032927596 21600 0 +06}. {252439200 25200 0 +07}. {417978000 28800 1 +07}. {433785600 25200 0 +07}. {449600400 28800 1 +07}. {465321600 25200 0 +07}. {481050000 28800 1 +07}. {496771200 25200 0 +07}. {512499600 28800 1 +07}. {528220800 25200 0 +07}. {543949200 28800 1 +07}. {559670400 25200 0 +07}. {575398800 28800 1 +07}. {591120000 25200 0 +07}. {606848400 28800 1 +07}. {622569600 25200 0 +07}. {638298000 28800 1 +07}. {654624000 25200 0 +07}. {670352400 28800 1 +07}. {686073600 25200 0 +07}. {701802000 28800 1 +07}. {717523200 25200 0 +07}. {733251600 28800 1 +07}. {748972800 25200 0 +07}. {764701200 28800 1 +07}. {780422400 25200 0 +07}. {796150800 28800 1 +07}. {811872000 25200 0 +07}. {828205200 28800 1 +07}. {843926400 25200 0 +07}. {859654800 28800 1 +07}. {875376000 25200

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Irkutsk Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2017
Entropy (8bit):	3.6386982097761646
Encrypted:	false
SSDEEP:
MD5:	E4995DD6F78F859B17952F15DB554ADC
SHA1:	19D4957E2A8CC17BCA7F020E4DF411F0E3AC8B49
SHA-256:	122FEB27760CC2CD714531CF68E6C77F8505E9CA11A147DDA649E2C98E150494
SHA-512:	A36B334E72C9D0854F0DE040EEEBF7B92E537F770D4EEBB1697AB9DD6AB00E678BE58A7CE2514A4667BA2B8760625C22D21AFE3AB80C5B1DBB7C10E91CDDDB3A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Irkutsk) {. {-9223372036854775808 25025 0 LMT}. {-2840165825 25025 0 IMT}. {-1575874625 25200 0 +07}. {-1247554800 28800 0 +09}. {354902400 32400 1 +09}. {370710000 28800 0 +08}. {386438400 32400 1 +09}. {402246000 28800 0 +08}. {417974400 32400 1 +09}. {433782000 28800 0 +08}. {449596800 32400 1 +09}. {465328800 28800 0 +08}. {481053600 32400 1 +09}. {496778400 28800 0 +08}. {512503200 32400 1 +09}. {528228000 28800 0 +08}. {543952800 32400 1 +09}. {559677600 28800 0 +08}. {575402400 32400 1 +09}. {591127200 28800 0 +08}. {606852000 32400 1 +09}. {622576800 28800 0 +08}. {638301600 32400 1 +09}. {654631200 28800 0 +08}. {670356000 25200 0 +08}. {670359600 28800 1 +08}. {686084400 25200 0 +07}. {695761200 28800 0 +09}. {701805600 32400 1 +09}. {717530400 28800 0 +08}. {733255200 32400 1 +09}. {748980000 28800 0 +08}. {764704800

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Istanbul Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	182
Entropy (8bit):	4.853387718159342
Encrypted:	false
SSDEEP:
MD5:	7EC8D7D32DC13BE15122D8E26C55F9A2
SHA1:	5B07C7161F236DF34B0FA83007ECD75B6435F420
SHA-256:	434B8D0E3034656B3E1561615CCA192EFA62942F285CD59338313710900DB6CB
SHA-512:	D8F1999AF509871C0A7184CFEFB0A50C174ABDE218330D9CDC784C7599A655AD55F6F2173096EA91EE5700B978B9A94BBFCA41970206E7ADEB804D0EE03B45ED
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Istanbul)]} {. LoadTimeZoneFile Europe/Istanbul.}.set TZData(:Asia/Istanbul) $TZData(:Europe/Istanbul).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Jakarta Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	357
Entropy (8bit):	4.4086954127843585
Encrypted:	false
SSDEEP:
MD5:	88C82B18565C27E050074AD02536D257
SHA1:	9A150FCD9FAA0E903D70A719D949D00D82F531E3
SHA-256:	BC07AE610EF38F63EFF384E0815F6F64E79C61297F1C21469B2C5F19679CEAFB
SHA-512:	29152E0359BC0FB8648BC959DE01D0BCCD17EB928AE000FF77958E7F00FF7D65BFD2C740B438E114D53ABA260B7855B2695EF7C0484850A77FFF34F7A0B255CC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Jakarta) {. {-9223372036854775808 25632 0 LMT}. {-3231299232 25632 0 BMT}. {-1451719200 26400 0 +0720}. {-1172906400 27000 0 +0730}. {-876641400 32400 0 +09}. {-766054800 27000 0 +0730}. {-683883000 28800 0 +08}. {-620812800 27000 0 +0730}. {-189415800 25200 0 WIB}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Jayapura Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	205
Entropy (8bit):	4.7830039894710366
Encrypted:	false
SSDEEP:
MD5:	3C073BD9DFD2C4F9BC95C8A94652FF5D
SHA1:	F4084CDFC025B3A21092DE18DD8ECAFCA5F0EBBB
SHA-256:	82FC06E73477EBB50C894244C91E613BF3551053359798F42F2F2C913730A470
SHA-512:	7E79E4425A0D855AAE8DCF5C7196AABE8E75D92CD9B65C61B82B31B29395D4A5F2D8B1E90454037753D03A1BDDE44E8F15D7E999E65C49BE8E8F8A2B2C4EECD0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Jayapura) {. {-9223372036854775808 33768 0 LMT}. {-1172913768 32400 0 +09}. {-799491600 34200 0 +0930}. {-189423000 32400 0 WIT}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Jerusalem Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7690
Entropy (8bit):	3.684387169764595
Encrypted:	false
SSDEEP:
MD5:	4C37DF27AB1E906CC624A62288847BA8
SHA1:	BE690D3958A4A6722ABDF047BF22ACEC8B6D6AFE
SHA-256:	F10DF7378FF71EDA45E8B1C007A280BBD4629972D12EAB0C6BA7623E98AAFA17
SHA-512:	B14F5FB330078A564796114FA6804EA12CE0AD6B2DF6D871FF6E7B416425B12FFD6B4E8511FCD55609FBCE95C8EDFF1E14B1C8C505F4B5B66F47EA52FD53F307
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Jerusalem) {. {-9223372036854775808 8454 0 LMT}. {-2840149254 8440 0 JMT}. {-1641003640 7200 0 IST}. {-933645600 10800 1 IDT}. {-857358000 7200 0 IST}. {-844300800 10800 1 IDT}. {-825822000 7200 0 IST}. {-812685600 10800 1 IDT}. {-794199600 7200 0 IST}. {-779853600 10800 1 IDT}. {-762656400 7200 0 IST}. {-748310400 10800 1 IDT}. {-731127600 7200 0 IST}. {-681962400 14400 1 IDDT}. {-673243200 10800 1 IDT}. {-667962000 7200 0 IST}. {-652327200 10800 1 IDT}. {-636426000 7200 0 IST}. {-622087200 10800 1 IDT}. {-608947200 7200 0 IST}. {-591847200 10800 1 IDT}. {-572486400 7200 0 IST}. {-558576000 10800 1 IDT}. {-542851200 7200 0 IST}. {-527731200 10800 1 IDT}. {-514425600 7200 0 IST}. {-490845600 10800 1 IDT}. {-482986800 7200 0 IST}. {-459475200 10800 1 IDT}. {-451537200 7200 0 IST}. {-428551200 10800 1 IDT}. {-418262400 7200 0 IST}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Kabul Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.804360783547797
Encrypted:	false
SSDEEP:
MD5:	9A8CCA0B4337CB6FA15BF1A4F01F6C22
SHA1:	A4C72FC1EF6EEBDBB5C8C698BCB298DFB5061726
SHA-256:	4F266D90C413FA44DFCA5BE13E45C00428C694AC662CB06F2451CC3FF08E080F
SHA-512:	E8074AA0D8B15EE33D279C97A01FF69451A99C7711FFD66B3E9B6B6B021DE957A63F6B747C7A63E3F3C1241E0A2687D81E780D6B54228EE6B7EB9040D7F06A60
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Kabul) {. {-9223372036854775808 16608 0 LMT}. {-2524538208 14400 0 +04}. {-788932800 16200 0 +0430}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Kamchatka Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1989
Entropy (8bit):	3.6993158455985338
Encrypted:	false
SSDEEP:
MD5:	496BD39D36218DF67279DA8DE9C7457B
SHA1:	8AE6E5CF7E1E693D11A112B75A0D24A135E94487
SHA-256:	6B757333C12F2BFE782258D7E9126ECE0E62696EF9C24B2955A791145D6780E9
SHA-512:	BADBF7893825F6C7053A23A7AA11B45A2EDBECC4580695BB6B8E568B7FFE5ED72BF61019F3CB6D7B8E663ACAF099F26E266450EC03F3C6B2F8E34BA0D12D100A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Kamchatka) {. {-9223372036854775808 38076 0 LMT}. {-1487759676 39600 0 +11}. {-1247569200 43200 0 +13}. {354888000 46800 1 +13}. {370695600 43200 0 +12}. {386424000 46800 1 +13}. {402231600 43200 0 +12}. {417960000 46800 1 +13}. {433767600 43200 0 +12}. {449582400 46800 1 +13}. {465314400 43200 0 +12}. {481039200 46800 1 +13}. {496764000 43200 0 +12}. {512488800 46800 1 +13}. {528213600 43200 0 +12}. {543938400 46800 1 +13}. {559663200 43200 0 +12}. {575388000 46800 1 +13}. {591112800 43200 0 +12}. {606837600 46800 1 +13}. {622562400 43200 0 +12}. {638287200 46800 1 +13}. {654616800 43200 0 +12}. {670341600 39600 0 +12}. {670345200 43200 1 +12}. {686070000 39600 0 +11}. {695746800 43200 0 +13}. {701791200 46800 1 +13}. {717516000 43200 0 +12}. {733240800 46800 1 +13}. {748965600 43200 0 +12}. {764690400 46800 1 +13}. {780415200

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Karachi Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	441
Entropy (8bit):	4.32891547054552
Encrypted:	false
SSDEEP:
MD5:	7A7CFCB7273FCAE33F77048F225BBBBD
SHA1:	44701B91CBC61FCAC8EEB6E67BCCA0403E9FDD7E
SHA-256:	9F8C46E5AC4DF691DDCB13C853660915C94316E73F74DD36AF889D5137F1761B
SHA-512:	44D5A0656032D61152C98B92E3ACA88197A73D87E2D0E8853D6A0E430BDF9290D3B718F9E5864840A6FFA59CDC0D4D47BCEE0471F176E62A05C1083CB35BEBB1
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Karachi) {. {-9223372036854775808 16092 0 LMT}. {-1988166492 19800 0 +0530}. {-862637400 23400 1 +0630}. {-764145000 19800 0 +0530}. {-576135000 18000 0 +05}. {38775600 18000 0 PKT}. {1018119600 21600 1 PKST}. {1033840800 18000 0 PKT}. {1212260400 21600 1 PKST}. {1225476000 18000 0 PKT}. {1239735600 21600 1 PKST}. {1257012000 18000 0 PKT}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Kashgar Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	169
Entropy (8bit):	4.920527043039276
Encrypted:	false
SSDEEP:
MD5:	9A66108527388564A9FBDB87D586105F
SHA1:	945E043A3CC45A4654C2D745A48E1D15F80A3CB5
SHA-256:	E2965AF4328FB065A82E8A21FF342C29A5942C2EDD304CE1C9087A23A91B65E1
SHA-512:	C3985D972AFB27E194CBE117E6CF8C45AA5A1B6504133FF85D52E8024387133D11F9EE7238FF87DC1D96F140B9467E6DB3F99B0B98299E6782A643288ABD3308
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Urumqi)]} {. LoadTimeZoneFile Asia/Urumqi.}.set TZData(:Asia/Kashgar) $TZData(:Asia/Urumqi).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Kathmandu Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	178
Entropy (8bit):	4.8475287330512495
Encrypted:	false
SSDEEP:
MD5:	FEFB0E2021110BC9175AC505536BDE12
SHA1:	8366110D91C7EA929DB300871DDC70808D458F90
SHA-256:	C4E46CE4385C676F5D7AC4B123C42F153F7B3F3E9F434698E8D56E1907A9B7C9
SHA-512:	F8F9EE0B8648154B3E3BEF192C58F2415475422BED139F20FD3D3EF253E8137CBB39AB769704AB1F20EE03B398402BC5B4A3E55BE284D1785F347B951FECEF62
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Kathmandu) {. {-9223372036854775808 20476 0 LMT}. {-1577943676 19800 0 +0530}. {504901800 20700 0 +0545}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Katmandu Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	179
Entropy (8bit):	4.786408960928606
Encrypted:	false
SSDEEP:
MD5:	A30FEA461B22B2CB3A67A616E3AE08FD
SHA1:	F368B215E15F6F518AEBC92289EE703DCAE849A1
SHA-256:	1E2A1569FE432CDA75C64FA55E24CA6F938C1C72C15FBB280D5B04F6C5E9AD69
SHA-512:	4F3D0681791C23EF19AFF239D2932D2CE1C991406F6DC8E313C083B5E03D806D26337ED2477700596D9A9F4FB1B7FC4A551F897A2A88CB7253CC7F863E586F03
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Kathmandu)]} {. LoadTimeZoneFile Asia/Kathmandu.}.set TZData(:Asia/Katmandu) $TZData(:Asia/Kathmandu).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Khandyga Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2046
Entropy (8bit):	3.6162520408317844
Encrypted:	false
SSDEEP:
MD5:	0AB1CB51373021D2929AD3BB6A6A7B36
SHA1:	6A58A13DE2479D7C07DA574A2850DB5479F42106
SHA-256:	7C282AFCBC654495AD174C5679C0FDA9C65DED557389648F924E809E337DF6A5
SHA-512:	E865073DF7273319ADE90C0520D843C636679ACFF1FEEC4C62B85AB7458393A71EAAE32F507D90863BE4018212B497E41EFC7EA684DF821A0D4FF1A9895FDCD8
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Khandyga) {. {-9223372036854775808 32533 0 LMT}. {-1579424533 28800 0 +08}. {-1247558400 32400 0 +10}. {354898800 36000 1 +10}. {370706400 32400 0 +09}. {386434800 36000 1 +10}. {402242400 32400 0 +09}. {417970800 36000 1 +10}. {433778400 32400 0 +09}. {449593200 36000 1 +10}. {465325200 32400 0 +09}. {481050000 36000 1 +10}. {496774800 32400 0 +09}. {512499600 36000 1 +10}. {528224400 32400 0 +09}. {543949200 36000 1 +10}. {559674000 32400 0 +09}. {575398800 36000 1 +10}. {591123600 32400 0 +09}. {606848400 36000 1 +10}. {622573200 32400 0 +09}. {638298000 36000 1 +10}. {654627600 32400 0 +09}. {670352400 28800 0 +09}. {670356000 32400 1 +09}. {686080800 28800 0 +08}. {695757600 32400 0 +10}. {701802000 36000 1 +10}. {717526800 32400 0 +09}. {733251600 36000 1 +10}. {748976400 32400 0 +09}. {764701200 36000 1 +10}. {780426000

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Kolkata Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	324
Entropy (8bit):	4.554598325373998
Encrypted:	false
SSDEEP:
MD5:	FABB53074E1D767952C664BBA02E8975
SHA1:	36D2D438FEEBF585D7A0B546647C08B63A582EA1
SHA-256:	DAB02F68D5EEA0DAC6A2BBB7D12930E1B4DA62EBAEC7DE35C0AA55F72CCFF139
SHA-512:	E178779CE31F8D16DFEC5F71F228BCB05FDA1939B1BCE204C40B14904682283BDC99F27B662E3995EEEE607D0E8C70BE3CE3DF6EAD355399566CF360D5EC9E70
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Kolkata) {. {-9223372036854775808 21208 0 LMT}. {-3645237208 21200 0 HMT}. {-3155694800 19270 0 MMT}. {-2019705670 19800 0 IST}. {-891581400 23400 1 +0630}. {-872058600 19800 0 IST}. {-862637400 23400 1 +0630}. {-764145000 19800 0 IST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Krasnoyarsk Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1991
Entropy (8bit):	3.6170298534050245
Encrypted:	false
SSDEEP:
MD5:	83333A0E3E9810621A8BADA29B04F256
SHA1:	CDC375C93E7F3019562DE7CE1D9EE2776FE7FE9E
SHA-256:	00A9E8DDDC4314F7271F7490001ABD29B6F5EAEB9080645911FF5DA8BD7F671C
SHA-512:	08913E002C7D3D54F0E09029C70A0F2D18636F6F52B12F10593BECF732F40E180780D4C6127E0A3B321EAF54AF660A48E8C3E29A161B6ED6E0E46C06BBD309D6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Krasnoyarsk) {. {-9223372036854775808 22286 0 LMT}. {-1577513486 21600 0 +06}. {-1247551200 25200 0 +08}. {354906000 28800 1 +08}. {370713600 25200 0 +07}. {386442000 28800 1 +08}. {402249600 25200 0 +07}. {417978000 28800 1 +08}. {433785600 25200 0 +07}. {449600400 28800 1 +08}. {465332400 25200 0 +07}. {481057200 28800 1 +08}. {496782000 25200 0 +07}. {512506800 28800 1 +08}. {528231600 25200 0 +07}. {543956400 28800 1 +08}. {559681200 25200 0 +07}. {575406000 28800 1 +08}. {591130800 25200 0 +07}. {606855600 28800 1 +08}. {622580400 25200 0 +07}. {638305200 28800 1 +08}. {654634800 25200 0 +07}. {670359600 21600 0 +07}. {670363200 25200 1 +07}. {686088000 21600 0 +06}. {695764800 25200 0 +08}. {701809200 28800 1 +08}. {717534000 25200 0 +07}. {733258800 28800 1 +08}. {748983600 25200 0 +07}. {764708400 28800 1 +08}. {7804332

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Kuala_Lumpur Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	362
Entropy (8bit):	4.404454529095857
Encrypted:	false
SSDEEP:
MD5:	B5FC8D431304F5C1ADF7D0B237DA5A52
SHA1:	79FC3057CD88E4DF71421AD52C34E0127FBD6FDA
SHA-256:	138912D754FBA8A1306063CCE897218972A4B0976EDDEC5C8E69A7965B0CD198
SHA-512:	27DC64B43958814E1A935D817CCFE7ADE8E6E6A778E27E391683FC491764EB77774A3D4A871C4E83BBA43FF8BA2383CBB8CC2D4F1FEB1AE063735C95651865E9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Kuala_Lumpur) {. {-9223372036854775808 24406 0 LMT}. {-2177477206 24925 0 SMT}. {-2038200925 25200 0 +07}. {-1167634800 26400 1 +0720}. {-1073028000 26400 0 +0720}. {-894180000 27000 0 +0730}. {-879665400 32400 0 +09}. {-767005200 27000 0 +0730}. {378664200 28800 0 +08}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Kuching Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	646
Entropy (8bit):	3.99554344665026
Encrypted:	false
SSDEEP:
MD5:	2F27D1377C9EBBACDC260A50C195BDBB
SHA1:	397B8714F2C909A8EB88A7A1F4A1AEA0A5B8E80E
SHA-256:	519FDD455107270E6F8F3848C214D3D44CC1465B7B3E375318857D4A9093E1C0
SHA-512:	E4583E6C3FEB5ADAD41827D8ADCD7DA34CCB92D2B62B9D7C3D59F76719B9EE2FE44697CFD00943D9E2A4DBAEB929C97A1FF520FFF62EB6829C88D71EC8C51993
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Kuching) {. {-9223372036854775808 26480 0 LMT}. {-1383463280 27000 0 +0730}. {-1167636600 28800 0 +08}. {-1082448000 30000 1 +08}. {-1074586800 28800 0 +08}. {-1050825600 30000 1 +08}. {-1042964400 28800 0 +08}. {-1019289600 30000 1 +08}. {-1011428400 28800 0 +08}. {-987753600 30000 1 +08}. {-979892400 28800 0 +08}. {-956217600 30000 1 +08}. {-948356400 28800 0 +08}. {-924595200 30000 1 +08}. {-916734000 28800 0 +08}. {-893059200 30000 1 +08}. {-885198000 28800 0 +08}. {-879667200 32400 0 +09}. {-767005200 28800 0 +08}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Kuwait Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	168
Entropy (8bit):	4.82804794783422
Encrypted:	false
SSDEEP:
MD5:	6D6109F6EC1E12881C60EC44AAEB772B
SHA1:	B5531BEAC1C07DA57A901D0A48F4E1AC03F07467
SHA-256:	67BB9F159C752C744AC6AB26BBC0688CF4FA94C58C23B2B49B871CAA8774FC5D
SHA-512:	B0624B9F936E5C1392B7EBB3190D7E97EAE96647AB965BB9BE045D2C3082B1C7E48FF89A7B57FD3475D018574E7294D45B068C555A43AAEDFD65AC5C5C5D0A5B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Riyadh)]} {. LoadTimeZoneFile Asia/Riyadh.}.set TZData(:Asia/Kuwait) $TZData(:Asia/Riyadh).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Macao Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	164
Entropy (8bit):	4.729350272507574
Encrypted:	false
SSDEEP:
MD5:	DB6155900D4556EE7B3089860AD5C4E3
SHA1:	708E4AE427C8BAF589509F4330C389EE55C1D514
SHA-256:	8264648CF1EA3E352E13482DE2ACE70B97FD37FBB1F28F70011561CFCBF533EA
SHA-512:	941D52208FABB634BABCD602CD468F2235199813F4C1C5AB82A453E8C4CE4543C1CE3CBDB9D035DB039CFFDBC94D5D0F9D29363442E2458426BDD52ECDF7C3C5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Macau)]} {. LoadTimeZoneFile Asia/Macau.}.set TZData(:Asia/Macao) $TZData(:Asia/Macau).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Macau Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2141
Entropy (8bit):	3.8815104664173843
Encrypted:	false
SSDEEP:
MD5:	DC20959BDB02CF86A33CE2C82D4D9853
SHA1:	90FC1820FA0E3B1C4BD2158185F95DCD1AA271D6
SHA-256:	6263F011537DB5CAF6B09F16D55DADE527A475AEE04F1BA38A75D13E9D125355
SHA-512:	8C6D0FA9584595B93A563D60387520CE9B28595C2C3880004275BAE66313A7606379646D27FB5EB91EC8D96D3B23959E2F9E3ABC97C203FD76E1DCC5ABB64374
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Macau) {. {-9223372036854775808 27250 0 LMT}. {-2056692850 28800 0 CST}. {-884509200 32400 0 +09}. {-873280800 36000 1 +09}. {-855918000 32400 0 +09}. {-841744800 36000 1 +09}. {-828529200 32400 0 +10}. {-765363600 28800 0 CT}. {-747046800 32400 1 CDT}. {-733827600 28800 0 CST}. {-716461200 32400 1 CDT}. {-697021200 28800 0 CST}. {-683715600 32400 1 CDT}. {-667990800 28800 0 CST}. {-654771600 32400 1 CDT}. {-636627600 28800 0 CST}. {-623322000 32400 1 CDT}. {-605178000 28800 0 CST}. {-591872400 32400 1 CDT}. {-573642000 28800 0 CST}. {-559818000 32400 1 CDT}. {-541674000 28800 0 CST}. {-528368400 32400 1 CDT}. {-510224400 28800 0 CST}. {-498128400 32400 1 CDT}. {-478774800 28800 0 CST}. {-466678800 32400 1 CDT}. {-446720400 28800 0 CST}. {-435229200 32400 1 CDT}. {-415258200 28800 0 CST}. {-403158600 32400 1 CDT}. {-383808600 2880

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Magadan Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2016
Entropy (8bit):	3.6746770806664517
Encrypted:	false
SSDEEP:
MD5:	18E80309362762B7757629B51F28AF99
SHA1:	502C70F24251BC062785A9349E6204CB719BF932
SHA-256:	6493D629E3CD4DB555A547F942BCCB4FFC7BBF7298FFBF9503F6DE3177ADBAC9
SHA-512:	C477E0DCF4E78E57E075FB5CAA45E70D4864EDFC40EAC2DD43D80F71408836E5BD468B15EB34B95020F2DB6CE531D67F076EF8EED4833ADEC1F6D37B2200CC84
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Magadan) {. {-9223372036854775808 36192 0 LMT}. {-1441188192 36000 0 +10}. {-1247565600 39600 0 +12}. {354891600 43200 1 +12}. {370699200 39600 0 +11}. {386427600 43200 1 +12}. {402235200 39600 0 +11}. {417963600 43200 1 +12}. {433771200 39600 0 +11}. {449586000 43200 1 +12}. {465318000 39600 0 +11}. {481042800 43200 1 +12}. {496767600 39600 0 +11}. {512492400 43200 1 +12}. {528217200 39600 0 +11}. {543942000 43200 1 +12}. {559666800 39600 0 +11}. {575391600 43200 1 +12}. {591116400 39600 0 +11}. {606841200 43200 1 +12}. {622566000 39600 0 +11}. {638290800 43200 1 +12}. {654620400 39600 0 +11}. {670345200 36000 0 +11}. {670348800 39600 1 +11}. {686073600 36000 0 +10}. {695750400 39600 0 +12}. {701794800 43200 1 +12}. {717519600 39600 0 +11}. {733244400 43200 1 +12}. {748969200 39600 0 +11}. {764694000 43200 1 +12}. {780418800 3

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Makassar Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	234
Entropy (8bit):	4.682322181661182
Encrypted:	false
SSDEEP:
MD5:	87D843314195847B6E4117119A1F701C
SHA1:	E51DC3A0BF20B09D8745AC682B4869A031A0A515
SHA-256:	22046165D40C8A553FE22A28E127514DF469E79581E0746101816A973456029D
SHA-512:	D241803442876A59170C1A90ACC66DEAF169CBF9B8CD7DE964BEF02D222B1D07511E241D441C3DA6AE7A7D1AAC1F4EDB5A21655C2923A3807BBFA8630071BCE9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Makassar) {. {-9223372036854775808 28656 0 LMT}. {-1577951856 28656 0 MMT}. {-1172908656 28800 0 +08}. {-880272000 32400 0 +09}. {-766054800 28800 0 WITA}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Manila Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	406
Entropy (8bit):	4.4205762929520755
Encrypted:	false
SSDEEP:
MD5:	3A833BF91AFE7FABBA98D11F29D84EAA
SHA1:	1622BEF54A12DE163B77309A0B7AF1C38AA6324B
SHA-256:	665E07B7A01E8A9D04B76B74B2EA0D11BDFC0BE6CA855DFDDBB5F9A6C9A97E90
SHA-512:	DFABB558CE2A8B96A976DD3B45B78CECE3633D51EE67F24E5AD59C7CF388538C5560EC133C60C3F0AFE8C68D88B1C05A12608A0408ACECBEEC38A84E3DC972FC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Manila) {. {-9223372036854775808 -57360 0 LMT}. {-3944621040 29040 0 LMT}. {-2229321840 28800 0 PST}. {-1046678400 32400 1 PDT}. {-1038733200 28800 0 PST}. {-873273600 32400 0 JST}. {-794221200 28800 0 PST}. {-496224000 32400 1 PDT}. {-489315600 28800 0 PST}. {259344000 32400 1 PDT}. {275151600 28800 0 PST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Muscat Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	165
Entropy (8bit):	4.754394427749078
Encrypted:	false
SSDEEP:
MD5:	5D8EBBC297A2258C352BC80535B7F7F1
SHA1:	684CAF480AF5B8A98D9AD1A1ECD4E07434F36875
SHA-256:	4709F2DA036EB96FB7B6CC40859BF59F1146FE8D3A7AFE326FBA3B8CB68049CE
SHA-512:	FD67E920D3D5FE69AF35535A8BBD2791204C6B63050EFECC0857F24D393712C4BC4660EA0A350D2A4DDA144073413BE013D71D73E6F3638CA30480541F9731FA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Dubai)]} {. LoadTimeZoneFile Asia/Dubai.}.set TZData(:Asia/Muscat) $TZData(:Asia/Dubai).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Nicosia Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7368
Entropy (8bit):	3.620699686510499
Encrypted:	false
SSDEEP:
MD5:	21EEEC6314C94D1476C2E79BBACFEB77
SHA1:	2C9805CD01C84D446CBDB90B9542CB24CCDE4E39
SHA-256:	7AAB1AC67D96287EE468608506868707B28FCD27A8F53128621801DCF0122162
SHA-512:	D4B0A0E60B102E10E03CF5BD07C5783E908D5E7079B646177C57C30D67B44C114EFF4DCFC71AF8441D67BD5A351068FBFFD8C5E08F06F1D69946B3EA7D49FC2D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Nicosia) {. {-9223372036854775808 8008 0 LMT}. {-1518920008 7200 0 EET}. {166572000 10800 1 EEST}. {182293200 7200 0 EET}. {200959200 10800 1 EEST}. {213829200 7200 0 EET}. {228866400 10800 1 EEST}. {243982800 7200 0 EET}. {260316000 10800 1 EEST}. {276123600 7200 0 EET}. {291765600 10800 1 EEST}. {307486800 7200 0 EET}. {323820000 10800 1 EEST}. {338936400 7200 0 EET}. {354664800 10800 1 EEST}. {370386000 7200 0 EET}. {386114400 10800 1 EEST}. {401835600 7200 0 EET}. {417564000 10800 1 EEST}. {433285200 7200 0 EET}. {449013600 10800 1 EEST}. {465339600 7200 0 EET}. {481068000 10800 1 EEST}. {496789200 7200 0 EET}. {512517600 10800 1 EEST}. {528238800 7200 0 EET}. {543967200 10800 1 EEST}. {559688400 7200 0 EET}. {575416800 10800 1 EEST}. {591138000 7200 0 EET}. {606866400 10800 1 EEST}. {622587600 7200 0 EET}. {638316000 10800

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Novokuznetsk Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1992
Entropy (8bit):	3.626746433557725
Encrypted:	false
SSDEEP:
MD5:	11B80F2A9B7B090DD146BD97E9DB7D43
SHA1:	4A2886799A50D031D79C935261B50363AA27768A
SHA-256:	4018CE273BC4D02057F66A4715626F0E4D8C7050391C00BB5AE054B4DA8DE2F8
SHA-512:	1F1650C1DBC3A171FF30C7657D7F99963A0C8D63B85460B45DE75AFABECE28F2A51236FB71DFF3EE567CC58E71B88623E4880DEBD18E9E9C9E527CF97D5FE926
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Novokuznetsk) {. {-9223372036854775808 20928 0 LMT}. {-1441259328 21600 0 +06}. {-1247551200 25200 0 +08}. {354906000 28800 1 +08}. {370713600 25200 0 +07}. {386442000 28800 1 +08}. {402249600 25200 0 +07}. {417978000 28800 1 +08}. {433785600 25200 0 +07}. {449600400 28800 1 +08}. {465332400 25200 0 +07}. {481057200 28800 1 +08}. {496782000 25200 0 +07}. {512506800 28800 1 +08}. {528231600 25200 0 +07}. {543956400 28800 1 +08}. {559681200 25200 0 +07}. {575406000 28800 1 +08}. {591130800 25200 0 +07}. {606855600 28800 1 +08}. {622580400 25200 0 +07}. {638305200 28800 1 +08}. {654634800 25200 0 +07}. {670359600 21600 0 +07}. {670363200 25200 1 +07}. {686088000 21600 0 +06}. {695764800 25200 0 +08}. {701809200 28800 1 +08}. {717534000 25200 0 +07}. {733258800 28800 1 +08}. {748983600 25200 0 +07}. {764708400 28800 1 +08}. {780433

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Novosibirsk Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2048
Entropy (8bit):	3.623418616375595
Encrypted:	false
SSDEEP:
MD5:	46E5FB7DEB8041BC9A2ADC83728944A7
SHA1:	B5826E206EAA3E8789A0F9E4B7511CEBFD1B6764
SHA-256:	C241F732B9731FA141B03FF1F990556C9BF14A1B21C9757C7FF75E688908B8A0
SHA-512:	42B6BEEE9C15CB59C010013FE0673CB0DF46CD0AC388DF7D57DCCD54482C950F2935F8A8D7DC68CFFD184B698283589134901C9C597970D95C5B608CD160AF70
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Novosibirsk) {. {-9223372036854775808 19900 0 LMT}. {-1579476700 21600 0 +06}. {-1247551200 25200 0 +08}. {354906000 28800 1 +08}. {370713600 25200 0 +07}. {386442000 28800 1 +08}. {402249600 25200 0 +07}. {417978000 28800 1 +08}. {433785600 25200 0 +07}. {449600400 28800 1 +08}. {465332400 25200 0 +07}. {481057200 28800 1 +08}. {496782000 25200 0 +07}. {512506800 28800 1 +08}. {528231600 25200 0 +07}. {543956400 28800 1 +08}. {559681200 25200 0 +07}. {575406000 28800 1 +08}. {591130800 25200 0 +07}. {606855600 28800 1 +08}. {622580400 25200 0 +07}. {638305200 28800 1 +08}. {654634800 25200 0 +07}. {670359600 21600 0 +07}. {670363200 25200 1 +07}. {686088000 21600 0 +06}. {695764800 25200 0 +08}. {701809200 28800 1 +08}. {717534000 25200 0 +07}. {733258800 28800 1 +08}. {738090000 25200 0 +07}. {748987200 21600 0 +06}. {7647120

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Omsk Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1984
Entropy (8bit):	3.5988580260925795
Encrypted:	false
SSDEEP:
MD5:	54E1F8C11C9CF4BF1DBCABF4AF31B7D4
SHA1:	3C428E50A02941B19AF2A2F1EA02763AA2C1A846
SHA-256:	5B9E95C813A184C969CC9808E136AD66C1231A55E66D4EE817BD2E85751C4EE9
SHA-512:	83DBFCC089AC902609FFFCA8E675430B9BF1EA452626E83173F83317884B6AC2620CE8AA96488ACF13445D9D1D4776EB908232BD8205B8F4F9B034A68864C9A9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Omsk) {. {-9223372036854775808 17610 0 LMT}. {-1582088010 18000 0 +05}. {-1247547600 21600 0 +07}. {354909600 25200 1 +07}. {370717200 21600 0 +06}. {386445600 25200 1 +07}. {402253200 21600 0 +06}. {417981600 25200 1 +07}. {433789200 21600 0 +06}. {449604000 25200 1 +07}. {465336000 21600 0 +06}. {481060800 25200 1 +07}. {496785600 21600 0 +06}. {512510400 25200 1 +07}. {528235200 21600 0 +06}. {543960000 25200 1 +07}. {559684800 21600 0 +06}. {575409600 25200 1 +07}. {591134400 21600 0 +06}. {606859200 25200 1 +07}. {622584000 21600 0 +06}. {638308800 25200 1 +07}. {654638400 21600 0 +06}. {670363200 18000 0 +06}. {670366800 21600 1 +06}. {686091600 18000 0 +05}. {695768400 21600 0 +07}. {701812800 25200 1 +07}. {717537600 21600 0 +06}. {733262400 25200 1 +07}. {748987200 21600 0 +06}. {764712000 25200 1 +07}. {780436800 2160

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Oral Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1606
Entropy (8bit):	3.6164715895962876
Encrypted:	false
SSDEEP:
MD5:	38914E248C13912E33187496C5AD9691
SHA1:	94C3711FC5EED22FE1929F2250208AC53DB175AC
SHA-256:	581AF958787971BE487B37C2D2534E58FFA085AFD0D9F0E12E0EEFF03F476E53
SHA-512:	8C7F21C8FCE2614181A998774E7038BAC483E502C3C31EDB0F4954E1424A0C16AD7DC5003E9533BB47CA2C06DD027E989BD696B2A74A23F686F74B8C9650BAE6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Oral) {. {-9223372036854775808 12324 0 LMT}. {-1441164324 10800 0 +03}. {-1247540400 18000 0 +05}. {354913200 21600 1 +06}. {370720800 21600 0 +06}. {386445600 18000 0 +05}. {386449200 21600 1 +05}. {402256800 18000 0 +05}. {417985200 21600 1 +05}. {433792800 18000 0 +05}. {449607600 21600 1 +05}. {465339600 18000 0 +05}. {481064400 21600 1 +05}. {496789200 18000 0 +05}. {512514000 21600 1 +05}. {528238800 18000 0 +05}. {543963600 21600 1 +05}. {559688400 18000 0 +05}. {575413200 21600 1 +05}. {591138000 18000 0 +05}. {606862800 14400 0 +04}. {606866400 18000 1 +04}. {622591200 14400 0 +04}. {638316000 18000 1 +04}. {654645600 14400 0 +04}. {670370400 18000 1 +04}. {686095200 14400 0 +04}. {701816400 14400 0 +04}. {701820000 18000 1 +04}. {717544800 14400 0 +04}. {733269600 18000 1 +04}. {748994400 14400 0 +04}. {764719200 1800

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Phnom_Penh Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	175
Entropy (8bit):	4.911861786274714
Encrypted:	false
SSDEEP:
MD5:	754059D3B44B7D60FB3BBFC97782C6CF
SHA1:	6AE931805E6A42836D65E4EBC76A58BBFB3DCAF4
SHA-256:	2C2DBD952FDA5CC042073B538C240B11C5C8E614DD4A697E1AA4C80E458575D0
SHA-512:	B5AA4B51699EEAE0D9F91BBAB5B682BD84537C4E2CCE282613E1FFA1DDBE562CA487FB2F8CD006EE9DBC9EFAEFA587EC9998F0364E5C932CDB42C14319328D46
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Bangkok)]} {. LoadTimeZoneFile Asia/Bangkok.}.set TZData(:Asia/Phnom_Penh) $TZData(:Asia/Bangkok).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Pontianak Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	356
Entropy (8bit):	4.428640713376822
Encrypted:	false
SSDEEP:
MD5:	81C643629BB417E38A5514BBEFEF55C8
SHA1:	7D91E7F00A1A0B795EF3FDD1B3DD052EA2F6122C
SHA-256:	998DFACE4BEE8A925E88D779D6C9FB9F9010BDB68010A9CCBC0B97BB5C49D452
SHA-512:	1291521B74984EC03557C4DC492DB4DD1312626F61612C1F143BA482E2C32CD331647D86507D3B3721D148B2ED3CED6678123BD801DAA6B4F2D9A0C07B90575F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Pontianak) {. {-9223372036854775808 26240 0 LMT}. {-1946186240 26240 0 PMT}. {-1172906240 27000 0 +0730}. {-881220600 32400 0 +09}. {-766054800 27000 0 +0730}. {-683883000 28800 0 +08}. {-620812800 27000 0 +0730}. {-189415800 28800 0 WITA}. {567964800 25200 0 WIB}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Pyongyang Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	263
Entropy (8bit):	4.653238218910832
Encrypted:	false
SSDEEP:
MD5:	96754BB7D98975118E86B539D8F917B4
SHA1:	5D366D64E08F1E9869EA2E93B5C6C5C0C5E7E3BE
SHA-256:	10432381A63B2101A1218D357DA2075885F061F3A60BE00A32EED4DF868E5566
SHA-512:	58BFFF63D40CF899304D69468949B806F00F5F2F2BE47040D5704E8C463D7B502725846933749172AF94CCD0AA894E30AD3154CC953D917AC8040B00D331124E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Pyongyang) {. {-9223372036854775808 30180 0 LMT}. {-1948782180 30600 0 KST}. {-1830414600 32400 0 JST}. {-768646800 32400 0 KST}. {1439564400 30600 0 KST}. {1525446000 32400 0 KST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Qatar Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	169
Entropy (8bit):	4.800949065138005
Encrypted:	false
SSDEEP:
MD5:	E70F65EBF35BE045F43456A67DEBCD34
SHA1:	EE5669823D60518D0AAB07A7C539B8089807D589
SHA-256:	B8E3F98A20BE938B9B1A6CE1CE4218751393B33E933A8F9278AA3EEECB13D2C6
SHA-512:	9B142D27C92C2478ED086668F8E3DC4BD8E9FDA712D8888469816B4795B5DFDD7F5F22D7BA6A31CA4E32483ABE5A5B4C7CEFC91856B09DDF651E58867FC932C9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Qatar) {. {-9223372036854775808 12368 0 LMT}. {-1577935568 14400 0 +04}. {76190400 10800 0 +03}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Qyzylorda Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1583
Entropy (8bit):	3.64822959139346
Encrypted:	false
SSDEEP:
MD5:	E79902C294AEFC5A3A3DCFFF4142E54F
SHA1:	8F9E8413C8F2D1DCF7DB74BE3AF067CBFEF2E73C
SHA-256:	4A254C094E4F5955E33C19E01EF2B8D5B70AC0AD08203FD105F475C8F862F28C
SHA-512:	3283248979FC76BE94D705013728FF206A32B8820D475C4DFC0636D2329E8FA5D251EAE5A21D9A9DC30659A6B567E73A7C614D7DA3F60025BFEA617ACE2EE597
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Qyzylorda) {. {-9223372036854775808 15712 0 LMT}. {-1441167712 14400 0 +04}. {-1247544000 18000 0 +05}. {354913200 21600 1 +06}. {370720800 21600 0 +06}. {386445600 18000 0 +05}. {386449200 21600 1 +05}. {402256800 18000 0 +05}. {417985200 21600 1 +05}. {433792800 18000 0 +05}. {449607600 21600 1 +05}. {465339600 18000 0 +05}. {481064400 21600 1 +05}. {496789200 18000 0 +05}. {512514000 21600 1 +05}. {528238800 18000 0 +05}. {543963600 21600 1 +05}. {559688400 18000 0 +05}. {575413200 21600 1 +05}. {591138000 18000 0 +05}. {606862800 21600 1 +05}. {622587600 18000 0 +05}. {638312400 21600 1 +05}. {654642000 18000 0 +05}. {670366800 14400 0 +04}. {670370400 18000 1 +04}. {701812800 18000 0 +05}. {701816400 21600 1 +05}. {717541200 18000 0 +05}. {733266000 21600 1 +05}. {748990800 18000 0 +05}. {764715600 21600 1 +05}. {780440400

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Rangoon Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	169
Entropy (8bit):	4.761776859195572
Encrypted:	false
SSDEEP:
MD5:	6135C39675BB0F7BB94756F2057382CF
SHA1:	EB2C51837E721776BED5F3F1F4A014BA29DA0282
SHA-256:	E573ADFBB9935B7D0B56FAE699160226BF3416C50EB63D8EFEB1748C4B13BF91
SHA-512:	BC1E7C9F1F64FF7D6A50E70E62566F385A923A475E309A321FCC03964350E427A4AEE801A20B3293A289AD67E03C86B59A674F91F34238068DA6C35BBB3B4307
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Yangon)]} {. LoadTimeZoneFile Asia/Yangon.}.set TZData(:Asia/Rangoon) $TZData(:Asia/Yangon).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Riyadh Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	142
Entropy (8bit):	4.928343799484186
Encrypted:	false
SSDEEP:
MD5:	76E7F746F8663772A350A2E2C2F680C7
SHA1:	698E3C80122AC7B9E6EF7A45F87898334A1A622E
SHA-256:	7D2FAC4F33EE0FA667AF8A2BF8257638A37CE0308038AC02C7B5BE6E1D1E5EDD
SHA-512:	9B1C326D3B7C89957176540AB4F856780C57C495A44F80D998A4B0C5A10F358C2F727BF160FB49D17C104B4A8EB15AC5431CCB886AC59A92E56C964D757FA3B0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Riyadh) {. {-9223372036854775808 11212 0 LMT}. {-719636812 10800 0 +03}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Saigon Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	183
Entropy (8bit):	4.899371908380106
Encrypted:	false
SSDEEP:
MD5:	A978C9AD6320DA94CB15324CA82C7417
SHA1:	585C232F3FB2693C78C7831C1AF1DC25D6824CA7
SHA-256:	73E1850BB0827043024EAFA1934190413CB36EA6FE18C90EA86B9DBC1D61EEBF
SHA-512:	AE48BFB2A348CA992F2BCD6B1AF7495713B0526C326678309133D3271D90600624C096B4B8678AD7ECD19822E3BB24E27D12680FCA7FAA455D3CE324CE0B88ED
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Ho_Chi_Minh)]} {. LoadTimeZoneFile Asia/Ho_Chi_Minh.}.set TZData(:Asia/Saigon) $TZData(:Asia/Ho_Chi_Minh).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Sakhalin Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2044
Entropy (8bit):	3.636696819312369
Encrypted:	false
SSDEEP:
MD5:	265EF8FD8FB07585726D3054289A1C48
SHA1:	DDFB1197C7A7455674AA085A6B8089124EB47689
SHA-256:	4CCF3795EF0EF42AA09A9225370E8E1537B53A0231363077DAC385F397208669
SHA-512:	1ACE8C173E87530FCC809814DEA779CB09ED8A277DB3B0519E57727AD3A93F3AFAFAF0F80419A8B6A8FAC1B30600716169BEAE397E34E6BE1A18D0E31DB69B3F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Sakhalin) {. {-9223372036854775808 34248 0 LMT}. {-2031039048 32400 0 +09}. {-768560400 39600 0 +12}. {354891600 43200 1 +12}. {370699200 39600 0 +11}. {386427600 43200 1 +12}. {402235200 39600 0 +11}. {417963600 43200 1 +12}. {433771200 39600 0 +11}. {449586000 43200 1 +12}. {465318000 39600 0 +11}. {481042800 43200 1 +12}. {496767600 39600 0 +11}. {512492400 43200 1 +12}. {528217200 39600 0 +11}. {543942000 43200 1 +12}. {559666800 39600 0 +11}. {575391600 43200 1 +12}. {591116400 39600 0 +11}. {606841200 43200 1 +12}. {622566000 39600 0 +11}. {638290800 43200 1 +12}. {654620400 39600 0 +11}. {670345200 36000 0 +11}. {670348800 39600 1 +11}. {686073600 36000 0 +10}. {695750400 39600 0 +12}. {701794800 43200 1 +12}. {717519600 39600 0 +11}. {733244400 43200 1 +12}. {748969200 39600 0 +11}. {764694000 43200 1 +12}. {780418800 3

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Samarkand Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	848
Entropy (8bit):	3.8621003155318263
Encrypted:	false
SSDEEP:
MD5:	6E54D9946AC13DD77FDB8EA9C4FBD989
SHA1:	EF0A4BFD84EC369CB9581D830F20193D73187C0B
SHA-256:	28A76A0EAF55EEC9FE7BEFF3785FDEF8C3D93AAAA2E15EE37D861E73418AC9E4
SHA-512:	15522A5B85DCD54DC0143A38799A870268D74C8A26FED44D50A55C536D3738905597AE4F3F2AB767DE73A7EDBAE8FBF467A6014E2001FA03924C3F39E0361F27
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Samarkand) {. {-9223372036854775808 16073 0 LMT}. {-1441168073 14400 0 +04}. {-1247544000 18000 0 +05}. {354913200 21600 1 +06}. {370720800 21600 0 +06}. {386445600 18000 0 +05}. {386449200 21600 1 +05}. {402256800 18000 0 +05}. {417985200 21600 1 +05}. {433792800 18000 0 +05}. {449607600 21600 1 +05}. {465339600 18000 0 +05}. {481064400 21600 1 +05}. {496789200 18000 0 +05}. {512514000 21600 1 +05}. {528238800 18000 0 +05}. {543963600 21600 1 +05}. {559688400 18000 0 +05}. {575413200 21600 1 +05}. {591138000 18000 0 +05}. {606862800 21600 1 +05}. {622587600 18000 0 +05}. {638312400 21600 1 +05}. {654642000 18000 0 +05}. {670366800 21600 1 +05}. {686091600 18000 0 +05}. {694206000 18000 0 +05}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Seoul Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	719
Entropy (8bit):	4.129493275264732
Encrypted:	false
SSDEEP:
MD5:	7F24687F220D3B7F3C08A1F09F86BAEF
SHA1:	2D96019AE5137935F7A43FCFD229645D656E21AF
SHA-256:	8DBBFEEDD583DBE60E88E381D511B72DDD7AE93FEB64A2F97D6CDBF6B92A0775
SHA-512:	BFD955BA4A284D91542D15CAE849C162D1470167D65365FF93B117D7B4361DB314ABEF5448CF5BA382002726D472FA74C3B9DD5B43CD539395FDC8241E4A0248
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Seoul) {. {-9223372036854775808 30472 0 LMT}. {-1948782472 30600 0 KST}. {-1830414600 32400 0 JST}. {-767350800 32400 0 KST}. {-498128400 30600 0 KST}. {-462702600 34200 1 KDT}. {-451733400 30600 0 KST}. {-429784200 34200 1 KDT}. {-418296600 30600 0 KST}. {-399544200 34200 1 KDT}. {-387451800 30600 0 KST}. {-368094600 34200 1 KDT}. {-356002200 30600 0 KST}. {-336645000 34200 1 KDT}. {-324552600 30600 0 KST}. {-305195400 34200 1 KDT}. {-293103000 30600 0 KST}. {-264933000 32400 0 KST}. {547578000 36000 1 KDT}. {560883600 32400 0 KST}. {579027600 36000 1 KDT}. {592333200 32400 0 KST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Shanghai Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	887
Entropy (8bit):	4.102844989906348
Encrypted:	false
SSDEEP:
MD5:	D3D88F264E5E44BAA890C19A4C87A24D
SHA1:	BA2E3F8D69D1092CE925D40FE31BEABA0DC22905
SHA-256:	90B585115252C37625B6BCDE14708AAE003E2D6F3408D8A9034ABB6FFFD66490
SHA-512:	14485EEC4C77DA6D7DD813A84F3F5B0DE17AE06C23FBCDB20727376C62D675ED675893B8B9A4DAAA00C21B7550F83593780CA538DB05B4ADDD4604FBCD3B0E51
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Shanghai) {. {-9223372036854775808 29143 0 LMT}. {-2177481943 28800 0 CST}. {-933667200 32400 1 CDT}. {-922093200 28800 0 CST}. {-908870400 32400 1 CDT}. {-888829200 28800 0 CST}. {-881049600 32400 1 CDT}. {-767869200 28800 0 CST}. {-745833600 32400 1 CDT}. {-733827600 28800 0 CST}. {-716889600 32400 1 CDT}. {-699613200 28800 0 CST}. {-683884800 32400 1 CDT}. {-670669200 28800 0 CST}. {-652348800 32400 1 CDT}. {-650016000 28800 0 CST}. {515527200 32400 1 CDT}. {527014800 28800 0 CST}. {545162400 32400 1 CDT}. {558464400 28800 0 CST}. {577216800 32400 1 CDT}. {589914000 28800 0 CST}. {608666400 32400 1 CDT}. {621968400 28800 0 CST}. {640116000 32400 1 CDT}. {653418000 28800 0 CST}. {671565600 32400 1 CDT}. {684867600 28800 0 CST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Singapore Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	359
Entropy (8bit):	4.370799489849578
Encrypted:	false
SSDEEP:
MD5:	DFABB80419B69BE34B2FCD475CFDFE22
SHA1:	2CF4F330E00397020328BCE28449B9F63E17067D
SHA-256:	B251FBDB0DB4ACBB3855063C32681A5F32E609FA3AA0DDC43225D056D07CB2D3
SHA-512:	EB362B7D0C5A4F1C605A8F2533A5CCAFCFA1F4D3B0F48C417CEA8C492834FE36822A75C726659786CBD4D5A544376D806E6BA8E952607997FBDDAF84E343B353
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Singapore) {. {-9223372036854775808 24925 0 LMT}. {-2177477725 24925 0 SMT}. {-2038200925 25200 0 +07}. {-1167634800 26400 1 +0720}. {-1073028000 26400 0 +0720}. {-894180000 27000 0 +0730}. {-879665400 32400 0 +09}. {-767005200 27000 0 +0730}. {378664200 28800 0 +08}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Srednekolymsk Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1993
Entropy (8bit):	3.7026922613316886
Encrypted:	false
SSDEEP:
MD5:	0F445767A84A429787070F7CCFB4D35B
SHA1:	B524665DAC57E53A6D9A5386B5AEAAE52BD405A5
SHA-256:	07F4857391E114D4B958C02B8FF72BEBCED72AA730F4F4B09F68F57349473503
SHA-512:	8FE2AC4C1DCA60E597633377EF1F1C38EE027B7893DB77BA912F294B9B791B6762E62E87DAC17171B15629DD45BD7960D25ADAE96827DAB63FAA80E0956A8C80
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Srednekolymsk) {. {-9223372036854775808 36892 0 LMT}. {-1441188892 36000 0 +10}. {-1247565600 39600 0 +12}. {354891600 43200 1 +12}. {370699200 39600 0 +11}. {386427600 43200 1 +12}. {402235200 39600 0 +11}. {417963600 43200 1 +12}. {433771200 39600 0 +11}. {449586000 43200 1 +12}. {465318000 39600 0 +11}. {481042800 43200 1 +12}. {496767600 39600 0 +11}. {512492400 43200 1 +12}. {528217200 39600 0 +11}. {543942000 43200 1 +12}. {559666800 39600 0 +11}. {575391600 43200 1 +12}. {591116400 39600 0 +11}. {606841200 43200 1 +12}. {622566000 39600 0 +11}. {638290800 43200 1 +12}. {654620400 39600 0 +11}. {670345200 36000 0 +11}. {670348800 39600 1 +11}. {686073600 36000 0 +10}. {695750400 39600 0 +12}. {701794800 43200 1 +12}. {717519600 39600 0 +11}. {733244400 43200 1 +12}. {748969200 39600 0 +11}. {764694000 43200 1 +12}. {78041

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Taipei Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1298
Entropy (8bit):	3.983254382416919
Encrypted:	false
SSDEEP:
MD5:	16CF8E32D5B2933CE5A0F2F90B8090BA
SHA1:	F899656FE3FDDD5F63B18D4800F909CD2DA6A151
SHA-256:	E098A0A94ED53EC471841CDF6995AEF1F3A2699EDC143FF5DBDA7CB0AFD3FD6C
SHA-512:	4856AC8AE2BB0C8856A87C5E46AD478E697AACB46B8679870FD581706802772D333FEA5D1D840BDDB1EAB3B4FDD46883CFD2EC4017F9E5C06CAF2A24539FA808
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Taipei) {. {-9223372036854775808 29160 0 LMT}. {-2335248360 28800 0 CST}. {-1017820800 32400 0 JST}. {-766224000 28800 0 CST}. {-745833600 32400 1 CDT}. {-733827600 28800 0 CST}. {-716889600 32400 1 CDT}. {-699613200 28800 0 CST}. {-683884800 32400 1 CDT}. {-670669200 28800 0 CST}. {-652348800 32400 1 CDT}. {-639133200 28800 0 CST}. {-620812800 32400 1 CDT}. {-607597200 28800 0 CST}. {-589276800 32400 1 CDT}. {-576061200 28800 0 CST}. {-562924800 32400 1 CDT}. {-541760400 28800 0 CST}. {-528710400 32400 1 CDT}. {-510224400 28800 0 CST}. {-497174400 32400 1 CDT}. {-478688400 28800 0 CST}. {-465638400 32400 1 CDT}. {-449830800 28800 0 CST}. {-434016000 32400 1 CDT}. {-418208400 28800 0 CST}. {-402480000 32400 1 CDT}. {-386672400 28800 0 CST}. {-370944000 32400 1 CDT}. {-355136400 28800 0 CST}. {-339408000 32400 1 CDT}. {-323600400 2

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Tashkent Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	847
Entropy (8bit):	3.8433853520749905
Encrypted:	false
SSDEEP:
MD5:	24587E02A79D02973DE32E4CDACBE84C
SHA1:	41B8CA1CAE10A9340359317EC8DD16C8637C0F1A
SHA-256:	46C2D8E86BACFDB8280862AD9E28F7A0867740726EF21D08138C9F9A900CC1E9
SHA-512:	07C939DCD5AB0DA3D3667D0D56421C6B40598C6DAB9641664E0ABB2CE4CC4562B10853C88DB51FBA5D1ED733E86193E88CE8984130FFF83955BD9335A59CF031
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Tashkent) {. {-9223372036854775808 16631 0 LMT}. {-1441168631 18000 0 +05}. {-1247547600 21600 0 +06}. {354909600 25200 1 +06}. {370717200 21600 0 +06}. {386445600 25200 1 +06}. {402253200 21600 0 +06}. {417981600 25200 1 +06}. {433789200 21600 0 +06}. {449604000 25200 1 +06}. {465336000 21600 0 +06}. {481060800 25200 1 +06}. {496785600 21600 0 +06}. {512510400 25200 1 +06}. {528235200 21600 0 +06}. {543960000 25200 1 +06}. {559684800 21600 0 +06}. {575409600 25200 1 +06}. {591134400 21600 0 +06}. {606859200 25200 1 +06}. {622584000 21600 0 +06}. {638308800 25200 1 +06}. {654638400 21600 0 +06}. {670363200 18000 0 +05}. {670366800 21600 1 +05}. {686091600 18000 0 +05}. {694206000 18000 0 +05}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Tbilisi Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1669
Entropy (8bit):	3.588597734517364
Encrypted:	false
SSDEEP:
MD5:	EEA5CEEDA499381B331676CF2D3B1189
SHA1:	BC1D3871CC170F0BCBAE567C0D934CC131A7E410
SHA-256:	260F3F9A9209170AC02961E881F02AA6D6C720BAACC29756CF1CC730FACCF662
SHA-512:	0E8FF6B4EF0E102152B20D3C819F2673B6426B3D56DF42F89F44EB4467D0CA45F3D49B6564DA6FCB88BDB1887AF39382766F75FE3A3977CFB4408E06C6D1C062
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Tbilisi) {. {-9223372036854775808 10751 0 LMT}. {-2840151551 10751 0 TBMT}. {-1441162751 10800 0 +03}. {-405140400 14400 0 +04}. {354916800 18000 1 +04}. {370724400 14400 0 +04}. {386452800 18000 1 +04}. {402260400 14400 0 +04}. {417988800 18000 1 +04}. {433796400 14400 0 +04}. {449611200 18000 1 +04}. {465343200 14400 0 +04}. {481068000 18000 1 +04}. {496792800 14400 0 +04}. {512517600 18000 1 +04}. {528242400 14400 0 +04}. {543967200 18000 1 +04}. {559692000 14400 0 +04}. {575416800 18000 1 +04}. {591141600 14400 0 +04}. {606866400 18000 1 +04}. {622591200 14400 0 +04}. {638316000 18000 1 +04}. {654645600 14400 0 +04}. {670370400 10800 0 +03}. {670374000 14400 1 +03}. {686098800 10800 0 +03}. {694213200 10800 0 +03}. {701816400 14400 1 +03}. {717537600 10800 0 +03}. {733266000 14400 1 +03}. {748987200 10800 0 +03}. {764715600

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Tehran Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7021
Entropy (8bit):	3.4346704245463338
Encrypted:	false
SSDEEP:
MD5:	E179D37382F44D866D495F5D38FD5D88
SHA1:	35C5BFFE89795786B7ED0BB3B7822666D6BFCB5B
SHA-256:	41F1DBB61094C00E2424E22780930258BC99A71D182E7A181065B0A1A57306F1
SHA-512:	AF1A4AB0BD690F038EBC3AA5CB2CAEE575E639B4504E3BEBC8E1DE85081C780744CBAD5871D62D4F028314D165B4D71E9B3D0B68019FE9D1E49D702101602431
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Tehran) {. {-9223372036854775808 12344 0 LMT}. {-1704165944 12344 0 TMT}. {-757394744 12600 0 +0330}. {247177800 14400 0 +04}. {259272000 18000 1 +04}. {277758000 14400 0 +04}. {283982400 12600 0 +0330}. {290809800 16200 1 +0330}. {306531000 12600 0 +0330}. {322432200 16200 1 +0330}. {338499000 12600 0 +0330}. {673216200 16200 1 +0330}. {685481400 12600 0 +0330}. {701209800 16200 1 +0330}. {717103800 12600 0 +0330}. {732745800 16200 1 +0330}. {748639800 12600 0 +0330}. {764281800 16200 1 +0330}. {780175800 12600 0 +0330}. {795817800 16200 1 +0330}. {811711800 12600 0 +0330}. {827353800 16200 1 +0330}. {843247800 12600 0 +0330}. {858976200 16200 1 +0330}. {874870200 12600 0 +0330}. {890512200 16200 1 +0330}. {906406200 12600 0 +0330}. {922048200 16200 1 +0330}. {937942200 12600 0 +0330}. {953584200 16200 1 +0330}. {969478200 12600 0 +

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Tel_Aviv Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	179
Entropy (8bit):	4.82789113675599
Encrypted:	false
SSDEEP:
MD5:	D044282CC9B9F531D8136612B4AA938D
SHA1:	5FD01E48BFFC2B54BBA48926EFD2137A91B57E0F
SHA-256:	FE57D86184A7F4A64F3555DE3F4463531A86BB18F124534F17B09FAB825F83B4
SHA-512:	DBBA54D68F33E51D51E816D79D83B61490BD31262DFF6037C0834BADA48CBC02F4281203D7212EDF6D96F7FF1EF3843299698BF0DFE10B5F1383AA504594505A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Jerusalem)]} {. LoadTimeZoneFile Asia/Jerusalem.}.set TZData(:Asia/Tel_Aviv) $TZData(:Asia/Jerusalem).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Thimbu Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	171
Entropy (8bit):	4.858169634371472
Encrypted:	false
SSDEEP:
MD5:	B678D97B4E6E6112299746833C06C70B
SHA1:	A49BD45DB59BDD3B7BF9159699272389E8EF77AC
SHA-256:	6AEAE87CAD7FE358A5A1BABE6C0244A3F89403FC64C5AA19E1FFDEDCEB6CF57B
SHA-512:	BEA10EAE5941E027D8FE9E5D5C03FAE5DCFEF7603088E71CA7CCD0461851E175AE1CC7592DFBEC63F91D840E4E0AA04B54549EB71303666E6EA16AFFF6EDA058
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Thimphu)]} {. LoadTimeZoneFile Asia/Thimphu.}.set TZData(:Asia/Thimbu) $TZData(:Asia/Thimphu).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Thimphu Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.838482422690701
Encrypted:	false
SSDEEP:
MD5:	A52B235D91207E823482EEC1EE8C6433
SHA1:	84826EAC8043739256E34D828D6BE8E17172A8F8
SHA-256:	21CE1FAEDD45DED62E78D6DB24F47ED9DEC5642E4A4D7ADDF85B33F8AB82D8CA
SHA-512:	08E8C68BF6BE5E876A59130C207D4911732EBA0F4E72603213A0AD0CC5DA8EF6AC6389AF8A0781F01B0E72CA030C9A47C46CC0FB422F5C0104A7365D818A4EB9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Thimphu) {. {-9223372036854775808 21516 0 LMT}. {-706341516 19800 0 +0530}. {560025000 21600 0 +06}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Tokyo Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	374
Entropy (8bit):	4.405484223376936
Encrypted:	false
SSDEEP:
MD5:	4549B66A26A96C10DB196B8957BB6127
SHA1:	B2B96699AE70CA47F2B180B9AEF8FB9864AE98A1
SHA-256:	EC533BBE242CE6A521BAED1D37E0DD0247A37FE8D36D25205520B93CF51E4595
SHA-512:	A6C147DF80BB6D41877AD99673C49FF6AD5C1C03B587D71A70C8F7BD8D321817D9E99BFAE11F7F7C27C1A7563C9A101B6C3E65D962B3524C95113A807720ED4E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Tokyo) {. {-9223372036854775808 33539 0 LMT}. {-2587712400 32400 0 JST}. {-683802000 36000 1 JDT}. {-672310800 32400 0 JST}. {-654771600 36000 1 JDT}. {-640861200 32400 0 JST}. {-620298000 36000 1 JDT}. {-609411600 32400 0 JST}. {-588848400 36000 1 JDT}. {-577962000 32400 0 JST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Tomsk Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2043
Entropy (8bit):	3.6031458640952554
Encrypted:	false
SSDEEP:
MD5:	436E5AA70DD662E337E0144558EA277B
SHA1:	E268AAD83CE3CC32CB23647E961509EBB4C8AA2C
SHA-256:	9917B2A1BFAAD1378B90879C92F157BD7912A4072BE21A2A4CB366A38F310D3B
SHA-512:	C714CFBB58170E2291A78AD4F725613049BC9D52DB9F8685803E8F7E181D7E0C2AAF7E603D29243D2E5F4F1D8A3B0272559E7CBCB51736A8115A44E6D56FA7CC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Tomsk) {. {-9223372036854775808 20391 0 LMT}. {-1578807591 21600 0 +06}. {-1247551200 25200 0 +08}. {354906000 28800 1 +08}. {370713600 25200 0 +07}. {386442000 28800 1 +08}. {402249600 25200 0 +07}. {417978000 28800 1 +08}. {433785600 25200 0 +07}. {449600400 28800 1 +08}. {465332400 25200 0 +07}. {481057200 28800 1 +08}. {496782000 25200 0 +07}. {512506800 28800 1 +08}. {528231600 25200 0 +07}. {543956400 28800 1 +08}. {559681200 25200 0 +07}. {575406000 28800 1 +08}. {591130800 25200 0 +07}. {606855600 28800 1 +08}. {622580400 25200 0 +07}. {638305200 28800 1 +08}. {654634800 25200 0 +07}. {670359600 21600 0 +07}. {670363200 25200 1 +07}. {686088000 21600 0 +06}. {695764800 25200 0 +08}. {701809200 28800 1 +08}. {717534000 25200 0 +07}. {733258800 28800 1 +08}. {748983600 25200 0 +07}. {764708400 28800 1 +08}. {780433200 252

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Ujung_Pandang Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	181
Entropy (8bit):	4.8489855608543575
Encrypted:	false
SSDEEP:
MD5:	AF91CF42CFBA12F55AF3E6D26A71946D
SHA1:	673AC77D4E5B6ED7CE8AE67975372462F6AF870B
SHA-256:	D9BCAE393D4B9EE5F308FA0C26A7A6BCE716E77DB056E75A3B39B33A227760C8
SHA-512:	1FD61EA39FF08428486E07AF4404CEA67ACCCB600F11BA74B340A4F663EB8221BC7BF84AE677566F7DDEC0CB42F1946614CD11A9CD7824E0D6CAA804DF0EF514
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Makassar)]} {. LoadTimeZoneFile Asia/Makassar.}.set TZData(:Asia/Ujung_Pandang) $TZData(:Asia/Makassar).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Ulaanbaatar Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1535
Entropy (8bit):	3.6833061173791726
Encrypted:	false
SSDEEP:
MD5:	9C497C3C57F4FEE50C6BF35D0A3A7E5F
SHA1:	FAFB3456CADE6AD6FFBADC699AB882FAE2591739
SHA-256:	19855D4B0EEF8CD85D502262DF7B7F15B069B1A4D169FAB0F20F803C598C1D83
SHA-512:	255CDF3333789771240A37CECBEB87EEAAE4561616A7066C935B67B8CA930F026F68A82315083190B175C54FBB4B2DB0126F25FDDD6C09DC374E09833225DFB8
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Ulaanbaatar) {. {-9223372036854775808 25652 0 LMT}. {-2032931252 25200 0 +07}. {252435600 28800 0 +08}. {417974400 32400 1 +08}. {433782000 28800 0 +08}. {449596800 32400 1 +08}. {465318000 28800 0 +08}. {481046400 32400 1 +08}. {496767600 28800 0 +08}. {512496000 32400 1 +08}. {528217200 28800 0 +08}. {543945600 32400 1 +08}. {559666800 28800 0 +08}. {575395200 32400 1 +08}. {591116400 28800 0 +08}. {606844800 32400 1 +08}. {622566000 28800 0 +08}. {638294400 32400 1 +08}. {654620400 28800 0 +08}. {670348800 32400 1 +08}. {686070000 28800 0 +08}. {701798400 32400 1 +08}. {717519600 28800 0 +08}. {733248000 32400 1 +08}. {748969200 28800 0 +08}. {764697600 32400 1 +08}. {780418800 28800 0 +08}. {796147200 32400 1 +08}. {811868400 28800 0 +08}. {828201600 32400 1 +08}. {843922800 28800 0 +08}. {859651200 32400 1 +08}. {875372400

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Ulan_Bator Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	187
Entropy (8bit):	4.675919405724711
Encrypted:	false
SSDEEP:
MD5:	73C6A7BC088A3CD92CAC2F8B019994A0
SHA1:	74D5DCE1100F6C97DFCFAD5EFC310196F03ABED5
SHA-256:	8F075ACF5FF86E5CDE63E178F7FCB692C209B6023C80157A2ABF6826AE63C6C3
SHA-512:	4EAD916D2251CF3A9B336448B467282C251EE5D98299334F365711CCA8CAF9CA83600503A3346AEC9DFA9E9AF064BA6DEF570BABCC48AE5EB954DBF574A769B2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Ulaanbaatar)]} {. LoadTimeZoneFile Asia/Ulaanbaatar.}.set TZData(:Asia/Ulan_Bator) $TZData(:Asia/Ulaanbaatar).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Urumqi Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	143
Entropy (8bit):	4.962709386113539
Encrypted:	false
SSDEEP:
MD5:	6E79B04FC6FE96C90277593719BECD36
SHA1:	81798A9F349A7DEAF9218A21B8C2D8A3E641E9B7
SHA-256:	A73686D7BF4EE44DC7BBD1CAAF2D212D7D12478F1521BF5A628EDBEA79B99725
SHA-512:	F6781EDA72F4B62FE128332AC2B6BDDFFF6E94DF79914C467C2A30BBE05ABE005B23C0F8A5682095FA874CB3787BD499DBBA8F1644515B6914180A68C9AB6066
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Urumqi) {. {-9223372036854775808 21020 0 LMT}. {-1325483420 21600 0 +06}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Ust-Nera Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1987
Entropy (8bit):	3.684365782602096
Encrypted:	false
SSDEEP:
MD5:	F648B8CDF0F44BF2733AD480D91602C2
SHA1:	FCDB62F1D2781836AAAFF1C1B651E91A8E79A901
SHA-256:	C94B072DDB28C27AAA936D27D5A2F1400E47E8BBFCB3EF370BF2C7252E69FB98
SHA-512:	39E793B707C2EEF99BAE8E926A1C8CAF4A1989F71842C348A5819CC4BE3D6DC81D2781BF20CB95631EC532A345B7CD41BA88505B301CA7928E676F55252C6DDD
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Ust-Nera) {. {-9223372036854775808 34374 0 LMT}. {-1579426374 28800 0 +08}. {354898800 43200 0 +12}. {370699200 39600 0 +11}. {386427600 43200 1 +12}. {402235200 39600 0 +11}. {417963600 43200 1 +12}. {433771200 39600 0 +11}. {449586000 43200 1 +12}. {465318000 39600 0 +11}. {481042800 43200 1 +12}. {496767600 39600 0 +11}. {512492400 43200 1 +12}. {528217200 39600 0 +11}. {543942000 43200 1 +12}. {559666800 39600 0 +11}. {575391600 43200 1 +12}. {591116400 39600 0 +11}. {606841200 43200 1 +12}. {622566000 39600 0 +11}. {638290800 43200 1 +12}. {654620400 39600 0 +11}. {670345200 36000 0 +11}. {670348800 39600 1 +11}. {686073600 36000 0 +10}. {695750400 39600 0 +12}. {701794800 43200 1 +12}. {717519600 39600 0 +11}. {733244400 43200 1 +12}. {748969200 39600 0 +11}. {764694000 43200 1 +12}. {780418800 39600 0 +11}. {796143600 43

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Vientiane Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	174
Entropy (8bit):	4.808435832735883
Encrypted:	false
SSDEEP:
MD5:	6372DA942647071A0514AEBF0AFEB7C7
SHA1:	C9FB6B05DA246224D5EB016035AB905657B9D3FA
SHA-256:	7B1A3F36E9A12B850DC06595AAE6294FAEAC98AD933B3327B866E83C0E9A1999
SHA-512:	DC7D8753AD0D6908CA8765623EC1C4E4717833D183435957BB43E7ADB8A0D078F87319408F4C1D284CFB24BE010141B3254A36EF50C5DDCC59D7DEE5B3E33B7F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Bangkok)]} {. LoadTimeZoneFile Asia/Bangkok.}.set TZData(:Asia/Vientiane) $TZData(:Asia/Bangkok).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Vladivostok Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1991
Entropy (8bit):	3.617868789838068
Encrypted:	false
SSDEEP:
MD5:	589D58D0819C274BD76648B290E3B6A7
SHA1:	8EF67425A86E1663263C380B81C878EFEE107261
SHA-256:	F7CA7543A15D0EA7380552E9CA4506E1527D5A0C9081B21A6A6CAEAD51085293
SHA-512:	38A4264039866E82CC2CCAF52FF1AB3384A72AD9F2FF0060FC49B3D2C09CB072700F28F2CA3A0850B3E5BAB62F6AA6031ECAB2EAB09EB08833D8CD778B338BDD
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Vladivostok) {. {-9223372036854775808 31651 0 LMT}. {-1487321251 32400 0 +09}. {-1247562000 36000 0 +11}. {354895200 39600 1 +11}. {370702800 36000 0 +10}. {386431200 39600 1 +11}. {402238800 36000 0 +10}. {417967200 39600 1 +11}. {433774800 36000 0 +10}. {449589600 39600 1 +11}. {465321600 36000 0 +10}. {481046400 39600 1 +11}. {496771200 36000 0 +10}. {512496000 39600 1 +11}. {528220800 36000 0 +10}. {543945600 39600 1 +11}. {559670400 36000 0 +10}. {575395200 39600 1 +11}. {591120000 36000 0 +10}. {606844800 39600 1 +11}. {622569600 36000 0 +10}. {638294400 39600 1 +11}. {654624000 36000 0 +10}. {670348800 32400 0 +10}. {670352400 36000 1 +10}. {686077200 32400 0 +09}. {695754000 36000 0 +11}. {701798400 39600 1 +11}. {717523200 36000 0 +10}. {733248000 39600 1 +11}. {748972800 36000 0 +10}. {764697600 39600 1 +11}. {7804224

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Yakutsk Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1987
Entropy (8bit):	3.6163895181017764
Encrypted:	false
SSDEEP:
MD5:	29C007E4E3E0015DBF39D78DF39CB790
SHA1:	C3311ED4D7774A7DC14E0436D0B90C88ADD9BDA5
SHA-256:	C2DD93EEAFC3E2FD6CCE0EED0633C40D8BF34331760D23A75ADCEA1719A11AE6
SHA-512:	24609B8C01F3420CC19CA8F5AC78867DCAD1DD1A09A4B1C5356F90F0041BBCA322BC0C64D5DE4F565331674CFE15B7BF66AF6B69ACE9D18765A91B044962F781
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Yakutsk) {. {-9223372036854775808 31138 0 LMT}. {-1579423138 28800 0 +08}. {-1247558400 32400 0 +10}. {354898800 36000 1 +10}. {370706400 32400 0 +09}. {386434800 36000 1 +10}. {402242400 32400 0 +09}. {417970800 36000 1 +10}. {433778400 32400 0 +09}. {449593200 36000 1 +10}. {465325200 32400 0 +09}. {481050000 36000 1 +10}. {496774800 32400 0 +09}. {512499600 36000 1 +10}. {528224400 32400 0 +09}. {543949200 36000 1 +10}. {559674000 32400 0 +09}. {575398800 36000 1 +10}. {591123600 32400 0 +09}. {606848400 36000 1 +10}. {622573200 32400 0 +09}. {638298000 36000 1 +10}. {654627600 32400 0 +09}. {670352400 28800 0 +09}. {670356000 32400 1 +09}. {686080800 28800 0 +08}. {695757600 32400 0 +10}. {701802000 36000 1 +10}. {717526800 32400 0 +09}. {733251600 36000 1 +10}. {748976400 32400 0 +09}. {764701200 36000 1 +10}. {780426000 3

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Yangon Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	235
Entropy (8bit):	4.635396864572362
Encrypted:	false
SSDEEP:
MD5:	12B1D08ED6DFAB647D8F1D1371D771F6
SHA1:	2AC1CE6E85533D6B99A8E9725F43A867833B956E
SHA-256:	DCC9323EF236D2E3B6DAA296EB14B9208754FCD449D2351067201BCEC15381A2
SHA-512:	C563B6A3F1B21B5FFD0F092CAF6344D5A6D74F5AC03DA44DCA6FB1B4BC0D321C6E0E8F315248D41C0D1D0FFD35F8DE31D96FBD4AE1CFE15DA52E40EE3FF7F8E3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Yangon) {. {-9223372036854775808 23087 0 LMT}. {-2840163887 23087 0 RMT}. {-1577946287 23400 0 +0630}. {-873268200 32400 0 +09}. {-778410000 23400 0 +0630}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Yekaterinburg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2023
Entropy (8bit):	3.6129679767742124
Encrypted:	false
SSDEEP:
MD5:	9C578B55160C4CDE22E0CD3AE449AA89
SHA1:	DAEB24B867A835AA97E7E6A67C1AD4278015D6BB
SHA-256:	924E60D3C57F296CDEA175D4E970FF3C68A92ADBBBA23EF37B76D7AD5D41DCE9
SHA-512:	E3F2798038F897DF5D1D112F294BFD4E3FDBFCF4D568C4038C85289F84E0844010A6C88659C4B9D94720DBB680F2628CECEB17E6C6D0DFC231E6DCBA75068458
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Yekaterinburg) {. {-9223372036854775808 14553 0 LMT}. {-1688270553 13505 0 PMT}. {-1592610305 14400 0 +04}. {-1247544000 18000 0 +06}. {354913200 21600 1 +06}. {370720800 18000 0 +05}. {386449200 21600 1 +06}. {402256800 18000 0 +05}. {417985200 21600 1 +06}. {433792800 18000 0 +05}. {449607600 21600 1 +06}. {465339600 18000 0 +05}. {481064400 21600 1 +06}. {496789200 18000 0 +05}. {512514000 21600 1 +06}. {528238800 18000 0 +05}. {543963600 21600 1 +06}. {559688400 18000 0 +05}. {575413200 21600 1 +06}. {591138000 18000 0 +05}. {606862800 21600 1 +06}. {622587600 18000 0 +05}. {638312400 21600 1 +06}. {654642000 18000 0 +05}. {670366800 14400 0 +05}. {670370400 18000 1 +05}. {686095200 14400 0 +04}. {695772000 18000 0 +06}. {701816400 21600 1 +06}. {717541200 18000 0 +05}. {733266000 21600 1 +06}. {748990800 18000 0 +05}. {764

C:\Users\user\AppData\Local\Update\tcl\tzdata\Asia\Yerevan Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1959
Entropy (8bit):	3.554930605948629
Encrypted:	false
SSDEEP:
MD5:	013DD03BE28257101FC72E3294709AC6
SHA1:	2EBBB3DA858B1BBC0C3CDFCBED3A4BAA0D6CE1B2
SHA-256:	15CBC98425C074D9D5D1B107483BF68C75C318C240C7CDBDA390F8D102D76D53
SHA-512:	10A651C82E6D5386FDC1FC95EF15F1CB0A4D8850A2324E7D62F63E1D3FBA87812045FFCF1DF013D7A3E90BBF514A4C5B2B23C547905737193B369644986D6A42
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Yerevan) {. {-9223372036854775808 10680 0 LMT}. {-1441162680 10800 0 +03}. {-405140400 14400 0 +04}. {354916800 18000 1 +04}. {370724400 14400 0 +04}. {386452800 18000 1 +04}. {402260400 14400 0 +04}. {417988800 18000 1 +04}. {433796400 14400 0 +04}. {449611200 18000 1 +04}. {465343200 14400 0 +04}. {481068000 18000 1 +04}. {496792800 14400 0 +04}. {512517600 18000 1 +04}. {528242400 14400 0 +04}. {543967200 18000 1 +04}. {559692000 14400 0 +04}. {575416800 18000 1 +04}. {591141600 14400 0 +04}. {606866400 18000 1 +04}. {622591200 14400 0 +04}. {638316000 18000 1 +04}. {654645600 14400 0 +04}. {670370400 10800 0 +03}. {670374000 14400 1 +03}. {686098800 10800 0 +03}. {701823600 14400 1 +03}. {717548400 10800 0 +03}. {733273200 14400 1 +03}. {748998000 10800 0 +03}. {764722800 14400 1 +03}. {780447600 10800 0 +03}. {796172400 14

C:\Users\user\AppData\Local\Update\tcl\tzdata\Atlantic\Azores Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9474
Entropy (8bit):	3.4598088631836625
Encrypted:	false
SSDEEP:
MD5:	E9C33EAACFD20C021CE94292068CC1D8
SHA1:	9F8C0A4E07C33349C6ACDB0564771AEB11098B9D
SHA-256:	8E2B427733BF8DBCE5171DC57F0892F0987CF1BD7941DA40048CB53B86B23E0D
SHA-512:	8C77CF236855C51E03911A8203A2E81FC728C21A904B4962EA18F5FD39B00174D8A365FC0CA42E4EDE12DA84DD6445CFBB1B3E922189EB6B13AF6BC802E2B405
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Azores) {. {-9223372036854775808 -6160 0 LMT}. {-2713904240 -6872 0 HMT}. {-1830376800 -7200 0 -02}. {-1689548400 -3600 1 -01}. {-1677794400 -7200 0 -02}. {-1667430000 -3600 1 -01}. {-1647730800 -7200 0 -02}. {-1635807600 -3600 1 -01}. {-1616194800 -7200 0 -02}. {-1604358000 -3600 1 -01}. {-1584658800 -7200 0 -02}. {-1572735600 -3600 1 -01}. {-1553036400 -7200 0 -02}. {-1541199600 -3600 1 -01}. {-1521500400 -7200 0 -02}. {-1442444400 -3600 1 -01}. {-1426806000 -7200 0 -02}. {-1379286000 -3600 1 -01}. {-1364770800 -7200 0 -02}. {-1348441200 -3600 1 -01}. {-1333321200 -7200 0 -02}. {-1316386800 -3600 1 -01}. {-1301266800 -7200 0 -02}. {-1284332400 -3600 1 -01}. {-1269817200 -7200 0 -02}. {-1221433200 -3600 1 -01}. {-1206918000 -7200 0 -02}. {-1191193200 -3600 1 -01}. {-1175468400 -7200 0 -02}. {-1127689200 -3600 1 -01}. {-111196440

C:\Users\user\AppData\Local\Update\tcl\tzdata\Atlantic\Bermuda Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7684
Entropy (8bit):	3.7376923223964162
Encrypted:	false
SSDEEP:
MD5:	E55A91A96E1DC267AAEFAF27866F0A90
SHA1:	A3E8DB332114397F4F487256E9168E73784D3637
SHA-256:	A2EB47B25B3A389907DD242C86288073B0694B030B244CCF90421C0B510267BD
SHA-512:	9A8140365D76F1A83A98A35593638F2C047B3D2B1E9D0F6ACB2B321EBDB9CC5B6C8CCD3C110B127A12DCDB7D9ED16A8F7DB7DA7A8B4587486D060FACCA23F993
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Bermuda) {. {-9223372036854775808 -15558 0 LMT}. {-1262281242 -14400 0 AST}. {136360800 -10800 0 ADT}. {152082000 -14400 0 AST}. {167810400 -10800 1 ADT}. {183531600 -14400 0 AST}. {189316800 -14400 0 AST}. {199260000 -10800 1 ADT}. {215586000 -14400 0 AST}. {230709600 -10800 1 ADT}. {247035600 -14400 0 AST}. {262764000 -10800 1 ADT}. {278485200 -14400 0 AST}. {294213600 -10800 1 ADT}. {309934800 -14400 0 AST}. {325663200 -10800 1 ADT}. {341384400 -14400 0 AST}. {357112800 -10800 1 ADT}. {372834000 -14400 0 AST}. {388562400 -10800 1 ADT}. {404888400 -14400 0 AST}. {420012000 -10800 1 ADT}. {436338000 -14400 0 AST}. {452066400 -10800 1 ADT}. {467787600 -14400 0 AST}. {483516000 -10800 1 ADT}. {499237200 -14400 0 AST}. {514965600 -10800 1 ADT}. {530686800 -14400 0 AST}. {544600800 -10800 1 ADT}. {562136400 -14400 0 AST}. {576050

C:\Users\user\AppData\Local\Update\tcl\tzdata\Atlantic\Canary Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6609
Entropy (8bit):	3.7165368441152715
Encrypted:	false
SSDEEP:
MD5:	230C7B4BB6D64818889E573ADBE97E35
SHA1:	97E6D43C3F9446C9A224DAF69F31CA55721BFC59
SHA-256:	6CDA69514774093B7219BB079077322F5C783DBAD137F89181E8434D8BD2A6CF
SHA-512:	A17246BC44C1FDC971304E0D2E8F721E254880FB725F1AACCA05645FFE82F2AF3791234F02824E357CBDD51D529C882E21B8712735C32420074F3B75813DE27C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Canary) {. {-9223372036854775808 -3696 0 LMT}. {-1509663504 -3600 0 -01}. {-733874400 0 0 WET}. {323827200 3600 1 WEST}. {338950800 0 0 WET}. {354675600 3600 1 WEST}. {370400400 0 0 WET}. {386125200 3600 1 WEST}. {401850000 0 0 WET}. {417574800 3600 1 WEST}. {433299600 0 0 WET}. {449024400 3600 1 WEST}. {465354000 0 0 WET}. {481078800 3600 1 WEST}. {496803600 0 0 WET}. {512528400 3600 1 WEST}. {528253200 0 0 WET}. {543978000 3600 1 WEST}. {559702800 0 0 WET}. {575427600 3600 1 WEST}. {591152400 0 0 WET}. {606877200 3600 1 WEST}. {622602000 0 0 WET}. {638326800 3600 1 WEST}. {654656400 0 0 WET}. {670381200 3600 1 WEST}. {686106000 0 0 WET}. {701830800 3600 1 WEST}. {717555600 0 0 WET}. {733280400 3600 1 WEST}. {749005200 0 0 WET}. {764730000 3600 1 WEST}. {780454800 0 0 WET}. {796179600 3600 1 WEST}. {811904400 0 0 WET

C:\Users\user\AppData\Local\Update\tcl\tzdata\Atlantic\Cape_Verde Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	237
Entropy (8bit):	4.579111187402317
Encrypted:	false
SSDEEP:
MD5:	51BE50511F1FA17A6AF9D4AE892FAFDA
SHA1:	2491743E429AAE5DF70CC3E791DC9875E30F152D
SHA-256:	E444B51A4511F83D616E816B770A60088EA94B9286112F47331122F44119541D
SHA-512:	A509146E25174D9938AF13B78CF052E45F50A61B834C276607B281EF7B81C6696A793A3769B355C8C804A74F37ADDEBBCDC2A69E3B938EB5A2A9742BE135A4A7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Cape_Verde) {. {-9223372036854775808 -5644 0 LMT}. {-1830376800 -7200 0 -02}. {-862610400 -3600 1 -01}. {-764118000 -7200 0 -02}. {186120000 -3600 0 -01}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Atlantic\Faeroe Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	181
Entropy (8bit):	4.655846706649014
Encrypted:	false
SSDEEP:
MD5:	08C5EE09B8BE16C5E974BA8070D448EA
SHA1:	D171C194F6D61A891D3390FF6492AEFB0F67646A
SHA-256:	7C6A6BCF5AAEAB1BB57482DF1BBC934D367390782F6D8C5783DBBBE663169A9B
SHA-512:	E885F3C30DBE178F88464ED505BA1B838848E6BB15C0D27733932CD0634174D9645C5098686E183CC93CB46DE7EB0DBF2EB64CB77A50FC337E2581E25107C9A6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Atlantic/Faroe)]} {. LoadTimeZoneFile Atlantic/Faroe.}.set TZData(:Atlantic/Faeroe) $TZData(:Atlantic/Faroe).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Atlantic\Faroe Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6551
Entropy (8bit):	3.7148806034051316
Encrypted:	false
SSDEEP:
MD5:	918E1825106C5C73B203B718918311DC
SHA1:	7C31B3521B396FE6BE7162BAECC4CFB4740F622B
SHA-256:	B648E691D8F3417B77EFB6D6C2F5052B3C4EAF8B5354E018EE2E9BD26F867B71
SHA-512:	5B1B5FE82A13127E3C63C8FB0A8CBD45A7277EF29720B937BB3174E8301830018755416D604F3551622E2E4D365D35E4EE1DF39B587A73E43AE0C68D1996B771
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Faroe) {. {-9223372036854775808 -1624 0 LMT}. {-1955748776 0 0 WET}. {347155200 0 0 WET}. {354675600 3600 1 WEST}. {370400400 0 0 WET}. {386125200 3600 1 WEST}. {401850000 0 0 WET}. {417574800 3600 1 WEST}. {433299600 0 0 WET}. {449024400 3600 1 WEST}. {465354000 0 0 WET}. {481078800 3600 1 WEST}. {496803600 0 0 WET}. {512528400 3600 1 WEST}. {528253200 0 0 WET}. {543978000 3600 1 WEST}. {559702800 0 0 WET}. {575427600 3600 1 WEST}. {591152400 0 0 WET}. {606877200 3600 1 WEST}. {622602000 0 0 WET}. {638326800 3600 1 WEST}. {654656400 0 0 WET}. {670381200 3600 1 WEST}. {686106000 0 0 WET}. {701830800 3600 1 WEST}. {717555600 0 0 WET}. {733280400 3600 1 WEST}. {749005200 0 0 WET}. {764730000 3600 1 WEST}. {780454800 0 0 WET}. {796179600 3600 1 WEST}. {811904400 0 0 WET}. {828234000 3600 1 WEST}. {846378000 0 0 WET}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Atlantic\Jan_Mayen Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	175
Entropy (8bit):	4.92967249261586
Encrypted:	false
SSDEEP:
MD5:	AD9B5217497DBC1CE598573B85F3C056
SHA1:	60984544F5BBD4A5B2B8F43741D66A573A2CF1DC
SHA-256:	BE291E952254B6F0C95C2E2497BE12410D7F1E36D0D1035B3A9BC65D0EDCB65F
SHA-512:	F5D47008495425C386EBAB426195393168E402726405CF23826571E548A3CEFABBA51D87D637C0724FF2CC4F1276D81EACF14D0F9CFC7CBFCC025EEFA0960278
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Oslo)]} {. LoadTimeZoneFile Europe/Oslo.}.set TZData(:Atlantic/Jan_Mayen) $TZData(:Europe/Oslo).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Atlantic\Madeira Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9307
Entropy (8bit):	3.715509739111961
Encrypted:	false
SSDEEP:
MD5:	5D2EAAA0D116DD1C7965FCB229678FB4
SHA1:	DA59652A8E57DE9FAF02ED6EB9D863CD34642E6C
SHA-256:	8AAF754C1F9AABEA185808F21B864B02815D24451DB38BE8629DA4C57141E8F5
SHA-512:	E561B09A53CEC764B0B2B2544E774577553F6DFEFB80AEC04698C2B0FBEBBC7F03E11C31627654346752B4F85BB3EF669397162599F3ED6B8B8D286521447361
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Madeira) {. {-9223372036854775808 -4056 0 LMT}. {-2713906344 -4056 0 FMT}. {-1830380400 -3600 0 -01}. {-1689552000 0 1 +00}. {-1677798000 -3600 0 -01}. {-1667433600 0 1 +00}. {-1647734400 -3600 0 -01}. {-1635811200 0 1 +00}. {-1616198400 -3600 0 -01}. {-1604361600 0 1 +00}. {-1584662400 -3600 0 -01}. {-1572739200 0 1 +00}. {-1553040000 -3600 0 -01}. {-1541203200 0 1 +00}. {-1521504000 -3600 0 -01}. {-1442448000 0 1 +00}. {-1426809600 -3600 0 -01}. {-1379289600 0 1 +00}. {-1364774400 -3600 0 -01}. {-1348444800 0 1 +00}. {-1333324800 -3600 0 -01}. {-1316390400 0 1 +00}. {-1301270400 -3600 0 -01}. {-1284336000 0 1 +00}. {-1269820800 -3600 0 -01}. {-1221436800 0 1 +00}. {-1206921600 -3600 0 -01}. {-1191196800 0 1 +00}. {-1175472000 -3600 0 -01}. {-1127692800 0 1 +00}. {-1111968000 -3600 0 -01}. {-1096848000 0 1 +00}. {-10805184

C:\Users\user\AppData\Local\Update\tcl\tzdata\Atlantic\Reykjavik Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1962
Entropy (8bit):	3.623004596418002
Encrypted:	false
SSDEEP:
MD5:	0E3020348755C67F6A48F4C3F0F4E51D
SHA1:	FBA44F3DEBC47274A1C9CC4AE5A5F9B363157BF1
SHA-256:	83566E49A37703E11CF0884558BE3DD8827BD79409D04C5D053BCA69D666CEC8
SHA-512:	97F78A8C98B03705188B6F4D622F3B88D7C85B2FF1578DA24C4CD85C163FB05DBD908413B5F355F001755705F22943B1DA6C2A58A902751787238110D2A81F95
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Reykjavik) {. {-9223372036854775808 -5280 0 LMT}. {-1956609120 -3600 0 -01}. {-1668211200 0 1 -01}. {-1647212400 -3600 0 -01}. {-1636675200 0 1 -01}. {-1613430000 -3600 0 -01}. {-1605139200 0 1 -01}. {-1581894000 -3600 0 -01}. {-1539561600 0 1 -01}. {-1531350000 -3600 0 -01}. {-968025600 0 1 -01}. {-952293600 -3600 0 -01}. {-942008400 0 1 -01}. {-920239200 -3600 0 -01}. {-909957600 0 1 -01}. {-888789600 -3600 0 -01}. {-877903200 0 1 -01}. {-857944800 -3600 0 -01}. {-846453600 0 1 -01}. {-826495200 -3600 0 -01}. {-815004000 0 1 -01}. {-795045600 -3600 0 -01}. {-783554400 0 1 -01}. {-762991200 -3600 0 -01}. {-752104800 0 1 -01}. {-731541600 -3600 0 -01}. {-717631200 0 1 -01}. {-700092000 -3600 0 -01}. {-686181600 0 1 -01}. {-668642400 -3600 0 -01}. {-654732000 0 1 -01}. {-636588000 -3600 0 -01}. {-623282400 0 1 -01}. {-605

C:\Users\user\AppData\Local\Update\tcl\tzdata\Atlantic\South_Georgia Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	154
Entropy (8bit):	4.967019958156088
Encrypted:	false
SSDEEP:
MD5:	421C0110145FB8288B08133DD1409E75
SHA1:	CD2D62E739FF1715268B6DFB2C523ED3C76B7A90
SHA-256:	4B78F3E086B2A8B4366362AB5CEF2DF6A28E2B0EA8279C0FE9414E974BBC2E08
SHA-512:	3B20413C6E15A846B3CC730EBCD77D8AA170ECC262E160BB996AA79173F30D42588352C38EA1B44539A62D77B2BC8418A3C4B7507997AF4F15FBD647BF567A88
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/South_Georgia) {. {-9223372036854775808 -8768 0 LMT}. {-2524512832 -7200 0 -02}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Atlantic\St_Helena Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	184
Entropy (8bit):	4.831929124818878
Encrypted:	false
SSDEEP:
MD5:	8F4668F0D79577139B59A80D714E45A5
SHA1:	BCD79EDCCB687A2E74794B8CFDE99A7FEC294811
SHA-256:	C78C4E980A378B781ED6D2EA72ABAEF8FFED186538DEB18B61D94B575734FC6A
SHA-512:	08D1472377229BC76A496259344263993791B4DF3F83D94F798779249A5CAE15F6B4341A665387780EA8B1278E9D5FFBCA1BCDE06B3E54750E32078FA482ABD6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Atlantic/St_Helena) $TZData(:Africa/Abidjan).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Atlantic\Stanley Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2181
Entropy (8bit):	3.570822154620431
Encrypted:	false
SSDEEP:
MD5:	747D86EC0B020967D989E3D6C4DD273F
SHA1:	567F9E398FEDF58D68F73EB16CE33F8483B44ECE
SHA-256:	F88641114EC11D4129EEFE59CCD587AAD9C1898C3AFEE8A7CB85962312637640
SHA-512:	B7A97E1DCC9E52A0565B50C8865A955924AFED08C21BC1DCCF73A3327C98D0A98706C03913A4872BD24DD2167B2170A6134CA177B20305DEF23D72ADDD668FB0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Stanley) {. {-9223372036854775808 -13884 0 LMT}. {-2524507716 -13884 0 SMT}. {-1824235716 -14400 0 -04}. {-1018209600 -10800 1 -04}. {-1003093200 -14400 0 -04}. {-986760000 -10800 1 -04}. {-971643600 -14400 0 -04}. {-954705600 -10800 1 -04}. {-939589200 -14400 0 -04}. {-923256000 -10800 1 -04}. {-908139600 -14400 0 -04}. {-891806400 -10800 1 -04}. {-876690000 -14400 0 -04}. {-860356800 -10800 1 -04}. {420606000 -7200 0 -03}. {433303200 -7200 1 -03}. {452052000 -10800 0 -03}. {464151600 -7200 1 -03}. {483501600 -10800 0 -03}. {495597600 -14400 0 -04}. {495604800 -10800 1 -04}. {514350000 -14400 0 -04}. {527054400 -10800 1 -04}. {545799600 -14400 0 -04}. {558504000 -10800 1 -04}. {577249200 -14400 0 -04}. {589953600 -10800 1 -04}. {608698800 -14400 0 -04}. {621403200 -10800 1 -04}. {640753200 -14400 0 -04}. {652852800 -10800 1 -04}

C:\Users\user\AppData\Local\Update\tcl\tzdata\Australia\ACT Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	185
Entropy (8bit):	4.813373101386862
Encrypted:	false
SSDEEP:
MD5:	F48AD4B81CD3034F6E5D3CA1B5A8BDD4
SHA1:	676FE3F50E3E132C1FD185A1EE1D8C830763204F
SHA-256:	553D7DA9A2EDBD933E8920573AE6BCBAA00302817939046CF257CAEACEC19FAD
SHA-512:	36A4E2286FBEF2F4ED4B9CD1A71136E227FEF4B693F9F43649B790E859221EE470679A7E3C283770DA5CB0113A1C8C1F99480E7020328FFE3E9C870798B092F5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Sydney)]} {. LoadTimeZoneFile Australia/Sydney.}.set TZData(:Australia/ACT) $TZData(:Australia/Sydney).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Australia\Adelaide Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8099
Entropy (8bit):	3.812665609163787
Encrypted:	false
SSDEEP:
MD5:	4E73BDB571DBF2625E14E38B84C122B4
SHA1:	B9D7B7D2855D102800B53FB304633F5BC961A8D0
SHA-256:	9138DF8A3DE8BE4099C9C14917B5C5FD7EB14751ACCD66950E0FDB686555FFD6
SHA-512:	CF9AB3E9A7C1A76BCC113828ABAF88FE83AAF5CAD7BD181201E06A0CF43E30BA8817AAA88AB3F0F14F459599D91F63ECE851F095154050263C5AD08B2275B4C7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Adelaide) {. {-9223372036854775808 33260 0 LMT}. {-2364110060 32400 0 ACST}. {-2230189200 34200 0 ACST}. {-1672565340 37800 1 ACDT}. {-1665390600 34200 0 ACST}. {-883639800 37800 1 ACDT}. {-876126600 34200 0 ACST}. {-860398200 37800 1 ACDT}. {-844677000 34200 0 ACST}. {-828343800 37800 1 ACDT}. {-813227400 34200 0 ACST}. {31501800 34200 0 ACST}. {57688200 37800 1 ACDT}. {67969800 34200 0 ACST}. {89137800 37800 1 ACDT}. {100024200 34200 0 ACST}. {120587400 37800 1 ACDT}. {131473800 34200 0 ACST}. {152037000 37800 1 ACDT}. {162923400 34200 0 ACST}. {183486600 37800 1 ACDT}. {194977800 34200 0 ACST}. {215541000 37800 1 ACDT}. {226427400 34200 0 ACST}. {246990600 37800 1 ACDT}. {257877000 34200 0 ACST}. {278440200 37800 1 ACDT}. {289326600 34200 0 ACST}. {309889800 37800 1 ACDT}. {320776200 34200 0 ACST}. {341339400 37800 1 ACDT}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Australia\Brisbane Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	651
Entropy (8bit):	4.265580091557009
Encrypted:	false
SSDEEP:
MD5:	296B4B78CEE05805E5EE53B4D5F7284F
SHA1:	DDB5B448E99F278C633B2DBD5A816C4DE28DC726
SHA-256:	2580C3EEEC029572A1FF629E393F64E326DEDAA96015641165813718A8891C4D
SHA-512:	9DE71000BB8AC48A82D83399BD707B661B50882EEBFE2A7E58A81A2F6C04B1F711DAE3AA09A77A9EE265FB633B8883D2C01867AF96F8BE5137119E4FB447DF8C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Brisbane) {. {-9223372036854775808 36728 0 LMT}. {-2366791928 36000 0 AEST}. {-1672567140 39600 1 AEDT}. {-1665392400 36000 0 AEST}. {-883641600 39600 1 AEDT}. {-876128400 36000 0 AEST}. {-860400000 39600 1 AEDT}. {-844678800 36000 0 AEST}. {-828345600 39600 1 AEDT}. {-813229200 36000 0 AEST}. {31500000 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {625593600 39600 1 AEDT}. {636480000 36000 0 AEST}. {657043200 39600 1 AEDT}. {667929600 36000 0 AEST}. {688492800 39600 1 AEDT}. {699379200 36000 0 AEST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Australia\Broken_Hill Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8162
Entropy (8bit):	3.820479465698825
Encrypted:	false
SSDEEP:
MD5:	B4AF947B4737537DF09A039D1E500FB8
SHA1:	CCC0DC52D586BFAA7A0E70C80709231B4BB93C54
SHA-256:	80BBD6D25D4E4EFA234EAD3CB4EB801DC576D1348B9A3E1B58F729FEB688196D
SHA-512:	3B27C36FA3034CB371DD07C992B3A5B1357FC7A892C35910DA139C7DA560DDC0AA1E95966438776F75397E7219A7DA0AD4AD6FB922B5E0BE2828D3534488BFD0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Broken_Hill) {. {-9223372036854775808 33948 0 LMT}. {-2364110748 36000 0 AEST}. {-2314951200 32400 0 ACST}. {-2230189200 34200 0 ACST}. {-1672565340 37800 1 ACDT}. {-1665390600 34200 0 ACST}. {-883639800 37800 1 ACDT}. {-876126600 34200 0 ACST}. {-860398200 37800 1 ACDT}. {-844677000 34200 0 ACST}. {-828343800 37800 1 ACDT}. {-813227400 34200 0 ACST}. {31501800 34200 0 ACST}. {57688200 37800 1 ACDT}. {67969800 34200 0 ACST}. {89137800 37800 1 ACDT}. {100024200 34200 0 ACST}. {120587400 37800 1 ACDT}. {131473800 34200 0 ACST}. {152037000 37800 1 ACDT}. {162923400 34200 0 ACST}. {183486600 37800 1 ACDT}. {194977800 34200 0 ACST}. {215541000 37800 1 ACDT}. {226427400 34200 0 ACST}. {246990600 37800 1 ACDT}. {257877000 34200 0 ACST}. {278440200 37800 1 ACDT}. {289326600 34200 0 ACST}. {309889800 37800 1 ACDT}. {320776200 34200 0 ACS

C:\Users\user\AppData\Local\Update\tcl\tzdata\Australia\Canberra Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	190
Entropy (8bit):	4.80238049701662
Encrypted:	false
SSDEEP:
MD5:	16F9CFC4C5B9D5F9F9DB9346CECE4393
SHA1:	ED1ED7BA73EB287D2C8807C4F8EF3EFA516F5A68
SHA-256:	853A159B8503B9E8F42BBCE60496722D0A334FD79F30448BAD651F18BA388055
SHA-512:	9572CCB1BC499BADA72B5FE533B56156DB9EB0DEDFD4AE4397AD60F2A8AF5991F7B1B06A1B8D14C73832543AF8C12F5B16A9A80D093BF0C7ED6E38FF8B66E197
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Sydney)]} {. LoadTimeZoneFile Australia/Sydney.}.set TZData(:Australia/Canberra) $TZData(:Australia/Sydney).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Australia\Currie Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8097
Entropy (8bit):	3.7668602204696375
Encrypted:	false
SSDEEP:
MD5:	7E0D1435E11C9AE84EF1A863D1D90C61
SHA1:	CE76A3D902221F0EF9D8C25EB2D46A63D0D09D0B
SHA-256:	3C0B35627729316A391C5A0BEE3A0E353A0BAEAD5E49CE7827E53D0F49FD6723
SHA-512:	D262294AC611396633184147B0F6656290BF97A298D6F7EC025E1D88AAC5343363744FD1CB849CDE84F3C1B2CF860CFA7CA43453ADBF68B0903DA1361F0DCD69
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Currie) {. {-9223372036854775808 34528 0 LMT}. {-2345794528 36000 0 AEST}. {-1680508800 39600 1 AEDT}. {-1669892400 39600 0 AEDT}. {-1665392400 36000 0 AEST}. {-883641600 39600 1 AEDT}. {-876128400 36000 0 AEST}. {-860400000 39600 1 AEDT}. {-844678800 36000 0 AEST}. {-828345600 39600 1 AEDT}. {-813229200 36000 0 AEST}. {47138400 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {89136000 39600 1 AEDT}. {100022400 36000 0 AEST}. {120585600 39600 1 AEDT}. {131472000 36000 0 AEST}. {152035200 39600 1 AEDT}. {162921600 36000 0 AEST}. {183484800 39600 1 AEDT}. {194976000 36000 0 AEST}. {215539200 39600 1 AEDT}. {226425600 36000 0 AEST}. {246988800 39600 1 AEDT}. {257875200 36000 0 AEST}. {278438400 39600 1 AEDT}. {289324800 36000 0 AEST}. {309888000 39600 1 AEDT}. {320774400 36000 0 AEST}. {341337600 39600 1 AEDT}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Australia\Darwin Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	422
Entropy (8bit):	4.4678452003570435
Encrypted:	false
SSDEEP:
MD5:	FC9689FEF4223726207271E2EAAE6548
SHA1:	26D0B4FC2AD943FCAC90F179F7DF6C18EE12EBB8
SHA-256:	C556C796CCD3C63D9F694535287DC42BB63140C8ED39D31FDA0DA6E94D660A1C
SHA-512:	7898C0DE77297FBAA6AAF9D15CB9765DAF63ED4761BA181D0D1A590A6F19A6B7F6E94564A80EB691ED2D89C96D68449BF57816E4093E5011B93D30C3E1624D60
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Darwin) {. {-9223372036854775808 31400 0 LMT}. {-2364108200 32400 0 ACST}. {-2230189200 34200 0 ACST}. {-1672565340 37800 1 ACDT}. {-1665390600 34200 0 ACST}. {-883639800 37800 1 ACDT}. {-876126600 34200 0 ACST}. {-860398200 37800 1 ACDT}. {-844677000 34200 0 ACST}. {-828343800 37800 1 ACDT}. {-813227400 34200 0 ACST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Australia\Eucla Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	734
Entropy (8bit):	4.049000512576295
Encrypted:	false
SSDEEP:
MD5:	F997E4624049132CEC09AC77FBA839E3
SHA1:	7BD0097EF75621646CE1969A61596F7FA2E75188
SHA-256:	C3E63F8BC7739A23C21DE71425EDDA7927C31D00BC9E23D3A265C93885248991
SHA-512:	B50EDBBA11D1B8FC7DF13A9DBDE9314E1694E36F2CB810C0160406406161CC8FD52BDBFD13D10EEABE2859FA7AEBC35EBF9AB826EB92BBF26D92EEDD15633649
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Eucla) {. {-9223372036854775808 30928 0 LMT}. {-2337928528 31500 0 +0945}. {-1672562640 35100 1 +0945}. {-1665387900 31500 0 +0945}. {-883637100 35100 1 +0945}. {-876123900 31500 0 +0945}. {-860395500 35100 1 +0945}. {-844674300 31500 0 +0945}. {-836473500 35100 0 +0945}. {152039700 35100 1 +0945}. {162926100 31500 0 +0945}. {436295700 35100 1 +0945}. {447182100 31500 0 +0945}. {690311700 35100 1 +0945}. {699383700 31500 0 +0945}. {1165079700 35100 1 +0945}. {1174756500 31500 0 +0945}. {1193505300 35100 1 +0945}. {1206810900 31500 0 +0945}. {1224954900 35100 1 +0945}. {1238260500 31500 0 +0945}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Australia\Hobart Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8325
Entropy (8bit):	3.767204262183229
Encrypted:	false
SSDEEP:
MD5:	67AF9A2B827308DD9F7ABEC9441C3250
SHA1:	CD87DD4181B41E66EFEA9C7311D5B7191F41EA3A
SHA-256:	814BD785B5ACDE9D2F4FC6E592E919BA0FE1C3499AFC1071B7FA02608B6032AB
SHA-512:	BC6B8CE215B3B4AC358EB989FB1BB5C6AD61B39B7BBD36AAA924A2352E823C029131E79DA927FEEBDD5CF759FDE527F39089C93B0826995D37052362BEAE09F6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Hobart) {. {-9223372036854775808 35356 0 LMT}. {-2345795356 36000 0 AEST}. {-1680508800 39600 1 AEDT}. {-1669892400 39600 0 AEDT}. {-1665392400 36000 0 AEST}. {-883641600 39600 1 AEDT}. {-876128400 36000 0 AEST}. {-860400000 39600 1 AEDT}. {-844678800 36000 0 AEST}. {-828345600 39600 1 AEDT}. {-813229200 36000 0 AEST}. {-94730400 36000 0 AEST}. {-71136000 39600 1 AEDT}. {-55411200 36000 0 AEST}. {-37267200 39600 1 AEDT}. {-25776000 36000 0 AEST}. {-5817600 39600 1 AEDT}. {5673600 36000 0 AEST}. {25632000 39600 1 AEDT}. {37728000 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {89136000 39600 1 AEDT}. {100022400 36000 0 AEST}. {120585600 39600 1 AEDT}. {131472000 36000 0 AEST}. {152035200 39600 1 AEDT}. {162921600 36000 0 AEST}. {183484800 39600 1 AEDT}. {194976000 36000 0 AEST}. {215539200 39600 1 AEDT}. {226

C:\Users\user\AppData\Local\Update\tcl\tzdata\Australia\LHI Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	194
Entropy (8bit):	4.865814837459796
Encrypted:	false
SSDEEP:
MD5:	1221FC8932CA3DCA431304AF660840F0
SHA1:	5E023E37D98EA1321B10D36A79B26DF1A017F9D5
SHA-256:	EB8FDBCFDE9E2A2AA829E784D402966F61A5BF6F2034E0CB06A24FACB5B87874
SHA-512:	EB19FE74DC13456D0F9F1EDC9C444793A4011D3B65ADF6C7E7A405504079EB3A0C27F69DDA662F797FE363948E93833422F5DC3C1891AA7D414B062BE4DD3887
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Lord_Howe)]} {. LoadTimeZoneFile Australia/Lord_Howe.}.set TZData(:Australia/LHI) $TZData(:Australia/Lord_Howe).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Australia\Lindeman Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	796
Entropy (8bit):	4.1890768067004
Encrypted:	false
SSDEEP:
MD5:	08E88B2169BC76172E40515F9DA2C147
SHA1:	5C03B7C9748E63C2B437C97F8ED923A9F3E374E7
SHA-256:	9E3558C8514E97274D9F938E9841C5E3355E738BBD55BCB17FA27FF0E0276AEA
SHA-512:	39E10639C97DE82428818B9C5D059BA853A17113351BAEE2512806AC3066EDDF0294859519AFBE425E0D1315B1A090F84C08CEFEDCE2A3D3A38EEF782234D8C4
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Lindeman) {. {-9223372036854775808 35756 0 LMT}. {-2366790956 36000 0 AEST}. {-1672567140 39600 1 AEDT}. {-1665392400 36000 0 AEST}. {-883641600 39600 1 AEDT}. {-876128400 36000 0 AEST}. {-860400000 39600 1 AEDT}. {-844678800 36000 0 AEST}. {-828345600 39600 1 AEDT}. {-813229200 36000 0 AEST}. {31500000 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {625593600 39600 1 AEDT}. {636480000 36000 0 AEST}. {657043200 39600 1 AEDT}. {667929600 36000 0 AEST}. {688492800 39600 1 AEDT}. {699379200 36000 0 AEST}. {709912800 36000 0 AEST}. {719942400 39600 1 AEDT}. {731433600 36000 0 AEST}. {751996800 39600 1 AEDT}. {762883200 36000 0 AEST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Australia\Lord_Howe Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7519
Entropy (8bit):	3.4688530726187112
Encrypted:	false
SSDEEP:
MD5:	169FF1BE6B6407E853AAF9F6E9A9A047
SHA1:	C573582B8EF897D3AE5CA0FB089BE31F6ED076EB
SHA-256:	3C7C5CF7300957F73E9249FC8BF282F7CEE262849DD5D326F476E1AE8A7B8DD5
SHA-512:	BD8315022E8B190976FCED98252FCA0C248D857AC5045D741F6902871F0E3C158B248628DF9BA124A38AE878398F8BEA614254400F329D01F60EE50666AEE118
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Lord_Howe) {. {-9223372036854775808 38180 0 LMT}. {-2364114980 36000 0 AEST}. {352216800 37800 0 +1030}. {372785400 41400 1 +1030}. {384273000 37800 0 +1030}. {404839800 41400 1 +1030}. {415722600 37800 0 +1030}. {436289400 41400 1 +1030}. {447172200 37800 0 +1030}. {467739000 41400 1 +1030}. {478621800 37800 0 +1030}. {488984400 37800 0 +1030}. {499188600 39600 1 +1030}. {511282800 37800 0 +1030}. {530033400 39600 1 +1030}. {542732400 37800 0 +1030}. {562087800 39600 1 +1030}. {574786800 37800 0 +1030}. {594142200 39600 1 +1030}. {606236400 37800 0 +1030}. {625591800 39600 1 +1030}. {636476400 37800 0 +1030}. {657041400 39600 1 +1030}. {667926000 37800 0 +1030}. {688491000 39600 1 +1030}. {699375600 37800 0 +1030}. {719940600 39600 1 +1030}. {731430000 37800 0 +1030}. {751995000 39600 1 +1030}. {762879600 37800 0 +1030}. {78344

C:\Users\user\AppData\Local\Update\tcl\tzdata\Australia\Melbourne Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8069
Entropy (8bit):	3.769669933493392
Encrypted:	false
SSDEEP:
MD5:	E38FDAF8D9A9B1D6F2B1A8E10B9886F4
SHA1:	6188BD62E94194DB469BE93224A396D08A986D4D
SHA-256:	399F727CB39D90520AD6AE78A8963F918A490A813BC4FF2D94A37B0315F52D99
SHA-512:	79FDCFF5066636C3218751C8B2B658C6B7A6864264DCC28B47843EAEFDD5564AC5E4B7A66E3D1B0D25DB86D6C6ED55D1599F1FE2C169085A8769E037E0E954BE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Melbourne) {. {-9223372036854775808 34792 0 LMT}. {-2364111592 36000 0 AEST}. {-1672567140 39600 1 AEDT}. {-1665392400 36000 0 AEST}. {-883641600 39600 1 AEDT}. {-876128400 36000 0 AEST}. {-860400000 39600 1 AEDT}. {-844678800 36000 0 AEST}. {-828345600 39600 1 AEDT}. {-813229200 36000 0 AEST}. {31500000 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {89136000 39600 1 AEDT}. {100022400 36000 0 AEST}. {120585600 39600 1 AEDT}. {131472000 36000 0 AEST}. {152035200 39600 1 AEDT}. {162921600 36000 0 AEST}. {183484800 39600 1 AEDT}. {194976000 36000 0 AEST}. {215539200 39600 1 AEDT}. {226425600 36000 0 AEST}. {246988800 39600 1 AEDT}. {257875200 36000 0 AEST}. {278438400 39600 1 AEDT}. {289324800 36000 0 AEST}. {309888000 39600 1 AEDT}. {320774400 36000 0 AEST}. {341337600 39600 1 AEDT}. {352224000 36000 0 AEST}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Australia\NSW Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	185
Entropy (8bit):	4.8456659038249
Encrypted:	false
SSDEEP:
MD5:	AE3539C49047BE3F8ABAD1AC670975F1
SHA1:	62CD5C3DB618B9FE5630B197AB3A9729B565CA41
SHA-256:	938A557C069B8E0BE8F52D721119CBA9A694F62CF8A7A11D68FD230CC231E17C
SHA-512:	6F143B50C1EEC1D77F87DD5B0FFCF6625800E247400AA58361748BFEA0626E2CDA9C3FD2A4C269B3218D28FF1FB8533F4F6741F6B2C5E83F9C84A5882C86716B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Sydney)]} {. LoadTimeZoneFile Australia/Sydney.}.set TZData(:Australia/NSW) $TZData(:Australia/Sydney).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Australia\North Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	187
Entropy (8bit):	4.780732237583773
Encrypted:	false
SSDEEP:
MD5:	70EF2A87B4538500CFADB63B62DDCBC6
SHA1:	8D737E6E8D37323D3B41AD419F1CA9B5991E2E99
SHA-256:	59B67F2C7C62C5F9A93767898BA1B51315D2AC271075FAFC1A24313BB673FF27
SHA-512:	E148FC32894A7138D1547910CBD590891120CE5FB533D1348243539C35CE2994DC9F3E7B6A952BF871882C8D6ECA47E13E08AF59AB52A55F790508F2DB9B0EB6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Darwin)]} {. LoadTimeZoneFile Australia/Darwin.}.set TZData(:Australia/North) $TZData(:Australia/Darwin).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Australia\Perth Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	714
Entropy (8bit):	4.257489685002088
Encrypted:	false
SSDEEP:
MD5:	B354B9525896FDED8769CF5140E76FFF
SHA1:	8494E182E3803F2A6369261B4B4EAC184458ECC4
SHA-256:	C14CAAD41E99709ABF50BD7F5B1DAFE630CA494602166F527DBDA7C134017FB0
SHA-512:	717081F29FBACEE2722399DD627045B710C14CF6021E4F818B1768AF972061232412876872F113C468446D79A366D7FFD2E852563DC44A483761D78C7A16F74A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Perth) {. {-9223372036854775808 27804 0 LMT}. {-2337925404 28800 0 AWST}. {-1672559940 32400 1 AWDT}. {-1665385200 28800 0 AWST}. {-883634400 32400 1 AWDT}. {-876121200 28800 0 AWST}. {-860392800 32400 1 AWDT}. {-844671600 28800 0 AWST}. {-836470800 32400 0 AWST}. {152042400 32400 1 AWDT}. {162928800 28800 0 AWST}. {436298400 32400 1 AWDT}. {447184800 28800 0 AWST}. {690314400 32400 1 AWDT}. {699386400 28800 0 AWST}. {1165082400 32400 1 AWDT}. {1174759200 28800 0 AWST}. {1193508000 32400 1 AWDT}. {1206813600 28800 0 AWST}. {1224957600 32400 1 AWDT}. {1238263200 28800 0 AWST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Australia\Queensland Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	198
Entropy (8bit):	4.75392731256171
Encrypted:	false
SSDEEP:
MD5:	D12C6F15F8BFCA19FA402DAE16FC9529
SHA1:	0869E6D11681D74CC3301F4538D98A225BE7C2E1
SHA-256:	77EA0243A11D187C995CE8D83370C6682BC39D2C39809892A48251123FF19A1E
SHA-512:	A98D1AF1FC3E849CCF9E9CC090D3C65B7104C164762F88B6048EA2802F17D635C2E66BE2661338C1DD604B550A267678245DE867451A1412C4C06411A21BE3A9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Brisbane)]} {. LoadTimeZoneFile Australia/Brisbane.}.set TZData(:Australia/Queensland) $TZData(:Australia/Brisbane).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Australia\South Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	193
Entropy (8bit):	4.701653352722385
Encrypted:	false
SSDEEP:
MD5:	23671880AC24D35F231E2FCECC1A5E3A
SHA1:	5EE2EFD5ADE268B5114EB02FDA77F4C5F507F3CB
SHA-256:	9823032FFEB0BFCE50B6261A848FE0C07267E0846E9F7487AE812CEECB286446
SHA-512:	E303C7DE927E7BAA10EE072D5308FEE6C4E9B2D69DDD8EF014ED60574E0855EE803FE19A7CB31587E62CAE894C087D47A91A130213A24FCCD152736D82F55AB1
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Adelaide)]} {. LoadTimeZoneFile Australia/Adelaide.}.set TZData(:Australia/South) $TZData(:Australia/Adelaide).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Australia\Sydney Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8066
Entropy (8bit):	3.763781985138297
Encrypted:	false
SSDEEP:
MD5:	B3498EEA194DDF38C732269A47050CAA
SHA1:	C32B703AA1FA34D890D151300A2B21E0FA8F55D3
SHA-256:	0EE9BE0F0D6EC0CE10DEA1BE7A9F494C74B747418E966B85EC1FFB15F6F22A4F
SHA-512:	A9419B797B1518AAEEE27A1796D0D024847F7A61D26238F1643EBD6131A6B36007FBABD9E766C3D4ED61B006FD31FC4555CB54B8681E7DBDEC26B38144D64BC9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Sydney) {. {-9223372036854775808 36292 0 LMT}. {-2364113092 36000 0 AEST}. {-1672567140 39600 1 AEDT}. {-1665392400 36000 0 AEST}. {-883641600 39600 1 AEDT}. {-876128400 36000 0 AEST}. {-860400000 39600 1 AEDT}. {-844678800 36000 0 AEST}. {-828345600 39600 1 AEDT}. {-813229200 36000 0 AEST}. {31500000 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {89136000 39600 1 AEDT}. {100022400 36000 0 AEST}. {120585600 39600 1 AEDT}. {131472000 36000 0 AEST}. {152035200 39600 1 AEDT}. {162921600 36000 0 AEST}. {183484800 39600 1 AEDT}. {194976000 36000 0 AEST}. {215539200 39600 1 AEDT}. {226425600 36000 0 AEST}. {246988800 39600 1 AEDT}. {257875200 36000 0 AEST}. {278438400 39600 1 AEDT}. {289324800 36000 0 AEST}. {309888000 39600 1 AEDT}. {320774400 36000 0 AEST}. {341337600 39600 1 AEDT}. {352224000 36000 0 AEST}. {3

C:\Users\user\AppData\Local\Update\tcl\tzdata\Australia\Tasmania Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	190
Entropy (8bit):	4.7264864039237215
Encrypted:	false
SSDEEP:
MD5:	C7C9CDC9EC855D2F0C23673FA0BAFFB6
SHA1:	4C79E1C17F418CEE4BE8F638F34201EE843D8E28
SHA-256:	014B3D71CE6BD77AD653047CF185EA03C870D78196A236693D7610FED7F30B6F
SHA-512:	79AE11CE076BFB87C0AAD35E9AF6E760FC592F1D086EB78E6DF88744F502ED4248853A0EAD72ADA8EA9583161925802EE5E46E3AA8CE8CF873852C26B4FDC05B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Hobart)]} {. LoadTimeZoneFile Australia/Hobart.}.set TZData(:Australia/Tasmania) $TZData(:Australia/Hobart).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Australia\Victoria Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	199
Entropy (8bit):	4.7697171393457936
Encrypted:	false
SSDEEP:
MD5:	BD2EA272B8DF472E29B7DD0506287E92
SHA1:	55BF3A3B6398F9FF1DB3A46998A4EFF44F6F325C
SHA-256:	EE35DF8BBCD6A99A5550F67F265044529BD7AF6A83087DD73CA0BE1EE5C8BF51
SHA-512:	82B18D2C9BA7113C2714DC79A87101FFB0C36E5520D61ADEAB8A31AD219E51A6402A6C8A8FD7120A330FE8847FF8F083397A1BF5889B73484FBAA6F99497DE48
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Melbourne)]} {. LoadTimeZoneFile Australia/Melbourne.}.set TZData(:Australia/Victoria) $TZData(:Australia/Melbourne).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Australia\West Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	183
Entropy (8bit):	4.781808870279912
Encrypted:	false
SSDEEP:
MD5:	9E0EF0058DDA86016547F2BFE421DE74
SHA1:	5DB6AEAC6B0A42FEAE28BB1A45679BC235F4E5BF
SHA-256:	FC952BE48F11362981CDC8859F9C634312E5805F2F1513159F25AEFCE664867C
SHA-512:	C60E5A63378F8424CE8D862A575DFE138646D5E88C6A34562A77BEC4B34EA3ED3085424E2130E610197164C7E88805DC6CDE46416EB45DC256F387F632F48CA7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Perth)]} {. LoadTimeZoneFile Australia/Perth.}.set TZData(:Australia/West) $TZData(:Australia/Perth).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Australia\Yancowinna Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	207
Entropy (8bit):	4.871861105493913
Encrypted:	false
SSDEEP:
MD5:	5C3CED24741704A0A7019FA66AC0C0A1
SHA1:	88C7AF3B22ED01ED99784C3FAB4F5112AA4659F3
SHA-256:	71A56C71CC30A46950B1B4D4FBB12CB1CBAA24267F994A0F223AE879F1BB6EEC
SHA-512:	771A7AC5D03DD7099F565D6E926F7B97E8A7BA3795339D3FD78F7C465005B55388D8CC30A62978042C354254E1BA5467D0832C0D29497E33D6EF1DA217528806
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Broken_Hill)]} {. LoadTimeZoneFile Australia/Broken_Hill.}.set TZData(:Australia/Yancowinna) $TZData(:Australia/Broken_Hill).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Brazil\Acre Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	189
Entropy (8bit):	4.84045343046357
Encrypted:	false
SSDEEP:
MD5:	DF4D752BEEAF40F081C03B4572E9D858
SHA1:	A83B5E4C3A9EB0CF43263AFF65DB374353F65595
SHA-256:	1B1AD73D3FE403AA1F939F05F613F6A3F39A8BA49543992D836CD6ED14B92F2C
SHA-512:	1F96F1D8AACD6D37AC13295B345E761204DAE6AA1DF4894A11E00857CCB7247FA7BEBD22407EA5D13193E2945EB1F4210E32669069F157F1459B26643A67F445
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Rio_Branco)]} {. LoadTimeZoneFile America/Rio_Branco.}.set TZData(:Brazil/Acre) $TZData(:America/Rio_Branco).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Brazil\DeNoronha Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	185
Entropy (8bit):	4.826795532956443
Encrypted:	false
SSDEEP:
MD5:	86B9E49F604AD5DBC4EC6BA735A513C7
SHA1:	BE3AB32339DF9830D4F445CCF883D79DDBA8708E
SHA-256:	628A9AE97682B98145588E356948996EAE18528E34A1428A6B2765CCAA7A8A1F
SHA-512:	EE312624EC0193C599B2BDBFA57CC4EA7C68890955E0D888149172DF8F2095C553BFBB80BF76C1B8F3232F3A5863A519FF59976BBAEA622C64737890D159AA22
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Noronha)]} {. LoadTimeZoneFile America/Noronha.}.set TZData(:Brazil/DeNoronha) $TZData(:America/Noronha).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Brazil\East Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	186
Entropy (8bit):	4.9019570219911275
Encrypted:	false
SSDEEP:
MD5:	FBF6B9E8B9C93B1B9E484D88EF208F38
SHA1:	44004E19A485B70E003687CB1057B8A2421D1BF0
SHA-256:	C89E831C4A0525C3CEFF17072843386369096C08878A4412FB208EF5D3F156D8
SHA-512:	4E518FC4CED0C756FF45E0EDE72F6503C4B3AE72E785651DE261D3F261D43F914721EFCEAB272398BC145E41827F35D46DE4E022EAF413D95F64E8B3BD752002
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Sao_Paulo)]} {. LoadTimeZoneFile America/Sao_Paulo.}.set TZData(:Brazil/East) $TZData(:America/Sao_Paulo).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Brazil\West Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	177
Entropy (8bit):	4.853909262702622
Encrypted:	false
SSDEEP:
MD5:	116F0F146B004D476B6B86EC0EE2D54D
SHA1:	1F39A84EF3DFF676A844174D9045BE388D3BA8C0
SHA-256:	F24B9ED1FAFA98CD7807FFFEF4BACA1BCE1655ABD70EB69D46478732FA0DA573
SHA-512:	23BD7EC1B5ADB465A204AAA35024EE917F8D6C3136C4EA973D8B18B586282C4806329CEBE0EDBF9E13D0032063C8082EC0D84A049F1217C856943A4DDC4900D0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Manaus)]} {. LoadTimeZoneFile America/Manaus.}.set TZData(:Brazil/West) $TZData(:America/Manaus).

C:\Users\user\AppData\Local\Update\tcl\tzdata\CET Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7471
Entropy (8bit):	3.710275786382764
Encrypted:	false
SSDEEP:
MD5:	AE72690EF7063F0B9F640096204E2ECE
SHA1:	4F815B51DA9BCA97DFF71D191B74D0190890F946
SHA-256:	BB2C5E587EE9F9BF85C1D0B6F57197985663D4DFF0FED13233953C1807A1F11C
SHA-512:	F7F0911251BC7191754AF0BA2C455E825BF16EA9202A740DC1E07317B1D74CDAF680E161155CC1BD5E862DCEE2A58101F419D8B5E0E24C4BA7134999D9B55C48
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:CET) {. {-9223372036854775808 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-938905200 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-781052400 7200 1 CEST}. {-766623600 3600 0 CET}. {228877200 7200 1 CEST}. {243997200 3600 0 CET}. {260326800 7200 1 CEST}. {276051600 3600 0 CET}. {291776400 7200 1 CEST}. {307501200 3600 0 CET}. {323830800 7200 1 CEST}. {338950800 3600 0 CET}. {354675600 7200 1 CEST}. {370400400 3600 0 CET}. {386125200 7200 1 CEST}. {401850000 3600 0 CET}. {417574800 7200 1 CEST}. {433299600 3600 0 CET}. {449024400 7200 1 CEST}. {465354000 3600 0 CET}. {481078800 7200 1 CEST}. {496803600 3600 0 CET

C:\Users\user\AppData\Local\Update\tcl\tzdata\CST6CDT Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8227
Entropy (8bit):	3.723597525146651
Encrypted:	false
SSDEEP:
MD5:	B5AC3FA83585957217CA04384171F0FF
SHA1:	827FF1FBDADDDE3754453E680B4E719A50499AE6
SHA-256:	17CBE2F211973F827E0D5F9F2B4365951164BC06DA065F6F38F45CB064B29457
SHA-512:	A56485813C47758F988A250FFA97E2DBD7A69DDD16034E9EF2834AF895E8A374EEB4DA3F36E6AD80285AC10F84543ECF5840670805082E238F822F85D635651F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:CST6CDT) {. {-9223372036854775808 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-84384000 -18000 1 CDT}. {-68662800 -21600 0 CST}. {-52934400 -18000 1 CDT}. {-37213200 -21600 0 CST}. {-21484800 -18000 1 CDT}. {-5763600 -21600 0 CST}. {9964800 -18000 1 CDT}. {25686000 -21600 0 CST}. {41414400 -18000 1 CDT}. {57740400 -21600 0 CST}. {73468800 -18000 1 CDT}. {89190000 -21600 0 CST}. {104918400 -18000 1 CDT}. {120639600 -21600 0 CST}. {126691200 -18000 1 CDT}. {152089200 -21600 0 CST}. {162374400 -18000 1 CDT}. {183538800 -21600 0 CST}. {199267200 -18000 1 CDT}. {215593200 -21600 0 CST}. {230716800 -18000 1 CDT}. {247042800 -21600 0 CST}. {262771200 -18000 1 CDT}. {278492400 -216

C:\Users\user\AppData\Local\Update\tcl\tzdata\Canada\Atlantic Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	184
Entropy (8bit):	4.754307292225081
Encrypted:	false
SSDEEP:
MD5:	B0E220B9CD16038AAF3EA21D60064B62
SHA1:	333410CB7D4F96EF836CDC8097A1DCE34A2B961A
SHA-256:	6F71D7ED827C9EF6E758A44D2A998673E1225EB8005AD557A1713F5894833F92
SHA-512:	F879F60E36C739280E8FC255D2792BB24BCA90A265F8F90B5FB85630D5A58CE4FDBD24EA5594924375C3CD31DBC6D49C06CBFA43C52D0B9A1E9D799914A164F7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Halifax)]} {. LoadTimeZoneFile America/Halifax.}.set TZData(:Canada/Atlantic) $TZData(:America/Halifax).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Canada\Central Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	186
Entropy (8bit):	4.814426408072182
Encrypted:	false
SSDEEP:
MD5:	8374E381BC8235B11B7C5CA215FA112C
SHA1:	181298556253D634B09D72BD925C4DBB92055A06
SHA-256:	1B87273B264A3243D2025B1CFC05B0797CBC4AA95D3319EEE2BEF8A09FDA8CAD
SHA-512:	12800E49B8094843F66454E270B4BE154B053E5FB453C83269AF7C27B965071C88B02AF7BB404E7F5A07277DB45E58D1C5240B377FC06172087BB29749C7543B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Winnipeg)]} {. LoadTimeZoneFile America/Winnipeg.}.set TZData(:Canada/Central) $TZData(:America/Winnipeg).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Canada\Eastern Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	183
Entropy (8bit):	4.7067203041014185
Encrypted:	false
SSDEEP:
MD5:	22453AC70F84F34868B442E0A7BDC20A
SHA1:	730049FF6953E186C197601B27AB850305961FD0
SHA-256:	545B992E943A32210F768CB86DEF3203BE956EE03A3B1BC0D55A5CD18A4F064D
SHA-512:	91FE33FAD3954019F632A771BCBD9FF3FDCCDA1F51DD25E0E5808A724F2D9B905E5E2DEE32D415BEA9A9ADB74186D83548584414BB130DF1A166D49373AC7BEF
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Toronto)]} {. LoadTimeZoneFile America/Toronto.}.set TZData(:Canada/Eastern) $TZData(:America/Toronto).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Canada\Mountain Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	187
Entropy (8bit):	4.768148288986999
Encrypted:	false
SSDEEP:
MD5:	5E0D3D1A7E9F800210BB3E02DFF2ECD3
SHA1:	F2471795A9314A292DEAA3F3B94145D3DE5A2792
SHA-256:	A8B3A4D53AA1CC73312E80951A9E9CEA162F4F51DA29B897FEB58B2DF3431821
SHA-512:	F80C7CDFE20E5FAD9E4BA457446F067ACE0C3F4659761E3B4A2422D3456CDE92C20589954DE5E0DC64619E3B6AB3A55AE0E0E783F8EFB24D74A5F6DFBF5ABB16
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Edmonton)]} {. LoadTimeZoneFile America/Edmonton.}.set TZData(:Canada/Mountain) $TZData(:America/Edmonton).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Canada\Newfoundland Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	191
Entropy (8bit):	4.953647576523321
Encrypted:	false
SSDEEP:
MD5:	3A4E193C8624AE282739867B22B7270A
SHA1:	AC93EEDA7E8AB7E40834FFBA83BAE5D803CB7162
SHA-256:	70EF849809F72741FA4F37C04C102A8C6733639E905B4E7F554F1D94737BF26B
SHA-512:	BE2AACEE2A6F74520F4F1C0CCBBB750ED6C7375D4368023BAB419184F8F717D52981106C03F487B24A943907E60784136C0E5F8C1D5B3D1C67C20E23A4F412B3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/St_Johns)]} {. LoadTimeZoneFile America/St_Johns.}.set TZData(:Canada/Newfoundland) $TZData(:America/St_Johns).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Canada\Pacific Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	189
Entropy (8bit):	4.839589386398345
Encrypted:	false
SSDEEP:
MD5:	6AA0FCE594E991D6772C04E137C7BE00
SHA1:	6C53EE6FEBEC2BD5271DD80D40146247E779CB7B
SHA-256:	D2858621DA914C3F853E399F0819BA05BDE68848E78F59695B84B2B83C1FDD2A
SHA-512:	7B354BB9370BB61EB0E801A1477815865FDE51E6EA43BF166A6B1EED127488CC25106DEE1C6C5DC1EF3E13E9819451E10AFBC0E189D3D3CDE8AFFA4334C77CA3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Vancouver)]} {. LoadTimeZoneFile America/Vancouver.}.set TZData(:Canada/Pacific) $TZData(:America/Vancouver).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Canada\Saskatchewan Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	185
Entropy (8bit):	4.83938055689947
Encrypted:	false
SSDEEP:
MD5:	927FD3986F83A60C217A3006F65A3B0A
SHA1:	022D118024BFC5AE0922A1385288C3E4B41903DB
SHA-256:	BB457E954DB625A8606DD0F372DA9BFFAA01F774B4B82A2B1CEE2E969C15ABC3
SHA-512:	3EA932FA5416A9C817977F9D31C8A15C937A453B4D6A6409A7966E76D66A685C91F1117C82BEBEBA2AF5516556DA2BDEC898AD718C78FB8B690F31692174DA6C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Regina)]} {. LoadTimeZoneFile America/Regina.}.set TZData(:Canada/Saskatchewan) $TZData(:America/Regina).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Canada\Yukon Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	190
Entropy (8bit):	4.841592909599599
Encrypted:	false
SSDEEP:
MD5:	9F2A7F0D8492F67F764F647638533C3F
SHA1:	3785DACD1645E0630649E411DC834E8A4FB7F40B
SHA-256:	F2A81B7E95D49CEC3C8952463B727129B4DC43D58ADC64BB7CAB642D3D191039
SHA-512:	0133870BB96851ECD486D55FD10EB4BCB1678772C1BFFADE85FC5644AC8445CDB4C6284BEFFED197E9386C9C6EF74F5F718F2CB43C4C7B8E65FE413C8EC51CD0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Whitehorse)]} {. LoadTimeZoneFile America/Whitehorse.}.set TZData(:Canada/Yukon) $TZData(:America/Whitehorse).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Chile\Continental Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	189
Entropy (8bit):	4.762021566751952
Encrypted:	false
SSDEEP:
MD5:	B2BDB6C027FF34D624EA8B992E5F41AB
SHA1:	425AB0D603C3F5810047A7DC8FD28FDF306CC2DB
SHA-256:	F2E3C1E88C5D165E1D38B0D2766D64AA4D2E6996DF1BE58DADC9C4FC4F503A2E
SHA-512:	6E5A8DC6F5D5F0218C37EE719441EBDC7EDED3708F8705A98AEF7E256C8DC5D82F4BF82C529282E01D8E6E669C4F843B143730AD9D8BBF43BCC98ECB65B52C9B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Santiago)]} {. LoadTimeZoneFile America/Santiago.}.set TZData(:Chile/Continental) $TZData(:America/Santiago).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Chile\EasterIsland Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	184
Entropy (8bit):	4.758503564906338
Encrypted:	false
SSDEEP:
MD5:	E9DF5E3D9E5E242A1B9C73D8F35C9911
SHA1:	9905EF3C1847CFF8156EC745779FCF0D920199B7
SHA-256:	AA305BEC168C0A5C8494B81114D69C61A0D3CF748995AF5CCC3E2591AC78C90C
SHA-512:	7707AC84D5C305F40A1713F1CBBED8A223553A5F989281CCDB278F0BD0D408E6FC9396D9FA0CCC82168248A30362D2D4B27EDEF36D9A3D70E286A5B668686FDE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Easter)]} {. LoadTimeZoneFile Pacific/Easter.}.set TZData(:Chile/EasterIsland) $TZData(:Pacific/Easter).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Cuba Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	170
Entropy (8bit):	4.8073098952422395
Encrypted:	false
SSDEEP:
MD5:	BA8EE8511A2013E791A3C50369488588
SHA1:	03BF30F56FB604480A9F5ECD8FB13E3CF82F4524
SHA-256:	2F9DFE275B62EFBCD5F72D6A13C6BB9AFD2F67FDDD8843013D128D55373CD677
SHA-512:	29C9E9F4B9679AFD688A90A605CFC1D7B86514C4966E2196A4A5D48D4F1CF16775DFBDF1C9793C3BDAA13B6986765531B2E11398EFE5662EEDA7B37110697832
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Havana)]} {. LoadTimeZoneFile America/Havana.}.set TZData(:Cuba) $TZData(:America/Havana).

C:\Users\user\AppData\Local\Update\tcl\tzdata\EET Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7189
Entropy (8bit):	3.6040923024580884
Encrypted:	false
SSDEEP:
MD5:	9AE4C7EC014649393D354B02DF00F8B9
SHA1:	D82195DEF49CFFEAB3791EA70E6D1BB8BC113155
SHA-256:	4CB6582052BE7784DD08CE7FD97ACC56234F07BCF80B69E57111A8F88454908E
SHA-512:	6F0C138AF98A4D4A1028487C29267088BD4C0EC9E7C1DB9818FA31A61C9584B67B3F5909C6E6FDB0F7183629E892A77BA97654D39FCE7DDEF6908F8146B7BE72
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:EET) {. {-9223372036854775808 7200 0 EET}. {228877200 10800 1 EEST}. {243997200 7200 0 EET}. {260326800 10800 1 EEST}. {276051600 7200 0 EET}. {291776400 10800 1 EEST}. {307501200 7200 0 EET}. {323830800 10800 1 EEST}. {338950800 7200 0 EET}. {354675600 10800 1 EEST}. {370400400 7200 0 EET}. {386125200 10800 1 EEST}. {401850000 7200 0 EET}. {417574800 10800 1 EEST}. {433299600 7200 0 EET}. {449024400 10800 1 EEST}. {465354000 7200 0 EET}. {481078800 10800 1 EEST}. {496803600 7200 0 EET}. {512528400 10800 1 EEST}. {528253200 7200 0 EET}. {543978000 10800 1 EEST}. {559702800 7200 0 EET}. {575427600 10800 1 EEST}. {591152400 7200 0 EET}. {606877200 10800 1 EEST}. {622602000 7200 0 EET}. {638326800 10800 1 EEST}. {654656400 7200 0 EET}. {670381200 10800 1 EEST}. {686106000 7200 0 EET}. {701830800 10800 1 EEST}. {717555600 7200 0 EET}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\EST Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	106
Entropy (8bit):	4.879680803636454
Encrypted:	false
SSDEEP:
MD5:	33221E0807873CC5E16A55BF4450B6D4
SHA1:	A01FD9D1B8E554EE7A25473C2FBECA3B08B7FD02
SHA-256:	5AA7D9865554BCE546F1846935C5F68C9CA806B29B6A45765BA55E09B14363E4
SHA-512:	54A33B239BBFCFC645409FBC8D9DDBFCAE56067FA0427D0BE5F49CB32EB8EEC8E43FC22CE1C083FDC17DD8591BE9DB28A2D5006AFA473F10FB17EF2CE7AED305
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:EST) {. {-9223372036854775808 -18000 0 EST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\EST5EDT Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8227
Entropy (8bit):	3.723178863172678
Encrypted:	false
SSDEEP:
MD5:	1A7BDED5B0BADD36F76E1971562B3D3B
SHA1:	CF5BB82484C4522B178E25D14A42B3DBE02D987D
SHA-256:	AFD2F12E50370610EA61BA9DD3838129785DFDEE1EBCC4E37621B54A4CF2AE3F
SHA-512:	4803A906E2C18A2792BF812B8D26C936C71D8A9DD9E87F7DA06630978FCB5DE1094CD20458D37973AA9967D51B97F94A5785B7B15F807E526C13D018688F16D9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:EST5EDT) {. {-9223372036854775808 -18000 0 EST}. {-1633280400 -14400 1 EDT}. {-1615140000 -18000 0 EST}. {-1601830800 -14400 1 EDT}. {-1583690400 -18000 0 EST}. {-880218000 -14400 1 EWT}. {-769395600 -14400 1 EPT}. {-765396000 -18000 0 EST}. {-84387600 -14400 1 EDT}. {-68666400 -18000 0 EST}. {-52938000 -14400 1 EDT}. {-37216800 -18000 0 EST}. {-21488400 -14400 1 EDT}. {-5767200 -18000 0 EST}. {9961200 -14400 1 EDT}. {25682400 -18000 0 EST}. {41410800 -14400 1 EDT}. {57736800 -18000 0 EST}. {73465200 -14400 1 EDT}. {89186400 -18000 0 EST}. {104914800 -14400 1 EDT}. {120636000 -18000 0 EST}. {126687600 -14400 1 EDT}. {152085600 -18000 0 EST}. {162370800 -14400 1 EDT}. {183535200 -18000 0 EST}. {199263600 -14400 1 EDT}. {215589600 -18000 0 EST}. {230713200 -14400 1 EDT}. {247039200 -18000 0 EST}. {262767600 -14400 1 EDT}. {278488800 -180

C:\Users\user\AppData\Local\Update\tcl\tzdata\Egypt Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	165
Entropy (8bit):	4.812476042768195
Encrypted:	false
SSDEEP:
MD5:	3708D7ED7044DE74B8BE5EBD7314371B
SHA1:	5DDC75C6204D1A2A59C8441A8CAF609404472895
SHA-256:	07F4B09FA0A1D0BA63E17AD682CAD9535592B372815AB8FD4884ACD92EC3D434
SHA-512:	A8761601CD9B601E0CE8AC35B6C7F02A56B07DC8DE31DEB99F60CB3013DEAD900C74702031B5F5F9C2738BA48A8420603D46C3AE0E0C87D40B9D9D44CE0EAE81
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Cairo)]} {. LoadTimeZoneFile Africa/Cairo.}.set TZData(:Egypt) $TZData(:Africa/Cairo).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Eire Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	167
Entropy (8bit):	4.85316662399069
Encrypted:	false
SSDEEP:
MD5:	AA0DEB998177EB5208C4D207D46ECCE3
SHA1:	DD8C7CE874EE12DD77F467B74A9C8FC74C7045FF
SHA-256:	16A42F07DE5233599866ECC1CBB1FC4CD4483AC64E286387A0EED1AFF919717D
SHA-512:	D93A66A62304D1732412CAAAB2F86CE5BCD07D07C1315714D81754827D5EFD30E36D06C0DC3CF4A8C86B750D7D6A144D609D05E241FADC7FF78D3DD2044E4CBB
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Dublin)]} {. LoadTimeZoneFile Europe/Dublin.}.set TZData(:Eire) $TZData(:Europe/Dublin).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT+0 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	154
Entropy (8bit):	4.862090278972909
Encrypted:	false
SSDEEP:
MD5:	4AC2027A430A7343B74393C7FE1D6285
SHA1:	C675A91954EC82EB67E1B7FA4B0C0ED11AAF83DA
SHA-256:	01EEF5F81290DBA38366D8BEADAD156AAC40D049DBFA5B4D0E6A6A8641D798D1
SHA-512:	61943A348C4D133B0730EAA264A15EF37E0BBE2F767D87574801EAAA9A457DA48D854308B6ABADA21D33F4D498EB748BCB66964EB14BB8DC1367F77A803BA520
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:Etc/GMT+0) $TZData(:Etc/GMT).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT+1 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.936955816757987
Encrypted:	false
SSDEEP:
MD5:	B8D9D5AF8CE887722F92207393F93481
SHA1:	3F33F97F96AE9C30A616B8A84888B032A3E1A59A
SHA-256:	049ABD0DCEC9C4128FF6F5BBB1F1D64F53AB7E4A1BD07D0650B0B67D1F581C64
SHA-512:	7A10D28DA75FCBF5AF43FEECB91801E97CB161A6909E9463A2F1218323EE3B4ECA10E11438D20E876B6EF912E21D26264FFBD04C75D702D2386A4E959EB5FFAC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+1) {. {-9223372036854775808 -3600 0 -01}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT+10 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	113
Entropy (8bit):	4.92045957745591
Encrypted:	false
SSDEEP:
MD5:	33022DF11BC5459AA1DD968CEF24EA03
SHA1:	45DE6AD3B142C1768B410C047DFD45444E307AB8
SHA-256:	15F72B4F2C04EDDC778AAD999B5A329F55F0D10AC141862488D2DCE520541A85
SHA-512:	0C13040965135D199A29CFE8E1598AA8E840B141B85CCF1A45611B367AF046107FDA8478B1779E2AC665534DC4E84630267B42F902DB3A2CB78DD6D20939010E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+10) {. {-9223372036854775808 -36000 0 -10}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT+11 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	113
Entropy (8bit):	4.959312316620187
Encrypted:	false
SSDEEP:
MD5:	5FC01E15A719B73A5AA5B0A6E7F16B0C
SHA1:	E1AAEF7C52DF944A9AEDCC74E6A07FABE09BAFCE
SHA-256:	69A82F9EB9E120FABFA88C846BC836B85A08FFF4B304914256E6C3A72CB371D0
SHA-512:	86659001C159730C012C385D505CD822F5CE6E59C0BD7899F90070372A56D348F0292F74C34A4E960E721D113DB5F65751A513D7C1A3CFBF09CBA22118323DED
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+11) {. {-9223372036854775808 -39600 0 -11}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT+12 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	113
Entropy (8bit):	4.934932781202811
Encrypted:	false
SSDEEP:
MD5:	BEE0C510C41F541B4E919183459488B2
SHA1:	DA028394973155C52EDDDB4EB4CCACA7F3A74188
SHA-256:	3B3DA9CF6FEB6E90772E9EC391D857D060A2F52A34191C3A0472794FEC421F5F
SHA-512:	9EBE1FAD2B47DDA627F52F97094556F3A8C0D03BF2DD4C12CC8611BD2D59FE3A2C1016FFBDF0B95F2C5C56D81C8B2020EBF1D2AB4AAAFE33AB5469AFE1C596A1
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+12) {. {-9223372036854775808 -43200 0 -12}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT+2 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.876100974396153
Encrypted:	false
SSDEEP:
MD5:	316ED84A4318F8641592A0959395EFA3
SHA1:	970C97E6F433524BE88031098DD4F5F479FB4AA6
SHA-256:	8323CA90E2902CAAD2EBCFFBF681FC3661424AE5B179140581AA768E36639C93
SHA-512:	6DD62C72E24A24F8FCD8EC085942920A04A55DD03D54C712ADA2BE0EDD6166F34A1229E045C50384808735C40CF72B98458E0329B9762B4B3E95E7ACABB0017E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+2) {. {-9223372036854775808 -7200 0 -02}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT+3 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.904010922708719
Encrypted:	false
SSDEEP:
MD5:	899F1AAB147D5A13D7E22CBE374F3F8D
SHA1:	C132B5E0859EB6C95C64D50408D4A310893D1E8F
SHA-256:	3C2EF9B7218D133E7611527CE1CD5F03FF6FED5DE245F082FF21F4571A7D9EA4
SHA-512:	63C8F98BAE437BB9717A3D13C70424FBB43CBA392A1750DE8EAB31C825F190C5DE1987B391591361F80CE084896B838BE78CBE56C1E1C4DC0A1A6D280742FD91
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+3) {. {-9223372036854775808 -10800 0 -03}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT+4 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.92751033740291
Encrypted:	false
SSDEEP:
MD5:	9D050C35FCDFD703C387CF2065E6250B
SHA1:	EEE8A277CB49D03085A5C6FCEA94961790D23339
SHA-256:	B43B685B6B168FD964590BC6C4264511155DB76EBCB7A5BCB20C35C0AD9B8CC4
SHA-512:	D56449C34A7F63DCCE79F4A6C4731454BB909C6DA49593FFE6B59DD3DE755720931BFD245A799B7FB1397FC0AE0AF89E88AD4DAA91AB815740328B27D301DCDE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+4) {. {-9223372036854775808 -14400 0 -04}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT+5 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.911642645675445
Encrypted:	false
SSDEEP:
MD5:	81856E9473F48AB0F53B09CB6BEF61B1
SHA1:	52A906EE5B706091E407CA8A0D036A46727790EA
SHA-256:	B0224DBA144B1FE360E2922B1E558E79F6960A173045DE2A1EDACDC3F24A3E36
SHA-512:	7C9679A2C299741E98FF1E759313D1CDC050B73B7E4FB097FF3186B4C35271C203D54E12D758675639A3D3F3F1EB43D768834B9CE7D22376BEA71FB0ACF164A7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+5) {. {-9223372036854775808 -18000 0 -05}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT+6 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.930765051479699
Encrypted:	false
SSDEEP:
MD5:	757E578CE6FCD34966D9FF90D9F9A7BF
SHA1:	091E3FC890BF7A4C61CF6558F7984FD41F61803B
SHA-256:	28F4E6F7FDE80AE412D364D33A1714826F9F53FF980D2926D13229B691978979
SHA-512:	442FEBA01108124692A0F76ACA4868D5B7754C3527B9301AC0271DD5A379AF3675CE40B6C017310856D4CE700E3171B5EEA5EF89D5F8432EC3D6D27F48F2EEE8
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+6) {. {-9223372036854775808 -21600 0 -06}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT+7 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.884164328721898
Encrypted:	false
SSDEEP:
MD5:	723CE2E217F73927FE030E4E004C68B5
SHA1:	40E46C8F3631298C3FFBF0DDC72E48E13A42A3F4
SHA-256:	2D2B6A351501CB1023F45CE9B16B759D8971E45C2B8E1348A6935707925F0280
SHA-512:	25E1C37047CD2411B6F986F30EC54B53A3D3841FD275D05732A0DF6C0718981F2343CEE77E241F347030244B22EC4A23FDEE077EB4D18BC1788F4E5AF4FDB804
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+7) {. {-9223372036854775808 -25200 0 -07}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT+8 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.869188292977557
Encrypted:	false
SSDEEP:
MD5:	A94A70486CE0942B538D855647EDFE78
SHA1:	1A20872C6D577DB332F0A536695CE677BC28F294
SHA-256:	9CF2C86CC6173F19E0DA78CCA46C302469AB5C01752DCEA6A20DC151E2D980CC
SHA-512:	3B6456D217A08A6DBAC0DB296384F4DED803F080FD5C0FD1527535D85397351C67B3D2BEDF8C4E2FEFD5C0B9297A8DA938CF855CDAA2BB902498B15E75A0F776
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+8) {. {-9223372036854775808 -28800 0 -08}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT+9 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.912907908622555
Encrypted:	false
SSDEEP:
MD5:	821C0743B99BBD9B672D1B1606B2DADD
SHA1:	152C09F6E8079A4036BA8316BE3E739D2ECE674B
SHA-256:	532D16E2CDBE8E547F54DC22B521153D2215E8B6653336A36F045E0D338B0D1B
SHA-512:	CCFC5BC6246B4C9EF77081E79F0A0B1DACC79449388AD08F38912E857E77E12824835C447F769A2C9C707C7E6353010A9907CDF3468A94263CF2B21FC1BF4710
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+9) {. {-9223372036854775808 -32400 0 -09}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT-0 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	154
Entropy (8bit):	4.849103265985896
Encrypted:	false
SSDEEP:
MD5:	FA608B6E2F9D0E64D2DF81B277D40E35
SHA1:	55A7735ACCF6A759D2069388B2943323E23EE56D
SHA-256:	48A929080C1E7C901246DC83A7A7F87396EAF9D982659460BF33A85B4C3FAE64
SHA-512:	35A8899B7084E85165886B07B6DD553745558EAF4297F702829A08BF71E5AA18790F0D02229093FA42515C97A1DDA7292F4D019DDB1251370D9896E94738D32A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:Etc/GMT-0) $TZData(:Etc/GMT).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT-1 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	110
Entropy (8bit):	4.936514686189307
Encrypted:	false
SSDEEP:
MD5:	CCC4BDA6EDA4933FB64F329E83EB6118
SHA1:	7C1B47D376966451540B4D095D16973763A73A73
SHA-256:	A82AA68616ADEB647456EA641587D76981888B3A022C98EA11302D458295A4FA
SHA-512:	ACC3DF6AA6025B45F06326062B2F0803BB6FD97AAAEBB276731E5DC5C496731C0853D54B2A4476A4A2EC2DD4FFDF69D78255FC8BCAB2412CE86925A94CE0559D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-1) {. {-9223372036854775808 3600 0 +01}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT-10 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.919647975606158
Encrypted:	false
SSDEEP:
MD5:	566FBA546E6B7668830D1812659AE671
SHA1:	EF3AF5CE0BB944973D5B2DCC872903F0C3B7F0FF
SHA-256:	962E810E02BAE087AD969FEB91C07F2CBB868D09E1BA4A453EB4773F7897157A
SHA-512:	F42BB5ACDE563A8A875D7B3F1C10CE9A5CE7E52FA9EF2D14BDA2C45BCD5A6D9B44227D079853551BAA13EAED32F4CA3C34BAD88E616B528DEF7DFAE7F42929CB
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-10) {. {-9223372036854775808 36000 0 +10}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT-11 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.958847614227257
Encrypted:	false
SSDEEP:
MD5:	02F46CC589D114C57B5687A703EB11C6
SHA1:	5199683CC7E5D18ED686B44E94FB72EA8C978A9A
SHA-256:	B1BEE376A0CBEA180391835DB97F8EB32873B2B58AD1AA1098E79FAC357799C5
SHA-512:	A0CDDCD3208D096712868FED0557CDF5FEC5E9FA5FB25864129D2A9047BCD1AFAA8270C1E41368D32DE2A7B1B66157BDCFC17F8CDF3EF6A9F0C74B42814B096F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-11) {. {-9223372036854775808 39600 0 +11}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT-12 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.934250404386511
Encrypted:	false
SSDEEP:
MD5:	F6AF5C34BDE9FFF73F8B9631C0173EE9
SHA1:	A717214203F4B4952AE12374AE78992084CD5A61
SHA-256:	622E51EE9D4601DB90818F4B8E324F790F4D2405D66B899FC018A41E00473C0F
SHA-512:	0B898328A19DA7FE1BD2FB161EF1511684B569E4262C8149A789855C6F86C84360BC9E6BF82BC571BD7C585A30E0658560029FCC7C3C180BC0D2EA1872860753
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-12) {. {-9223372036854775808 43200 0 +12}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT-13 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.951215891260531
Encrypted:	false
SSDEEP:
MD5:	B505D6A064B6D976BD1BDE61AE937F1C
SHA1:	DBA0EA8DCCB50CC999397129369A340CA8A4C5B5
SHA-256:	EF28D4D6DAFE3AB08BE1CE9C32FAF7BF8F750332DF0D39314131F88DF463DFAC
SHA-512:	86A4CA670FBFFF95C9B22DA4E8957A4BE8A805457032AF47BDF08B5047881F692D665BEF8A76045EF50587149EDD52C8994A19CEE9675A3D12939D9CB9DE4649
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-13) {. {-9223372036854775808 46800 0 +13}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT-14 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.946259136243175
Encrypted:	false
SSDEEP:
MD5:	6BD2D15FA9AAF7F44D88BED0F6C969F3
SHA1:	3080291F9C9C9422995583175C560338F626E4CD
SHA-256:	748D443DA743D385497A43198A114BD8349310494ECC85F47D39745D53F6E291
SHA-512:	651983293BAD1EDE1211EEAA3CAA28C73F84FFE2B8554CF198DF014BEF6B7413C4C49C3080FC73430804ECCA3D2BDB316B6B735B72E7BA3525B330E6A5352715
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-14) {. {-9223372036854775808 50400 0 +14}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT-2 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	110
Entropy (8bit):	4.8751066179878215
Encrypted:	false
SSDEEP:
MD5:	DAE7D42076F09E2E2A51A58CC253837D
SHA1:	44C587A71AE31A7424E0F2B005D11F9E0B463E80
SHA-256:	9D0D3FAD960E9EBF599218213F3AE8A22766B6CB15C8CDBC7ABD8A3FFD75C29A
SHA-512:	CEE724EEC6EC86FB417CD4D06B3FC17A404953CCE8740A03B024C05C0436340D9B056F3F1B2706284F57CC49FA229EE311D088AFE3D65F0BF946B0A18282ED46
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-2) {. {-9223372036854775808 7200 0 +02}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT-3 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.903159871492102
Encrypted:	false
SSDEEP:
MD5:	3CABCADD8398567F6489C263BF55CA89
SHA1:	0981F225619E92D4B76ECB2C6D186156E46DA63D
SHA-256:	74EEBD9C48312D68DC5E54B843FACF3DB869E214D37214F1096AF1D6ECF6D9AF
SHA-512:	1FF86CFDAA407D7EFD0B0DBC32FC8ED03DAADF6D0D83463B4C6DA97B4B8D77FC381C4C140168AA06FA9A5444DDADBB39DBD8F22E4570EE86F2F7608AAFB0C7FC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-3) {. {-9223372036854775808 10800 0 +03}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT-4 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.92687099262498
Encrypted:	false
SSDEEP:
MD5:	C157F79ADE92A69E46472EA921E1370F
SHA1:	4B9E5AFA769D5BDF3FDF05BC24A6A632C6D86ECB
SHA-256:	0606FBAB9374A74D4B2ED17DD04D9DCED7131768CCF673C5C3B739727743383F
SHA-512:	B6814282465ABF4DF31341306050F11ECAAFC5915C420A8E7F8D787E66308C58FF7C348D6CBDB4064C346800564000C7C763BDD01CB8CE3A8A81550F65C9A74C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-4) {. {-9223372036854775808 14400 0 +04}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT-5 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.91086034871979
Encrypted:	false
SSDEEP:
MD5:	AF742680C5A3BA5981DD7F0646EF6CCA
SHA1:	0753749D4636D561A8942BB1641BDBCC42349A9B
SHA-256:	5E2D90AF8A161D47F30E1C4A0F5E1CAB5E9F24201557864A02D3009B1ECFEDE0
SHA-512:	9B738675FC02613929BF90A7C78DD632AB782D20B5E660578AB590858D22BCD79E5AFB191D41E9DF94E2E586B5D2A163AB7D8364A02A5DE60E5B838F8B85D2FD
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-5) {. {-9223372036854775808 18000 0 +05}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT-6 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.930155028450208
Encrypted:	false
SSDEEP:
MD5:	298F4671F470C4628B3174D5D1D0608D
SHA1:	5626202FB7186B4555C03F94CEE38AD0FAB81F40
SHA-256:	19760989015244E4F39AC12C07E6665038AE08282DAF8D6DB0BB5E2F642C922D
SHA-512:	F81B901249D3FAED3805471F256F55463A7A2FC8CB612FF95E698D63F9609D5D1B3B57DD87021C5DD809D971709EC3831351D54E971E25643B67161E9EAD5E25
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-6) {. {-9223372036854775808 21600 0 +06}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT-7 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.883134479361256
Encrypted:	false
SSDEEP:
MD5:	2317D02708980D7F17B1A4BDE971D15F
SHA1:	2E78CDE3608F6B03DEB534D14D069D3D89DE85EF
SHA-256:	0BF01EEEBAA49CE9859C2A5835C6A826B158A7BC3B14C473FBB0167ABA9EA4B9
SHA-512:	21083EAEACD689FD07D458DB82BC2559445A1C558EB8BAF098B71CFD3A599BB756336F847CBE536648AF473E22E0000B2A8C44A45D0866994F03A78D4E841FC5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-7) {. {-9223372036854775808 25200 0 +07}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT-8 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.8680235243759755
Encrypted:	false
SSDEEP:
MD5:	B940D187558341DBF4D619248C13C7CA
SHA1:	0C6B11AA9DBC0A395345F79B4B7325FBE870A414
SHA-256:	DAB4C0E14D2850BF917C5891E864834CA4BFD38D5470F119F529582976551862
SHA-512:	042176822D8BFD72FFC0727176596430B656E4986636E9869F883B7078389F936EFA8CCFA9BA7ED0963899BD7D134DB9CD25F24C42040781CC37F2701D0CA28A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-8) {. {-9223372036854775808 28800 0 +08}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT-9 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.91213701043219
Encrypted:	false
SSDEEP:
MD5:	DD58339761ECF5503A48267CFD8E3837
SHA1:	B58511A80448D74B38365EA537BBE0D21956F0E2
SHA-256:	383EFE43E20963058BFCD852813BDA3FCCC0B4A7AC26317E621589B4C97C1B90
SHA-512:	C865244051882FD141D369435CFEED0A1E1D254C0313C1EFE55F5AF72412BE11F2B76484170B94BC4E9FCC0D2EEC373D523732FF7945999717D5827FCE68F54F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-9) {. {-9223372036854775808 32400 0 +09}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\GMT0 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	153
Entropy (8bit):	4.836974611939794
Encrypted:	false
SSDEEP:
MD5:	BE8C5C3B3DACB97FADEB5444976AF56A
SHA1:	A0464B66E70A1AF7963D2BE7BC1D88E5842EC99A
SHA-256:	89F4624DC69DE64B7AF9339FE17136A88A0C28F5F300575540F8953B4A621451
SHA-512:	A0E11D9DF5AD2C14A012E82F24298921780E091EEDD680535658F9CD1337A4103BA0676DF9B58865DD7D2CFA96AEED7BF786B88786FAF31B06713D61B4C0308A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:Etc/GMT0) $TZData(:Etc/GMT).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\Greenwich Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	158
Entropy (8bit):	4.862741414606617
Encrypted:	false
SSDEEP:
MD5:	2DADDAD47A64889162132E8DA0FFF54F
SHA1:	EC213743939D699A4EE4846E582B236F8C18CB29
SHA-256:	937970A93C2EB2D73684B644E671ACA5698BCB228810CC9CF15058D555347F43
SHA-512:	CA8C45BA5C1AF2F9C33D6E35913CED14B43A7AA37300928F14DEF8CB5E7D56B58968B9EE219A0ACCB4C17C52F0FBD80BD1018EF5426C137628429C7DAA41ACA2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:Etc/Greenwich) $TZData(:Etc/GMT).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\UCT Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	105
Entropy (8bit):	4.857741203314798
Encrypted:	false
SSDEEP:
MD5:	415F102602AFB6F9E9F2B58849A32CC9
SHA1:	002C7D99EBAA57E8599090CFBF39B8BEAABE4635
SHA-256:	549D4CC4336D35143A55A09C96FB9A36227F812CA070B2468BD3BB6BB4F1E58F
SHA-512:	6CA28E71F941D714F3AACA619D0F4FEEF5C35514E05953807C225DF976648F257D835B59A03991D009F738C6FD94EB50B4ECA45A011E63AFDCA537FBAC2B6D1B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/UCT) {. {-9223372036854775808 0 0 UCT}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\UTC Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	105
Entropy (8bit):	4.857741203314798
Encrypted:	false
SSDEEP:
MD5:	6343442DDDC19AF39CADD82AC1DDA9BD
SHA1:	9D20B726C012F14D99E701A69C60F81CB33E9DA6
SHA-256:	48B88EED5EF95011F41F5CA7DF48B6C71BED711B079E1132B2C1CD538947EF64
SHA-512:	4CFED8C80D9BC2A75D4659A14F22A507CF55D3DCC88318025BCB8C99AE7909CAF1F11B1ADC363EF007520BF09473CB68357644E41A9BBDAF9DB0B0A44ECC4FBF
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/UTC) {. {-9223372036854775808 0 0 UTC}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Etc\Zulu Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	153
Entropy (8bit):	4.824450775594084
Encrypted:	false
SSDEEP:
MD5:	64ED445C4272D11C85BD2CFC695F180F
SHA1:	EDE76B52D3EEBCC75C50E17C053009A453D60D42
SHA-256:	A68D32DA2214B81D1C0C318A5C77975DE7C4E184CB4D60F07858920B11D065FE
SHA-512:	4CE8FC2B7C389BD2058CE77CD7234D4EA3F81F40204C9190BF0FB6AA693FB40D0638BFB0EB0D9FA20CB88804B73F6EE8202439C1F553B1293C6D2E5964216A1D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/UTC)]} {. LoadTimeZoneFile Etc/UTC.}.set TZData(:Etc/Zulu) $TZData(:Etc/UTC).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Amsterdam Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8792
Entropy (8bit):	3.8152682180965747
Encrypted:	false
SSDEEP:
MD5:	C107BB0AC411789418982B201FF1F857
SHA1:	71691B3E9FCC3503943BAFD872A881C1F1EE8451
SHA-256:	2794B605AE149FFB58D88508A663BB54034FD542BF14B56DAE62801971612F5B
SHA-512:	BFC79B3245526ED54615F613D3158DC4CF44DAF3DB758DBA65977EC91263CEFFA628D36E7CA536E140AF727EC321D9047C36D56303718D1EC5B49F5A8BCAE2E9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Amsterdam) {. {-9223372036854775808 1172 0 LMT}. {-4260212372 1172 0 AMT}. {-1693700372 4772 1 NST}. {-1680484772 1172 0 AMT}. {-1663453172 4772 1 NST}. {-1650147572 1172 0 AMT}. {-1633213172 4772 1 NST}. {-1617488372 1172 0 AMT}. {-1601158772 4772 1 NST}. {-1586038772 1172 0 AMT}. {-1569709172 4772 1 NST}. {-1554589172 1172 0 AMT}. {-1538259572 4772 1 NST}. {-1523139572 1172 0 AMT}. {-1507501172 4772 1 NST}. {-1490566772 1172 0 AMT}. {-1470176372 4772 1 NST}. {-1459117172 1172 0 AMT}. {-1443997172 4772 1 NST}. {-1427667572 1172 0 AMT}. {-1406672372 4772 1 NST}. {-1396217972 1172 0 AMT}. {-1376950772 4772 1 NST}. {-1364768372 1172 0 AMT}. {-1345414772 4772 1 NST}. {-1333318772 1172 0 AMT}. {-1313792372 4772 1 NST}. {-1301264372 1172 0 AMT}. {-1282256372 4772 1 NST}. {-1269814772 1172 0 AMT}. {-1250720372 4772 1 NST}. {-123836517

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Andorra Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6690
Entropy (8bit):	3.730744509734253
Encrypted:	false
SSDEEP:
MD5:	13F10BC59FB9DBA47750CA0B3BFA25E9
SHA1:	992E50F4111D55FEBE3CF8600F0B714E22DD2B16
SHA-256:	E4F684F28AD24B60E21707820C40A99E83431A312D26E6093A198CB344C249DC
SHA-512:	DA5255BDE684BE2C306C6782A61DE38BFCF9CFF5FD117EBDE5EF364A5ED76B5AB88E6F7E08337EEB2CEC9CB03238D9592941BDAA01DFB061F21085D386451AFA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Andorra) {. {-9223372036854775808 364 0 LMT}. {-2177453164 0 0 WET}. {-733881600 3600 0 CET}. {481078800 7200 0 CEST}. {496803600 3600 0 CET}. {512528400 7200 1 CEST}. {528253200 3600 0 CET}. {543978000 7200 1 CEST}. {559702800 3600 0 CET}. {575427600 7200 1 CEST}. {591152400 3600 0 CET}. {606877200 7200 1 CEST}. {622602000 3600 0 CET}. {638326800 7200 1 CEST}. {654656400 3600 0 CET}. {670381200 7200 1 CEST}. {686106000 3600 0 CET}. {701830800 7200 1 CEST}. {717555600 3600 0 CET}. {733280400 7200 1 CEST}. {749005200 3600 0 CET}. {764730000 7200 1 CEST}. {780454800 3600 0 CET}. {796179600 7200 1 CEST}. {811904400 3600 0 CET}. {828234000 7200 1 CEST}. {846378000 3600 0 CET}. {859683600 7200 1 CEST}. {877827600 3600 0 CET}. {891133200 7200 1 CEST}. {909277200 3600 0 CET}. {922582800 7200 1 CEST}. {941331600 3600 0 CET}. {9540

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Astrakhan Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1992
Entropy (8bit):	3.5867428099003957
Encrypted:	false
SSDEEP:
MD5:	103F48F9DDAC5D94F2BECDA949DE5E50
SHA1:	0582454439DD4E8D69E7E8EE9B8A3F041F062E89
SHA-256:	823A0A0DBA01D9B34794EB276F9ABB9D2EC1E60660B20EAA2BA097884E3934F2
SHA-512:	7419A8F5CF49BE76D7CD7D070FF4467CED851EC76E38A07BD590ED64B96DA446968195096DE2F8298C448778E0A40CAE717C8F234CCDBDF5C3C21B7D056EA4C1
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Astrakhan) {. {-9223372036854775808 11532 0 LMT}. {-1441249932 10800 0 +03}. {-1247540400 14400 0 +05}. {354916800 18000 1 +05}. {370724400 14400 0 +04}. {386452800 18000 1 +05}. {402260400 14400 0 +04}. {417988800 18000 1 +05}. {433796400 14400 0 +04}. {449611200 18000 1 +05}. {465343200 14400 0 +04}. {481068000 18000 1 +05}. {496792800 14400 0 +04}. {512517600 18000 1 +05}. {528242400 14400 0 +04}. {543967200 18000 1 +05}. {559692000 14400 0 +04}. {575416800 18000 1 +05}. {591141600 14400 0 +04}. {606866400 10800 0 +04}. {606870000 14400 1 +04}. {622594800 10800 0 +03}. {638319600 14400 1 +04}. {654649200 10800 0 +03}. {670374000 14400 0 +04}. {701820000 10800 0 +04}. {701823600 14400 1 +04}. {717548400 10800 0 +03}. {733273200 14400 1 +04}. {748998000 10800 0 +03}. {764722800 14400 1 +04}. {780447600 10800 0 +03}. {7961724

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Athens Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7686
Entropy (8bit):	3.635151038354021
Encrypted:	false
SSDEEP:
MD5:	D64695F05822EF0DF9E3762A1BC440A0
SHA1:	F17F03CFD908753E28F2C67D2C8649B8E24C35F7
SHA-256:	118289C1754C06024B36AE81FEE96603D182CB3B8D0FE0A7FD16AD34DB81374D
SHA-512:	3C5BDE2004D6499B46D9BAB8DBFDCC1FC2A729EEA4635D8C6CB4279AEE9B5655CE93D2E3F09B3E7295468007FFB5BE6FEC5429501E8FB4D3C2BCC05177C2158A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Athens) {. {-9223372036854775808 5692 0 LMT}. {-2344642492 5692 0 AMT}. {-1686101632 7200 0 EET}. {-1182996000 10800 1 EEST}. {-1178161200 7200 0 EET}. {-906861600 10800 1 EEST}. {-904878000 7200 0 CEST}. {-857257200 3600 0 CET}. {-844477200 7200 1 CEST}. {-828237600 3600 0 CET}. {-812422800 7200 0 EET}. {-552362400 10800 1 EEST}. {-541652400 7200 0 EET}. {166485600 10800 1 EEST}. {186184800 7200 0 EET}. {198028800 10800 1 EEST}. {213753600 7200 0 EET}. {228873600 10800 1 EEST}. {244080000 7200 0 EET}. {260323200 10800 1 EEST}. {275446800 7200 0 EET}. {291798000 10800 1 EEST}. {307407600 7200 0 EET}. {323388000 10800 1 EEST}. {338936400 7200 0 EET}. {347148000 7200 0 EET}. {354675600 10800 1 EEST}. {370400400 7200 0 EET}. {386125200 10800 1 EEST}. {401850000 7200 0 EET}. {417574800 10800 1 EEST}. {433299600 7200 0 EET}. {4490

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Belfast Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	177
Entropy (8bit):	4.827362756219521
Encrypted:	false
SSDEEP:
MD5:	19134F27463DEDF7E25BC72E031B856F
SHA1:	40D9E60D26C592ED79747D1253A9094FCDE5FD33
SHA-256:	5D31D69F259B5B2DFE016EB1B2B811BD51A1ED93011CBB34D2CF65E4806EB819
SHA-512:	B80202194A9D547AEC3B845D267736D831FB7E720E171265AC3F0074C8B511518952BF686A235E6DDEFC11752C3BD8A48A184930879B68980AC60E9FAECBFB44
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/London)]} {. LoadTimeZoneFile Europe/London.}.set TZData(:Europe/Belfast) $TZData(:Europe/London).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Belgrade Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7059
Entropy (8bit):	3.733102701717456
Encrypted:	false
SSDEEP:
MD5:	841E21EED6229503BF41A858601453B0
SHA1:	6F5632B23F2C710106211FBCD2C17DC40B026BFB
SHA-256:	813B4B4F13401D4F92B0F08FC1540936CCFF91EFD8B8D1A2C5429B23715C2748
SHA-512:	85863B12F17A4F7FAC14DF4D3AB50CE33C7232A519F7F10CC521AC0F695CD645857BD0807F0A9B45C169DD7C1240E026C567B35D1D157EE3DB3C80A57063E8FE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Belgrade) {. {-9223372036854775808 4920 0 LMT}. {-2713915320 3600 0 CET}. {-905824800 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-788922000 3600 0 CET}. {-777942000 7200 1 CEST}. {-766623600 3600 0 CET}. {407199600 3600 0 CET}. {417574800 7200 1 CEST}. {433299600 3600 0 CET}. {449024400 7200 1 CEST}. {465354000 3600 0 CET}. {481078800 7200 1 CEST}. {496803600 3600 0 CET}. {512528400 7200 1 CEST}. {528253200 3600 0 CET}. {543978000 7200 1 CEST}. {559702800 3600 0 CET}. {575427600 7200 1 CEST}. {591152400 3600 0 CET}. {606877200 7200 1 CEST}. {622602000 3600 0 CET}. {638326800 7200 1 CEST}. {654656400 3600 0 CET}. {670381200 7200 1 CEST}. {686106000 3600 0 CET}. {701830800 7200 1 CEST}. {717555600 3600 0 CET}. {733280400 7200 1 CES

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Berlin Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7746
Entropy (8bit):	3.733442486698092
Encrypted:	false
SSDEEP:
MD5:	D1E45A4660E00A361729FCD7413361C1
SHA1:	BCC709103D07748E909DD999A954DFF7034F065F
SHA-256:	EAD23E3F58706F79584C1F3F9944A48670F428CACBE9A344A52E19B541AB4F66
SHA-512:	E3A0E6B4FC80A8D0215C81E95F9D3F71C0D9371EE0F6B2B7E966744C42FC64055370D322918EEA2917BFBA07030629C4493ADA257F9BD9C9BF6AD3C4A7FB1E70
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Berlin) {. {-9223372036854775808 3208 0 LMT}. {-2422054408 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-938905200 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-781052400 7200 1 CEST}. {-776559600 10800 0 CEMT}. {-765936000 7200 1 CEST}. {-761180400 3600 0 CET}. {-757386000 3600 0 CET}. {-748479600 7200 1 CEST}. {-733273200 3600 0 CET}. {-717631200 7200 1 CEST}. {-714610800 10800 1 CEMT}. {-710380800 7200 1 CEST}. {-701910000 3600 0 CET}. {-684975600 7200 1 CEST}. {-670460400 3600 0 CET}. {-654130800 7200 1 CEST}. {-639010800 3600 0 CET}. {315529200 3600 0 CET}. {323830800 7200 1 CEST}. {338950800 3600 0 CET

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Bratislava Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	180
Entropy (8bit):	4.89628096026481
Encrypted:	false
SSDEEP:
MD5:	7C0606BC846344D78A85B4C14CE85B95
SHA1:	CEDFDC3C81E519413DDD634477533C89E8AF2E35
SHA-256:	D7DF89C23D2803683FE3DB57BF326846C9B50E8685CCCF4230F24A5F4DC8E44E
SHA-512:	8F07791DE5796B418FFD8945AE13BAB1C9842B8DDC073ED64E12EA8985619B93472C39DD44DA8FAEF5614F4E6B4A9D96E0F52B4ECA11B2CCA9806D2F8DDF2778
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Prague)]} {. LoadTimeZoneFile Europe/Prague.}.set TZData(:Europe/Bratislava) $TZData(:Europe/Prague).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Brussels Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8907
Entropy (8bit):	3.75854119398076
Encrypted:	false
SSDEEP:
MD5:	FA802B103E8829C07AE7E05DE7F3CD1F
SHA1:	46AFB26E3E9102F0544C5294DA67DC41E8B2E8FC
SHA-256:	AEB5860C2F041842229353E3F83CC2FEBC9518B115F869128E94A1605FB4A759
SHA-512:	488CE6B524071D2B72F8AD73C2DC00F5F4C1C3C93F91165BDA0BCCB2B2C644B792C4220B785E84835ABE81584FDC87A1DCDA7679A69318052C3854167CB43C61
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Brussels) {. {-9223372036854775808 1050 0 LMT}. {-2840141850 1050 0 BMT}. {-2450953050 0 0 WET}. {-1740355200 3600 0 CET}. {-1693702800 7200 0 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-1613826000 0 0 WET}. {-1604278800 3600 1 WEST}. {-1585530000 0 0 WET}. {-1574038800 3600 1 WEST}. {-1552266000 0 0 WET}. {-1539997200 3600 1 WEST}. {-1520557200 0 0 WET}. {-1507510800 3600 1 WEST}. {-1490576400 0 0 WET}. {-1473642000 3600 1 WEST}. {-1459126800 0 0 WET}. {-1444006800 3600 1 WEST}. {-1427677200 0 0 WET}. {-1411952400 3600 1 WEST}. {-1396227600 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364778000 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333328400 0 0 WET}. {-1316394000 3600 1 WEST}. {-1301263200 0 0 WET}. {-1284328800 3600 1 WEST}. {-126

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Bucharest Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7706
Entropy (8bit):	3.6365022673390808
Encrypted:	false
SSDEEP:
MD5:	79AAB44507DD6D06FA673CA20D4CF223
SHA1:	A2F1AA0E3F38EF24CD953C6B5E1EC29EA3EDB8C0
SHA-256:	C40DC0C9EE5FFF9F329823325A71F3F38BE940F159E64E0B0CED27B280C1F318
SHA-512:	BBEBB29FFD35A1F8B9D906795032976B3F69A0097ED7D764E3EB45574E66641C35F9006B3295FB090472FF5C09FC4D88D9249E924011A178EFB68D050AA6F871
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Bucharest) {. {-9223372036854775808 6264 0 LMT}. {-2469404664 6264 0 BMT}. {-1213148664 7200 0 EET}. {-1187056800 10800 1 EEST}. {-1175479200 7200 0 EET}. {-1159754400 10800 1 EEST}. {-1144029600 7200 0 EET}. {-1127700000 10800 1 EEST}. {-1111975200 7200 0 EET}. {-1096250400 10800 1 EEST}. {-1080525600 7200 0 EET}. {-1064800800 10800 1 EEST}. {-1049076000 7200 0 EET}. {-1033351200 10800 1 EEST}. {-1017626400 7200 0 EET}. {-1001901600 10800 1 EEST}. {-986176800 7200 0 EET}. {-970452000 10800 1 EEST}. {-954727200 7200 0 EET}. {296604000 10800 1 EEST}. {307486800 7200 0 EET}. {323816400 10800 1 EEST}. {338940000 7200 0 EET}. {354672000 10800 0 EEST}. {370396800 7200 0 EET}. {386121600 10800 1 EEST}. {401846400 7200 0 EET}. {417571200 10800 1 EEST}. {433296000 7200 0 EET}. {449020800 10800 1 EEST}. {465350400 7200 0 EET}. {481075200

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Budapest Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7975
Entropy (8bit):	3.7352769955376464
Encrypted:	false
SSDEEP:
MD5:	25864F8E5372B8E45B71D08667ED093C
SHA1:	83463D25C839782E2619CD5BE613DA1BD08ACBB5
SHA-256:	EF5CF8C9B3CA3F772A9C757A2CC1D561E00CB277A58E43ED583A450BBA654BF1
SHA-512:	0DAB3CA0C82AA80A4F9CC04C191BE180EB41CCF87ADB31F26068D1E6A3A2F121678252E36E387B589552E6F7BA965F7E3F4633F1FD066FC7849B1FD554F39EC7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Budapest) {. {-9223372036854775808 4580 0 LMT}. {-2500938980 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1640998800 3600 0 CET}. {-1633212000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-1600466400 7200 1 CEST}. {-1581202800 3600 0 CET}. {-906771600 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-788922000 3600 0 CET}. {-778471200 7200 1 CEST}. {-762660000 3600 0 CET}. {-749689200 7200 1 CEST}. {-733359600 3600 0 CET}. {-717634800 7200 1 CEST}. {-701910000 3600 0 CET}. {-686185200 7200 1 CEST}. {-670460400 3600 0 CET}. {-654130800 7200 1 CEST}. {-639010800 3600 0 CET}. {-621990000 7200 1 CEST}. {-605660400 3600 0 CET}. {-492656400 7200 1 CEST}. {-481168800 3600 0

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Busingen Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	178
Entropy (8bit):	4.905738881351689
Encrypted:	false
SSDEEP:
MD5:	811B7E0B0EDD151E52DF369B9017E7C0
SHA1:	3C17D157A626F3AD7859BC0F667E0AB60E821D05
SHA-256:	221C8BA73684ED7D8CD92978ED0A53A930500A2727621CE1ED96333787174E82
SHA-512:	7F980E34BBCBC65BBF04526BF68684B3CE780611090392560569B414978709019D55F69368E98ADADC2C47116818A437D5C83F4E6CD40F4A1674D1CF90307CB5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Zurich)]} {. LoadTimeZoneFile Europe/Zurich.}.set TZData(:Europe/Busingen) $TZData(:Europe/Zurich).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Chisinau Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7824
Entropy (8bit):	3.674889638637008
Encrypted:	false
SSDEEP:
MD5:	92966EE642028D4C44C90F86CA1440AA
SHA1:	95F286585FF3A880F2F909E82F4C22C8F1D12BE3
SHA-256:	E92FFABF4705F93C2A4AD675555AEBC3C9418AC71EEB487AF0F7CD4EAB0431CE
SHA-512:	1D6018C83CA5998C590448FE98C59F3FCD0D5D7688B679B7F3C82B6F3209F25323BB302BF847FCCBD950F08A79AF36CA83DBDD4DB8A3557A682152A6B731B663
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Chisinau) {. {-9223372036854775808 6920 0 LMT}. {-2840147720 6900 0 CMT}. {-1637114100 6264 0 BMT}. {-1213148664 7200 0 EET}. {-1187056800 10800 1 EEST}. {-1175479200 7200 0 EET}. {-1159754400 10800 1 EEST}. {-1144029600 7200 0 EET}. {-1127700000 10800 1 EEST}. {-1111975200 7200 0 EET}. {-1096250400 10800 1 EEST}. {-1080525600 7200 0 EET}. {-1064800800 10800 1 EEST}. {-1049076000 7200 0 EET}. {-1033351200 10800 1 EEST}. {-1017626400 7200 0 EET}. {-1001901600 10800 1 EEST}. {-986176800 7200 0 EET}. {-970452000 10800 1 EEST}. {-954727200 7200 0 EET}. {-927165600 10800 1 EEST}. {-898138800 7200 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-800154000 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {4179

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Copenhagen Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7458
Entropy (8bit):	3.736544358182077
Encrypted:	false
SSDEEP:
MD5:	8FBF425E5833012C0A6276222721A106
SHA1:	78C5788ED4184A62E0E2986CC0F39EED3801AD76
SHA-256:	D2D091740C425C72C46ADDC23799FC431B699B80D244E4BCD7F42E31C1238EEB
SHA-512:	6DF08142EEBC7AF8A575DD7510B83DBD0E15DDA13801777684355937338CDA3D09E37527912F4EBBCC1B8758E3D65185E6006EB5C1349D1DC3AE7B6131105691
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Copenhagen) {. {-9223372036854775808 3020 0 LMT}. {-2524524620 3020 0 CMT}. {-2398294220 3600 0 CET}. {-1692496800 7200 1 CEST}. {-1680490800 3600 0 CET}. {-935110800 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-781052400 7200 0 CEST}. {-769388400 3600 0 CET}. {-747010800 7200 1 CEST}. {-736383600 3600 0 CET}. {-715215600 7200 1 CEST}. {-706748400 3600 0 CET}. {-683161200 7200 1 CEST}. {-675298800 3600 0 CET}. {315529200 3600 0 CET}. {323830800 7200 1 CEST}. {338950800 3600 0 CET}. {354675600 7200 1 CEST}. {370400400 3600 0 CET}. {386125200 7200 1 CEST}. {401850000 3600 0 CET}. {417574800 7200 1 CEST}. {433299600 3600 0 CET}. {449024400 7200 1 CEST}. {465354000 3600 0 CET}. {481078800 7200 1 CEST}. {496803600 3600 0 CET}. {512528

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Dublin Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9452
Entropy (8bit):	3.675115548319436
Encrypted:	false
SSDEEP:
MD5:	D9787AD03D1A020F01FFF1F9AB346C09
SHA1:	C194A0A7F218ABBEB7DB53E3B2062DC349A8C739
SHA-256:	E1DCBC878C8937FBE378033AEE6B0D8C72827BE3D9C094815BFA47AF92130792
SHA-512:	4C596C9BDE55605381C9B6F90837BA8C9EA2992EBC7F3ACDC207CFAE7612E8B13415FD4962DC8D3FD2A75D98025D0E052B8B8486F6C31742D791C6A2C1D1827F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Dublin) {. {-9223372036854775808 -1500 0 LMT}. {-2821649700 -1521 0 DMT}. {-1691962479 2079 1 IST}. {-1680471279 0 0 GMT}. {-1664143200 3600 1 BST}. {-1650146400 0 0 GMT}. {-1633903200 3600 1 BST}. {-1617487200 0 0 GMT}. {-1601848800 3600 1 BST}. {-1586037600 0 0 GMT}. {-1570399200 3600 1 BST}. {-1552168800 0 0 GMT}. {-1538344800 3600 1 BST}. {-1522533600 0 0 GMT}. {-1517011200 0 0 IST}. {-1507500000 3600 1 IST}. {-1490565600 0 0 IST}. {-1473631200 3600 1 IST}. {-1460930400 0 0 IST}. {-1442786400 3600 1 IST}. {-1428876000 0 0 IST}. {-1410732000 3600 1 IST}. {-1396216800 0 0 IST}. {-1379282400 3600 1 IST}. {-1364767200 0 0 IST}. {-1348437600 3600 1 IST}. {-1333317600 0 0 IST}. {-1315778400 3600 1 IST}. {-1301263200 0 0 IST}. {-1284328800 3600 1 IST}. {-1269813600 0 0 IST}. {-1253484000 3600 1 IST}. {-1238364000 0 0 IST}. {-

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Gibraltar Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9181
Entropy (8bit):	3.7982744899840535
Encrypted:	false
SSDEEP:
MD5:	F8AEFE8F561ED7E1DC81117676F7D0E0
SHA1:	1148176C2766B205B5D459A620D736B1D28283AA
SHA-256:	FB771A01326E1756C4026365BEE44A6B0FEF3876BF5463EFAB7CF4B97BF87CFC
SHA-512:	7C06CB215B920911E0DC9D24F0DD6E24DEC3D75FB2D0F175A9B4329304C9761FFFEE329DD797FF4343B41119397D7772D1D3DFC8F90C1DE205380DE463F42854
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Gibraltar) {. {-9223372036854775808 -1284 0 LMT}. {-2821649916 0 0 GMT}. {-1691964000 3600 1 BST}. {-1680472800 0 0 GMT}. {-1664143200 3600 1 BST}. {-1650146400 0 0 GMT}. {-1633903200 3600 1 BST}. {-1617487200 0 0 GMT}. {-1601848800 3600 1 BST}. {-1586037600 0 0 GMT}. {-1570399200 3600 1 BST}. {-1552168800 0 0 GMT}. {-1538344800 3600 1 BST}. {-1522533600 0 0 GMT}. {-1507500000 3600 1 BST}. {-1490565600 0 0 GMT}. {-1473631200 3600 1 BST}. {-1460930400 0 0 GMT}. {-1442786400 3600 1 BST}. {-1428876000 0 0 GMT}. {-1410732000 3600 1 BST}. {-1396216800 0 0 GMT}. {-1379282400 3600 1 BST}. {-1364767200 0 0 GMT}. {-1348437600 3600 1 BST}. {-1333317600 0 0 GMT}. {-1315778400 3600 1 BST}. {-1301263200 0 0 GMT}. {-1284328800 3600 1 BST}. {-1269813600 0 0 GMT}. {-1253484000 3600 1 BST}. {-1238364000 0 0 GMT}. {-1221429600 3600 1 BST}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Guernsey Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	178
Entropy (8bit):	4.830450830776494
Encrypted:	false
SSDEEP:
MD5:	DC2B3CAC4AF70A61D0F4C53288CC8D11
SHA1:	A423E06F88FDEED1960AF3C46A67F1CB9F293CAF
SHA-256:	9CB6E6FEC9461F94897F0310BFC3682A1134E284A56C729E7F4BCE726C2E2380
SHA-512:	8B455DA1D1A7AA1259E6E5A5CF90E62BA8073F769DCB8EB82503F2DFB70AA4539A688DC798880339A2722AA1871E8C8F16D8827064A2D7D8F2F232880359C78D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/London)]} {. LoadTimeZoneFile Europe/London.}.set TZData(:Europe/Guernsey) $TZData(:Europe/London).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Helsinki Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7120
Entropy (8bit):	3.635790220811118
Encrypted:	false
SSDEEP:
MD5:	E7A6AA8962067EF71174CD5AE79A8624
SHA1:	1250689DF0DFCCDD4B6B21C7867C4AA515D19ECD
SHA-256:	5FDBE427BC604FAC03316FD08138F140841C8CF2537CDF4B4BB20F2A9DFC4ECB
SHA-512:	5C590164499C4649D555F30054ECB5CF627CCCA8A9F94842328E90DD40477CADB1042D07EA4C368ABB7094D7A59A8C2EE7619E5B3458A0FAC066979B14AF44A6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Helsinki) {. {-9223372036854775808 5989 0 LMT}. {-2890258789 5989 0 HMT}. {-1535938789 7200 0 EET}. {-875671200 10800 1 EEST}. {-859773600 7200 0 EET}. {354672000 10800 1 EEST}. {370396800 7200 0 EET}. {386121600 10800 1 EEST}. {401846400 7200 0 EET}. {410220000 7200 0 EET}. {417574800 10800 1 EEST}. {433299600 7200 0 EET}. {449024400 10800 1 EEST}. {465354000 7200 0 EET}. {481078800 10800 1 EEST}. {496803600 7200 0 EET}. {512528400 10800 1 EEST}. {528253200 7200 0 EET}. {543978000 10800 1 EEST}. {559702800 7200 0 EET}. {575427600 10800 1 EEST}. {591152400 7200 0 EET}. {606877200 10800 1 EEST}. {622602000 7200 0 EET}. {638326800 10800 1 EEST}. {654656400 7200 0 EET}. {670381200 10800 1 EEST}. {686106000 7200 0 EET}. {701830800 10800 1 EEST}. {717555600 7200 0 EET}. {733280400 10800 1 EEST}. {749005200 7200 0 EET}. {764730000

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Isle_of_Man Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	181
Entropy (8bit):	4.866592240835745
Encrypted:	false
SSDEEP:
MD5:	9E18F66C32ADDDBCEDFE8A8B2135A0AC
SHA1:	9D2DC5BE334B0C6AEA15A98624321D56F57C3CB1
SHA-256:	6A03679D9748F4624078376D1FD05428ACD31E7CABBD31F4E38EBCCCF621C268
SHA-512:	014BAD4EF0209026424BC68CBF3F5D2B22B325D61A4476F1E4F020E1EF9CD4B365213E01C7EC6D9D40FA422FE8FE0FADB1E4CBB7D46905499691A642D813A379
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/London)]} {. LoadTimeZoneFile Europe/London.}.set TZData(:Europe/Isle_of_Man) $TZData(:Europe/London).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Istanbul Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3974
Entropy (8bit):	3.7140382290341214
Encrypted:	false
SSDEEP:
MD5:	5F2F14127F11060A57C53565A24CB8F8
SHA1:	E79FC982C018CC7E3C29A956048ED3D0CFFE3311
SHA-256:	EAD62B6D04AA7623B9DF94D41E04C9E30C7BA8EB2CE3504105A0496A66EB87AE
SHA-512:	E709849DEF7F7CDAE3CA44F1939DF49D6FE5DE9C89F541343256FC0F7B9E55390AC496FF599D94B7F594D6BAE724AE4608A43F5870C18210525B061E801CC36B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Istanbul) {. {-9223372036854775808 6952 0 LMT}. {-2840147752 7016 0 IMT}. {-1869875816 7200 0 EET}. {-1693706400 10800 1 EEST}. {-1680490800 7200 0 EET}. {-1570413600 10800 1 EEST}. {-1552186800 7200 0 EET}. {-1538359200 10800 1 EEST}. {-1522551600 7200 0 EET}. {-1507514400 10800 1 EEST}. {-1490583600 7200 0 EET}. {-1440208800 10800 1 EEST}. {-1428030000 7200 0 EET}. {-1409709600 10800 1 EEST}. {-1396494000 7200 0 EET}. {-931140000 10800 1 EEST}. {-922762800 7200 0 EET}. {-917834400 10800 1 EEST}. {-892436400 7200 0 EET}. {-875844000 10800 1 EEST}. {-857358000 7200 0 EET}. {-781063200 10800 1 EEST}. {-764737200 7200 0 EET}. {-744343200 10800 1 EEST}. {-733806000 7200 0 EET}. {-716436000 10800 1 EEST}. {-701924400 7200 0 EET}. {-684986400 10800 1 EEST}. {-670474800 7200 0 EET}. {-654141600 10800 1 EEST}. {-639025200 7200 0 EET}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Jersey Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	176
Entropy (8bit):	4.831245786685746
Encrypted:	false
SSDEEP:
MD5:	F43ABA235B8B98F5C64181ABD1CEEC3A
SHA1:	A4A7D71ED148FBE53C2DF7497A89715EB24E84B7
SHA-256:	8E97798BE473F535816D6D9307B85102C03CC860D3690FE59E0B7EEF94D62D54
SHA-512:	B0E0FC97F08CB656E228353594FC907FC94A998859BB22648BF78043063932D0FC7282D31F63FCB79216218695B5DCDF298C37F0CB206160798CF3CA2C7598E1
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/London)]} {. LoadTimeZoneFile Europe/London.}.set TZData(:Europe/Jersey) $TZData(:Europe/London).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Kaliningrad Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2397
Entropy (8bit):	3.8622541648513464
Encrypted:	false
SSDEEP:
MD5:	FE44AD99AF96A031D21D308B0E534928
SHA1:	36A666585D0895155D31A6E5AFD6B7395C7334AA
SHA-256:	0C65366AB59C4B8734DE0F69E7081269A367116363EB3863D16FB7184CCC5EB9
SHA-512:	2789E8FC8FD73A0D3C915F5CBAD158D2A4995EE51607C4368F3AE1CC6418E93E204E4FCE6F796CDC60BB2E0ED8F79650DA4549C7663589B58E189D0D10F059C5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Kaliningrad) {. {-9223372036854775808 4920 0 LMT}. {-2422056120 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-938905200 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-788922000 7200 0 CET}. {-778730400 10800 1 CEST}. {-762663600 7200 0 CET}. {-757389600 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Kiev Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7202
Entropy (8bit):	3.6738341956502953
Encrypted:	false
SSDEEP:
MD5:	4E693AC10DD3FC66700A878B94D3701D
SHA1:	692200B78A3EA482577D13BE5588FEB0BF94DF01
SHA-256:	3AAC94E73BB4C803BBB4DE14826DAA0AC82BAE5C0841FD7C58B62A5C155C064D
SHA-512:	9B68D418B98DDF855C257890376AEC300FC6024E08C85AF5CFFE70BE9AC39D75293C35D841DB8A7BE5574FD185D736F5CB72205531736A202D25305744A2DD15
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Kiev) {. {-9223372036854775808 7324 0 LMT}. {-2840148124 7324 0 KMT}. {-1441159324 7200 0 EET}. {-1247536800 10800 0 MSK}. {-892522800 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-825382800 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 14400 1 MSD}. {622594800 10800 0 MSK}. {638319600 14400 1 MSD}. {646786800 10800 1 EEST}. {686102400 7200 0 EET}. {701820000 10800 1 EEST}. {717541200 7200 0 EET}. {733269600 1

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Kirov Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1959
Entropy (8bit):	3.5751912319178496
Encrypted:	false
SSDEEP:
MD5:	249037A8019D3A5244DD59D8C3316403
SHA1:	2DABDE83753CE65D1A2D3949FF9B94401A2DD8C3
SHA-256:	5FE8535DD9A4729B68BF5EC178C6F978753A4A01BDC6F5529C2F8A3872B470D1
SHA-512:	4180DE17FDDA1417DD24229F775DD45FDE99078E71F2A583E6629D022DCD1B30CEB1ABCEEC78286CAE286E8CBAFC5A7AB20464D53B8BE2615B4681302C05B120
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Kirov) {. {-9223372036854775808 11928 0 LMT}. {-1593820800 10800 0 +03}. {-1247540400 14400 0 +05}. {354916800 18000 1 +05}. {370724400 14400 0 +04}. {386452800 18000 1 +05}. {402260400 14400 0 +04}. {417988800 18000 1 +05}. {433796400 14400 0 +04}. {449611200 18000 1 +05}. {465343200 14400 0 +04}. {481068000 18000 1 +05}. {496792800 14400 0 +04}. {512517600 18000 1 +05}. {528242400 14400 0 +04}. {543967200 18000 1 +05}. {559692000 14400 0 +04}. {575416800 18000 1 +05}. {591141600 14400 0 +04}. {606866400 10800 0 +04}. {606870000 14400 1 +04}. {622594800 10800 0 +03}. {638319600 14400 1 +04}. {654649200 10800 0 +03}. {670374000 14400 0 +04}. {701820000 10800 0 +04}. {701823600 14400 1 +04}. {717548400 10800 0 +03}. {733273200 14400 1 +04}. {748998000 10800 0 +03}. {764722800 14400 1 +04}. {780447600 10800 0 +03}. {796172400 1

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Lisbon Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9471
Entropy (8bit):	3.738653060534981
Encrypted:	false
SSDEEP:
MD5:	AD82B05F966F0EAD5B2F4FD7B6D56718
SHA1:	DE5A9BB8B0FCA79C38DD35905FF074503D5AAF13
SHA-256:	EE61A08BED392B75FBE67666BDCF7CE26DFA570FC2D1DEC9FFEF51E5D8CD8DF7
SHA-512:	68DC078090E2AF1EAF0150BBCF63E52E4675BF22E2FF6BBA4B4D0B244BFF23C73310A3E63365A4217B8466F2C2E7A4384D05D778F70513183B3A59016A55DDB0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Lisbon) {. {-9223372036854775808 -2205 0 LMT}. {-2713908195 -2205 0 LMT}. {-1830384000 0 0 WET}. {-1689555600 3600 1 WEST}. {-1677801600 0 0 WET}. {-1667437200 3600 1 WEST}. {-1647738000 0 0 WET}. {-1635814800 3600 1 WEST}. {-1616202000 0 0 WET}. {-1604365200 3600 1 WEST}. {-1584666000 0 0 WET}. {-1572742800 3600 1 WEST}. {-1553043600 0 0 WET}. {-1541206800 3600 1 WEST}. {-1521507600 0 0 WET}. {-1442451600 3600 1 WEST}. {-1426813200 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364778000 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333328400 0 0 WET}. {-1316394000 3600 1 WEST}. {-1301274000 0 0 WET}. {-1284339600 3600 1 WEST}. {-1269824400 0 0 WET}. {-1221440400 3600 1 WEST}. {-1206925200 0 0 WET}. {-1191200400 3600 1 WEST}. {-1175475600 0 0 WET}. {-1127696400 3600 1 WEST}. {-1111971600 0 0 WET}. {-1096851600 3600 1 WEST}. {-1080522000

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Ljubljana Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	185
Entropy (8bit):	4.901869793666386
Encrypted:	false
SSDEEP:
MD5:	5F2AEC41DECD9E26955876080C56B247
SHA1:	4FDEC0926933AE5651DE095C519A2C4F9E567691
SHA-256:	88146DA16536CCF587907511FB0EDF40E392E6F6A6EFAB38260D3345CF2832E1
SHA-512:	B71B6C21071DED75B9B36D49EB5A779C5F74817FF070F70FEAB9E3E719E5F1937867547852052AA7BBAE8B842493FBC7DFAFD3AC47B70D36893541419DDB2D74
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Belgrade)]} {. LoadTimeZoneFile Europe/Belgrade.}.set TZData(:Europe/Ljubljana) $TZData(:Europe/Belgrade).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\London Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9839
Entropy (8bit):	3.737361476589814
Encrypted:	false
SSDEEP:
MD5:	2A53A87C26A5D2AF62ECAAD8CECBF0D7
SHA1:	025D31C1D32F1100C1B00858929FD29B4E66E8F6
SHA-256:	2A69A7C9A2EE3057EBDB2615DBE5CB08F5D334210449DC3E42EA88564C29583A
SHA-512:	81EFA13E4AB30A9363E80EC1F464CC51F8DF3C492771494F3624844E074BA9B84FE50EF6C32F9467E6DAB41BD5159B492B752D0C97F3CB2F4B698C04E68C0255
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/London) {. {-9223372036854775808 -75 0 LMT}. {-3852662325 0 0 GMT}. {-1691964000 3600 1 BST}. {-1680472800 0 0 GMT}. {-1664143200 3600 1 BST}. {-1650146400 0 0 GMT}. {-1633903200 3600 1 BST}. {-1617487200 0 0 GMT}. {-1601848800 3600 1 BST}. {-1586037600 0 0 GMT}. {-1570399200 3600 1 BST}. {-1552168800 0 0 GMT}. {-1538344800 3600 1 BST}. {-1522533600 0 0 GMT}. {-1507500000 3600 1 BST}. {-1490565600 0 0 GMT}. {-1473631200 3600 1 BST}. {-1460930400 0 0 GMT}. {-1442786400 3600 1 BST}. {-1428876000 0 0 GMT}. {-1410732000 3600 1 BST}. {-1396216800 0 0 GMT}. {-1379282400 3600 1 BST}. {-1364767200 0 0 GMT}. {-1348437600 3600 1 BST}. {-1333317600 0 0 GMT}. {-1315778400 3600 1 BST}. {-1301263200 0 0 GMT}. {-1284328800 3600 1 BST}. {-1269813600 0 0 GMT}. {-1253484000 3600 1 BST}. {-1238364000 0 0 GMT}. {-1221429600 3600 1 BST}. {-120

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Luxembourg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8826
Entropy (8bit):	3.7634145613638657
Encrypted:	false
SSDEEP:
MD5:	804A17ED0B32B9751C38110D28EB418B
SHA1:	24235897E163D33970451C48C4260F6C10C56ADD
SHA-256:	00E8152B3E5CD216E4FD8A992250C46E600E2AD773EEDDD87DAD31012BE55693
SHA-512:	53AFDDE8D516CED5C6CF0A906DBF72AF09A62278D1FC4D5C1562BBCE853D322457A6346C3DE8F112FCF665102E19A2E677972E941D0C80D0AB7C8DD0B694628E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Luxembourg) {. {-9223372036854775808 1476 0 LMT}. {-2069713476 3600 0 CET}. {-1692496800 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1662343200 7200 1 CEST}. {-1650157200 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-1612659600 0 0 WET}. {-1604278800 3600 1 WEST}. {-1585519200 0 0 WET}. {-1574038800 3600 1 WEST}. {-1552258800 0 0 WET}. {-1539997200 3600 1 WEST}. {-1520550000 0 0 WET}. {-1507510800 3600 1 WEST}. {-1490572800 0 0 WET}. {-1473642000 3600 1 WEST}. {-1459119600 0 0 WET}. {-1444006800 3600 1 WEST}. {-1427673600 0 0 WET}. {-1411866000 3600 1 WEST}. {-1396224000 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364774400 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333324800 0 0 WET}. {-1316394000 3600 1 WEST}. {-1301270400 0 0 WET}. {-1284339600 3600 1 WEST}. {-1269813600 0 0 WET}. {-1253484000 3600 1 WEST}. {-

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Madrid Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8225
Entropy (8bit):	3.745589534746728
Encrypted:	false
SSDEEP:
MD5:	795CAAE9AECE3900DEA1F5EBD0ED668B
SHA1:	61F1745E7B60E19F1286864B7A4285E8CCF11202
SHA-256:	4BE326DD950DDAD6FB9C392A31CEED1CB1525D043F1F7C14332FEB226AEA1859
SHA-512:	BBBABBE86A757D3EE9267128E7DA810346E74FD9CD3EF37192A831958FF0EDBBE47F14DA63669F6799056081D0365194E22D64D14B97490E4333504DFE22D151
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Madrid) {. {-9223372036854775808 -884 0 LMT}. {-2177452800 0 0 WET}. {-1631926800 3600 1 WEST}. {-1616889600 0 0 WET}. {-1601168400 3600 1 WEST}. {-1585353600 0 0 WET}. {-1442451600 3600 1 WEST}. {-1427673600 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364774400 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333324800 0 0 WET}. {-1316390400 3600 1 WEST}. {-1301270400 0 0 WET}. {-1284339600 3600 1 WEST}. {-1269820800 0 0 WET}. {-1026954000 3600 1 WEST}. {-1017619200 0 0 WET}. {-1001898000 3600 1 WEST}. {-999482400 7200 1 WEMT}. {-986090400 3600 1 WEST}. {-954115200 0 0 WET}. {-940208400 3600 0 CET}. {-873079200 7200 1 CEST}. {-862621200 3600 0 CET}. {-842839200 7200 1 CEST}. {-828320400 3600 0 CET}. {-811389600 7200 1 CEST}. {-796870800 3600 0 CET}. {-779940000 7200 1 CEST}. {-765421200 3600 0 CET}. {-748490400 7200 1 CEST}. {-733971600

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Malta Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8425
Entropy (8bit):	3.728789296531475
Encrypted:	false
SSDEEP:
MD5:	5F73FCB70E5B27E540C1A5133F3B791C
SHA1:	406A2FB6439A3532150D69E711F253665F000B3C
SHA-256:	5E3BB07FD3592163A756596A25060683CDA7930C7F4411A406B3E1506F9B901C
SHA-512:	5263ABBE91D95BDD359B666BCDDAA6B4C8B810E986B9A94A80AF2B28E48C9C949EC5D5F21158AD306F7AF5BB6A47408C9AA5C5BB6D0053A9B9DA89E76E126FB1
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Malta) {. {-9223372036854775808 3484 0 LMT}. {-2403478684 3600 0 CET}. {-1690765200 7200 1 CEST}. {-1680487200 3600 0 CET}. {-1664758800 7200 1 CEST}. {-1648951200 3600 0 CET}. {-1635123600 7200 1 CEST}. {-1616896800 3600 0 CET}. {-1604278800 7200 1 CEST}. {-1585533600 3600 0 CET}. {-1571014800 7200 1 CEST}. {-1555293600 3600 0 CET}. {-932432400 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812588400 7200 1 CEST}. {-798073200 3600 0 CET}. {-781052400 7200 1 CEST}. {-766717200 3600 0 CET}. {-750898800 7200 1 CEST}. {-733359600 3600 0 CET}. {-719456400 7200 1 CEST}. {-701917200 3600 0 CET}. {-689209200 7200 1 CEST}. {-670460400 3600 0 CET}. {-114051600 7200 1 CEST}. {-103168800 3600 0 CET}. {-81997200 7200 1 CEST}. {-71715600 3600 0 CET}. {-50547600 7200 1 CEST}. {-40266000 3600 0 CET}

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Mariehamn Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	185
Entropy (8bit):	4.913470013356756
Encrypted:	false
SSDEEP:
MD5:	CFB0DE2E11B8AF400537BD0EF493C004
SHA1:	32E8FCB8571575E9DFE09A966F88C7D3EBCD183E
SHA-256:	5F82A28F1FEE42693FD8F3795F8E0D7E8C15BADF1FD9EE4D45794C4C0F36108C
SHA-512:	9E36B2EACA06F84D56D9A9A0A83C7C106D26A6A55CBAA696729F105600F5A0105F193899D5996C416EFAABC4649E91BA0ED90D38E8DF7B305C6D951A31C80718
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Helsinki)]} {. LoadTimeZoneFile Europe/Helsinki.}.set TZData(:Europe/Mariehamn) $TZData(:Europe/Helsinki).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Minsk Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2102
Entropy (8bit):	3.8519171770148932
Encrypted:	false
SSDEEP:
MD5:	E5ECB372FF8F5ED274597551ED2C35F0
SHA1:	6792E2676C59F43B9F260AF2F33E4C2484E71D64
SHA-256:	78A57D601978869FCAA2737BEC4FDAB72025BC5FDDF7188CCC89034FA767DA6C
SHA-512:	261FFB4C7974C5F1C0AECA49D9B26F3BC2998C63CEF9CB168B1060E9EC12F7057DB5376128AFD8A31AF2CC9EF79577E96CD9863AA46AC330A5F057F72E43B7B9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Minsk) {. {-9223372036854775808 6616 0 LMT}. {-2840147416 6600 0 MMT}. {-1441158600 7200 0 EET}. {-1247536800 10800 0 MSK}. {-899780400 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-804646800 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 14400 1 MSD}. {622594800 10800 0 MSK}. {631141200 10800 0 MSK}. {670374000 7200 0 EEMMTT}. {670377600 10800 1 EEST}. {686102400 7200 0 EET}. {7018272

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Monaco Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8871
Entropy (8bit):	3.7700564621466666
Encrypted:	false
SSDEEP:
MD5:	B2BA91B2CDD19E255B68EA35E033C061
SHA1:	246E377E815FFC11BBAF898E952194FBEDAE9AA2
SHA-256:	768E3D45DB560777C8E13ED9237956CFE8630D840683FAD065A2F6948FD797BE
SHA-512:	607383524C478F1CB442679F6DE0964F8916EE1A8B0EF6806BDF7652E4520B0E842A611B432FB190C30C391180EA1867268BBBF6067310F70D5E72CB3E4D789F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Monaco) {. {-9223372036854775808 1772 0 LMT}. {-2486680172 561 0 PMT}. {-1855958961 0 0 WET}. {-1689814800 3600 1 WEST}. {-1680397200 0 0 WET}. {-1665363600 3600 1 WEST}. {-1648342800 0 0 WET}. {-1635123600 3600 1 WEST}. {-1616893200 0 0 WET}. {-1604278800 3600 1 WEST}. {-1585443600 0 0 WET}. {-1574038800 3600 1 WEST}. {-1552266000 0 0 WET}. {-1539997200 3600 1 WEST}. {-1520557200 0 0 WET}. {-1507510800 3600 1 WEST}. {-1490576400 0 0 WET}. {-1470618000 3600 1 WEST}. {-1459126800 0 0 WET}. {-1444006800 3600 1 WEST}. {-1427677200 0 0 WET}. {-1411952400 3600 1 WEST}. {-1396227600 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364778000 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333328400 0 0 WET}. {-1316394000 3600 1 WEST}. {-1301274000 0 0 WET}. {-1284339600 3600 1 WEST}. {-1269824400 0 0 WET}. {-1253494800 3600 1 WEST}. {-1238374800 0 0

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Moscow Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2347
Entropy (8bit):	3.859849674605335
Encrypted:	false
SSDEEP:
MD5:	AB2CB4A38196852883272148B4A14085
SHA1:	ED22233A615B775DB528053807858A0B69E9D4FB
SHA-256:	D9814005CB99F2275A4356A8B226E16C7C823ADC940F3A7BBB909D4C01BF44E3
SHA-512:	F2179FC1C15954FD7F7B824C5310183C96EDC630880E1C8C85DF4423ECC5994B8A9CA826745CC8BCA77945A36BCADAA87620C31FFBD40071438695A610EBF045
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Moscow) {. {-9223372036854775808 9017 0 LMT}. {-2840149817 9017 0 MMT}. {-1688265017 9079 0 MMT}. {-1656819079 12679 1 MST}. {-1641353479 9079 0 MMT}. {-1627965079 16279 1 MDST}. {-1618716679 12679 1 MST}. {-1596429079 16279 1 MDST}. {-1593820800 14400 0 MSD}. {-1589860800 10800 0 MSK}. {-1542427200 14400 1 MSD}. {-1539493200 18000 1 +05}. {-1525323600 14400 1 MSD}. {-1491188400 7200 0 EET}. {-1247536800 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 14400 1

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Nicosia Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	174
Entropy (8bit):	4.73570159193188
Encrypted:	false
SSDEEP:
MD5:	47C275C076A278CA8E1FF24E9E46CC22
SHA1:	55992974C353552467C2B57E3955E4DD86BBFAD2
SHA-256:	34B61E78EF15EA98C056C1AC8C6F1FA0AE87BD6BC85C58BE8DA44D017B2CA387
SHA-512:	1F74FC0B452C0BE35360D1C9EC8347063E8480CA37BE893FD4FF7FC2279B7D0C0909A26763C7755DFB19BE9736340D3FB00D39E9F6BF23C1D2F0015372139847
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Nicosia)]} {. LoadTimeZoneFile Asia/Nicosia.}.set TZData(:Europe/Nicosia) $TZData(:Asia/Nicosia).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Oslo Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7651
Entropy (8bit):	3.7309855254369766
Encrypted:	false
SSDEEP:
MD5:	2A3F771DD9EAE2E9C1D8394C12C0ED71
SHA1:	541DCF144EFFE2DFF27B81A50D245C7385CC0871
SHA-256:	8DDFB0296622E0BFDBEF4D0C2B4EA2522DE26A16D05340DFECA320C0E7B2B1F7
SHA-512:	E1526BD21E379F8B2285481E3E12C1CF775AE43E205D3E7E4A1906B87821D5E15B101B24463A055B6013879CD2777112C7F27B5C5220F280E3C48240367AA663
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Oslo) {. {-9223372036854775808 2580 0 LMT}. {-2366757780 3600 0 CET}. {-1691884800 7200 1 CEST}. {-1680573600 3600 0 CET}. {-927511200 7200 0 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-781052400 7200 0 CEST}. {-765327600 3600 0 CET}. {-340844400 7200 1 CEST}. {-324514800 3600 0 CET}. {-308790000 7200 1 CEST}. {-293065200 3600 0 CET}. {-277340400 7200 1 CEST}. {-261615600 3600 0 CET}. {-245890800 7200 1 CEST}. {-230166000 3600 0 CET}. {-214441200 7200 1 CEST}. {-198716400 3600 0 CET}. {-182991600 7200 1 CEST}. {-166662000 3600 0 CET}. {-147913200 7200 1 CEST}. {-135212400 3600 0 CET}. {315529200 3600 0 CET}. {323830800 7200 1 CEST}. {338950800 3600 0 CET}. {354675600 7200 1 CEST}. {370400400 3600 0 CET}. {386125200 7200 1 CEST}. {40185

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Paris Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8838
Entropy (8bit):	3.7637328221887567
Encrypted:	false
SSDEEP:
MD5:	153CA0EF3813D91C5E23B34ADFE7A318
SHA1:	F7F18CB34424A9B62172F00374853F1D4A89BEE4
SHA-256:	092BF010A1CF3819B102C2A70340F4D67C87BE2E6A8154716241012B5DFABD88
SHA-512:	E2D418D43D9DFD169238DDB0E790714D3B88D16398FA041A9646CB35F24EF79EE48DA4B6201E6A598E89D4C651F8A2FB9FB874B2010A51B3CD35A86767BAF4D2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Paris) {. {-9223372036854775808 561 0 LMT}. {-2486678901 561 0 PMT}. {-1855958901 0 0 WET}. {-1689814800 3600 1 WEST}. {-1680397200 0 0 WET}. {-1665363600 3600 1 WEST}. {-1648342800 0 0 WET}. {-1635123600 3600 1 WEST}. {-1616893200 0 0 WET}. {-1604278800 3600 1 WEST}. {-1585443600 0 0 WET}. {-1574038800 3600 1 WEST}. {-1552266000 0 0 WET}. {-1539997200 3600 1 WEST}. {-1520557200 0 0 WET}. {-1507510800 3600 1 WEST}. {-1490576400 0 0 WET}. {-1470618000 3600 1 WEST}. {-1459126800 0 0 WET}. {-1444006800 3600 1 WEST}. {-1427677200 0 0 WET}. {-1411952400 3600 1 WEST}. {-1396227600 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364778000 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333328400 0 0 WET}. {-1316394000 3600 1 WEST}. {-1301274000 0 0 WET}. {-1284339600 3600 1 WEST}. {-1269824400 0 0 WET}. {-1253494800 3600 1 WEST}. {-1238374800 0 0 W

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Podgorica Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	185
Entropy (8bit):	4.86256001696314
Encrypted:	false
SSDEEP:
MD5:	4F430ECF91032E40457F2D2734887860
SHA1:	D1C099523C34ED0BD48C24A511377B232548591D
SHA-256:	F5AB2E253CA0AB7A9C905B720B19F713469877DE1874D5AF81A8F3E74BA17FC8
SHA-512:	2E6E73076A18F1C6C8E89949899F81F232AE66FEB8FFA2A5CE5447FFF581A0D5E0E88DABEAA3C858CC5544C2AE9C6717E590E846CBFD58CEF3B7558F677334FB
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Belgrade)]} {. LoadTimeZoneFile Europe/Belgrade.}.set TZData(:Europe/Podgorica) $TZData(:Europe/Belgrade).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Prague Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7763
Entropy (8bit):	3.7367850410615597
Encrypted:	false
SSDEEP:
MD5:	D04290286789AB05490A7DE8569D80AB
SHA1:	B65938E29CBFB65D253E041EE1CD92FE75C3C663
SHA-256:	60494447C38C67E8173D4A9CDBA8D16AF90545FA83F3558DB8C9B7D0D052DD45
SHA-512:	B0897CD4785D737B7C5E5CE717B55AEE8689F83105DDB8A0DA2B4977961124AFA5AF573D57AA4467E5DB68FC5F927D7B58AEE7280238392C5666CC090476EC91
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Prague) {. {-9223372036854775808 3464 0 LMT}. {-3786829064 3464 0 PMT}. {-2469401864 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-938905200 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-781052400 7200 1 CEST}. {-777862800 7200 0 CEST}. {-765327600 3600 0 CET}. {-746578800 7200 1 CEST}. {-733359600 3600 0 CET}. {-728517600 0 1 GMT}. {-721260000 0 0 CET}. {-716425200 7200 1 CEST}. {-701910000 3600 0 CET}. {-684975600 7200 1 CEST}. {-670460400 3600 0 CET}. {-654217200 7200 1 CEST}. {-639010800 3600 0 CET}. {283993200 3600 0 CET}. {291776400 7200 1 CEST}. {307501200 3600 0 CET}. {323830800 7200 1 CEST}. {338

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Riga Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7400
Entropy (8bit):	3.686652767751974
Encrypted:	false
SSDEEP:
MD5:	5F71EBD41FC26CA6FAA0A26CE83FA618
SHA1:	0FC66EEB374A2930A7F6E2BB5B7D6C4FD00A258C
SHA-256:	6F63E58F355EF6C4CF8F954E01544B0E152605A72B400C731E3100B422A567D0
SHA-512:	20B730949A4967C49D259D4D00D8020579580F7FAA0278FBCEBDF8A8173BBF63846DDBF26FFFBBADB0FAF3FD0EB427DBB8CF18A4A80F7B023D2027CC952A773F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Riga) {. {-9223372036854775808 5794 0 LMT}. {-2840146594 5794 0 RMT}. {-1632008194 9394 1 LST}. {-1618702594 5794 0 RMT}. {-1601681794 9394 1 LST}. {-1597275394 5794 0 RMT}. {-1377308194 7200 0 EET}. {-928029600 10800 0 MSK}. {-899521200 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-795834000 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 10800 1 EEST}. {622598

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Rome Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8511
Entropy (8bit):	3.729257183076779
Encrypted:	false
SSDEEP:
MD5:	3E209874EA8830B8436F897B0B7682B1
SHA1:	FC9AB2212C10C25850ACE69DC3BE125FD0912092
SHA-256:	626E7F8389382108E323B8447416BAC420A29442D852817024A39A97D556F365
SHA-512:	24C1A7890E076C4D58426D62726BC21FA6F70F16B5E9797405B7404AACB1CB2FC283483018418EF0CEE43720838864E01427C60269D98866A48F35CAF0483EFA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Rome) {. {-9223372036854775808 2996 0 LMT}. {-3259097396 2996 0 RMT}. {-2403565200 3600 0 CET}. {-1690765200 7200 1 CEST}. {-1680487200 3600 0 CET}. {-1664758800 7200 1 CEST}. {-1648951200 3600 0 CET}. {-1635123600 7200 1 CEST}. {-1616896800 3600 0 CET}. {-1604278800 7200 1 CEST}. {-1585533600 3600 0 CET}. {-1571014800 7200 1 CEST}. {-1555293600 3600 0 CET}. {-932432400 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-830307600 7200 0 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-807152400 7200 0 CEST}. {-798073200 3600 0 CET}. {-781052400 7200 1 CEST}. {-766717200 3600 0 CET}. {-750898800 7200 1 CEST}. {-733359600 3600 0 CET}. {-719456400 7200 1 CEST}. {-701917200 3600 0 CET}. {-689209200 7200 1 CEST}. {-670460400 3600 0 CET}. {-114051600 7200 1 CEST}. {-103168800 3600 0 CET}. {-81997200 7200 1 C

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Samara Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2045
Entropy (8bit):	3.5710319343050183
Encrypted:	false
SSDEEP:
MD5:	30271DF851CE290256FA0BE793F3A918
SHA1:	307BF37BD5110537B023A648AAC41F86E3D34ACB
SHA-256:	11400A62327FB9DEFB2D16EBD8E759F94C37EF4F12C49AC97DA2E5031FFA0079
SHA-512:	3E86BDF258BA23AFF9E1BDCDFE7853D5413A589160F67AF7424CE014B7A77A948B8BF973EB02A0FFFE47D5D0EA4464D851DF294C04AF685C0AF7A0EB08DD9067
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Samara) {. {-9223372036854775808 12020 0 LMT}. {-1593820800 10800 0 +03}. {-1247540400 14400 0 +04}. {-1102305600 14400 0 +05}. {354916800 18000 1 +05}. {370724400 14400 0 +04}. {386452800 18000 1 +05}. {402260400 14400 0 +04}. {417988800 18000 1 +05}. {433796400 14400 0 +04}. {449611200 18000 1 +05}. {465343200 14400 0 +04}. {481068000 18000 1 +05}. {496792800 14400 0 +04}. {512517600 18000 1 +05}. {528242400 14400 0 +04}. {543967200 18000 1 +05}. {559692000 14400 0 +04}. {575416800 18000 1 +05}. {591141600 14400 0 +04}. {606866400 10800 0 +04}. {606870000 14400 1 +04}. {622594800 10800 0 +03}. {638319600 14400 1 +04}. {654649200 10800 0 +03}. {670374000 7200 0 +03}. {670377600 10800 1 +03}. {686102400 10800 0 +03}. {687916800 14400 0 +04}. {701820000 18000 1 +05}. {717544800 14400 0 +04}. {733269600 18000 1 +05}. {748994400

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\San_Marino Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	174
Entropy (8bit):	4.908962717024613
Encrypted:	false
SSDEEP:
MD5:	C50388AD7194924572FA470761DD09C7
SHA1:	EF0A2223B06BE12EFE55EE72BF2C941B7BFB2FFE
SHA-256:	7F89757BAE3C7AE59200DCEEEE5C38A7F74EBAA4AA949F54AFD5E9BB64B13123
SHA-512:	0CE5FF2F839CD64A2C9A5AE6BBE122C91342AE44BDECDB9A3BA9F08578BC0B474BC0AF0E773868B273423289254909A38902B225A0092D048AC44BCF883AB4B0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Rome)]} {. LoadTimeZoneFile Europe/Rome.}.set TZData(:Europe/San_Marino) $TZData(:Europe/Rome).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Sarajevo Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	184
Entropy (8bit):	4.890934294125181
Encrypted:	false
SSDEEP:
MD5:	5C12CEEDB17515260E2E143FB8F867F5
SHA1:	51B9CDF922BFBA52BF2618B63435EC510DEAE423
SHA-256:	7C45DFD5F016982F01589FD2D1BAF97898D5716951A4E08C3540A76E8D56CEB1
SHA-512:	7A6B7FDFD6E5CFEB2D1AC136922304B0A65362E19307E0F1E20DBF48BED95A262FAC9CBCDB015C3C744D57118A85BD47A57636A05144430BF6707404F8E53E8C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Belgrade)]} {. LoadTimeZoneFile Europe/Belgrade.}.set TZData(:Europe/Sarajevo) $TZData(:Europe/Belgrade).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Saratov Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1990
Entropy (8bit):	3.5705804674707893
Encrypted:	false
SSDEEP:
MD5:	EEA55E1788265CCC7B3BDB775AF3DD38
SHA1:	E327A5965114AB8BF6E479989E43786F0B74CFB1
SHA-256:	0031D4DEC64866DEB1B5E566BB957F2C0E46E5751B31DF9C8A3DA1912AEC4CB2
SHA-512:	21EF7D364814259F23319D4BC0E4F7F0653D35C1DD03D22ACD8E9A540EE8A9E651BEE22501E4150F6C74901AC2ED750CE08AAE0551DF5A44AB11FD4A3DB49D59
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Saratov) {. {-9223372036854775808 11058 0 LMT}. {-1593820800 10800 0 +03}. {-1247540400 14400 0 +05}. {354916800 18000 1 +05}. {370724400 14400 0 +04}. {386452800 18000 1 +05}. {402260400 14400 0 +04}. {417988800 18000 1 +05}. {433796400 14400 0 +04}. {449611200 18000 1 +05}. {465343200 14400 0 +04}. {481068000 18000 1 +05}. {496792800 14400 0 +04}. {512517600 18000 1 +05}. {528242400 14400 0 +04}. {543967200 18000 1 +05}. {559692000 14400 0 +04}. {575416800 10800 0 +04}. {575420400 14400 1 +04}. {591145200 10800 0 +03}. {606870000 14400 1 +04}. {622594800 10800 0 +03}. {638319600 14400 1 +04}. {654649200 10800 0 +03}. {670374000 14400 0 +04}. {701820000 10800 0 +04}. {701823600 14400 1 +04}. {717548400 10800 0 +03}. {733273200 14400 1 +04}. {748998000 10800 0 +03}. {764722800 14400 1 +04}. {780447600 10800 0 +03}. {796172400

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Simferopol Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2307
Entropy (8bit):	3.8673720237532523
Encrypted:	false
SSDEEP:
MD5:	F745F2F2FDEA14C70EA27BA35D4E3051
SHA1:	C4F01A629E6BAFB31F722FA65DC92B36D4E61E43
SHA-256:	EAE97716107B2BF4A14A08DD6197E0542B6EE27C3E12C726FC5BAEF16A144165
SHA-512:	0E32BE79C2576943D3CB684C2E25EE3970BE7F490FF8FD41BD897249EA560F280933B26B3FBB841C67915A3427CB009A1BFC3DACD70C4F77E33664104E32033E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Simferopol) {. {-9223372036854775808 8184 0 LMT}. {-2840148984 8160 0 SMT}. {-1441160160 7200 0 EET}. {-1247536800 10800 0 MSK}. {-888894000 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-811645200 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 14400 1 MSD}. {622594800 10800 0 MSK}. {631141200 10800 0 MSK}. {646786800 7200 0 EET}. {694216800 7200 0 EET}. {701820000 10800 1 EEST}. {71754

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Skopje Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	182
Entropy (8bit):	4.906520812033373
Encrypted:	false
SSDEEP:
MD5:	BB062D4D5D6EA9BA172AC0555227A09C
SHA1:	75CCA7F75CEB77BE5AFB02943917DB048051F396
SHA-256:	51820E2C5938CEF89A6ED2114020BD32226EF92102645526352E1CB7995B7D0A
SHA-512:	8C6AD79DD225C566D2D93606575A1BF8DECF091EDFEED1F10CB41C5464A6A9F1C15BEB4957D76BD1E03F5AE430319480A3FDACEF3116EA2AF0464427468BC855
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Belgrade)]} {. LoadTimeZoneFile Europe/Belgrade.}.set TZData(:Europe/Skopje) $TZData(:Europe/Belgrade).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Sofia Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7396
Entropy (8bit):	3.6373782291014924
Encrypted:	false
SSDEEP:
MD5:	8B538BB68A7FF0EB541EB2716264BAD9
SHA1:	49899F763786D4E7324CC5BAAECFEA87D5C4F6C7
SHA-256:	9D60EF4DBA6D3802CDD25DC87E00413EC7F37777868C832A9E4963E8BCDB103C
SHA-512:	AD8D75EE4A484050BB108577AE16E609358A9E4F31EA1649169B4A26C8348A502B4135FE3A282A2454799250C6EDF9E70B236BCF23E1F6540E123E39E81BBE41
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Sofia) {. {-9223372036854775808 5596 0 LMT}. {-2840146396 7016 0 IMT}. {-2369527016 7200 0 EET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-788922000 3600 0 CET}. {-781048800 7200 0 EET}. {291762000 10800 0 EEST}. {307576800 7200 0 EET}. {323816400 10800 1 EEST}. {339026400 7200 0 EET}. {355266000 10800 1 EEST}. {370393200 7200 0 EET}. {386715600 10800 1 EEST}. {401846400 7200 0 EET}. {417571200 10800 1 EEST}. {433296000 7200 0 EET}. {449020800 10800 1 EEST}. {465350400 7200 0 EET}. {481075200 10800 1 EEST}. {496800000 7200 0 EET}. {512524800 10800 1 EEST}. {528249600 7200 0 EET}. {543974400 10800 1 EEST}. {559699200 7200 0 EET}. {575424000 10800 1 EEST}. {591148800 7200 0 EET}. {606873600 10800 1 EEST}. {622598400 7200 0 EET}. {638323200 10

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Stockholm Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7058
Entropy (8bit):	3.730067397634837
Encrypted:	false
SSDEEP:
MD5:	7F6C45358FC5E91125ACBDD46BBD93FE
SHA1:	C07A80D3C136679751D64866B725CC390D73B750
SHA-256:	119E9F7B1284462EB8E920E7216D1C219B09A73B323796BBF843346ECD71309A
SHA-512:	585AE0B1DE1F5D31E45972169C831D837C19D05E21F65FAD3CB84BEF8270C31BF2F635FB803CB70C569FAC2C8AA6ABDE057943F4B51BF1D73B72695FE95ECFD2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Stockholm) {. {-9223372036854775808 4332 0 LMT}. {-2871681132 3614 0 SET}. {-2208992414 3600 0 CET}. {-1692496800 7200 1 CEST}. {-1680483600 3600 0 CET}. {315529200 3600 0 CET}. {323830800 7200 1 CEST}. {338950800 3600 0 CET}. {354675600 7200 1 CEST}. {370400400 3600 0 CET}. {386125200 7200 1 CEST}. {401850000 3600 0 CET}. {417574800 7200 1 CEST}. {433299600 3600 0 CET}. {449024400 7200 1 CEST}. {465354000 3600 0 CET}. {481078800 7200 1 CEST}. {496803600 3600 0 CET}. {512528400 7200 1 CEST}. {528253200 3600 0 CET}. {543978000 7200 1 CEST}. {559702800 3600 0 CET}. {575427600 7200 1 CEST}. {591152400 3600 0 CET}. {606877200 7200 1 CEST}. {622602000 3600 0 CET}. {638326800 7200 1 CEST}. {654656400 3600 0 CET}. {670381200 7200 1 CEST}. {686106000 3600 0 CET}. {701830800 7200 1 CEST}. {717555600 3600 0 CET}. {733280400 7200 1 CEST

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Tallinn Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7295
Entropy (8bit):	3.6772204206246193
Encrypted:	false
SSDEEP:
MD5:	981078CAEAA994DD0C088B8C4255018A
SHA1:	5B5E542491FCCC80B04F6F3CA3BA76FEE35BC207
SHA-256:	716CFFE58847E0084C904A01EF4230F63275660691A4BA54D0B80654E215CC8F
SHA-512:	3010639D28C7363D0B787F84EF57EE30F457BD8A6A64AEDED1E813EB1AF0A8D85DA0A788C810509F932867F7361B338753CC9B79ACA95D2D32A77F7A8AA8BC9F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Tallinn) {. {-9223372036854775808 5940 0 LMT}. {-2840146740 5940 0 TMT}. {-1638322740 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-1593824400 5940 0 TMT}. {-1535938740 7200 0 EET}. {-927943200 10800 0 MSK}. {-892954800 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-797648400 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 10800 1 EEST}. {622598400 7200 0 EET}. {638

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Tirane Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7412
Entropy (8bit):	3.7216700074911437
Encrypted:	false
SSDEEP:
MD5:	872AB00046280F53657A47D41FBA5EFE
SHA1:	311BF2342808BD9DC8AB2C2856A1F91F50CFB740
SHA-256:	D02C2CD894AE4D3C2619A4249088A566B02517FA3BF65DEFAF4280C407E5B5B3
SHA-512:	2FF901990FA8D6713D875F90FE611E54B35A2216C380E88D408C4FB5BD06916EE804DC6331C117C3AC643731BEADB5BDEDEA0F963B89FAEDB07CA3FFD0B3A535
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Tirane) {. {-9223372036854775808 4760 0 LMT}. {-1767230360 3600 0 CET}. {-932346000 7200 0 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-843519600 3600 0 CET}. {136854000 7200 1 CEST}. {149896800 3600 0 CET}. {168130800 7200 1 CEST}. {181432800 3600 0 CET}. {199839600 7200 1 CEST}. {213141600 3600 0 CET}. {231894000 7200 1 CEST}. {244591200 3600 0 CET}. {263257200 7200 1 CEST}. {276040800 3600 0 CET}. {294706800 7200 1 CEST}. {307490400 3600 0 CET}. {326156400 7200 1 CEST}. {339458400 3600 0 CET}. {357087600 7200 1 CEST}. {370389600 3600 0 CET}. {389142000 7200 1 CEST}. {402444000 3600 0 CET}. {419468400 7200 1 CEST}. {433807200 3600 0 CET}. {449622000 7200 1 CEST}. {457480800 7200 0 CEST}. {465354000 3600 0 CET}. {481078800 7200 1 CEST}. {496803600 3600 0 CET}. {512528400 7200 1 CEST}. {528253200 3600 0 CET}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Tiraspol Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	184
Entropy (8bit):	4.85845283098493
Encrypted:	false
SSDEEP:
MD5:	743453106E8CD7AE48A2F575255AF700
SHA1:	7CD6F6DCA61792B4B2CBF6645967B9349ECEACBE
SHA-256:	C28078D4B42223871B7E1EB42EEB4E70EA0FED638288E9FDA5BB5F954D403AFB
SHA-512:	458072C7660BEAFEB9AE5A2D3AEA6DA582574D80193C89F08A57B17033126E28A175F5B6E2990034660CAE3BC1E837F8312BC4AA365F426BD54588D0C5A12EB8
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Chisinau)]} {. LoadTimeZoneFile Europe/Chisinau.}.set TZData(:Europe/Tiraspol) $TZData(:Europe/Chisinau).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Ulyanovsk Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2046
Entropy (8bit):	3.588329521363201
Encrypted:	false
SSDEEP:
MD5:	E4394950F7838CD984172D68DA413486
SHA1:	75F84A4C887463DE3F82C7F0339DD7D71871AA65
SHA-256:	CB780BBC06F9268CE126461AF9B6539FF16964767A8763479099982214280896
SHA-512:	7D0E3904300FDD3C4814E15A3C042F3E641BF56AF6867DA7580D1DAD8E07F5B4F0C0717A34E8336C0908D760EDCD48605C7B6BA06A5165BD2BD3AF0B68399C59
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Ulyanovsk) {. {-9223372036854775808 11616 0 LMT}. {-1593820800 10800 0 +03}. {-1247540400 14400 0 +05}. {354916800 18000 1 +05}. {370724400 14400 0 +04}. {386452800 18000 1 +05}. {402260400 14400 0 +04}. {417988800 18000 1 +05}. {433796400 14400 0 +04}. {449611200 18000 1 +05}. {465343200 14400 0 +04}. {481068000 18000 1 +05}. {496792800 14400 0 +04}. {512517600 18000 1 +05}. {528242400 14400 0 +04}. {543967200 18000 1 +05}. {559692000 14400 0 +04}. {575416800 18000 1 +05}. {591141600 14400 0 +04}. {606866400 10800 0 +04}. {606870000 14400 1 +04}. {622594800 10800 0 +03}. {638319600 14400 1 +04}. {654649200 10800 0 +03}. {670374000 7200 0 +03}. {670377600 10800 1 +03}. {686102400 7200 0 +02}. {695779200 10800 0 +04}. {701823600 14400 1 +04}. {717548400 10800 0 +03}. {733273200 14400 1 +04}. {748998000 10800 0 +03}. {764722800

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Vaduz Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	175
Entropy (8bit):	4.906311228352029
Encrypted:	false
SSDEEP:
MD5:	C1817BA53C7CD6BF007A7D1E17FBDFF1
SHA1:	C72DCD724E24BBE7C22F9279B05EE03924603348
SHA-256:	E000C8E2A27AE8494DC462D486DC28DAFA502F644FC1540B7B6050EABE4712DC
SHA-512:	E48C1E1E60233CEC648004B6441F4A49D18D07904F88670A6F9A3DACC3006F7D7CE4A9ACB6C9B6DB8F45CB324EA1BCF6CC3DA8C1FFB40A948BB2231AC4B57EEB
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Zurich)]} {. LoadTimeZoneFile Europe/Zurich.}.set TZData(:Europe/Vaduz) $TZData(:Europe/Zurich).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Vatican Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	171
Entropy (8bit):	4.8663121336740405
Encrypted:	false
SSDEEP:
MD5:	0652C9CF19CCF5C8210330B22F200D47
SHA1:	052121E14825CDF98422CAA2CDD20184F184A446
SHA-256:	3BC0656B5B52E3C3C6B7BC5A53F9228AAFA3EB867982CFD9332B7988687D310B
SHA-512:	1880524DCA926F4BFD1972E53D5FE616DE18E4A29E9796ABEAEE4D7CD10C6FE79C0D731B305BD4DAA6FC3917B286543D622F2291B76DABA231B9B22A784C7475
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Rome)]} {. LoadTimeZoneFile Europe/Rome.}.set TZData(:Europe/Vatican) $TZData(:Europe/Rome).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Vienna Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7659
Entropy (8bit):	3.7322931990772257
Encrypted:	false
SSDEEP:
MD5:	E8D0D78179D1E9D738CEEC1D0D4943E5
SHA1:	E0469B86F545FFFA81CE9694C96FE30F33F745DD
SHA-256:	44FF42A100EA0EB448C3C00C375F1A53614B0B5D468ADF46F2E5EAFF44F7A64C
SHA-512:	FACA076F44A64211400910E4A7CAD475DD24745ECCE2FE608DD47B0D5BB9221FF15B9D58A767A90FF8D25E0545C3E50B3E464FF80B1D23E934489420640F5C8A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Vienna) {. {-9223372036854775808 3921 0 LMT}. {-2422055121 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-1577926800 3600 0 CET}. {-1569711600 7200 1 CEST}. {-1555801200 3600 0 CET}. {-938905200 7200 0 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-781052400 7200 1 CEST}. {-780188400 3600 0 CET}. {-757386000 3600 0 CET}. {-748479600 7200 1 CEST}. {-733359600 3600 0 CET}. {-717634800 7200 1 CEST}. {-701910000 3600 0 CET}. {-684975600 7200 1 CEST}. {-670460400 3600 0 CET}. {323823600 7200 1 CEST}. {338940000 3600 0 CET}. {347151600 3600 0 CET}. {354675600 7200 1 CEST}. {370400400 3600 0 CET}. {386125200 7200 1 CEST}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Vilnius Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7233
Entropy (8bit):	3.682695131194103
Encrypted:	false
SSDEEP:
MD5:	CF7967CD882413C1423CCD5A1EDC8B2E
SHA1:	72F5F5D280530A67591FC0F88BF272E2975E173C
SHA-256:	1E13055C7BF8D7469AFC28B0ED91171D203B382B62F78D140C1CB12CF968637C
SHA-512:	777B7418FFB8DFE4E6A2B1057BB3CFF2358269044F0E5887260663790D0344BDFD8BF5C220987E30B2D8D391BB96C17C8C5EE86DA83EC4874F7EC3172477DFB6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Vilnius) {. {-9223372036854775808 6076 0 LMT}. {-2840146876 5040 0 WMT}. {-1672536240 5736 0 KMT}. {-1585100136 3600 0 CET}. {-1561251600 7200 0 EET}. {-1553565600 3600 0 CET}. {-928198800 10800 0 MSK}. {-900126000 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-802141200 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 7200 0 EEMMTT}. {606873600 10800 1 EEST}. {622598400 7200 0 EET}. {638

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Volgograd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2021
Entropy (8bit):	3.5806689351967527
Encrypted:	false
SSDEEP:
MD5:	DFC3D37284F1DCFE802539DB1E684399
SHA1:	67778FFE4326B1391C3CFE991B3C84C1E9ACA2D2
SHA-256:	AAFA26F7ED5733A2E45E77D67D7E4E521918CBDC19DAB5BA7774C60B9FDC203F
SHA-512:	B5A63E363CF9814C6E530840D9BB5A78C36493BAD54060781BACDF10DFA8C95988081DE3364E56D3FDFDBB5A6489E549D8CB1C0B5D1C57F53A1B1915B291A0D9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Volgograd) {. {-9223372036854775808 10660 0 LMT}. {-1577761060 10800 0 +03}. {-1247540400 14400 0 +04}. {-256881600 14400 0 +05}. {354916800 18000 1 +05}. {370724400 14400 0 +04}. {386452800 18000 1 +05}. {402260400 14400 0 +04}. {417988800 18000 1 +05}. {433796400 14400 0 +04}. {449611200 18000 1 +05}. {465343200 14400 0 +04}. {481068000 18000 1 +05}. {496792800 14400 0 +04}. {512517600 18000 1 +05}. {528242400 14400 0 +04}. {543967200 18000 1 +05}. {559692000 14400 0 +04}. {575416800 10800 0 +04}. {575420400 14400 1 +04}. {591145200 10800 0 +03}. {606870000 14400 1 +04}. {622594800 10800 0 +03}. {638319600 14400 1 +04}. {654649200 10800 0 +03}. {670374000 14400 0 +04}. {701820000 10800 0 +04}. {701823600 14400 1 +04}. {717548400 10800 0 +03}. {733273200 14400 1 +04}. {748998000 10800 0 +03}. {764722800 14400 1 +04}. {780447

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Warsaw Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8366
Entropy (8bit):	3.731361496484662
Encrypted:	false
SSDEEP:
MD5:	5F72F26A78BECD6702560DE8C7CCB850
SHA1:	A14E10DCC128B88B3E9C5D2A86DAC7D254CEB123
SHA-256:	054C1CDABAD91C624A4007D7594C30BE96906D5F29B54C292E0B721F8CB03830
SHA-512:	564A575EA2FBDB1D262CF55D55BEFC0BF6EF2081D88DE25712B742F5800D2FBE155EDEF0303F62D497BA0E849174F235D8599E09E1C997789E24FE5583F4B0FC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Warsaw) {. {-9223372036854775808 5040 0 LMT}. {-2840145840 5040 0 WMT}. {-1717032240 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618696800 7200 0 EET}. {-1600473600 10800 1 EEST}. {-1587168000 7200 0 EET}. {-931734000 7200 0 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796870800 7200 0 CEST}. {-796608000 3600 0 CET}. {-778726800 7200 1 CEST}. {-762660000 3600 0 CET}. {-748486800 7200 1 CEST}. {-733273200 3600 0 CET}. {-715215600 7200 1 CEST}. {-701910000 3600 0 CET}. {-684975600 7200 1 CEST}. {-670460400 3600 0 CET}. {-654130800 7200 1 CEST}. {-639010800 3600 0 CET}. {-397094400 7200 1 CEST}. {-386812800 3600 0 CET}. {-371088000 7200 1 CEST}. {-355363200 3600 0

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Zagreb Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	182
Entropy (8bit):	4.851218990240677
Encrypted:	false
SSDEEP:
MD5:	445F589A26E47F9D7BDF1A403A96108E
SHA1:	B119D93796DA7C793F9ED8C5BB8BB65C8DDBFC81
SHA-256:	6E3ED84BC34D90950D267230661C2EC3C32BA190BD57DDC255F4BE901678B208
SHA-512:	F45AF9AC0AF800FDCC74DBED1BDFA106A6A58A15308B5B62B4CB6B091FCFD321F156618BE2C157A1A6CAFAAAC399E4C6B590AF7CE7176F757403B55F09842FD2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Belgrade)]} {. LoadTimeZoneFile Europe/Belgrade.}.set TZData(:Europe/Zagreb) $TZData(:Europe/Belgrade).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Zaporozhye Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7238
Entropy (8bit):	3.6787190163584103
Encrypted:	false
SSDEEP:
MD5:	4AC1F6AB26F3869C757247346BCB72B5
SHA1:	CB0880906DC630F3C2B934998853CD05AAA1FE39
SHA-256:	3E9F843F5C6DDBE8E6431BE28ACB95507DDDCA6C521E2FD3355A103BF38F3CB7
SHA-512:	C4A3AB7B5BA3BC371285654159CB1767ECD52DEDAA61BF69586F6ED61F9F1E877796C28438FF582962C12780484214B5EA670654C87240E01EDD2A4B271EDEEF
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Zaporozhye) {. {-9223372036854775808 8440 0 LMT}. {-2840149240 8400 0 +0220}. {-1441160400 7200 0 EET}. {-1247536800 10800 0 MSK}. {-894769200 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-826419600 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 14400 1 MSD}. {622594800 10800 0 MSK}. {638319600 14400 1 MSD}. {654649200 10800 0 MSK}. {670374000 10800 0 EEST}. {686091600 7200 0 EET}. {701820000 10800 1 EEST}. {71

C:\Users\user\AppData\Local\Update\tcl\tzdata\Europe\Zurich Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7055
Entropy (8bit):	3.732572949993817
Encrypted:	false
SSDEEP:
MD5:	D9A3FAE7D9B5C9681D7A98BFACB6F57A
SHA1:	11268DFEE6D2472B3D8615ED6D70B361521854A2
SHA-256:	C920B4B7C160D8CEB8A08E33E5727B14ECD347509CABB1D6CDC344843ACF009A
SHA-512:	7709778B82155FBF35151F9D436F3174C057EBF7927C48F841B1D8AF008EEA9BC181D862A57C436EC69A528FB8B9854D9E974FC9EEC4FFDFE983299102BCDFB1
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Zurich) {. {-9223372036854775808 2048 0 LMT}. {-3675198848 1786 0 BMT}. {-2385246586 3600 0 CET}. {-904435200 7200 1 CEST}. {-891129600 3600 0 CET}. {-872985600 7200 1 CEST}. {-859680000 3600 0 CET}. {347151600 3600 0 CET}. {354675600 7200 1 CEST}. {370400400 3600 0 CET}. {386125200 7200 1 CEST}. {401850000 3600 0 CET}. {417574800 7200 1 CEST}. {433299600 3600 0 CET}. {449024400 7200 1 CEST}. {465354000 3600 0 CET}. {481078800 7200 1 CEST}. {496803600 3600 0 CET}. {512528400 7200 1 CEST}. {528253200 3600 0 CET}. {543978000 7200 1 CEST}. {559702800 3600 0 CET}. {575427600 7200 1 CEST}. {591152400 3600 0 CET}. {606877200 7200 1 CEST}. {622602000 3600 0 CET}. {638326800 7200 1 CEST}. {654656400 3600 0 CET}. {670381200 7200 1 CEST}. {686106000 3600 0 CET}. {701830800 7200 1 CEST}. {717555600 3600 0 CET}. {733280400 7200 1 CEST}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\GB Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	165
Entropy (8bit):	4.848987525932415
Encrypted:	false
SSDEEP:
MD5:	2639233BCD0119FD601F55F2B6279443
SHA1:	AADF9931DF78F5BC16ED4638947E77AE52E80CA1
SHA-256:	846E203E4B40EA7DC1CB8633BF950A8173D7AA8073C186588CC086BC7C4A2BEE
SHA-512:	8F571F2BBE4C60E240C4EBBB81D410786D1CB8AD0761A99ABB61DDB0811ACC92DCC2F765A7962B5C560B86732286356357D3F408CAC32AC1B2C1F8EAD4AEAEA6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/London)]} {. LoadTimeZoneFile Europe/London.}.set TZData(:GB) $TZData(:Europe/London).

C:\Users\user\AppData\Local\Update\tcl\tzdata\GB-Eire Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	170
Entropy (8bit):	4.860435123210029
Encrypted:	false
SSDEEP:
MD5:	51335479044A047F5597F0F06975B839
SHA1:	234CD9635E61E7D429C70E886FF9C9F707FEAF1F
SHA-256:	FAC3B11B1F4DA9D68CCC193526C4E369E3FAA74F95C8BEE8BB9FAE014ACD5900
SHA-512:	4E37EFDFBAFA5C517BE86195373D083FF4370C5031B35A735E3225E7B17A75899FAFFBDF0C8BCFCBC5DC2D037EE9465AD3ED7C0FA55992027DFD69618DC9918F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/London)]} {. LoadTimeZoneFile Europe/London.}.set TZData(:GB-Eire) $TZData(:Europe/London).

C:\Users\user\AppData\Local\Update\tcl\tzdata\GMT Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	148
Entropy (8bit):	4.817383285510599
Encrypted:	false
SSDEEP:
MD5:	D19DC8277A68AA289A361D28A619E0B0
SHA1:	27F5F30CC2603E1BCB6270AF84E9512DADEEB055
SHA-256:	5B90891127A65F7F3C94B44AA0204BD3F488F21326E098B197FB357C51845B66
SHA-512:	B5DD9C2D55BDB5909A29FD386CF107B83F56CD9B9F979A5D3854B4112B7F8950F4E91FB86AF6556DCF583EE469470810F3F8FB6CCF04FDBD6625A4346D3CD728
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:GMT) $TZData(:Etc/GMT).

C:\Users\user\AppData\Local\Update\tcl\tzdata\GMT+0 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	150
Entropy (8bit):	4.868642878112439
Encrypted:	false
SSDEEP:
MD5:	B5065CD8B1CB665DACDB501797AF5104
SHA1:	0DB4E9AC6E38632302D9689A0A39632C2592F5C7
SHA-256:	6FC1D3C727CD9386A11CAF4983A2FC06A22812FDC7752FBFA7A5252F92BB0E70
SHA-512:	BBA1793CA3BBC768EC441210748098140AE820910036352F5784DD8B2DABA8303BA2E266CB923B500E8F90494D426E8BF115ACD0C000CD0C65896CE7A6AD9D66
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:GMT+0) $TZData(:Etc/GMT).

C:\Users\user\AppData\Local\Update\tcl\tzdata\GMT-0 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	150
Entropy (8bit):	4.8553095447791055
Encrypted:	false
SSDEEP:
MD5:	E71CDE5E33573E78E01F4B7AB19F5728
SHA1:	C296752C449ED90AE20F5AEC3DC1D8F329C2274F
SHA-256:	78C5044C723D21375A1154AE301F29D13698C82B3702042C8B8D1EFF20954078
SHA-512:	6EBB39EF85DA70833F8B6CCD269346DC015743BC049F6F1B385625C5498F4E953A0CEDE76C60314EE671FE0F6EEB56392D62E0128F5B04BC68681F71718FE2BB
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:GMT-0) $TZData(:Etc/GMT).

C:\Users\user\AppData\Local\Update\tcl\tzdata\GMT0 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	149
Entropy (8bit):	4.843152601955343
Encrypted:	false
SSDEEP:
MD5:	FE666CDF1E9AA110A7A0AE699A708927
SHA1:	0E7FCDA9B47BC1D5F4E0DFAD8A9E7B73D71DC9E3
SHA-256:	0A883AFE54FAE0ED7D6535BDAB8A767488A491E6F6D3B7813CF76BB32FED4382
SHA-512:	763591A47057D67E47906AD22270D589100A7380B6F9EAA9AFD9D6D1EE254BCB1471FEC43531C4196765B15F2E27AF9AAB5A688D1C88B45FE7EEA67B6371466E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:GMT0) $TZData(:Etc/GMT).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Greenwich Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	154
Entropy (8bit):	4.869510201987464
Encrypted:	false
SSDEEP:
MD5:	F989F3DB0290B2126DA85D78B74E2061
SHA1:	43A0A1737E1E3EF0501BB65C1E96CE4D0B5635FC
SHA-256:	41A45FCB805DB6054CD1A4C7A5CFBF82668B3B1D0E44A6F54DFB819E4C71F68A
SHA-512:	3EDB8D901E04798B566E6D7D72841C842803AE761BEF3DEF37B8CA481E79915A803F61360FA2F317D7BDCD913AF8F5BB14F404E80CFA4A34E4310055C1DF39F2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:Greenwich) $TZData(:Etc/GMT).

C:\Users\user\AppData\Local\Update\tcl\tzdata\HST Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	106
Entropy (8bit):	4.860812879108152
Encrypted:	false
SSDEEP:
MD5:	3D99F2C6DADF5EEEA4965A04EB17B1BB
SHA1:	8DF607A911ADF6A9DD67D786FC9198262F580312
SHA-256:	2C83D64139BFB1115DA3F891C26DD53B86436771A30FB4DD7C8164B1C0D5BCDE
SHA-512:	EDA863F3A85268BA7A8606E3DCB4D7C88B0681AD8C4CFA1249A22B184F83BFDE9855DD4E5CFC3A4692220E5BEFBF99ED10E13BD98DBCA37D6F29A10AB660EBE2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:HST) {. {-9223372036854775808 -36000 0 HST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Hongkong Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	174
Entropy (8bit):	4.865313867650324
Encrypted:	false
SSDEEP:
MD5:	D828C0668A439FEB9779589A646793F8
SHA1:	1509415B72E2155725FB09615B3E0276F3A46E87
SHA-256:	CF8BFEC73D36026955FA6F020F42B6360A64ED870A88C575A5AA0CD9756EF51B
SHA-512:	0F864B284E48B993DD13296AF05AEB14EBE26AF32832058C1FC32FCCE78E85925A25D980052834035D37935FAAF1CB0A9579AECBE6ADCDB2791A134D88204EBF
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Hong_Kong)]} {. LoadTimeZoneFile Asia/Hong_Kong.}.set TZData(:Hongkong) $TZData(:Asia/Hong_Kong).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Iceland Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	185
Entropy (8bit):	4.840758003302018
Encrypted:	false
SSDEEP:
MD5:	18DEAAAC045B4F103F2D795E0BA77B00
SHA1:	F3B3FE5029355173CD5BA626E075BA73F3AC1DC6
SHA-256:	9BB28A38329767A22CD073DF34E46D0AA202172A4116FBF008DDF802E60B743B
SHA-512:	18140274318E913F0650D21107B74C07779B832C9906F1A2E98433B96AAEADF70D07044EB420A2132A6833EF7C3887B8927CFD40D272A13E69C74A63904F43C9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Atlantic/Reykjavik)]} {. LoadTimeZoneFile Atlantic/Reykjavik.}.set TZData(:Iceland) $TZData(:Atlantic/Reykjavik).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Indian\Antananarivo Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	185
Entropy (8bit):	4.75703014401897
Encrypted:	false
SSDEEP:
MD5:	1E84F531F7992BFBD53B87831FE349E9
SHA1:	E46777885945B7C151C6D46C8F7292FC332A5576
SHA-256:	F4BDCAE4336D22F7844BBCA933795063FA1BCA9EB228C7A4D8222BB07A706427
SHA-512:	545D6DEB94B7A13D69F387FE758C9FC474DC02703F2D485FD42539D3CE03975CDEEFB985E4AA7742957952AF9E9F1E2DB84389277C3864C32C31D890BD399FB9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Indian/Antananarivo) $TZData(:Africa/Nairobi).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Indian\Comoro Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	179
Entropy (8bit):	4.775639640601132
Encrypted:	false
SSDEEP:
MD5:	DAD21C1CD103E6FF24ECB26ECC6CC783
SHA1:	FBCCCF55EDFC882B6CB003E66B0B7E52A3E0EFDE
SHA-256:	DA2F64ADC2674BE934C13992652F285927D8A44504327950678AD3B3EC285DCE
SHA-512:	EA3B155D39D34AFB789F486FAA5F2B327ADB62E43FE5757D353810F9287D9E706773A034D3B2E5F050CCC2A24B31F28A8C44109CCCF43509F2B8547D107FD4A4
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Indian/Comoro) $TZData(:Africa/Nairobi).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Indian\Kerguelen Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	143
Entropy (8bit):	4.822244827214297
Encrypted:	false
SSDEEP:
MD5:	5223EC10BCFBC18A9FA392340530E164
SHA1:	A59B4F19A3F052B2A3EB57E0D2652E81FB665B50
SHA-256:	17750D6A9B8ED41809D8DC976777A5252CCB70F39C3BF396B55557A8E504CB09
SHA-512:	2B2EFC470FE4461F82B1F1909C2A953934938D5DC8B54B2DA3A48678CF23ECD7874187E0FA4F6241FC02AEE0AF29B861C3FEEC15BB90E5C7D3A609DBB50EDC2C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Kerguelen) {. {-9223372036854775808 0 0 -00}. {-631152000 18000 0 +05}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Indian\Mahe Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	143
Entropy (8bit):	4.873998321422911
Encrypted:	false
SSDEEP:
MD5:	F8D00BD4AD23557FB4FC8EB095842C26
SHA1:	AD4AE41D0AD49E80FCF8CADE6889459EA30B57F7
SHA-256:	997C33DBCEA54DE671A4C4E0E6F931623BF4F39A821F9F15075B9ECCCCA3F1B8
SHA-512:	F67D348ECCCA244681EE7B70F7815593CFB2D7D4502832B2EB653EBF01AC66ACED29F7EA2E223D295C4D4F64287D372070EF863CCB201ACD8DF470330812013D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Mahe) {. {-9223372036854775808 13308 0 LMT}. {-2006653308 14400 0 +04}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Indian\Maldives Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	176
Entropy (8bit):	4.833774224054436
Encrypted:	false
SSDEEP:
MD5:	EC0C456538BE81FA83AF440948EED55E
SHA1:	11D7BA32A38547AF88F4182B6C1C3373AD89D75C
SHA-256:	18A4B14CD05E4B25431BAF7BFCF2049491BF4E36BB31846D7F18F186C9ECD019
SHA-512:	FF57F9EDFAD16E32B6A0BA656C5949A0A664D22001D5149BF036C322AEC1682E8B523C8E64E5A49B7EFA535A13459234C16237C09FC5B40F08AC22D56681C4BE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Maldives) {. {-9223372036854775808 17640 0 LMT}. {-2840158440 17640 0 MMT}. {-315636840 18000 0 +05}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Indian\Mauritius Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	262
Entropy (8bit):	4.450791926516311
Encrypted:	false
SSDEEP:
MD5:	040680E086764FC47EEBE039358E223C
SHA1:	4D10E6F69835533748DD5FD2E7409F9732221210
SHA-256:	C4054D56570F9362AB8FF7E4DBA7F8032720289AE01C03A861CCD8DEC9D2ABB2
SHA-512:	FC00B4AD7328EBC3025A482B3D6A0B176F3430BD3D06B918974EAC5BD30AD8551E0C6BE1DC03BE18A9BC6DD0919ED2A3717E20749ABECBFBD202764047D0D292
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Mauritius) {. {-9223372036854775808 13800 0 LMT}. {-1988164200 14400 0 +04}. {403041600 18000 1 +04}. {417034800 14400 0 +04}. {1224972000 18000 1 +04}. {1238274000 14400 0 +04}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Indian\Mayotte Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	180
Entropy (8bit):	4.778847657463255
Encrypted:	false
SSDEEP:
MD5:	D89C649468B3C22CF5FA659AE590DE53
SHA1:	83DF2C14F1E51F5B89DCF6B833E421389F9F23DC
SHA-256:	071D17F347B4EB9791F4929803167497822E899761654053BD774C5A899B4B9C
SHA-512:	68334E11AAB0F8DCEEB787429832A60F4F0169B6112B7F74048EACFDE78F9C4D100E1E2682D188C3965E41A83477D3AECC80B73A2A8A1A80A952E59B431576A8
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Indian/Mayotte) $TZData(:Africa/Nairobi).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Indian\Reunion Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	146
Entropy (8bit):	4.933616581218054
Encrypted:	false
SSDEEP:
MD5:	C50A592BB886F2FA48657900AE10789F
SHA1:	16D73BFFDAD18E751968E100BB391AABB29169E1
SHA-256:	3775EA8EBF5CBBD240E363FB62AEF8D2865A9D9969E40A15731DCC0AC03107EB
SHA-512:	F875F287E6C3A7B7325DB038CF419AA34FD0072FD3FCD138102008959F397026B647D8D339CB01362330905382FE7DCF5F8EC98C9B8C4FFF59A6FF4E78678BB7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Reunion) {. {-9223372036854775808 13312 0 LMT}. {-1848886912 14400 0 +04}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Iran Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	161
Entropy (8bit):	4.757854680369306
Encrypted:	false
SSDEEP:
MD5:	848663FD5F685FE1E14C655A0ABA7D6A
SHA1:	59A1BEE5B3BE01FB9D2C73777B7B4F1615DCE034
SHA-256:	DB6D0019D3B0132EF8B8693B1AB2B325D77DE3DD371B1AFDAE4904BE610BA2A6
SHA-512:	B1F8C08AF68C919DB332E6063647AF15CB9FED4046C16BEF9A58203044E36A0D1E69BD1B8703B15003B929409A8D83238B5AA67B910B920F0674C8A0EB5CF125
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Tehran)]} {. LoadTimeZoneFile Asia/Tehran.}.set TZData(:Iran) $TZData(:Asia/Tehran).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Israel Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	172
Entropy (8bit):	4.778464205793726
Encrypted:	false
SSDEEP:
MD5:	B9D1F6BD0B0416791036C0E3402C8438
SHA1:	E1A7471062C181B359C06804420091966B809957
SHA-256:	E6EC28F69447C3D3DB2CB68A51EDCEF0F77FF4B563F7B65C9C71FF82771AA3E1
SHA-512:	A5981FD91F6A9A84F44A6C9A3CF247F9BE3AB52CE5FE8EE1A7BE19DD63D0B22818BC15287FE73A5EEC8BCE6022B9EAF54A10AA719ADF31114E188F31EA273E92
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Jerusalem)]} {. LoadTimeZoneFile Asia/Jerusalem.}.set TZData(:Israel) $TZData(:Asia/Jerusalem).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Jamaica Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	176
Entropy (8bit):	4.668645988954937
Encrypted:	false
SSDEEP:
MD5:	EA38E93941E21CB08AA49A023DCC06FB
SHA1:	1AD77CAC25DC6D1D04320FF2621DD8E7D227ECBF
SHA-256:	21908F008F08C55FB48F1C3D1A1B2016BDB10ED375060329451DE4E487CF0E5F
SHA-512:	D6F0684A757AD42B8010B80B4BE6542ADE96D140EC486B4B768E167502C776B8D289622FBC48BD19EB3D0B3BC4156715D5CCFC7952A479A990B07935B15D26DC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Jamaica)]} {. LoadTimeZoneFile America/Jamaica.}.set TZData(:Jamaica) $TZData(:America/Jamaica).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Japan Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	159
Entropy (8bit):	4.791469556628492
Encrypted:	false
SSDEEP:
MD5:	338A18DEDF5A813466644B2AAE1A7CF5
SHA1:	BB76CE671853780F4971D2E173AE71E82EA24690
SHA-256:	535AF1A79CD01735C5D6FC6DB08C5B0EAFB8CF0BC89F7E943CF419CFA745CA26
SHA-512:	4D44CC28D2D0634200FEA0537EBC5DD50E639365B89413C6BF911DC2B95B78E27F1B92733FB859C794A8C027EA89E45E8C2D6E1504FF315AF68DB02526226AD2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Tokyo)]} {. LoadTimeZoneFile Asia/Tokyo.}.set TZData(:Japan) $TZData(:Asia/Tokyo).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Kwajalein Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	184
Entropy (8bit):	4.759848173726549
Encrypted:	false
SSDEEP:
MD5:	A9C8CA410CA3BD4345BF6EAB53FAB97A
SHA1:	57AE7E6D3ED855B1FBF6ABF2C9846DFA9B3FFF47
SHA-256:	A63A99F0E92F474C4AA99293C4F4182336520597A86FCDD91DAE8B25AFC30B98
SHA-512:	C97CF1301DCEEE4DE26BCEEB60545BB70C083CD2D13ED89F868C7856B3532473421599ED9E7B166EA53A9CF44A03245192223D47BC1104CEBD1BF0AC6BF10898
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Kwajalein)]} {. LoadTimeZoneFile Pacific/Kwajalein.}.set TZData(:Kwajalein) $TZData(:Pacific/Kwajalein).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Libya Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	171
Entropy (8bit):	4.779409803819657
Encrypted:	false
SSDEEP:
MD5:	C4739F7B58073CC7C72EF2D261C05C5E
SHA1:	12FE559CA2FEA3F8A6610B1D4F43E299C9FB7BA5
SHA-256:	28A94D9F1A60980F8026409A65F381EDB7E5926A79D07562D28199B6B63AF9B4
SHA-512:	B2DC5CB1AD7B6941F498FF3D5BD6538CAF0ED19A2908DE645190A5C5F40AF5B34752AE8A83E6C50D370EA619BA969C9AB7F797F171192200CDA1657FFFB7F05A
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Tripoli)]} {. LoadTimeZoneFile Africa/Tripoli.}.set TZData(:Libya) $TZData(:Africa/Tripoli).

C:\Users\user\AppData\Local\Update\tcl\tzdata\MET Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7471
Entropy (8bit):	3.7115445412724797
Encrypted:	false
SSDEEP:
MD5:	2F62D867C8605730BC8E43D300040D54
SHA1:	06AD982DF03C7309AF01477749BAB9F7ED8935A7
SHA-256:	D6C70E46A68B82FFC7A4D96FDA925B0FAAF973CB5D3404A55DFF2464C3009173
SHA-512:	0D26D622511635337E5C03D82435A9B4A9BCA9530F940A70A24AE67EA4794429A5D68B59197B978818BEF0799C3D5FA792F5720965291661ED067570BC56226B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:MET) {. {-9223372036854775808 3600 0 MET}. {-1693706400 7200 1 MEST}. {-1680483600 3600 0 MET}. {-1663455600 7200 1 MEST}. {-1650150000 3600 0 MET}. {-1632006000 7200 1 MEST}. {-1618700400 3600 0 MET}. {-938905200 7200 1 MEST}. {-857257200 3600 0 MET}. {-844556400 7200 1 MEST}. {-828226800 3600 0 MET}. {-812502000 7200 1 MEST}. {-796777200 3600 0 MET}. {-781052400 7200 1 MEST}. {-766623600 3600 0 MET}. {228877200 7200 1 MEST}. {243997200 3600 0 MET}. {260326800 7200 1 MEST}. {276051600 3600 0 MET}. {291776400 7200 1 MEST}. {307501200 3600 0 MET}. {323830800 7200 1 MEST}. {338950800 3600 0 MET}. {354675600 7200 1 MEST}. {370400400 3600 0 MET}. {386125200 7200 1 MEST}. {401850000 3600 0 MET}. {417574800 7200 1 MEST}. {433299600 3600 0 MET}. {449024400 7200 1 MEST}. {465354000 3600 0 MET}. {481078800 7200 1 MEST}. {496803600 3600 0 MET

C:\Users\user\AppData\Local\Update\tcl\tzdata\MST Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	106
Entropy (8bit):	4.856431808856169
Encrypted:	false
SSDEEP:
MD5:	FF6BDAC2C77D8287B46E966480BFEACC
SHA1:	4C90F910C74E5262A27CC65C3433D34B5D885243
SHA-256:	FB6D9702FC9FB82779B4DA97592546043C2B7D068F187D0F79E23CB5FE76B5C2
SHA-512:	CA197B25B36DD47D86618A4D39BFFB91FEF939BC02EEB96679D7EA88E5D38737D3FE6BD4FD9D16C31CA5CF77D17DC31E5333F4E28AB777A165050EA5A4D106BA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:MST) {. {-9223372036854775808 -25200 0 MST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\MST7MDT Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8227
Entropy (8bit):	3.755606924782105
Encrypted:	false
SSDEEP:
MD5:	2AB5643D8EF9FD9687A5C67AEB04AF98
SHA1:	2E8F1DE5C8113C530E5E6C10064DEA4AE949AAE6
SHA-256:	97028B43406B08939408CB1DD0A0C63C76C9A352AEA5F400CE6D4B8D3C68F500
SHA-512:	72A8863192E14A4BD2E05C508F8B376DD75BB4A3625058A97BBB33F7200B2012D92D445982679E0B7D11C978B80F7128B3A79B77938CEF6315AA6C4B1E0AC09C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:MST7MDT) {. {-9223372036854775808 -25200 0 MST}. {-1633273200 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1601823600 -21600 1 MDT}. {-1583683200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-52930800 -21600 1 MDT}. {-37209600 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {9968400 -21600 1 MDT}. {25689600 -25200 0 MST}. {41418000 -21600 1 MDT}. {57744000 -25200 0 MST}. {73472400 -21600 1 MDT}. {89193600 -25200 0 MST}. {104922000 -21600 1 MDT}. {120643200 -25200 0 MST}. {126694800 -21600 1 MDT}. {152092800 -25200 0 MST}. {162378000 -21600 1 MDT}. {183542400 -25200 0 MST}. {199270800 -21600 1 MDT}. {215596800 -25200 0 MST}. {230720400 -21600 1 MDT}. {247046400 -25200 0 MST}. {262774800 -21600 1 MDT}. {278496000 -252

C:\Users\user\AppData\Local\Update\tcl\tzdata\Mexico\BajaNorte Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	185
Entropy (8bit):	4.836487818373659
Encrypted:	false
SSDEEP:
MD5:	C3AEEA7B991B609A1CB253FDD5057D11
SHA1:	0212056C2A20DD899FA4A26B10C261AB19D20AA4
SHA-256:	599F79242382ED466925F61DD6CE59192628C7EAA0C5406D3AA98EC8A5162824
SHA-512:	38094FD29B1C31FC9D894B8F38909DD9ED3A76B2A27F6BC250ACD7C1EFF4529CD0B29B66CA7CCBEB0146DFF3FF0AC4AEEEC422F7A93422EF70BF723D12440A93
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Tijuana)]} {. LoadTimeZoneFile America/Tijuana.}.set TZData(:Mexico/BajaNorte) $TZData(:America/Tijuana).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Mexico\BajaSur Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	186
Entropy (8bit):	4.841665860441288
Encrypted:	false
SSDEEP:
MD5:	89A5ED35215BA46C76BF2BD5ED620031
SHA1:	26F134644023A2D0DA4C8997C54E36C053AA1060
SHA-256:	D624945E20F30CCB0DB2162AD3129301E5281B8868FBC05ACA3AA8B6FA05A9DF
SHA-512:	C2563867E830F7F882E393080CE16A62A0CDC5841724E0D507CBA362DB8363BB75034986107C2428243680FE930BAC226E11FE6BA99C31E0C1A35D6DD1C14676
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Mazatlan)]} {. LoadTimeZoneFile America/Mazatlan.}.set TZData(:Mexico/BajaSur) $TZData(:America/Mazatlan).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Mexico\General Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	195
Entropy (8bit):	4.8300311016675606
Encrypted:	false
SSDEEP:
MD5:	E771850BA5A1C218EB1B31FDC564DF02
SHA1:	3675838740B837A96FF32694D1FA56DE01DE064F
SHA-256:	06A45F534B35538F32A77703C6523CE947D662D136C5EC105BD6616922AEEB44
SHA-512:	BD7AF307AD61C310EDAF01E618BE9C1C79239E0C8CDEC85792624A7CCE1B6251B0ADE066B8610AFDB0179F3EF474503890642284800B81E599CB830EC6C7C9AA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Mexico_City)]} {. LoadTimeZoneFile America/Mexico_City.}.set TZData(:Mexico/General) $TZData(:America/Mexico_City).

C:\Users\user\AppData\Local\Update\tcl\tzdata\NZ Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	174
Entropy (8bit):	4.8398862338201765
Encrypted:	false
SSDEEP:
MD5:	7B274C782E9FE032AC4B3E137BF147BB
SHA1:	8469D17EC75D0580667171EFC9DE3FDF2C1E0968
SHA-256:	2228231C1BEF0173A639FBC4403B6E5BF835BF5918CC8C16757D915A392DBF75
SHA-512:	AE72C1F244D9457C70A120FD00F2C0FC2BDC467DBD5C203373291E00427499040E489F2B1358757EA281BA8143E28FB54D03EDE67970F74DACFCB308AC7F74CE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Auckland)]} {. LoadTimeZoneFile Pacific/Auckland.}.set TZData(:NZ) $TZData(:Pacific/Auckland).

C:\Users\user\AppData\Local\Update\tcl\tzdata\NZ-CHAT Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	176
Entropy (8bit):	4.832832776993659
Encrypted:	false
SSDEEP:
MD5:	C8D83C210169F458683BB35940E11DF6
SHA1:	278546F4E33AD5D0033AF6768EFAB0DE247DA74F
SHA-256:	CECF81746557F6F957FEF12DBD202151F614451F52D7F6A35C72B830075C478D
SHA-512:	4539AE6F7AF7579C3AA5AE4DEB97BD14ED83569702D3C4C3945DB06A2D8FFF260DA1DB21FF21B0BED91EE9C993833D471789B3A99C9A2986B7AC8ABFBBE5A8B7
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Chatham)]} {. LoadTimeZoneFile Pacific/Chatham.}.set TZData(:NZ-CHAT) $TZData(:Pacific/Chatham).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Navajo Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	172
Entropy (8bit):	4.80475858956378
Encrypted:	false
SSDEEP:
MD5:	38C56298E75306F39D278F60B50711A6
SHA1:	8FD9CEAD17CCD7D981CEF4E782C3916BFEF2D11F
SHA-256:	E10B8574DD83C93D3C49E9E2226148CBA84538802316846E74DA6004F1D1534D
SHA-512:	F6AA67D78A167E553B97F092CC3791B591F800A6D286BE37C06F7ECABDFBCF43A397AEDC6E3EB9EB6A1CB95E8883D4D4F97890CA1877930AFCD5643B0C8548E9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Denver)]} {. LoadTimeZoneFile America/Denver.}.set TZData(:Navajo) $TZData(:America/Denver).

C:\Users\user\AppData\Local\Update\tcl\tzdata\PRC Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	166
Entropy (8bit):	4.854287452296565
Encrypted:	false
SSDEEP:
MD5:	AF9DD8961DB652EE1E0495182D99820D
SHA1:	979602E3C59719A67DE3C05633242C12E0693C43
SHA-256:	9A6109D98B35518921E4923B50053E7DE9B007372C5E4FFF75654395D6B56A82
SHA-512:	F022C3EFABFC3B3D3152C345ACD28387FFEA4B61709CBD42B2F3684D33BED469C4C25F2328E5E7D9D74D968E25A0419E7BCFF0EB55650922906B9D3FF57B06C8
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Shanghai)]} {. LoadTimeZoneFile Asia/Shanghai.}.set TZData(:PRC) $TZData(:Asia/Shanghai).

C:\Users\user\AppData\Local\Update\tcl\tzdata\PST8PDT Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8227
Entropy (8bit):	3.751820462019181
Encrypted:	false
SSDEEP:
MD5:	DB5250A28A3853951AF00231677AACAC
SHA1:	1FC1DA1121B9F5557D246396917205B97F6BC295
SHA-256:	4DFC264F4564957F333C0208DA52DF03301D2FD07943F53D8B51ECCDD1CB8153
SHA-512:	72594A17B1E29895A6B4FC636AAE1AB28523C9C8D50118FA5A7FDFD3944AD3B742B17B260A69B44756F4BA1671268DD3E8223EF314FF7850AFB81202BA2BBF44
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:PST8PDT) {. {-9223372036854775808 -28800 0 PST}. {-1633269600 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-1601820000 -25200 1 PDT}. {-1583679600 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-84376800 -25200 1 PDT}. {-68655600 -28800 0 PST}. {-52927200 -25200 1 PDT}. {-37206000 -28800 0 PST}. {-21477600 -25200 1 PDT}. {-5756400 -28800 0 PST}. {9972000 -25200 1 PDT}. {25693200 -28800 0 PST}. {41421600 -25200 1 PDT}. {57747600 -28800 0 PST}. {73476000 -25200 1 PDT}. {89197200 -28800 0 PST}. {104925600 -25200 1 PDT}. {120646800 -28800 0 PST}. {126698400 -25200 1 PDT}. {152096400 -28800 0 PST}. {162381600 -25200 1 PDT}. {183546000 -28800 0 PST}. {199274400 -25200 1 PDT}. {215600400 -28800 0 PST}. {230724000 -25200 1 PDT}. {247050000 -28800 0 PST}. {262778400 -25200 1 PDT}. {278499600 -288

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Apia Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5431
Entropy (8bit):	3.5627170055641306
Encrypted:	false
SSDEEP:
MD5:	6718CD07DCEBD2CA85FC1764BE45E46C
SHA1:	0BCD2E4267F2BDB499EA613C17B9C38CCFC2177A
SHA-256:	5D3D1B4180482099119383DC160520DCDA5D4E3EEC87F22EA20B7D4B599F5249
SHA-512:	95C16BC92B9B3C80F9FA10F5B49DAEB472D45C2489A455A31177A8679E21EF668F85450E1770CFB77CA43477B68EF11B3A4090C11CE6F7FA518040EA7B502855
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Apia) {. {-9223372036854775808 45184 0 LMT}. {-2445424384 -41216 0 LMT}. {-1861878784 -41400 0 -1130}. {-631110600 -39600 0 -11}. {1285498800 -36000 1 -11}. {1301752800 -39600 0 -11}. {1316872800 -36000 1 -11}. {1325239200 50400 0 +13}. {1333202400 46800 0 +13}. {1348927200 50400 1 +13}. {1365256800 46800 0 +13}. {1380376800 50400 1 +13}. {1396706400 46800 0 +13}. {1411826400 50400 1 +13}. {1428156000 46800 0 +13}. {1443276000 50400 1 +13}. {1459605600 46800 0 +13}. {1474725600 50400 1 +13}. {1491055200 46800 0 +13}. {1506175200 50400 1 +13}. {1522504800 46800 0 +13}. {1538229600 50400 1 +13}. {1554559200 46800 0 +13}. {1569679200 50400 1 +13}. {1586008800 46800 0 +13}. {1601128800 50400 1 +13}. {1617458400 46800 0 +13}. {1632578400 50400 1 +13}. {1648908000 46800 0 +13}. {1664028000 50400 1 +13}. {1680357600 46800 0 +13}. {169

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Auckland Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8487
Entropy (8bit):	3.8173754903771018
Encrypted:	false
SSDEEP:
MD5:	6C008D6437C7490EE498605B5B096FDB
SHA1:	D7F6E7B3920C54EFE02A44883DBCD0A75C7FC46A
SHA-256:	B5BD438B748BA911E0E1201A83B623BE3F8130951C1377D278A7E7BC9CB7F672
SHA-512:	DA6992D257B1BA6124E39F90DDEE17DC3E2F3B38C3A68B77A93065E3E5873D28B8AE5D21CEC223BAADFBDD1B3A735BF1CEC1BDEB0C4BEAB72AAA23433A707207
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Auckland) {. {-9223372036854775808 41944 0 LMT}. {-3192435544 41400 0 NZMT}. {-1330335000 45000 1 NZST}. {-1320057000 41400 0 NZMT}. {-1300699800 43200 1 NZST}. {-1287396000 41400 0 NZMT}. {-1269250200 43200 1 NZST}. {-1255946400 41400 0 NZMT}. {-1237800600 43200 1 NZST}. {-1224496800 41400 0 NZMT}. {-1206351000 43200 1 NZST}. {-1192442400 41400 0 NZMT}. {-1174901400 43200 1 NZST}. {-1160992800 41400 0 NZMT}. {-1143451800 43200 1 NZST}. {-1125914400 41400 0 NZMT}. {-1112607000 43200 1 NZST}. {-1094464800 41400 0 NZMT}. {-1081157400 43200 1 NZST}. {-1063015200 41400 0 NZMT}. {-1049707800 43200 1 NZST}. {-1031565600 41400 0 NZMT}. {-1018258200 43200 1 NZST}. {-1000116000 41400 0 NZMT}. {-986808600 43200 1 NZST}. {-968061600 41400 0 NZMT}. {-955359000 43200 1 NZST}. {-936612000 41400 0 NZMT}. {-923304600 43200 1 NZST}. {-757425600 43200

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Chatham Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7907
Entropy (8bit):	3.5670394561999235
Encrypted:	false
SSDEEP:
MD5:	5DF25A6A6E7322528FE41B6FD5FE5119
SHA1:	E84915BA27443F01243050D648DF6388A1E8EDBA
SHA-256:	B6727010950418F6FC142658C74EE1D717E7FD2B46267FC215E53CA3D55E894E
SHA-512:	842ABE39AB26713D523A36895D7435DC2058846431CB2A0B7B47E204F8C315ADB855F95EC2852D57B73ECA0576CB1A49BB104C0D7BB9DE2E96143DA9C77F9A58
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Chatham) {. {-9223372036854775808 44028 0 LMT}. {-3192437628 44100 0 +1215}. {-757426500 45900 0 +1245}. {152632800 49500 1 +1245}. {162309600 45900 0 +1245}. {183477600 49500 1 +1245}. {194968800 45900 0 +1245}. {215532000 49500 1 +1245}. {226418400 45900 0 +1245}. {246981600 49500 1 +1245}. {257868000 45900 0 +1245}. {278431200 49500 1 +1245}. {289317600 45900 0 +1245}. {309880800 49500 1 +1245}. {320767200 45900 0 +1245}. {341330400 49500 1 +1245}. {352216800 45900 0 +1245}. {372780000 49500 1 +1245}. {384271200 45900 0 +1245}. {404834400 49500 1 +1245}. {415720800 45900 0 +1245}. {436284000 49500 1 +1245}. {447170400 45900 0 +1245}. {467733600 49500 1 +1245}. {478620000 45900 0 +1245}. {499183200 49500 1 +1245}. {510069600 45900 0 +1245}. {530632800 49500 1 +1245}. {541519200 45900 0 +1245}. {562082400 49500 1 +1245}. {5735736

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Chuuk Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	145
Entropy (8bit):	4.989695428683993
Encrypted:	false
SSDEEP:
MD5:	61C075090B025E69800B23E0AD60459F
SHA1:	F847CA6D35BD4AF2C70B318D4EE4A2FB5C77D449
SHA-256:	3237743592D8719D0397FA278BB501E6F403985B643D1DE7E2DA91DD11BE215B
SHA-512:	5D07FB2FEAA9110D62CFD95BC729AA57F2A176C977D2E2C00374AF36EE84C4FB9416ECBEF179298928AAE9634B69C5FE889C5C9D2DFF290CAC0F6E53EDEC1A48
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Chuuk) {. {-9223372036854775808 36428 0 LMT}. {-2177489228 36000 0 +10}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Easter Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7935
Entropy (8bit):	3.4518545894421475
Encrypted:	false
SSDEEP:
MD5:	9B0B358E33E33FEFE38BEF73232919F3
SHA1:	7164F24730A37875128BE3F2FB4E9BC076AB9F39
SHA-256:	E02B71C59DF59109D12EBE60ED153922F1DFF3F5C4AD207E267AB025792C51F4
SHA-512:	A0C4A98B0B40FDE690A8EEE7A2C2F16C3E70C6F406FF0699B98CB837C72C6A1259395167795F2CFBBD2943E602AC0483C62B9D6209B8258018F7D78E103BBB15
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Easter) {. {-9223372036854775808 -26248 0 LMT}. {-2524495352 -26248 0 EMT}. {-1178124152 -25200 0 -07}. {-36619200 -21600 1 -07}. {-23922000 -25200 0 -07}. {-3355200 -21600 1 -07}. {7527600 -25200 0 -07}. {24465600 -21600 1 -07}. {37767600 -25200 0 -07}. {55915200 -21600 1 -07}. {69217200 -25200 0 -07}. {87969600 -21600 1 -07}. {100666800 -25200 0 -07}. {118209600 -21600 1 -07}. {132116400 -25200 0 -07}. {150868800 -21600 1 -07}. {163566000 -25200 0 -07}. {182318400 -21600 1 -07}. {195620400 -25200 0 -07}. {213768000 -21600 1 -07}. {227070000 -25200 0 -07}. {245217600 -21600 1 -07}. {258519600 -25200 0 -07}. {277272000 -21600 1 -07}. {289969200 -25200 0 -07}. {308721600 -21600 1 -07}. {321418800 -25200 0 -07}. {340171200 -21600 1 -07}. {353473200 -25200 0 -07}. {371620800 -21600 1 -07}. {384922800 -21600 0 -06}. {403070400 -180

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Efate Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	705
Entropy (8bit):	4.002147979275868
Encrypted:	false
SSDEEP:
MD5:	48DEC5B1A9AADA4F09D03FEB037A2FE8
SHA1:	6D25E80F0570236565F098DD0A637F546957F117
SHA-256:	4F9AC8B0FE89990E8CF841EED9C05D92D53568DE772247F70A70DC11CBD78532
SHA-512:	0FA4693F3FDAB12DB04B6D50E0782A352CF95A7C2765CF1906BAA35355755E324E1B17005DF3748DBE42743FE824AE983316958B2EC0A9B0B7D136BEC06AB983
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Efate) {. {-9223372036854775808 40396 0 LMT}. {-1829387596 39600 0 +11}. {433256400 43200 1 +11}. {448977600 39600 0 +11}. {467298000 43200 1 +11}. {480427200 39600 0 +11}. {496760400 43200 1 +11}. {511876800 39600 0 +11}. {528210000 43200 1 +11}. {543931200 39600 0 +11}. {559659600 43200 1 +11}. {575380800 39600 0 +11}. {591109200 43200 1 +11}. {606830400 39600 0 +11}. {622558800 43200 1 +11}. {638280000 39600 0 +11}. {654008400 43200 1 +11}. {669729600 39600 0 +11}. {686062800 43200 1 +11}. {696340800 39600 0 +11}. {719931600 43200 1 +11}. {727790400 39600 0 +11}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Enderbury Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	208
Entropy (8bit):	4.767926806075848
Encrypted:	false
SSDEEP:
MD5:	D7EE7623A410715B1F34DC06F5400996
SHA1:	1ADD299AB66A0BCC32D92EAFBC2CA3B277E1FA3D
SHA-256:	8CAF3AE352EC168BC0C948E788BB3CBFE3991F36A678A24B47711543D450AED8
SHA-512:	356C3ECC40211B36FA1ECF8601AA8FAAE8080606F55AA4E706D239B8EE35ADE3987708716376D73053DB7A59B9A9B7A267EEDA6ED2A80A558FABA48E851C0EB1
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Enderbury) {. {-9223372036854775808 -41060 0 LMT}. {-2177411740 -43200 0 -12}. {307627200 -39600 0 -11}. {788871600 46800 0 +13}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Fakaofo Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	178
Entropy (8bit):	4.865240332098143
Encrypted:	false
SSDEEP:
MD5:	6CC11F5FAA361F69262AB8E7F4DB4F90
SHA1:	EA7ED940C0A3B5941972439DE1D735B4DC4AE0AA
SHA-256:	21C4C35919A24CD9C80BE1BD51C6714AA7EBF447396B3A2E63D330D905FA9945
SHA-512:	152709462F29EE14A727BE625E7ABD59625B6C4D4B36A2CE76B68D96CD176EDECA91DF26DAC553346ED360F2CA0F6C62981F50B088AE7BE1B998B425D91EF3B5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Fakaofo) {. {-9223372036854775808 -41096 0 LMT}. {-2177411704 -39600 0 -11}. {1325242800 46800 0 +13}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Fiji Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5505
Entropy (8bit):	3.545141446818078
Encrypted:	false
SSDEEP:
MD5:	67BE85DD77F7B520FD5705A4412157E3
SHA1:	04FA33692B8DBB8DDF89EF790646A0535943953D
SHA-256:	2FE87FF4AEBB58506B4E2552D3CB66AAC1D038D8C62F8C70B0EAF1CC508EC9FA
SHA-512:	35D4C46D187912D2B39C07A50DB0C56427ACF3755AD4B563B734BE26CA9C441AA0C2836266C803919786BF6DA9118A880CCF221FE9F9A9E30D610BE8E4913A9F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Fiji) {. {-9223372036854775808 42944 0 LMT}. {-1709985344 43200 0 +12}. {909842400 46800 1 +12}. {920124000 43200 0 +12}. {941896800 46800 1 +12}. {951573600 43200 0 +12}. {1259416800 46800 1 +12}. {1269698400 43200 0 +12}. {1287842400 46800 1 +12}. {1299333600 43200 0 +12}. {1319292000 46800 1 +12}. {1327154400 43200 0 +12}. {1350741600 46800 1 +12}. {1358604000 43200 0 +12}. {1382796000 46800 1 +12}. {1390050000 43200 0 +12}. {1414850400 46800 1 +12}. {1421503200 43200 0 +12}. {1446300000 46800 1 +12}. {1452952800 43200 0 +12}. {1478354400 46800 1 +12}. {1484402400 43200 0 +12}. {1509804000 46800 1 +12}. {1515852000 43200 0 +12}. {1541253600 46800 1 +12}. {1547301600 43200 0 +12}. {1572703200 46800 1 +12}. {1579356000 43200 0 +12}. {1604152800 46800 1 +12}. {1610805600 43200 0 +12}. {1636207200 46800 1 +12}. {1642255200 43200

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Funafuti Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	148
Entropy (8bit):	4.974991227981989
Encrypted:	false
SSDEEP:
MD5:	23994D1C137B8BC2BA6E97739B38E7BD
SHA1:	36772677B3C869C49A829AF08486923321ADD50A
SHA-256:	F274C6CD08E5AA46FDEA219095DA8EA60DA0E95E5FD1CBCB9E6611DE47980F9E
SHA-512:	CB2DB35960D11322AD288912C5D82C8C579791E40E510A90D34AAB20136B17AA019EFD55D1C4A2D9E88F7AF79F15779AF7EC6856F3085161AC84C93872C61176
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Funafuti) {. {-9223372036854775808 43012 0 LMT}. {-2177495812 43200 0 +12}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Galapagos Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	238
Entropy (8bit):	4.63034174284777
Encrypted:	false
SSDEEP:
MD5:	307B016C9E6A915B1760D9A6AD8E63C1
SHA1:	26B797811821C09CF6BAB76E05FF612359DF7318
SHA-256:	F1CB2B1EBD4911857F5F183E446A22E731BD57925AD07B15CA78A7BDDFED611F
SHA-512:	F7AAAEE32CAC84F7D54C29E07CB8952D61585B85CB4FFFB93DD824A71403FDF356EC0761E5EEE19D9F8139F11A9CAB0A7DAEADBD13B6DD4C0CDF9FB573794542
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Galapagos) {. {-9223372036854775808 -21504 0 LMT}. {-1230746496 -18000 0 -05}. {504939600 -21600 0 -06}. {722930400 -18000 1 -06}. {728888400 -21600 0 -06}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Gambier Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	149
Entropy (8bit):	4.931482658662627
Encrypted:	false
SSDEEP:
MD5:	98754C9D99442282F5C911725764C5D1
SHA1:	7E679DC38A7C7873695E10814B04E3919D1BFB41
SHA-256:	7D09014BE33CB2B50554B6937B3E870156FDCB5C36E9F8E8925711E79C12FC74
SHA-512:	2044AEEDFEF948E502667D1C60E22814202E4BA657DE89A962B6E9E160A93B3B77BF0AC4F5159FC45D43B2038E624D90A4589FB87F3449CA10D350EF60373D17
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Gambier) {. {-9223372036854775808 -32388 0 LMT}. {-1806678012 -32400 0 -09}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Guadalcanal Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	151
Entropy (8bit):	4.934129846149006
Encrypted:	false
SSDEEP:
MD5:	193872CE34E69F8B499203BC70C2639B
SHA1:	7A2B8E346E3BF3BE48AAA330C3EEE47332E994AB
SHA-256:	F1D21C339E8155711AA7EF9F4059A738A8A4CE7A6B78FFDD8DCC4AC0DB5A0010
SHA-512:	D2114AD27922799B8C38B0486D1FAE838EC94A461388960A6F2D19F7763E09FF75A9C4619C52BE2626E8EA2275794B694C1A76E2711D10B77CE6E34259DBF2BE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Guadalcanal) {. {-9223372036854775808 38388 0 LMT}. {-1806748788 39600 0 +11}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Guam Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	204
Entropy (8bit):	4.833752908914461
Encrypted:	false
SSDEEP:
MD5:	AD14439D9E27F2D3545E17082150DC75
SHA1:	43DE1D4A90ABE54320583FAB46E6F9B428C0B577
SHA-256:	CE4D3D493E625DA15A8B4CD3008D9CBDF20C73101C82F4D675F5B773F4A5CF70
SHA-512:	77800323ED5AF49DA5E6314E94938BEAAEDD69BB61E338FAF024C3A22747310307A13C6CBBAFE5A48164855B238C2CAD354426F0EE7201B4FB5C129D68CB0E3B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Guam) {. {-9223372036854775808 -51660 0 LMT}. {-3944626740 34740 0 LMT}. {-2177487540 36000 0 GST}. {977493600 36000 0 ChST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Honolulu Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	332
Entropy (8bit):	4.582125163058844
Encrypted:	false
SSDEEP:
MD5:	17ACB888B597247CB0CA3CA191E51640
SHA1:	9C2668BF0288D277ED2FE5DBCD5C34F5931004A6
SHA-256:	719EA0BC1762078A405936791C65E4255B4250FB2B305342FE768A21D6AF34BE
SHA-512:	9D02F784F0CD2195AEDEAA59E3ECD64B27928D48DCBC3EA2651B36B3BE7F8C6D9CBB66ACDC76DC02D94DF19C0A29306DD8C2A15AD89C24188FC3E4BCFBE6D456
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Honolulu) {. {-9223372036854775808 -37886 0 LMT}. {-2334101314 -37800 0 HST}. {-1157283000 -34200 1 HDT}. {-1155436200 -34200 0 HST}. {-880201800 -34200 1 HWT}. {-769395600 -34200 1 HPT}. {-765376200 -37800 0 HST}. {-712150200 -36000 0 HST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Johnston Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	188
Entropy (8bit):	4.795254976384326
Encrypted:	false
SSDEEP:
MD5:	FA20CE420C5370C228EB169BBC083EFB
SHA1:	5B4C221AC97292D5002F6ABEB6BC66D7B8E2F01B
SHA-256:	83A14BF52D181B3229603393EA90B9535A2FF05E3538B8C9AD19F483E6447C09
SHA-512:	7E385FEBD148368F192FC6B1D5E4B8DD31F58EC4329BF9820D554E97402D0A582AB2EBCF46A5151D0167333349A83476BEB11C49BC0EBAADE5A297C42879E0C3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Honolulu)]} {. LoadTimeZoneFile Pacific/Honolulu.}.set TZData(:Pacific/Johnston) $TZData(:Pacific/Honolulu).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Kiritimati Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	211
Entropy (8bit):	4.684652862044272
Encrypted:	false
SSDEEP:
MD5:	E22A2C0F847601F128986A48A4B72F90
SHA1:	4E1D047DC64AA57C311A22FB1DA8497CD7022192
SHA-256:	88260F34784960C229B2B282F8004FD1AF4BE1BC2883AAEE7D041A622933C3FE
SHA-512:	A80DAC1A2A3376A47E2A542DE92CCC733E440AF2F05A70823DA52A2490FC9D1762F35CE256E6D1F7CCD435EEFBD6B0FBC533459CD3AD79ACD52C7CA78C29317C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Kiritimati) {. {-9223372036854775808 -37760 0 LMT}. {-2177415040 -38400 0 -1040}. {307622400 -36000 0 -10}. {788868000 50400 0 +14}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Kosrae Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	201
Entropy (8bit):	4.763096849699127
Encrypted:	false
SSDEEP:
MD5:	96235B4DD81BA681216B74046A5A8780
SHA1:	24D682CE5D7C4A3DF8C860CB80ED262085CB965C
SHA-256:	BE400ED502FA7EC34B8DE44B2A3D0AF3033292EF08FD1F5F276147E15460CFF6
SHA-512:	4B30A0A1806D5D96FE5F9B1208490E23EABB498B634C98D89553059E68292AAAB6B182FE367E2923DBE0BC03D023D9EFC0EC25F5DD19AB8AE878B32478FF4B55
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Kosrae) {. {-9223372036854775808 39116 0 LMT}. {-2177491916 39600 0 +11}. {-7988400 43200 0 +12}. {915105600 39600 0 +11}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Kwajalein Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	205
Entropy (8bit):	4.788662012960935
Encrypted:	false
SSDEEP:
MD5:	885C86BCE6B3D83D9CD715D75170AA81
SHA1:	9607AC6B1756FEBF2BEC2A78138AF12C11FD46F6
SHA-256:	2E636A3576119F2976D2029E75F26A060A5C0800BF7B719F1CB4562D896A6432
SHA-512:	410D32CBAB0C1B9D948C2C1416B6D158650600748F1C96D16121DB5F0A9D8384A14067E8603576ED1101BD62F6529C6E7A129428B77CBA1D185214D051F2C6B2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Kwajalein) {. {-9223372036854775808 40160 0 LMT}. {-2177492960 39600 0 +11}. {-7988400 -43200 0 -12}. {745848000 43200 0 +12}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Majuro Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.868505550342842
Encrypted:	false
SSDEEP:
MD5:	5664FAB6368844F8139F48C32A1486B9
SHA1:	55826443FB44D44B5331082568E2C46257A0F726
SHA-256:	CBBB814CE6E9F2FA1C8F485BBDB0B759FDA8C859BC989EC28D4756CC10B21A82
SHA-512:	1BD1D6C2224E0DCC7A1887ECEB38C64E8DEABF44BE52FE29C5A302BAD95C0EB9DBD20E5738F3916B8902FA084606E07BE3723C1BE62416EB1E6DC4AD215A56F0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Majuro) {. {-9223372036854775808 41088 0 LMT}. {-2177493888 39600 0 +11}. {-7988400 43200 0 +12}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Marquesas Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	153
Entropy (8bit):	4.930595315407702
Encrypted:	false
SSDEEP:
MD5:	B41251BE6A78B9BA4F7859D344517738
SHA1:	8C0DFDD40B8AE1DFA6C3C1BDD44E8452F5EE49E1
SHA-256:	FC06B45FB8C5ED081BAFA999301354722AEF17DB2A9C58C6CDF81C758E63D899
SHA-512:	96D302EAA274BEE26325B8334DA8C3782B8DC0E279DDF464D281AF2B0CEE19E9254837A4B1D08F9B777BE892F639D205F6AB85C37C8F8B58A4867EA082FF054B
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Marquesas) {. {-9223372036854775808 -33480 0 LMT}. {-1806676920 -34200 0 -0930}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Midway Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	189
Entropy (8bit):	4.763101291800624
Encrypted:	false
SSDEEP:
MD5:	A5A67AC85621952E16528DD73C94346E
SHA1:	FB3D1AD833CD77B8FE68AC37FAA39FF4A9A69815
SHA-256:	B4C19E4D05CCBC73ABE5389EBCFCC5586036C1D2275434003949E1CF634B9C26
SHA-512:	5BB96561582BA3E9F2973322BCF76BD3F9023EC965A0CB504DFE13C127CA2ED562D040EC033DDB946FBB17E9FDD2EAB7532F88B2B0F1182CE880E41C920CFD36
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Pago_Pago)]} {. LoadTimeZoneFile Pacific/Pago_Pago.}.set TZData(:Pacific/Midway) $TZData(:Pacific/Pago_Pago).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Nauru Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	235
Entropy (8bit):	4.6089214752758965
Encrypted:	false
SSDEEP:
MD5:	CBC3FE6B512B0A3E96B7F47E4CD830EB
SHA1:	A1962DF38BED723F8F747B8931B57FAAC2E8291C
SHA-256:	8118062E25736A4672B11D6A603B5A8FE2ED1A82E1814261DF087EA3071A7DD7
SHA-512:	18E0975189794068033AD000D6A3DA8859EDAAE9D546969AB683399031888307D3F52909DCFEB637CF719782D4F5E87D49A73D6D4B53DEF6FD98041B7A046686
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Nauru) {. {-9223372036854775808 40060 0 LMT}. {-1545131260 41400 0 +1130}. {-877347000 32400 0 +09}. {-800960400 41400 0 +1130}. {294323400 43200 0 +12}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Niue Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	209
Entropy (8bit):	4.680590339435768
Encrypted:	false
SSDEEP:
MD5:	54FD41634DDEAA58F9F9770DC82B3E5F
SHA1:	E5296ACE7239C4CD7E13D391676F910376556ACC
SHA-256:	9D4E202A1ED8609194A97ED0F58B3C36DF83F46AE92EAF09F8337317DCACA75F
SHA-512:	9A2192C1232368FA5D382062A2C48869155B727C970F5D5BCD5FE424FC9D15417394E637D77FCA793B633517A1BFED8D93E74F239A3BC1A6716615B6D877ADC6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Niue) {. {-9223372036854775808 -40780 0 LMT}. {-2177412020 -40800 0 -1120}. {-599575200 -41400 0 -1130}. {276089400 -39600 0 -11}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Norfolk Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	269
Entropy (8bit):	4.580350938236725
Encrypted:	false
SSDEEP:
MD5:	147E5FF4670F8551895B7B0EC1A66D46
SHA1:	83F0D4DC817ED61E7985CC7AB3268B3EBAD657A3
SHA-256:	A56472811F35D70F95E74A7366297BFAAFBC034CD10E9C0F3C59EFFA21A74223
SHA-512:	FE183CA00E7D2B79F8E81E1FAF5E8CE103E430B7159C14CA915FD2BFE6D4381BF42EDB217E9D99C13D728CD09BB0E67562E84D957E9606F6B6C1AB08657DDBF9
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Norfolk) {. {-9223372036854775808 40312 0 LMT}. {-2177493112 40320 0 +1112}. {-599656320 41400 0 +1130}. {152029800 45000 1 +1230}. {162912600 41400 0 +1130}. {1443882600 39600 0 +11}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Noumea Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	314
Entropy (8bit):	4.468119357525684
Encrypted:	false
SSDEEP:
MD5:	A966877A1BEBFE5125460233A5C26728
SHA1:	721103E2BFC0991CE80708D77C3FBEDCC2B3C9D3
SHA-256:	8C282AC6DA722858D8B1755C710BE3EC4BD8EFEF4832A415E772EED287899315
SHA-512:	51B5BD7834D4B3BAEEF3E1A2E6F469F6FFC354407182CA87AF67C4F4F26D4CB116A60BBB08BC178950CA3CFF978E2809EFC73002A4F8883B454024A2FFCBD732
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Noumea) {. {-9223372036854775808 39948 0 LMT}. {-1829387148 39600 0 +11}. {250002000 43200 1 +11}. {257342400 39600 0 +11}. {281451600 43200 1 +11}. {288878400 39600 0 +11}. {849366000 43200 1 +11}. {857228400 39600 0 +11}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Pago_Pago Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	181
Entropy (8bit):	4.94008377236012
Encrypted:	false
SSDEEP:
MD5:	7ABD13E51C01A85468F6511B6710E4B5
SHA1:	9DC80A7BFD7028DB672A20EF32C31B11F083BA99
SHA-256:	AEE9D8FBCB7413536DA1CBDC4F28B7863B3DDD5E6A5AB2A90CE32038AC0EA2B8
SHA-512:	6F6BBEBB10FD6B3987D3076D93DC06F5F765FAC22A90C4184AAF33C1FFD4CBD98464C8A0B4C0C38808AA6D08F91F5060BCEC83E278B8BEF21124C7FE427A09AF
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Pago_Pago) {. {-9223372036854775808 45432 0 LMT}. {-2445424632 -40968 0 LMT}. {-1861879032 -39600 0 SST}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Palau Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	145
Entropy (8bit):	4.920441332270432
Encrypted:	false
SSDEEP:
MD5:	4070C7A615EF7977537641B01FA46AD6
SHA1:	E80FF2BBD448B2399DBE56D279858D7D06EBA691
SHA-256:	F12CB444E9BA91385BED20E60E7DF1A0DB0CE76C6FC7ACA59EEF029BC56D5EA3
SHA-512:	5DD3FD1D0AA4D6DA3F274BEEC283A72B4532804AA9901AB4B1616D36C13CB8F5CC51DB8A6B89C019FAD875ABB567EFC8BD894AADC1E63E94A8CAC79F3E82CB6C
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Palau) {. {-9223372036854775808 32276 0 LMT}. {-2177485076 32400 0 +09}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Pitcairn Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	181
Entropy (8bit):	4.757588870650609
Encrypted:	false
SSDEEP:
MD5:	AB8D0D9514FA6C5E995AE76D2DAEA6D4
SHA1:	3775349B3BE806AA005174D91597D6F2C54E8EC5
SHA-256:	3BB856B2C966211D7689CD303DFDDACB3C323F3C2DA0FF47148A8C5B7BC0E1C4
SHA-512:	AB5D2E00C820D36A2A8B198AAC9350BEFA235EA848A11B16B042EE8124975DCAFC737D30D7C1A01D874B0937E469C2364441FCA686B5EB66A48251F587F55DC5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Pitcairn) {. {-9223372036854775808 -31220 0 LMT}. {-2177421580 -30600 0 -0830}. {893665800 -28800 0 -08}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Pohnpei Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	147
Entropy (8bit):	4.9618148014469705
Encrypted:	false
SSDEEP:
MD5:	0D8489972CBD248971C83DA074C79030
SHA1:	3E390EDC1A2F678918220026F03E914BB6E8ED4B
SHA-256:	A85364C6E79EA16FD0C86A5CF74CCB84843009A6738AAED3B13A709F1BDF0DF7
SHA-512:	A43E459BAB47F133E27A67CFA448E94FBE796DDC23A2D6C3400437D3BC8F31AC2EF3541C4588CF494E1BBD55856C5FA8553A6CD92534E2243EFA31BE2BF5A4CC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Pohnpei) {. {-9223372036854775808 37972 0 LMT}. {-2177490772 39600 0 +11}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Ponape Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	183
Entropy (8bit):	4.735143778298082
Encrypted:	false
SSDEEP:
MD5:	C963ECC06914E8E42F0B96504C1F041C
SHA1:	82D256793B22E9C07362708EE262A6B46AC13ACD
SHA-256:	86593D3A9DC648370A658D82DA7C410E26D818DB2749B79F57A802F8CED76BD3
SHA-512:	0F3691977F992A3FF281AD1577BA0BD4AAF7DB3F167E1A1FF139374C14B14F1A456BE7E7D362D698A8294A6AB906E69AC56E1EE0DAF77C13050553299FB6DAF5
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Pohnpei)]} {. LoadTimeZoneFile Pacific/Pohnpei.}.set TZData(:Pacific/Ponape) $TZData(:Pacific/Pohnpei).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Port_Moresby Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	183
Entropy (8bit):	4.8981931494123065
Encrypted:	false
SSDEEP:
MD5:	AF14EE836FE5D358C83568C5ACFA88C0
SHA1:	22026C7FE440E466193E6B6935C2047BD321F76B
SHA-256:	33E0A5DD919E02B7311A35E24DB37F86A20A394A195FE01F5A3BE7336F276665
SHA-512:	BEF151E1198D57328BA0FC01BB6F00AD51ADEEE99A97C30E0D08FFB3CFCB9E99B34DBAD03FCB3B19F17D60590FA0E6C5F2978954A3585CDFD31E32C93B05154D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Port_Moresby) {. {-9223372036854775808 35320 0 LMT}. {-2840176120 35312 0 PMMT}. {-2366790512 36000 0 +10}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Rarotonga Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	907
Entropy (8bit):	3.848488423299009
Encrypted:	false
SSDEEP:
MD5:	19F22E22F7B136EFCB45E83BC765E871
SHA1:	500CC7EA47902856727C2B6D23BF4DAFF6817EB4
SHA-256:	B1235ED60A50282E14F4B2B477F9936D15CAF91495CBB81971A2C9580209C420
SHA-512:	2FD667F105E57A62821B2BB301A1A31BB56FA6670AADC94F41337445335262FE40DA5DAE7113328E54379E45246B5419B94F8C8AFB73B1F2405E7F08F5D6FBCC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Rarotonga) {. {-9223372036854775808 -38344 0 LMT}. {-2177414456 -37800 0 -1030}. {279714600 -34200 0 -10}. {289387800 -36000 0 -10}. {309952800 -34200 1 -10}. {320837400 -36000 0 -10}. {341402400 -34200 1 -10}. {352287000 -36000 0 -10}. {372852000 -34200 1 -10}. {384341400 -36000 0 -10}. {404906400 -34200 1 -10}. {415791000 -36000 0 -10}. {436356000 -34200 1 -10}. {447240600 -36000 0 -10}. {467805600 -34200 1 -10}. {478690200 -36000 0 -10}. {499255200 -34200 1 -10}. {510139800 -36000 0 -10}. {530704800 -34200 1 -10}. {541589400 -36000 0 -10}. {562154400 -34200 1 -10}. {573643800 -36000 0 -10}. {594208800 -34200 1 -10}. {605093400 -36000 0 -10}. {625658400 -34200 1 -10}. {636543000 -36000 0 -10}. {657108000 -34200 1 -10}. {667992600 -36000 0 -10}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Saipan Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	174
Entropy (8bit):	4.8048918219164065
Encrypted:	false
SSDEEP:
MD5:	BE50B3EE2BD083842CFFB7698DD04CDE
SHA1:	0B8C8AFC5F94E33226F148202EFFBD0787D61FA2
SHA-256:	74DD6FE03E3061CE301FF3E8E309CF1B10FC0216EEC52839D48B210BCBD8CF63
SHA-512:	136BCF692251B67CD3E6922AD0A200F0807018DC191CAE853F2192FD385F8150D5CCF36DF641ED9C09701E4DBBB105BF97C7540D7FA9D9FFC440682B770DF5BA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Guam)]} {. LoadTimeZoneFile Pacific/Guam.}.set TZData(:Pacific/Saipan) $TZData(:Pacific/Guam).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Samoa Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	188
Entropy (8bit):	4.729839728044672
Encrypted:	false
SSDEEP:
MD5:	843BBE96C9590D69B09FD885B68DE65A
SHA1:	25BF176717A4578447E1D77F9BF0140AFF18625A
SHA-256:	4F031CB2C27A3E311CA4450C20FB5CF4211A168C39591AB02EEEC80A5A8BFB93
SHA-512:	B50301CFC8E5CF8C257728999B0D91C06E2F7C040D30F71B90BBC612959B519E8D27EE2DA9B8B9002483D3F4F173BB341A07898B4E4C98A146B3D988CA3BD5B2
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Pago_Pago)]} {. LoadTimeZoneFile Pacific/Pago_Pago.}.set TZData(:Pacific/Samoa) $TZData(:Pacific/Pago_Pago).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Tahiti Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	148
Entropy (8bit):	4.900317309402027
Encrypted:	false
SSDEEP:
MD5:	DDF599B7659B88603DF80E390471CB10
SHA1:	80FF5E0E99483CB8952EC137A261D034B6759D07
SHA-256:	B8282EC1E5BFA5E116C7DC5DC974B0605C85D423519F124754126E8F8FE439EC
SHA-512:	28F15CB6310190066936B7B21024205EC87A54D081415B1E46E72982814E1E2A41A2CE8B808D02E705100CE5ACBB1E69F1859E40A04F629B7004FBD89DD37899
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Tahiti) {. {-9223372036854775808 -35896 0 LMT}. {-1806674504 -36000 0 -10}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Tarawa Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	146
Entropy (8bit):	4.924466748251822
Encrypted:	false
SSDEEP:
MD5:	AE5E0FFFEEFD0A8E77233CB0E59DE352
SHA1:	7B7CC1095FB919946F3315C4A28994AEB1ECD51A
SHA-256:	1FCC6C0CC48538EDB5B8290465156B2D919DFA487C740EB85A1DF472C460B0E6
SHA-512:	1693FA5DE78FDCF79993CB137EE0568A4B8245D0177DF845356B3C2418641C8AA23CAA7069707C0E180FF9F5345D380A3575EEFFE0C8BC08E18E40ED0E1F6FA3
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Tarawa) {. {-9223372036854775808 41524 0 LMT}. {-2177494324 43200 0 +12}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Tongatapu Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	436
Entropy (8bit):	4.271209640478309
Encrypted:	false
SSDEEP:
MD5:	C32CDBF9C696134870351ABB80920E08
SHA1:	43918B7BF46EF2B574D684D36901592E43A45A8A
SHA-256:	8FE5EF266C660C4A25827BE9C2C4081A206D946DD46EBC1095F8D18F41536399
SHA-512:	1E10C548659A9CE0A9F0C7E6FD86EAD8627C07A8C9842933E7C6CD28EACDE3735DBFDCF7DD1DE5DDE7F2F102F7D584B3C44B1350AFDF7E1621FE9F565CD32362
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Tongatapu) {. {-9223372036854775808 44360 0 LMT}. {-2177497160 44400 0 +1220}. {-915193200 46800 0 +13}. {915102000 46800 0 +13}. {939214800 50400 1 +13}. {953384400 46800 0 +13}. {973342800 50400 1 +13}. {980596800 46800 0 +13}. {1004792400 50400 1 +13}. {1012046400 46800 0 +13}. {1478350800 50400 1 +13}. {1484398800 46800 0 +13}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Truk Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	175
Entropy (8bit):	4.865414495402954
Encrypted:	false
SSDEEP:
MD5:	3282C08FE7BC3A5F4585E97906904AE1
SHA1:	09497114D1EC149FB5CF167CBB4BE2B5E7FFA982
SHA-256:	DC6263DCC96F0EB1B6709693B9455CB229C8601A9A0B96A4594A03AF42515633
SHA-512:	077924E93AC9F610CD9FE158655B631186198BD96995428EB9EE2082449BD36CBF6C214D86E51A6D9A83329FCD5E931C343AA14DBB286C53071D46692B81BC0D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Chuuk)]} {. LoadTimeZoneFile Pacific/Chuuk.}.set TZData(:Pacific/Truk) $TZData(:Pacific/Chuuk).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Wake Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	144
Entropy (8bit):	4.9366125478034935
Encrypted:	false
SSDEEP:
MD5:	AD4044C0F87566AA5265DA84CD3DABBA
SHA1:	15ED1B5960B3E70B23C430B0281B108506BBE76C
SHA-256:	2C273BA8F8324E1B414B40DC356C78E0FD3C02D5E8158EA5753CA51E1185FC11
SHA-512:	AD4758B01038BCAA519776226B43D90CED89292BA47988F639D45FD5B5436ED4E3B16C27F9145EC973DCC242FF6ADC514D7CDD6660E7CE8DD8E92A96CDACD947
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Wake) {. {-9223372036854775808 39988 0 LMT}. {-2177492788 43200 0 +12}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Wallis Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	146
Entropy (8bit):	4.932023172694197
Encrypted:	false
SSDEEP:
MD5:	9FBFA7A7556A081F2352250B44EB0CB6
SHA1:	CB16A38A9E51FEFC803C4E119395B9BCDBA1CF95
SHA-256:	29ABBA5D792FB1D754347DED8E17423D12E07231015D5A65A5873BFC0CE474C7
SHA-512:	CD0FA19597D7188F1D05E8FE9DD9B650DDD30CBBEF3F16646715D5DEF5A261C1E92ADE781DEA609B163808D7A59A0F7AF168332D0134D87DADE42447ABE7E431
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Wallis) {. {-9223372036854775808 44120 0 LMT}. {-2177496920 43200 0 +12}.}.

C:\Users\user\AppData\Local\Update\tcl\tzdata\Pacific\Yap Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	174
Entropy (8bit):	4.887747451136248
Encrypted:	false
SSDEEP:
MD5:	63594F45385660A04D21C11B5F203FF4
SHA1:	CEEC55B952B8EBA952E0965D92220C8EF001E59E
SHA-256:	4418559478B5881DFAF3FE3246A4BFE2E62C46C1D3D452EE4CF5D9651C4F92B5
SHA-512:	B9B55B027EFB7E87D44E89191C03A8409A16FA19A52032E29210161AE8FED528A6504B7B487181847125AF2C7C129A0687323CDDC6D5454199229897F97F0AB0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Chuuk)]} {. LoadTimeZoneFile Pacific/Chuuk.}.set TZData(:Pacific/Yap) $TZData(:Pacific/Chuuk).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Poland Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	169
Entropy (8bit):	4.89278153269951
Encrypted:	false
SSDEEP:
MD5:	975F22C426CE931547D50A239259609A
SHA1:	77D68DF6203E3A2C1A2ADD6B6F8E573EF849AE2E
SHA-256:	309DE0FBCCDAE21114322BD4BE5A8D1375CD95F5FC5A998B3F743E904DC1A131
SHA-512:	ABDF01FCD0D34B5A8E97C604F3976E199773886E87A13B3CDD2319A92BD34D76533D4BA41978F8AAA134D200B6E87F26CB8C223C2760A4D7A78CD7D889DB79BE
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Warsaw)]} {. LoadTimeZoneFile Europe/Warsaw.}.set TZData(:Poland) $TZData(:Europe/Warsaw).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Portugal Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	171
Entropy (8bit):	4.887895128079745
Encrypted:	false
SSDEEP:
MD5:	31202B87B7352110A03D740D66DCD967
SHA1:	439A3700721D4304FA81282E70F6305BB3706C8D
SHA-256:	8288E9E5FC25549D6240021BFB569ED8EB07FF8610AAA2D39CD45A025EBD2853
SHA-512:	AB95D3990DC99F6A06BF3384D98D42481E198B2C4D1B2C85E869A2F95B651DDF64406AB15C485698E24F26D1A081E22371CE74809915A7CCA02F2946FB8607BF
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Lisbon)]} {. LoadTimeZoneFile Europe/Lisbon.}.set TZData(:Portugal) $TZData(:Europe/Lisbon).

C:\Users\user\AppData\Local\Update\tcl\tzdata\ROC Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	160
Entropy (8bit):	4.743612967973961
Encrypted:	false
SSDEEP:
MD5:	A0C5022166493D766E827B88F806CA32
SHA1:	2A679A391C810122DDD6A7EF722C35328FC09D9C
SHA-256:	537EA39AFBA7CFC059DE58D484EF450BEE73C7903D36F09A16CA983CB5B8F686
SHA-512:	85FEF0A89087D2196EC817A6444F9D94A8D315A64EAE9615C615DBB79B30320CED0D49A1A6C2CD566C722971FA8908A675B1C8F7E64D6875505C60400219F938
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Taipei)]} {. LoadTimeZoneFile Asia/Taipei.}.set TZData(:ROC) $TZData(:Asia/Taipei).

C:\Users\user\AppData\Local\Update\tcl\tzdata\ROK Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	157
Entropy (8bit):	4.851755466867201
Encrypted:	false
SSDEEP:
MD5:	48E7BE02E802A47C0D2F87E633010F38
SHA1:	A547853A7ED03CE9C07FC3BAA0F57F5ABB4B636B
SHA-256:	2F362169FD628D6E0CB32507F69AD64177BC812E7E961E5A738F4F492B105128
SHA-512:	BCBE9BC1C08CFF97B09F8D566EC3B42B9CE8442FA4BECE37A18446CBBF0ECEDA66BA18ABFA5E52E7677B18FB5DABF00DF9E28DE17B094A690B097AFC7130EA89
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Seoul)]} {. LoadTimeZoneFile Asia/Seoul.}.set TZData(:ROK) $TZData(:Asia/Seoul).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Singapore Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	175
Entropy (8bit):	4.80663340464643
Encrypted:	false
SSDEEP:
MD5:	9E2902F20F33CA25B142B6AA51D4D54F
SHA1:	C1933081F30ABB7780646576D7D0F54DC6F1BC51
SHA-256:	FCF394D598EC397E1FFEED5282874408D75A9C3FFB260C55EF00F30A80935CA4
SHA-512:	D56AF44C4E4D5D3E6FC31D56B9BA36BD8499683D1A3C9BC48EEE392C4AC5ACAA10E3E82282F5BDA9586AF26F4B6C0C5649C454399144F040CC94EA35BBB53B48
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Singapore)]} {. LoadTimeZoneFile Asia/Singapore.}.set TZData(:Singapore) $TZData(:Asia/Singapore).

C:\Users\user\AppData\Local\Update\tcl\tzdata\SystemV\AST4 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	196
Entropy (8bit):	4.951561086936219
Encrypted:	false
SSDEEP:
MD5:	A1D42EC950DE9178058EAA95CCFBAA09
SHA1:	55BE1FAF85F0D5D5604685F9AC19286142FC7133
SHA-256:	888A93210241F6639FB9A1DB0519407047CB7F5955F0D5382F2A85C0C473D9A5
SHA-512:	3C6033D1C84B75871B8E37E71BFEE26549900C555D03F8EC20A31076319E2FEBB0240EC075C2CAFC948D629A32023281166A7C69AFEA3586DEE7A2F585CB5E82
Malicious:	false
Preview:	# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Puerto_Rico)]} {. LoadTimeZoneFile America/Puerto_Rico.}.set TZData(:SystemV/AST4) $TZData(:America/Puerto_Rico).

C:\Users\user\AppData\Local\Update\tcl\tzdata\SystemV\AST4ADT Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	187
Entropy (8bit):	4.900537547414888
Encrypted:	false
SSDEEP:
MD5:	CFDB782F87A616B89203623B9D6E3DBF
SHA1:	1BB9F75215A172B25D3AE27AAAD6F1D74F837FE6
SHA-256:	62C72CF0A80A5821663EC5923B3F17C12CE5D6BE1E449874744463BF64BCC3D7
SHA-512:	085E5B6E81E65BC781B5BC635C6FA1E7BF5DC69295CF739C739F6361BF9EB67F36F7124A2D3E5ADA5F854149C84B9C8A7FB22E5C6E8FF57576EBDEA0E4D6560B
Malicious:	false
Preview:	# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Halifax)]} {. LoadTimeZoneFile America/Halifax.}.set TZData(:SystemV/AST4ADT) $TZData(:America/Halifax).

C:\Users\user\AppData\Local\Update\tcl\tzdata\SystemV\CST6 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	181
Entropy (8bit):	4.911352504536709
Encrypted:	false
SSDEEP:
MD5:	01215B5D234C433552A3BF0A440B38F6
SHA1:	B3A469977D38E1156B81A93D90E638693CFDBEEF
SHA-256:	2199E7DD20502C4AF25D57A58B11B16BA3173DB47EFA7AD2B33FDB72793C4DDB
SHA-512:	35D3BDE235FF40C563C7CEDD8A2CCBB4BAC2E2AA24A8E072EA0572BB231295D705EA9F84EEAA9FD2C735B1203332D8D97C3592A2B702BCFE9C81828D4F635205
Malicious:	false
Preview:	# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Regina)]} {. LoadTimeZoneFile America/Regina.}.set TZData(:SystemV/CST6) $TZData(:America/Regina).

C:\Users\user\AppData\Local\Update\tcl\tzdata\SystemV\CST6CDT Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	187
Entropy (8bit):	4.929669998131187
Encrypted:	false
SSDEEP:
MD5:	CDE40B5897D89E19A3F2241912B96826
SHA1:	00DE53DC7AA97F26B1A8BF83315635FBF634ABB3
SHA-256:	3C83D3DB23862D9CA221109975B414555809C27D45D1ED8B9456919F8BA3BF25
SHA-512:	69DFC06ACF544B7F95DEF2928C1DFE4D95FAD48EE753AD994921E1967F27A3AF891A9F31DDEA547E1BED81C5D2ECF5FC93E75019F2327DE1E73A009422BE52EC
Malicious:	false
Preview:	# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Chicago)]} {. LoadTimeZoneFile America/Chicago.}.set TZData(:SystemV/CST6CDT) $TZData(:America/Chicago).

C:\Users\user\AppData\Local\Update\tcl\tzdata\SystemV\EST5 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	199
Entropy (8bit):	4.881715127736134
Encrypted:	false
SSDEEP:
MD5:	87FEA19F6D7D08F44F93870F7CBBD456
SHA1:	EB768ECB0B1B119560D2ACBB10017A8B3DC77FDD
SHA-256:	2B5887460D6FB393DED5273D1AA87A6A9E1F9E7196A8FA11B4DEB31FAD8922C8
SHA-512:	00DA47594E80D2DB6F2BE6E482A1140780B71F8BBE966987821249984627C5D8C31AA1F2F6251B4D5084C33C66C007A47AFF4F379FA5DA4A112BA028B982A85A
Malicious:	false
Preview:	# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Indianapolis)]} {. LoadTimeZoneFile America/Indianapolis.}.set TZData(:SystemV/EST5) $TZData(:America/Indianapolis).

C:\Users\user\AppData\Local\Update\tcl\tzdata\SystemV\EST5EDT Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	190
Entropy (8bit):	5.071686349792137
Encrypted:	false
SSDEEP:
MD5:	5C43C828D9460B9DF370F0D155B03A5C
SHA1:	92F92CD64937703D4829C42FE5656C7CCBA22F4E
SHA-256:	3F833E2C2E03EF1C3CC9E37B92DBFBA429E73449E288BEBE19302E23EB07C78B
SHA-512:	A88EAA9DAAD9AC622B75BC6C89EB44A2E4855261A2F7077D8D4018F00FC82E5E1EA364E3D1C08754701A545F5EC74752B9F3657BF589CF76E5A3931F81E99BBF
Malicious:	false
Preview:	# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/New_York)]} {. LoadTimeZoneFile America/New_York.}.set TZData(:SystemV/EST5EDT) $TZData(:America/New_York).

C:\Users\user\AppData\Local\Update\tcl\tzdata\SystemV\HST10 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	188
Entropy (8bit):	4.927529755640769
Encrypted:	false
SSDEEP:
MD5:	1A50997B6F22E36D2E1849D1D95D0882
SHA1:	F4AC3ABBEA4A67013F4DC52A04616152C4C639A9
SHA-256:	C94C64BF06FDE0A88F24C435A52BDDE0C5C70F383CD09C62D7E42EAB2C54DD2C
SHA-512:	CCBD66449983844B3DB440442892004D070E5F0DFF454B25C681E13EB2F25F6359D0221CE5FF7800AC794A32D4474FE1126EA2465DB83707FF7496A1B39E6E1A
Malicious:	false
Preview:	# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Honolulu)]} {. LoadTimeZoneFile Pacific/Honolulu.}.set TZData(:SystemV/HST10) $TZData(:Pacific/Honolulu).

C:\Users\user\AppData\Local\Update\tcl\tzdata\SystemV\MST7 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	184
Entropy (8bit):	4.953801751537501
Encrypted:	false
SSDEEP:
MD5:	2B415F2251BE08F1035962CE2A04149F
SHA1:	EFF5CE7CD0A0CBCF366AC531D168CCB2B7C46734
SHA-256:	569819420F44D127693C6E536CAC77410D751A331268D0C059A1898C0E219CF4
SHA-512:	971F1763558D8AC17753C01B7BB64E947C448AA29951064ED7C5997D4B4A652C7F5D7C2CB4F8040F73AD83D7E49B491B93047A06D8C699F33B08F4A064BE0DCC
Malicious:	false
Preview:	# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Phoenix)]} {. LoadTimeZoneFile America/Phoenix.}.set TZData(:SystemV/MST7) $TZData(:America/Phoenix).

C:\Users\user\AppData\Local\Update\tcl\tzdata\SystemV\MST7MDT Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	184
Entropy (8bit):	4.909831110037175
Encrypted:	false
SSDEEP:
MD5:	895E9BAF5EDF0928D4962C3E6650D843
SHA1:	52513BFA267CA2E84FDDF3C252A4E8FD059F2847
SHA-256:	465A4DE93F2B103981A54827CDEBB10350A385515BB8648D493FD376AABD40AF
SHA-512:	CAF19320F0F507160E024C37E26987A99F2276622F2A6D8D1B7E3068E5459960840F4202FF8A98738B9BCA0F42451304FC136CBD36BBFE39F616622217AD89A3
Malicious:	false
Preview:	# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Denver)]} {. LoadTimeZoneFile America/Denver.}.set TZData(:SystemV/MST7MDT) $TZData(:America/Denver).

C:\Users\user\AppData\Local\Update\tcl\tzdata\SystemV\PST8 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	187
Entropy (8bit):	4.782387645904801
Encrypted:	false
SSDEEP:
MD5:	67AE3FD76B2202F3B1CF0BBC664DE8D0
SHA1:	4603DE0753B684A8D7ACB78A6164D5686542EE8E
SHA-256:	30B3FC95A7CB0A6AC586BADF47E9EFA4498995C58B80A03DA2F1F3E8A2F3553B
SHA-512:	BF45D0CA674DD631D3E8442DFB333812B5B31DE61576B8BE33B94E0433936BC1CD568D9FC522C84551E770660BE2A98F45FE3DB4B6577968DF57071795B53AD9
Malicious:	false
Preview:	# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Pitcairn)]} {. LoadTimeZoneFile Pacific/Pitcairn.}.set TZData(:SystemV/PST8) $TZData(:Pacific/Pitcairn).

C:\Users\user\AppData\Local\Update\tcl\tzdata\SystemV\PST8PDT Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	199
Entropy (8bit):	4.959254419324467
Encrypted:	false
SSDEEP:
MD5:	DFB48E0E2CE5D55DC60B3E95B7D12813
SHA1:	535E0BF050E41DCFCE08686AFDFAFF9AAFEF220C
SHA-256:	74096A41C38F6E0641934C84563277EBA33C5159C7C564C7FF316D050083DD6D
SHA-512:	3ECDF3950ED3FB3123D6C1389A2A877842B90F677873A0C106C4CA6B180EEC38A26C74E21E8A3036DA8980FF7CA9E1578B0E1D1A3EA364A4175772F468747425
Malicious:	false
Preview:	# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Los_Angeles)]} {. LoadTimeZoneFile America/Los_Angeles.}.set TZData(:SystemV/PST8PDT) $TZData(:America/Los_Angeles).

C:\Users\user\AppData\Local\Update\tcl\tzdata\SystemV\YST9 Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	184
Entropy (8bit):	4.905971098884841
Encrypted:	false
SSDEEP:
MD5:	CED0A343EF3A316902A10467B2F66B9B
SHA1:	5884E6BA28FD71A944CA2ED9CB118B9E108EF7CB
SHA-256:	1BB5A98B80989539135EAB3885BBA20B1E113C19CB664FB2DA6B150DD1F44F68
SHA-512:	903D1DC6D1E192D4A98B84247037AE171804D250BB5CB84D2C5E145A0BDC50FCD543B70BAFF8440AFF59DA14084C8CEEFB2F912A02B36B7571B0EEEC154983B3
Malicious:	false
Preview:	# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Gambier)]} {. LoadTimeZoneFile Pacific/Gambier.}.set TZData(:SystemV/YST9) $TZData(:Pacific/Gambier).

C:\Users\user\AppData\Local\Update\tcl\tzdata\SystemV\YST9YDT Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	193
Entropy (8bit):	4.949109665596263
Encrypted:	false
SSDEEP:
MD5:	D588930E34CF0A03EFEE7BFBC5022BC3
SHA1:	0714C6ECAAF7B4D23272443E5E401CE141735E78
SHA-256:	4D1CAE3C453090667549AB83A8DE6F9B654AAC5F540192886E5756A01D21A253
SHA-512:	ABE69BEF808D7B0BEF9F49804D4A753E033D7C99A7EA57745FE4C3CBE2C26114A8845A219ED6DEAB8FA009FDB86E384687068C1BCF8B704CCF24DA7029455802
Malicious:	false
Preview:	# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Anchorage)]} {. LoadTimeZoneFile America/Anchorage.}.set TZData(:SystemV/YST9YDT) $TZData(:America/Anchorage).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Turkey Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	175
Entropy (8bit):	4.882090609090058
Encrypted:	false
SSDEEP:
MD5:	41703ED241199F0588E1FC6FF0F33E90
SHA1:	08B4785E21E21DFE333766A7198C325CD062347B
SHA-256:	4B8A8CE69EE94D7E1D49A2E00E2944675B66BD16302FE90E9020845767B0509B
SHA-512:	F90F6B0002274AF57B2749262E1530E21906162E4D1F3BE89639B5449269F3026A7F710C24765E913BC23DEC5A6BF97FC0DD465972892D851B6EAEEF025846CA
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Istanbul)]} {. LoadTimeZoneFile Europe/Istanbul.}.set TZData(:Turkey) $TZData(:Europe/Istanbul).

C:\Users\user\AppData\Local\Update\tcl\tzdata\UCT Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	148
Entropy (8bit):	4.792993822845485
Encrypted:	false
SSDEEP:
MD5:	1921CC58408AD2D7ED3B5308C71B1A28
SHA1:	12F832D7B3682DC28A49481B8FBA8C55DCDC60D0
SHA-256:	92FC6E3AA418F94C486CE5BF6861FAA4E85047189E98B90DA78D814810E88CE7
SHA-512:	EB134E2E7F7A811BFA8223EB4E98A94905EA24891FD95AB29B52DE2F683C97E086AA2F7B2EA93FBA2451AAEDD22F01219D700812DABC7D6670028ACF9AAB8367
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/UCT)]} {. LoadTimeZoneFile Etc/UCT.}.set TZData(:UCT) $TZData(:Etc/UCT).

C:\Users\user\AppData\Local\Update\tcl\tzdata\US\Alaska Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	184
Entropy (8bit):	4.864166947846424
Encrypted:	false
SSDEEP:
MD5:	0763082FF8721616592350D8372D59FF
SHA1:	CEBB03EB7F44530CF52DCA7D55DC912015604D94
SHA-256:	94FDFE2901596FC5DCE74A5560431F3E777AE1EBEEE59712393AE2323F17ADFA
SHA-512:	DFE8AAA009C28C209A925BBE5509589C0087F6CC78F94763BFA9F1F311427E3FF2E377EB340590383D790D3578C1BB37D41525408D027763EA96ECB3A3AAD65D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Anchorage)]} {. LoadTimeZoneFile America/Anchorage.}.set TZData(:US/Alaska) $TZData(:America/Anchorage).

C:\Users\user\AppData\Local\Update\tcl\tzdata\US\Aleutian Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	171
Entropy (8bit):	4.839824852896375
Encrypted:	false
SSDEEP:
MD5:	01142938A2E5F30FADE20294C829C116
SHA1:	8F9317E0D3836AF916ED5530176C2BF7A929C3C7
SHA-256:	1DD79263FB253217C36A9E7DDCB2B3F35F208E2CE812DCDE5FD924593472E4FE
SHA-512:	2C47FE8E8ED0833F4724EF353A9A6DFCE3B6614DA744E64364E9AB423EC92565FEF1E8940CB12A0BCCFE0BD6B44583AF230A4ABCC0BAE3D9DC43FBB2C7941CFF
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Adak)]} {. LoadTimeZoneFile America/Adak.}.set TZData(:US/Aleutian) $TZData(:America/Adak).

C:\Users\user\AppData\Local\Update\tcl\tzdata\US\Arizona Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	179
Entropy (8bit):	4.886225611026426
Encrypted:	false
SSDEEP:
MD5:	090DC30F7914D5A5B0033586F3158384
SHA1:	2F526A63A1C47F88E320BE1C12CA8887DA2DC989
SHA-256:	47D25266ABBD752D61903C903ED3E9CB485A7C01BD2AA354C5B50DEBC253E01A
SHA-512:	5FE75328595B5DECDAC8D318BEE89EAD744A881898A4B45DD2ABB5344B13D8AFB180E4A8F8D098A9589488D9379B0153CBC5CF638AF7011DE89C57B554F42757
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Phoenix)]} {. LoadTimeZoneFile America/Phoenix.}.set TZData(:US/Arizona) $TZData(:America/Phoenix).

C:\Users\user\AppData\Local\Update\tcl\tzdata\US\Central Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	179
Entropy (8bit):	4.854450230853601
Encrypted:	false
SSDEEP:
MD5:	E0801B5A57F40D42E8AF6D48C2A41467
SHA1:	A49456A1BF1B73C6B284E0764AEAFD1464E70DDC
SHA-256:	16C7FFCE60495E5B0CB65D6D5A0C3C5AA9E62BD6BC067ABD3CD0F691DA41C952
SHA-512:	3DE6A41B88D6485FD1DED2DB9AB9DAD87B9F9F95AA929D38BF6498FC0FD76A1048CE1B68F24CD22C487073F59BD955AFCB9B7BF3B20090F81FA250A5E7674A53
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Chicago)]} {. LoadTimeZoneFile America/Chicago.}.set TZData(:US/Central) $TZData(:America/Chicago).

C:\Users\user\AppData\Local\Update\tcl\tzdata\US\East-Indiana Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	223
Entropy (8bit):	4.715837665658945
Encrypted:	false
SSDEEP:
MD5:	1A27644D1BF2299B7CDDED7F405D6570
SHA1:	BD03290A6E7A967152E2E4F95A82E01E7C35F63C
SHA-256:	1C46FAEDFACEB862B2E4D5BD6AC63E5182E1E2CFD2E1CDFA2661D698CC8B0072
SHA-512:	9D6F3E945656DD97A7E956886C1123B298A87704D4F5671E4D1E94531C01F8BE377D83239D8BE78E2B3E1C0C20E5779BA3978F817A6982FE607A18A7FDCF57FB
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Indiana/Indianapolis)]} {. LoadTimeZoneFile America/Indiana/Indianapolis.}.set TZData(:US/East-Indiana) $TZData(:America/Indiana/Indianapolis).

C:\Users\user\AppData\Local\Update\tcl\tzdata\US\Eastern Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	182
Entropy (8bit):	4.990255962392122
Encrypted:	false
SSDEEP:
MD5:	3FE03D768F8E535506D92A6BC3C03FD2
SHA1:	F82BF149CE203B5A4A1E106A495D3409AF7A07AC
SHA-256:	9F46C0E46F6FE26719E2CF1FA05C7646530B65FB17D4101258D357568C489D77
SHA-512:	ADFDBB270113A192B2378CC347DD8A57FDBDC776B06F9E16033EE8D5EAB49E16234CA2523580EEBB4DCDD27F33222EDD5514F0D7D85723597F059C5D6131E1B0
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/New_York)]} {. LoadTimeZoneFile America/New_York.}.set TZData(:US/Eastern) $TZData(:America/New_York).

C:\Users\user\AppData\Local\Update\tcl\tzdata\US\Hawaii Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	181
Entropy (8bit):	4.832149382727646
Encrypted:	false
SSDEEP:
MD5:	347E51049A05224D18F264D08F360CBB
SHA1:	A801725A9B01B5E08C63BD2568C8F5D084F0EB02
SHA-256:	EA5D18E4A7505406D6027AD34395297BCF5E3290283C7CC28B4A34DB8AFBDD97
SHA-512:	C9B96C005D90DD8F317A697F59393D20663DE74D6E4D0B45BCE109B31A328D7AA62C51FAA8D00C728C0342940EF3B0F0921814B31BD7FE128A6E95F92CF50E06
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Honolulu)]} {. LoadTimeZoneFile Pacific/Honolulu.}.set TZData(:US/Hawaii) $TZData(:Pacific/Honolulu).

C:\Users\user\AppData\Local\Update\tcl\tzdata\US\Indiana-Starke Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	201
Entropy (8bit):	4.825742972037525
Encrypted:	false
SSDEEP:
MD5:	E111813F4C9B888427B8363949C87C72
SHA1:	96B6692DCD932DCC856804BE0C2145538C4B2B33
SHA-256:	4E896634F3A400786BBD996D1FE0D5C9A346E337027B240F1671A7E4B38C8F69
SHA-512:	97726D7EDB7D7A1F6E815A0B875CAF9E2D2D27F50ECC866FBC6CB1B88836E8C2D64A9C108CD917C9D641B30822397664A2AC8010EADF0FF2A6C205AE4D5E7A2F
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Indiana/Knox)]} {. LoadTimeZoneFile America/Indiana/Knox.}.set TZData(:US/Indiana-Starke) $TZData(:America/Indiana/Knox).

C:\Users\user\AppData\Local\Update\tcl\tzdata\US\Michigan Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	180
Entropy (8bit):	4.7846496799669405
Encrypted:	false
SSDEEP:
MD5:	80A9A00EC1C5904A67DC3E8B2FDC3150
SHA1:	8E79FBEB49D9620E793E4976D0B9085E32C57E83
SHA-256:	8DB76FC871DD334DA87297660B145F8692AD053B352A19C2EFCD74AF923D762D
SHA-512:	0A5662E33C60030265ECAD1FF683B18F6B99543CA5FE22F88BCE597702FBEA20358BCB9A568D7F8B32158D9E6A3D294081D183644AD49C22AC3512F97BE480D4
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Detroit)]} {. LoadTimeZoneFile America/Detroit.}.set TZData(:US/Michigan) $TZData(:America/Detroit).

C:\Users\user\AppData\Local\Update\tcl\tzdata\US\Mountain Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	177
Entropy (8bit):	4.84430947557215
Encrypted:	false
SSDEEP:
MD5:	13D6C7CF459995691E37741ACAF0A18D
SHA1:	A0626763930C282DF21ED3AA8F1B35033BA2F9DC
SHA-256:	223B5C8E34F459D7B221B83C45DBB2827ABE376653BAA1BC56D09D50DF136B08
SHA-512:	9076DFECC5D02DB38ECE3D2512D52566675D98A857711676E891D8741EA588153954357FE19F4C69305FF05D0F99286F1D496DF0C7FDBC8D59803D1B1CFA5F07
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Denver)]} {. LoadTimeZoneFile America/Denver.}.set TZData(:US/Mountain) $TZData(:America/Denver).

C:\Users\user\AppData\Local\Update\tcl\tzdata\US\Pacific Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	191
Entropy (8bit):	4.885594237758327
Encrypted:	false
SSDEEP:
MD5:	EBF51CD015BD387FA2BB30DE8806BDDA
SHA1:	63C2E2F4CD8BC719A06D59EF4CE4C31F17F53EA0
SHA-256:	B7AD78FB955E267C0D75B5F7279071EE17B6DD2842DAD61ADA0165129ADE6A86
SHA-512:	22BECE2AEAD66D921F38B04FDC5A41F2627FCC532A171EA1C9C9457C22CD79EFD1EC3C7CC62BC016751208AD1D064B0F03C2185F096982F73740D8426495F5ED
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Los_Angeles)]} {. LoadTimeZoneFile America/Los_Angeles.}.set TZData(:US/Pacific) $TZData(:America/Los_Angeles).

C:\Users\user\AppData\Local\Update\tcl\tzdata\US\Pacific-New Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	195
Entropy (8bit):	4.931883193402467
Encrypted:	false
SSDEEP:
MD5:	01CD3EBFDB7715805572CDA3F81AC78A
SHA1:	C013C38D2FB9E649EE43FED6910382150C2B3DF5
SHA-256:	DEFE67C520303EF85B381EBEAED4511C0ACF8C49922519023C525E6A1B09B9DD
SHA-512:	266F35C34001CD4FF00F51F5CDF05E1F4D0B037F276EFD2D124C8AE3391D00128416D16D886B3ECDF9E9EFC81C66B2FD4ED55F154437ED5AA32876B855289190
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Los_Angeles)]} {. LoadTimeZoneFile America/Los_Angeles.}.set TZData(:US/Pacific-New) $TZData(:America/Los_Angeles).

C:\Users\user\AppData\Local\Update\tcl\tzdata\US\Samoa Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	183
Entropy (8bit):	4.789322986138067
Encrypted:	false
SSDEEP:
MD5:	E883D478518F6DAF8173361A8D308D34
SHA1:	ABD97858655B0069BFD5E11DD95BF6D7C2109AEA
SHA-256:	DD4B1812A309F90ABBD001C3C73CC2AF1D4116128787DE961453CCBE53EC9B6A
SHA-512:	DA1FE6D92424404111CBB18CA39C8E29FA1F9D2FD262D46231FB7A1A78D79D00F92F5D1DEBB9B92565D1E3BA03EF20D2A44B76BA0FC8B257A601EED5976386CC
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Pago_Pago)]} {. LoadTimeZoneFile Pacific/Pago_Pago.}.set TZData(:US/Samoa) $TZData(:Pacific/Pago_Pago).

C:\Users\user\AppData\Local\Update\tcl\tzdata\UTC Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	148
Entropy (8bit):	4.792993822845485
Encrypted:	false
SSDEEP:
MD5:	530F5381F9CD8542ED5690E47FC83358
SHA1:	29A065F004F23A5E3606C2DB50DC0AB28CAFC785
SHA-256:	AC0FF734DA267E5F20AB573DBD8C0BD7613B84D86FDA3C0809832F848E142BC8
SHA-512:	4328BDFD6AA935FD539EE2D4A3EBA8DD2A1BD9F44BA0CF30AA0C4EA57B0A58E3CDFAA312366A0F93766AE445E6E210EE57CD5ED60F74173EDF67C1C5CB987C68
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/UTC)]} {. LoadTimeZoneFile Etc/UTC.}.set TZData(:UTC) $TZData(:Etc/UTC).

C:\Users\user\AppData\Local\Update\tcl\tzdata\Universal Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	154
Entropy (8bit):	4.829496870339919
Encrypted:	false
SSDEEP:
MD5:	60878BB8E8BE290911CAB2A16AAFAEF7
SHA1:	15C01523EDA134D3E38ECC0A5909A4579BD2A00D
SHA-256:	9324B6C871AC55771C44B82BF4A92AE0BE3B2CC64EBA9FE878571225FD38F818
SHA-512:	C697401F1C979F5A4D33E1026DCE5C77603E56A48405511A09D8CE178F1BF47D60F217E7897061F71CFEA63CC041E64340EF6BAEE0EB037AFD34C71BF0591E3E
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/UTC)]} {. LoadTimeZoneFile Etc/UTC.}.set TZData(:Universal) $TZData(:Etc/UTC).

C:\Users\user\AppData\Local\Update\tcl\tzdata\W-SU Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	167
Entropy (8bit):	4.9534620854837295
Encrypted:	false
SSDEEP:
MD5:	58FBF79D86DBCFF53F74BF7FE5C12DD6
SHA1:	EA8B3317B012A661B3BA4A1FAE0DC5DEDC03BC26
SHA-256:	0DECFEACCE2E2D88C29CB696E7974F89A687084B3DB9564CDED6FC97BCD74E1F
SHA-512:	083B449DE987A634F7199666F9C685EADD643C2C2DD9C8F6C188388266729CE0179F9DC0CD432D713E5FB1649D0AA1A066FE616FC43DA65C4CD787D8E0DE00A6
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Moscow)]} {. LoadTimeZoneFile Europe/Moscow.}.set TZData(:W-SU) $TZData(:Europe/Moscow).

C:\Users\user\AppData\Local\Update\tcl\tzdata\WET Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6694
Entropy (8bit):	3.6896780927557495
Encrypted:	false
SSDEEP:
MD5:	CD86A6ED164FEB33535D74DF52DC49A5
SHA1:	89843BF23AB113847DCC576990A4FF2CABCA03FE
SHA-256:	AF28754C77BA41712E9C49EF3C9E08F7D43812E3317AD4E2192E971AD2C9B02D
SHA-512:	80C0A7C3BDD458CA4C1505B2144A3AD969F7B2F2732CCBE4E773FBB6ED446C2961E0B5AFFBC124D43CE9AB530C42C8AEC7100E7817566629CE9D01AC057E3549
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit..set TZData(:WET) {. {-9223372036854775808 0 0 WET}. {228877200 3600 1 WEST}. {243997200 0 0 WET}. {260326800 3600 1 WEST}. {276051600 0 0 WET}. {291776400 3600 1 WEST}. {307501200 0 0 WET}. {323830800 3600 1 WEST}. {338950800 0 0 WET}. {354675600 3600 1 WEST}. {370400400 0 0 WET}. {386125200 3600 1 WEST}. {401850000 0 0 WET}. {417574800 3600 1 WEST}. {433299600 0 0 WET}. {449024400 3600 1 WEST}. {465354000 0 0 WET}. {481078800 3600 1 WEST}. {496803600 0 0 WET}. {512528400 3600 1 WEST}. {528253200 0 0 WET}. {543978000 3600 1 WEST}. {559702800 0 0 WET}. {575427600 3600 1 WEST}. {591152400 0 0 WET}. {606877200 3600 1 WEST}. {622602000 0 0 WET}. {638326800 3600 1 WEST}. {654656400 0 0 WET}. {670381200 3600 1 WEST}. {686106000 0 0 WET}. {701830800 3600 1 WEST}. {717555600 0 0 WET}. {733280400 3600 1 WEST}. {749005200 0 0 WET}. {764730000 36

C:\Users\user\AppData\Local\Update\tcl\tzdata\Zulu Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	149
Entropy (8bit):	4.830292555237936
Encrypted:	false
SSDEEP:
MD5:	6C7C2CE174DB462A3E66D9A8B67A28EB
SHA1:	73B74BEBCDAEBDA4F46748BCA149BC4C7FE82722
SHA-256:	4472453E5346AAA1E1D4E22B87FDC5F3170AA013F894546087D0DC96D4B6EC43
SHA-512:	07209059E5E5EB5EE12821C1AC46922DA2715EB7D7196A478F0FA6866594D3C69F4C50006B0EE517CBF6DB07164915F976398EBBD88717A070D750D5D106BA5D
Malicious:	false
Preview:	# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/UTC)]} {. LoadTimeZoneFile Etc/UTC.}.set TZData(:Zulu) $TZData(:Etc/UTC).

C:\Users\user\AppData\Local\Update\tcl\word.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4860
Entropy (8bit):	4.7851008522116585
Encrypted:	false
SSDEEP:
MD5:	C5DA264DC0CE5669F81702170B2CDC59
SHA1:	FED571B893EE2DC93DAF8907195503885FFACBB6
SHA-256:	A5311E3640E42F7EFF5CC1A0D8AD6956F738F093B037155674D46B634542FE5F
SHA-512:	1F1993F1F19455F87EC9952BF7CEA00A5082BD2F2E1A417FBC4F239835F3CED6C8D5E09CDA6D1A4CD9F8A24AF174F9AB1DC7BD5E94C7A6DEE2DD9F8FE7F690FF
Malicious:	false
Preview:	# word.tcl --.#.# This file defines various procedures for computing word boundaries in.# strings. This file is primarily needed so Tk text and entry widgets behave.# properly for different platforms..#.# Copyright (c) 1996 by Sun Microsystems, Inc..# Copyright (c) 1998 by Scritpics Corporation..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES...# The following variables are used to determine which characters are.# interpreted as white space...if {$::tcl_platform(platform) eq "windows"} {. # Windows style - any but a unicode space char. if {![info exists ::tcl_wordchars]} {..set ::tcl_wordchars {\S}. }. if {![info exists ::tcl_nonwordchars]} {..set ::tcl_nonwordchars {\s}. }.} else {. # Motif style - any unicode word char (number, letter, or underscore). if {![info exists ::tcl_wordchars]} {..set ::tcl_wordchars {\w}. }. if {![info exists ::tcl_nonwordchars]} {..set ::tcl_nonwo

C:\Users\user\AppData\Local\Update\tk86t.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1468064
Entropy (8bit):	6.165850680457804
Encrypted:	false
SSDEEP:
MD5:	FDC8A5D96F9576BD70AA1CADC2F21748
SHA1:	BAE145525A18CE7E5BC69C5F43C6044DE7B6E004
SHA-256:	1A6D0871BE2FA7153DE22BE008A20A5257B721657E6D4B24DA8B1F940345D0D5
SHA-512:	816ADA61C1FD941D10E6BB4350BAA77F520E2476058249B269802BE826BAB294A9C18EDC5D590F5ED6F8DAFED502AB7FFB29DB2F44292CB5BEDF2F5FA609F49C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........................................B................R..................Rich..................PE..d......\.........." .........J......@........................................p.......f....`.............................................@@..P>..\|........{......,....L.......0...?..`................................................ ..P............................text...c........................... ..`.rdata...?... ...@..................@..@.data........`.......N..............@....pdata..,...........................@..@.rsrc....{.......\|..................@..@.reloc...?...0...@..................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\tk\bgerror.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8246
Entropy (8bit):	4.8180558683809425
Encrypted:	false
SSDEEP:
MD5:	11D758CEF126C5C2EDFC911237DF80F2
SHA1:	7911EAA0A8B6630D016D15730310935909632389
SHA-256:	DA84D32D1B447F7FFE7BBCAC0F7586B0B6DD204717C7AE1F182C6A91510EC77B
SHA-512:	9E2A767FBC62622C34F468958C861EE3AFE2A63005BAD80F1637045D045E1A82FB1D2698D948D375222EBD0B92514ACE99C12DF6D9CACF75ACD03EC8057494A7
Malicious:	false
Preview:	# bgerror.tcl --.#.#.Implementation of the bgerror procedure. It posts a dialog box with.#.the error message and gives the user a chance to see a more detailed.#.stack trace, and possible do something more interesting with that.#.trace (like save it to a log). This is adapted from work done by.#.Donal K. Fellows..#.# Copyright (c) 1998-2000 by Ajuba Solutions..# Copyright (c) 2007 by ActiveState Software Inc..# Copyright (c) 2007 Daniel A. Steffen <das@users.sourceforge.net>.# Copyright (c) 2009 Pat Thoyts <patthoyts@users.sourceforge.net>..namespace eval ::tk::dialog::error {. namespace import -force ::tk::msgcat::. namespace export bgerror. option add ErrorDialog.function.text [mc "Save To Log"] \..widgetDefault. option add ErrorDialog.function.command [namespace code SaveToLog]. option add ErrorDialogLabel.font TkCaptionFont widgetDefault. if {[tk windowingsystem] eq "aqua"} {..option add ErrorDialog*background systemAlertBackgroundActive \...widgetDefault.

C:\Users\user\AppData\Local\Update\tk\button.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	20642
Entropy (8bit):	4.903366631227966
Encrypted:	false
SSDEEP:
MD5:	309AB5B70F664648774453BCCBE5D3CE
SHA1:	51BF685DEDD21DE3786FE97BC674AB85F34BD061
SHA-256:	0D95949CFACF0DF135A851F7330ACC9480B965DAC7361151AC67A6C667C6276D
SHA-512:	D5139752BD7175747A5C912761916EFB63B3C193DD133AD25D020A28883A1DEA6B04310B751F5FCBE579F392A8F5F18AE556116283B3E137B4EA11A2C536EC6B
Malicious:	false
Preview:	# button.tcl --.#.# This file defines the default bindings for Tk label, button,.# checkbutton, and radiobutton widgets and provides procedures.# that help in implementing those bindings..#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1996 Sun Microsystems, Inc..# Copyright (c) 2002 ActiveState Corporation..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# The code below creates the default class bindings for buttons..#-------------------------------------------------------------------------..if {[tk windowingsystem] eq "aqua"} {.. bind Radiobutton <Enter> {..tk::ButtonEnter %W. }. bind Radiobutton <1> {..tk::ButtonDown %W. }. bind Radiobutton <ButtonRelease-1> {..tk::ButtonUp %W. }. bind Checkbutton <Enter> {..tk::ButtonEnter %W. }. bind Checkbutton <1

C:\Users\user\AppData\Local\Update\tk\choosedir.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9652
Entropy (8bit):	4.750454352074374
Encrypted:	false
SSDEEP:
MD5:	E703C16058E7F783E9BB4357F81B564D
SHA1:	1EDA07870078FC4C3690B54BB5330A722C75AA05
SHA-256:	30CE631CB1CCCD20570018162C6FFEF31BAD378EF5B2DE2D982C96E65EB62EF6
SHA-512:	28617F8553766CA7A66F438624AFA5FD7780F93DC9EBDF9BEE865B5649228AA56A69189218FC436CEDF2E5FE3162AD88839CBF49C9CC051238A7559B5C3BA726
Malicious:	false
Preview:	# choosedir.tcl --.#.#.Choose directory dialog implementation for Unix/Mac..#.# Copyright (c) 1998-2000 by Scriptics Corporation..# All rights reserved...# Make sure the tk::dialog namespace, in which all dialogs should live, exists.namespace eval ::tk::dialog {}.namespace eval ::tk::dialog::file {}..# Make the chooseDir namespace inside the dialog namespace.namespace eval ::tk::dialog::file::chooseDir {. namespace import -force ::tk::msgcat::*.}..# ::tk::dialog::file::chooseDir:: --.#.#.Implements the TK directory selection dialog..#.# Arguments:.#.args..Options parsed by the procedure..#.proc ::tk::dialog::file::chooseDir:: {args} {. variable ::tk::Priv. set dataName __tk_choosedir. upvar ::tk::dialog::file::$dataName data. Config $dataName $args.. if {$data(-parent) eq "."} {. set w .$dataName. } else {. set w $data(-parent).$dataName. }.. # (re)create the dialog box if necessary. #. if {![winfo exists $w]} {..::tk::dialog::file::Create

C:\Users\user\AppData\Local\Update\tk\clrpick.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	21432
Entropy (8bit):	4.987740767386718
Encrypted:	false
SSDEEP:
MD5:	E5E462E0EE0C57B31DAEECB07D038488
SHA1:	E67B3410A7BCECE8B5159AB5327910038096A67B
SHA-256:	823F6E4BAF5D10185D990B3FBCB8BFB4D5F4B6ED62203EE229922B6B32FE39D4
SHA-512:	F8442F21E389FF9A3FC5BECCE8811F8554DEF94FBB8F184026396A87AEA37E8108A3E1B3C76FEA2CFBE4E81B2C5FC2BB8A60BE2B9831CC96CB25DAB177616238
Malicious:	false
Preview:	# clrpick.tcl --.#.#.Color selection dialog for platforms that do not support a.#.standard color selection dialog..#.# Copyright (c) 1996 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#.# ToDo:.#.#.(1): Find out how many free colors are left in the colormap and.#. don't allocate too many colors..#.(2): Implement HSV color selection..#..# Make sure namespaces exist.namespace eval ::tk {}.namespace eval ::tk::dialog {}.namespace eval ::tk::dialog::color {. namespace import ::tk::msgcat::*.}..# ::tk::dialog::color:: --.#.#.Create a color dialog and let the user choose a color. This function.#.should not be called directly. It is called by the tk_chooseColor.#.function when a native color selector widget does not exist.#.proc ::tk::dialog::color:: {args} {. variable ::tk::Priv. set dataName __tk__color. upvar ::tk::dialog::color::$dataName data. set w .$dataName.

C:\Users\user\AppData\Local\Update\tk\comdlg.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8229
Entropy (8bit):	5.0540566175865
Encrypted:	false
SSDEEP:
MD5:	427CCBD25BB1559B9B21A80131658140
SHA1:	B675C0C1B02A527B13AA5DE2AE5A1AA754E9815D
SHA-256:	586CB7A3C32566EFEB46036A19D07E91194CE8EDAF0D47F3C93BCC974E6EE3E1
SHA-512:	FEA82D6D7DBAF52EE1883241170BA95396EC282CDD4F682077A238B4FD9A47C4CE6F84B1B4829A86580A4AB794820E6CD4C1E98CFB7BDCE23E09B54566BD6443
Malicious:	false
Preview:	# comdlg.tcl --.#.#.Some functions needed for the common dialog boxes. Probably need to go.#.in a different file..#.# Copyright (c) 1996 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# tclParseConfigSpec --.#.#.Parses a list of "-option value" pairs. If all options and.#.values are legal, the values are stored in.#.$data($option). Otherwise an error message is returned. When.#.an error happens, the data() array may have been partially.#.modified, but all the modified members of the data(0 array are.#.guaranteed to have valid values. This is different than.#.Tk_ConfigureWidget() which does not modify the value of a.#.widget record if any error occurs..#.# Arguments:.#.# w = widget record to modify. Must be the pathname of a widget..#.# specs = {.# {-commandlineswitch resourceName ResourceClass defaultValue verifier}.# {....}.# }.#.# flags = currently unused..#.# argList

C:\Users\user\AppData\Local\Update\tk\console.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	32784
Entropy (8bit):	4.906598115585926
Encrypted:	false
SSDEEP:
MD5:	8B5B8B6D49F4CA36B8662923DCF9A46C
SHA1:	BCD6CA7451BDFB22311D9D54FBABB116D4A7A687
SHA-256:	7E1EAA998B1D661E9B4B72A4598A534B8311AB75D444525DD613EC73F8126750
SHA-512:	D7E20377E2FBD147A68E4B647D4F09A1894A203F2FA5435B09AD2B6998FFC2F70222BD2808B6A1D1B6A96271F04E7C7A4E6AB0EAE4C97C7C728A6645C499391F
Malicious:	false
Preview:	# console.tcl --.#.# This code constructs the console window for an application. It.# can be used by non-unix systems that do not have built-in support.# for shells..#.# Copyright (c) 1995-1997 Sun Microsystems, Inc..# Copyright (c) 1998-2000 Ajuba Solutions..# Copyright (c) 2007-2008 Daniel A. Steffen <das@users.sourceforge.net>.#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# TODO: history - remember partially written command..namespace eval ::tk::console {. variable blinkTime 500 ; # msecs to blink braced range for. variable blinkRange 1 ; # enable blinking of the entire braced range. variable magicKeys 1 ; # enable brace matching and proc/var recognition. variable maxLines 600 ; # maximum # of lines buffered in console. variable showMatches 1 ; # show multiple expand matches. variable useFontchooser [llength [info command ::tk::fontchooser]]. variable inPlugi

C:\Users\user\AppData\Local\Update\tk\dialog.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	6025
Entropy (8bit):	4.79563398407639
Encrypted:	false
SSDEEP:
MD5:	EAC165BD7EA915B44FAEC016250E0B06
SHA1:	7D205F2720E00FBDA5C0AA908CAC3F66BBC84E56
SHA-256:	6D7BD4A280272E7A2748555CFFFF4FCA7CC57CE611AEB2382E3C80CDD1868D22
SHA-512:	22D5794E1FF3B94365C560A310CC17B4A27BEA87DBF423DFB44273443477372013B19ED33E170EAB15A1F06BA9186BA2FC184A3751449E7EDC760D23A12B1666
Malicious:	false
Preview:	# dialog.tcl --.#.# This file defines the procedure tk_dialog, which creates a dialog.# box containing a bitmap, a message, and one or more buttons..#.# Copyright (c) 1992-1993 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#.# ::tk_dialog:.#.# This procedure displays a dialog box, waits for a button in the dialog.# to be invoked, then returns the index of the selected button. If the.# dialog somehow gets destroyed, -1 is returned..#.# Arguments:.# w -..Window to use for dialog top-level..# title -.Title to display in dialog's decorative frame..# text -.Message to display in dialog..# bitmap -.Bitmap to display in dialog (empty string means none)..# default -.Index of button that is to display the default ring.#..(-1 means none)..# args -.One or more strings to display in buttons across the.#..bottom of t

C:\Users\user\AppData\Local\Update\tk\entry.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	16950
Entropy (8bit):	4.934745561122632
Encrypted:	false
SSDEEP:
MD5:	BE28D16510EE78ECC048B2446EE9A11A
SHA1:	4829D6E8AB8A283209FB4738134B03B7BD768BAD
SHA-256:	8F57A23C5190B50FAD00BDEE9430A615EBEBFC47843E702374AE21BEB2AD8B06
SHA-512:	F56AF7020531249BC26D88B977BAFFC612B6566146730A681A798FF40BE9EBC04D7F80729BAFE0B9D4FAC5B0582B76F9530F3FE376D42A738C9BC4B3B442DF1F
Malicious:	false
Preview:	# entry.tcl --.#.# This file defines the default bindings for Tk entry widgets and provides.# procedures that help in implementing those bindings..#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# Elements of tk::Priv that are used in this file:.#.# afterId -..If non-null, it means that auto-scanning is underway.#...and it gives the "after" id for the next auto-scan.#...command to be executed..# mouseMoved -..Non-zero means the mouse has moved a significant.#...amount since the button went down (so, for example,.#...start dragging out a selection)..# pressX -..X-coordinate at which the mouse button was pressed..# selectMode -..The style of selection currently underway:.#...char, word, or line..# x, y -..La

C:\Users\user\AppData\Local\Update\tk\focus.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4857
Entropy (8bit):	4.7675047842795895
Encrypted:	false
SSDEEP:
MD5:	7EA007F00BF194722FF144BE274C2176
SHA1:	6835A515E85A9E55D5A27073DAE1F1A5D7424513
SHA-256:	40D4E101A64B75361F763479B01207AE71535337E79CE6E162265842F6471EED
SHA-512:	E2520EB065296C431C71DBBD5503709CF61F93E74FE324F4F8F3FE13131D62435B1E124D38E2EC84939B92198A54B8A71DFC0A8D32F0DD94139C54068FBCAAF2
Malicious:	false
Preview:	# focus.tcl --.#.# This file defines several procedures for managing the input.# focus..#.# Copyright (c) 1994-1995 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# ::tk_focusNext --.# This procedure returns the name of the next window after "w" in.# "focus order" (the window that should receive the focus next if.# Tab is typed in w). "Next" is defined by a pre-order search.# of a top-level and its non-top-level descendants, with the stacking.# order determining the order of siblings. The "-takefocus" options.# on windows determine whether or not they should be skipped..#.# Arguments:.# w -..Name of a window...proc ::tk_focusNext w {. set cur $w. while {1} {...# Descend to just before the first child of the current widget....set parent $cur..set children [winfo children $cur]..set i -1...# Look for the next sibling that isn't a top-level....while {1} {.. incr i..

C:\Users\user\AppData\Local\Update\tk\fontchooser.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	15840
Entropy (8bit):	4.7139053935905535
Encrypted:	false
SSDEEP:
MD5:	9324DBBE37502E149474E05A3448B6E3
SHA1:	5584B4EE3BF25E95EE6919437D066586060B6E36
SHA-256:	CEB558FB76A2C85924CD5F7D3A64E77582E1D461DD9A3C10FEDB4608AD440F5B
SHA-512:	C688676452F89EC432E93A64AC369CC0B82B19D8D38D2C4034888551591F59D87548FAE12A98EE7735540779566DEB400C27BEAD2C141A9F971BAF9E61C218C6
Malicious:	false
Preview:	# fontchooser.tcl -.#.#.A themeable Tk font selection dialog. See TIP #324..#.# Copyright (C) 2008 Keith Vetter.# Copyright (C) 2008 Pat Thoyts <patthoyts@users.sourceforge.net>.#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES...namespace eval ::tk::fontchooser {. variable S.. set S(W) .__tk__fontchooser. set S(fonts) [lsort -dictionary [font families]]. set S(styles) [list \. [::msgcat::mc "Regular"] \. [::msgcat::mc "Italic"] \. [::msgcat::mc "Bold"] \. [::msgcat::mc "Bold Italic"] \. ].. set S(sizes) {8 9 10 11 12 14 16 18 20 22 24 26 28 36 48 72}. set S(strike) 0. set S(under) 0. set S(first) 1. set S(sampletext) [::msgcat::mc "AaBbYyZz01"]. set S(-parent) .. set S(-title) [::msgcat::mc "Font"]. set S(-command) "". set S(-font) TkDefaultFont.}..proc ::tk:

C:\Users\user\AppData\Local\Update\tk\iconlist.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	15978
Entropy (8bit):	4.8947909611129905
Encrypted:	false
SSDEEP:
MD5:	105529990CEE968AA5EE3BC827A81A0F
SHA1:	559BD1AABD1D4719EDB60448CF111F78365A57A9
SHA-256:	DE0195CCFB6482CCA390C94E91B7877F47742E7A9468CAF362B39AA36305D33C
SHA-512:	03CB42DFF7AC4F801AA7FFE8A4F07555CCE6874AA1B7F568ACF0299E4DD7F440179838485777F15183EE7C057CCB35868672B1783FBFE67B51D97DBBDAC85281
Malicious:	false
Preview:	# iconlist.tcl.#.#.Implements the icon-list megawidget used in the "Tk" standard file.#.selection dialog boxes..#.# Copyright (c) 1994-1998 Sun Microsystems, Inc..# Copyright (c) 2009 Donal K. Fellows.#.# See the file "license.terms" for information on usage and redistribution of.# this file, and for a DISCLAIMER OF ALL WARRANTIES..#.# API Summary:.#.tk::IconList <path> ?<option> <value>? ....#.<path> add <imageName> <itemList>.#.<path> cget <option>.#.<path> configure ?<option>? ?<value>? ....#.<path> deleteall.#.<path> destroy.#.<path> get <itemIndex>.#.<path> index <index>.#.<path> invoke.#.<path> see <index>.#.<path> selection anchor ?<int>?.#.<path> selection clear <first> ?<last>?.#.<path> selection get.#.<path> selection includes <item>.#.<path> selection set <first> ?<last>?...package require Tk 8.6..::tk::Megawidget create ::tk::IconList ::tk::FocusableWidget {. variable w canvas sbar accel accelCB fill font index \..itemList itemsPerColumn list maxIH maxIW maxTH maxTW noSc

C:\Users\user\AppData\Local\Update\tk\icons.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10883
Entropy (8bit):	6.026473720997027
Encrypted:	false
SSDEEP:
MD5:	2652AAD862E8FE06A4EEDFB521E42B75
SHA1:	ED22459AD3D192AB05A01A25AF07247B89DC6440
SHA-256:	A78388D68600331D06BB14A4289BC1A46295F48CEC31CEFF5AE783846EA4D161
SHA-512:	6ECFBB8D136444A5C0DBBCE2D8A4206F1558BDD95F111D3587B095904769AC10782A9EA125D85033AD6532EDF3190E86E255AC0C0C81DC314E02D95CCA86B596
Malicious:	false
Preview:	# icons.tcl --.#.#.A set of stock icons for use in Tk dialogs. The icons used here.#.were provided by the Tango Desktop project which provides a.#.unified set of high quality icons licensed under the.#.Creative Commons Attribution Share-Alike license.#.(http://creativecommons.org/licenses/by-sa/3.0/).#.#.See http://tango.freedesktop.org/Tango_Desktop_Project.#.# Copyright (c) 2009 Pat Thoyts <patthoyts@users.sourceforge.net>..namespace eval ::tk::icons {}..image create photo ::tk::icons::warning -data {. iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAABHNCSVQICAgIfAhkiAAABSZJREFU. WIXll1toVEcYgL+Zc87u2Yu7MYmrWRuTJuvdiMuqiJd4yYKXgMQKVkSjFR80kFIVJfWCWlvpg4h9. 8sXGWGof8iKNICYSo6JgkCBEJRG8ImYThNrNxmaTeM7pQ5IlJkabi0/9YZhhZv7///4z/8zPgf+7. KCNRLgdlJijXwRyuDTlcxV9hbzv8nQmxMjg+XDtiOEplkG9PSfkztGmTgmFQd+FCVzwa3fYN/PHZ. AcpBaReicW5xcbb64IEQqko8Lc26d/58cxS+/BY6hmJvyEfQBoUpwWCmW1FErKaGWHU13uRk4QkE. UtxQNFR7QwIoB4eiKD9PWbVKbb10CZmaCqmpxCormRYO26QQx85B0mcD+AeK0xYvHqu1tNDx+DH6. g

C:\Users\user\AppData\Local\Update\tk\images\README Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	322
Entropy (8bit):	4.341180398587801
Encrypted:	false
SSDEEP:
MD5:	FC8A86E10C264D42D28E23D9C75E7EE5
SHA1:	F1BA322448D206623F8FE734192F383D8F7FA198
SHA-256:	2695ADFF8E900C31B4D86414D22B8A49D6DD865CA3DD99678FA355CDC46093A8
SHA-512:	29C2DF0D516B5FC8E52CB61CFCD07AF9C90B40436DFE64CEFDB2813C0827CE65BA50E0828141256E2876D4DC251E934A6854A8E0B02CDAF466D0389BD778AEF0
Malicious:	false
Preview:	README - images directory..This directory includes images for the Tcl Logo and the Tcl Powered.Logo. Please feel free to use the Tcl Powered Logo on any of your.products that employ the use of Tcl or Tk. The Tcl logo may also be.used to promote Tcl in your product documentation, web site or other.places you so desire..

C:\Users\user\AppData\Local\Update\tk\images\logo.eps Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	32900
Entropy (8bit):	5.235207715374815
Encrypted:	false
SSDEEP:
MD5:	45175418859AF67FE417BD0A053DB6E5
SHA1:	2B499B7C4EBC8554ECC07B8408632CAF407FB6D5
SHA-256:	F3E77FD94198EC4783109355536638E9162F9C579475383074D024037D1797D3
SHA-512:	114A59FD6B99FFD628BA56B8E14FB3B59A0AB6E752E18DEA038F85DBC072BF98492CE9369D180C169EDE9ED2BD521D8C0D607C5E4988F2C83302FC413C6D6A4C
Malicious:	false
Preview:	%!PS-Adobe-3.0 EPSF-3.0.%%Creator: Adobe Illustrator(TM) 5.5.%%For: (Bud Northern) (Mark Anderson Design).%%Title: (TCL/TK LOGO.ILLUS).%%CreationDate: (8/1/96) (4:58 PM).%%BoundingBox: 251 331 371 512.%%HiResBoundingBox: 251.3386 331.5616 370.5213 511.775.%%DocumentProcessColors: Cyan Magenta Yellow.%%DocumentSuppliedResources: procset Adobe_level2_AI5 1.0 0.%%+ procset Adobe_IllustratorA_AI5 1.0 0.%AI5_FileFormat 1.2.%AI3_ColorUsage: Color.%%DocumentCustomColors: (TCL RED).%%CMYKCustomColor: 0 0.45 1 0 (Orange).%%+ 0 0.25 1 0 (Orange Yellow).%%+ 0 0.79 0.91 0 (TCL RED).%AI3_TemplateBox: 306 396 306 396.%AI3_TileBox: 12 12 600 780.%AI3_DocumentPreview: Macintosh_ColorPic.%AI5_ArtSize: 612 792.%AI5_RulerUnits: 0.%AI5_ArtFlags: 1 0 0 1 0 0 1 1 0.%AI5_TargetResolution: 800.%AI5_NumLayers: 1.%AI5_OpenToView: 90 576 2 938 673 18 1 1 2 40.%AI5_OpenViewLayers: 7.%%EndComments.%%BeginProlog.%%BeginResource: procset Adobe_level2_AI5 1.0 0.%%Title: (Adobe Illustrator (R) Version 5.0 Level 2 Emul

C:\Users\user\AppData\Local\Update\tk\images\logo100.gif Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2341
Entropy (8bit):	6.9734417899888665
Encrypted:	false
SSDEEP:
MD5:	FF04B357B7AB0A8B573C10C6DA945D6A
SHA1:	BCB73D8AF2628463A1B955581999C77F09F805B8
SHA-256:	72F6B34D3C8F424FF0A290A793FCFBF34FD5630A916CD02E0A5DDA0144B5957F
SHA-512:	10DFE631C5FC24CF239D817EEFA14329946E26ED6BCFC1B517E2F9AF81807977428BA2539AAA653A89A372257D494E8136FD6ABBC4F727E6B199400DE05ACCD5
Malicious:	false
Preview:	GIF89aD.d...............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3.............f..3..........f.3...f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3.............f..3............f..3.............f..3....f..f.f..ff.f3.f..3..3.3..3f.33.3...........f..3...f..f..f..f.ff.3f..f..f..f.f.ff.3f..f..f..f..f.ff.3f..ff.ff.ff.fffff3ff.f3.f3.f3.f3ff33f3.f..f..f..f.ff.3f..3..3..3..3.f3.33..3..3..3.3.f3.33..3..3..3..3.f3.33..3f.3f.3f.3ff3f33f.33.33.33.33f33333.3..3..3..3.f3.33.............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3...............w..U..D..".....................w..U..D..".....................w..U..D..".................wwwUUUDDD"""......,....D.d........H......\...z..Ht@Q...92.p...z.$.@@.E..u.Y.2..0c..q.cB.,[..... ..1..qbM.2~].....s...S.@.L.j..#..\......h..........].D(..m......@.Z....oO...3=.c...G".(..pL...q]..%....[...#...+...X.h....^.....

C:\Users\user\AppData\Local\Update\tk\images\logo64.gif Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1670
Entropy (8bit):	6.326462043862671
Encrypted:	false
SSDEEP:
MD5:	B226CC3DA70AAB2EBB8DFFD0C953933D
SHA1:	EA52219A37A140FD98AEA66EA54685DD8158D9B1
SHA-256:	138C240382304F350383B02ED56C69103A9431C0544EB1EC5DCD7DEC7A555DD9
SHA-512:	3D043F41B887D54CCADBF9E40E48D7FFF99B02B6FAF6B1DD0C6C6FEF0F8A17630252D371DE3C60D3EFBA80A974A0670AF3747E634C59BDFBC78544D878D498D4
Malicious:	false
Preview:	GIF89a+.@...............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3.............f..3..........f.3...f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3.............f..3............f..3.............f..3....f..f.f..ff.f3.f..3..3.3..3f.33.3...........f..3...f..f..f..f.ff.3f..f..f..f.f.ff.3f..f..f..f..f.ff.3f..ff.ff.ff.fffff3ff.f3.f3.f3.f3ff33f3.f..f..f..f.ff.3f..3..3..3..3.f3.33..3..3..3.3.f3.33..3..3..3..3.f3.33..3f.3f.3f.3ff3f33f.33.33.33.33f33333.3..3..3..3.f3.33.............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3...............w..U..D..".....................w..U..D..".....................w..U..D..".................wwwUUUDDD"""......,....+.@........H. .z..(tp......@...92....#. A.......C.\.%...)Z..1a.8s..W/..@....3..C...y$.GW.....5.FU..j..;.F(Pc+W.-..X.D-[.*g....F..`.:mkT...Lw...A/.....u.7p..a..9P.....q2..Xg..G....3}AKv.\.d..yL.>..1.#

C:\Users\user\AppData\Local\Update\tk\images\logoLarge.gif Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	11000
Entropy (8bit):	7.88559092427108
Encrypted:	false
SSDEEP:
MD5:	45D9B00C4CF82CC53723B00D876B5E7E
SHA1:	DDD10E798AF209EFCE022E97448E5EE11CEB5621
SHA-256:	0F404764D07A6AE2EF9E1E0E8EAAC278B7D488D61CF1C084146F2F33B485F2ED
SHA-512:	6E89DACF2077E1307DA05C16EF8FDE26E92566086346085BE10A7FD88658B9CDC87A3EC4D17504AF57D5967861B1652FA476B2DDD4D9C6BCFED9C60BB2B03B6F
Malicious:	false
Preview:	GIF89ab.................f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3.............f..3..........f.3...f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3.............f..3............f..3.............f..3....f..f.f..ff.f3.f..3..3.3..3f.33.3...........f..3...f..f..f..f.ff.3f..f..f..f.f.ff.3f..f..f..f..f.ff.3f..ff.ff.ff.fffff3ff.f3.f3.f3.f3ff33f3.f..f..f..f.ff.3f..3..3..3..3.f3.33..3..3..3.3.f3.33..3..3..3..3.f3.33..3f.3f.3f.3ff3f33f.33.33.33.33f33333.3..3..3..3.f3.33.............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3...............w..U..D..".....................w..U..D..".....................w..U..D..".................wwwUUUDDD"""......,....b..........H......\....#J.H....3j.... '.;p....(.8X..^.0c.I...z8O.\.....:....$..Fu<8`...P.>%I.gO.C.h-..+.`....@..h....dJ.?...K...H.,U.._.#...g..[.^.x.....J.L.!.'........=+eZ..i..ynF.8...].y\|..m.

C:\Users\user\AppData\Local\Update\tk\images\logoMed.gif Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3889
Entropy (8bit):	7.425138719078912
Encrypted:	false
SSDEEP:
MD5:	BD12B645A9B0036A9C24298CD7A81E5A
SHA1:	13488E4F28676F1E0CE383F80D13510F07198B99
SHA-256:	4D0BD3228AB4CC3E5159F4337BE969EC7B7334E265C99B7633E3DAF3C3FCFB62
SHA-512:	F62C996857CA6AD28C9C938E0F12106E0DF5A20D1B4B0B0D17F6294A112359BA82268961F2A054BD040B5FE4057F712206D02F2E668675BBCF6DA59A4DA0A1BB
Malicious:	false
Preview:	GIF87ax............................................................................z.....{..o.....m..b...`{.X....vy...hk.Um.N...I`.D..Z^.LP.?R.;!....?C.5C.3#.l..,6.&.15...`..#(.If.y.....l...._..#/...Hm.>_.y..4R.k..#6..._......w..K.^.."<.....G{.w..3_."C.Q..F....v..!K...v.2m.)_.[..!R.u.1t.g..)f. X.O..E..1z.g. _.Z..D..:..0..Z.. f.D..0..'z..m.N..C../.z.svC.q/.m.ze7.\..P..I..1%.,...............................................................................................................................................................................................................................................................................................................................................................................................,....x..........H.......D..!...7.PAQ...._l8.... C.<.a...*.x....0q.. ..M.%.<.HBe.@.....Q..7..XC..P..<z3..X...P.jA.%'@.J.lV.......R.,..+....t....7h.....(..a...+^.'..7..L.....V...s..$....a.....8`.9..}K......

C:\Users\user\AppData\Local\Update\tk\images\pwrdLogo.eps Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	27809
Entropy (8bit):	5.331778921404698
Encrypted:	false
SSDEEP:
MD5:	BA1051DBED2B8676CAA24593B88C91B2
SHA1:	8A58FC19B20BFDC8913515D9B32CCBF8ACF92344
SHA-256:	2944EBC4AF1894951BF9F1250F4E6EDF811C2183745950EA9A8A926715882CF7
SHA-512:	4260CEBA7DA9463F32B0C76A2AC19D2B20C8FE48CFBA3DC7AF748AAE15FA25DCBDA085072DF7EFC8F4B4F304C7ED166FE9F93DC903E32FA1874E82D59E544DEF
Malicious:	false
Preview:	%!PS-Adobe-3.0 EPSF-3.0.%%Creator: Adobe Illustrator(TM) 5.5.%%For: (Bud Northern) (Mark Anderson Design).%%Title: (TCL PWRD LOGO.ILLUS).%%CreationDate: (8/1/96) (4:59 PM).%%BoundingBox: 242 302 377 513.%%HiResBoundingBox: 242.0523 302.5199 376.3322 512.5323.%%DocumentProcessColors: Cyan Magenta Yellow.%%DocumentSuppliedResources: procset Adobe_level2_AI5 1.0 0.%%+ procset Adobe_IllustratorA_AI5 1.0 0.%AI5_FileFormat 1.2.%AI3_ColorUsage: Color.%%CMYKCustomColor: 0 0.45 1 0 (Orange).%%+ 0 0.25 1 0 (Orange Yellow).%%+ 0 0.79 0.91 0 (PANTONE Warm Red CV).%%+ 0 0.79 0.91 0 (TCL RED).%AI3_TemplateBox: 306 396 306 396.%AI3_TileBox: 12 12 600 780.%AI3_DocumentPreview: Macintosh_ColorPic.%AI5_ArtSize: 612 792.%AI5_RulerUnits: 0.%AI5_ArtFlags: 1 0 0 1 0 0 1 1 0.%AI5_TargetResolution: 800.%AI5_NumLayers: 1.%AI5_OpenToView: 102 564 2 938 673 18 1 1 2 40.%AI5_OpenViewLayers: 7.%%EndComments.%%BeginProlog.%%BeginResource: procset Adobe_level2_AI5 1.0 0.%%Title: (Adobe Illustrator (R) Version 5.0 Le

C:\Users\user\AppData\Local\Update\tk\images\pwrdLogo100.gif Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1615
Entropy (8bit):	7.461273815456419
Encrypted:	false
SSDEEP:
MD5:	DBFAE61191B9FADD4041F4637963D84F
SHA1:	BD971E71AE805C2C2E51DD544D006E92363B6C0C
SHA-256:	BCC0E6458249433E8CBA6C58122B7C0EFA9557CBC8FB5F9392EED5D2579FC70B
SHA-512:	ACEAD81CC1102284ED7D9187398304F21B8287019EB98B0C4EC7398DD8B5BA8E7D19CAA891AA9E7C22017B73D734110096C8A7B41A070191223B5543C39E87AF
Malicious:	false
Preview:	GIF89a@.d.............................f.................f...ff.f3.f..33.3.........f..ff.f3.33.3.f..f..ff.ff.ffff3ff333f.3f.33.33f.3...................................................................!.. -dl-.!.......,....@.d....@.pH,..E.... ..(...H$..v..j....K....q..5L......^).3.Y7..r..u.v\|g..om...\iHl..p...`G..\~....fn[q...P.g.Z.l....y...\.l......f.Z.g...%%....e...e...)....O.f..e. ....O..qf..%..(.H.u..]..&....#4.......@.).....u!.M..2. ..PJ..#..T..a.....P.Gi... <Hb....x..z.3.X.O..f.........].Bt..lB.Q.r...9pP....&...L. ..,`[.....E6.Q.....?.#L......\|g........N....[.._........."4......b....G6.........m.zI].....I.@.......I.9...glew...2.B..c>./..2....x.....<...{...7;.....y.I.....4G.Qj0..7..%.W.V...?!..[...X..=..k.h..[Q<.....0.B....(P.x.,.......8OZ.8P!.$....u.c..Ea!..eC....CB.. .H..E..#..C..E...z..&.Nu........c.0..#.T.M.U........l.p @..s.\|..pf!..&.......8.#.8.......J>. .t..h6(........#..0.A...!..)...x..u.Z....%..H............`......\|.....1.......&.....T...f.l...

C:\Users\user\AppData\Local\Update\tk\images\pwrdLogo150.gif Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2489
Entropy (8bit):	7.708754027741608
Encrypted:	false
SSDEEP:
MD5:	711F4E22670FC5798E4F84250C0D0EAA
SHA1:	1A1582650E218B0BE6FFDEFFD64D27F4B9A9870F
SHA-256:	5FC25C30AEE76477F1C4E922931CC806823DF059525583FF5705705D9E913C1C
SHA-512:	220C36010208A87D0F674DA06D6F5B4D6101D196544ABCB4EE32378C46C781589DB1CE7C7DFE6471A8D8E388EE6A279DB237B18AF1EB9130FF9D0222578F1589
Malicious:	false
Preview:	GIF89aa...............................f.................f...ff.f3.f..33.3............f..ff.f3.33.3.f..ff.ff.ffff3ff333f.3f.33.33f.3...................................................................!.. -dl-.!.......,....a......@.pH,...r.l:..TB.T..V..z..H.j..h...&.......t"....F...d..gN~Y...g....}..r....g.....o...g.......Y.w..W......N....Z....W....f...tL.~.f....New............W.M.r.........O.q........W-./i.*...`..z..F9.../9..-.......$6..G..S...........zB.,nw.64...e4.......HOt......f.....)..OX..C.eU.(.Qh.....T..<Q.Y.P.L.YxT....2........ji..3.^)zz..O.a..6 ...TZ........^...7.....>\|P.....w$...k.ZF.\R.u....F.]Z.--(v+)[Y....=.!.W..+.]..]._.....&..../Ap...j...!..b.:...{.^.=.`...U.....@Hf..\?.(..Lq@.........0..L...a...&.!.....]#..]G \..q...A.H.X[...(.W......,...1a..B...W(.t.8.AdG.)..(P=...Uu.u..A.KM\...'r.R./.W..d2a.0..G...?...B......#H........1Q.0...R....%+...0.I..{.<......QV.tz'.yn.E.p..0i.I.g......L....%....K...A.l.ph.Q.1e...Z....g..2e...smU&d;.J..

C:\Users\user\AppData\Local\Update\tk\images\pwrdLogo175.gif Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2981
Entropy (8bit):	7.758793907956808
Encrypted:	false
SSDEEP:
MD5:	DA5FB10F4215E9A1F4B162257972F9F3
SHA1:	8DB7FB453B79B8F2B4E67AC30A4BA5B5BDDEBD3B
SHA-256:	62866E95501C436B329A15432355743C6EFD64A37CFB65BCECE465AB63ECF240
SHA-512:	990CF306F04A536E4F92257A07DA2D120877C00573BD0F7B17466D74E797D827F6C127E2BEAADB734A529254595918C3A5F54FDBD859BC325A162C8CD8F6F5BE
Malicious:	false
Preview:	GIF89aq...............................f.................f...ff.f3.f..33.3............f..ff.f3.3f.33.3.f..ff.ff.ffff3ff333f.3f.33.33f.3................................................................!.. -dl-.!.......,....q......@.pH,...r.l:....A}H...v..R......D.VF..,%M....^.....fyzU.P..f...i.....t..Uqe..N..Z..i......~....g......u.....g......\...h.....P...h.....Q..g....Z..h......]......\...M...[..s...c2.+R.$. ......#.....)v..4....MO.b.....9......[.M.........h'..<-..=.....HQD....D?.~......W7. ..V.W0..l....0p}..KP?c.\@KW.S(..M..B.....-q...S2....,..P.{....F..._MAn ....i.Y3............zh.y.j@...a876...ui.i..;K.........p...`.,}w....tv.m...Y..........;.;.e).e&.......-.NC.4..(..........F........[,w....f......E....h..a3.T.^.........)...C.N8.h\T...+&.z....g]H..B..#.t6..Z.....j.-..N......TI....A........M?..Q&V'...Mb.f.x...h.$r.U .9..Ci. ].4.Zb..@...X....%..<..b)V!........Y)x......T.....h.p.d..h..(........]@.**J.M.U.Jf...Y.:....F..g:..d..6q.-..

C:\Users\user\AppData\Local\Update\tk\images\pwrdLogo200.gif Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3491
Entropy (8bit):	7.790611381196208
Encrypted:	false
SSDEEP:
MD5:	A5E4284D75C457F7A33587E7CE0D1D99
SHA1:	FA98A0FD8910DF2EFB14EDAEC038B4E391FEAB3C
SHA-256:	BAD9116386343F4A4C394BDB87146E49F674F687D52BB847BD9E8198FDA382CC
SHA-512:	4448664925D1C1D9269567905D044BBA48163745646344E08203FCEF5BA1524BA7E03A8903A53DAF7D73FE0D9D820CC9063D4DA2AA1E08EFBF58524B1D69D359
Malicious:	false
Preview:	GIF89a................................f.................f...ff.f3.f..33.3............f..ff.3f.33.3.f..ff.ff.ffff3ff333f.3f.33.33f.3...................................................................!.. -dl-.!.......,...........@.pH,...r.l:..T..F$XIe..V$.x..V.Z.z..F.pxd~..........{....o....l..{.b...hi[}P.k...y.....y.f.._R.\...............m.....y.....x......^.Q...j.....\S.....^.......l......]...[.......).....{....7...`..<...`..">..i.?/..@............>..Z.z@....0B..r...j.V.I.@..;%R......J.p.A.t...$A...>`.....@g5BP.A..p.x.............q..8...... ...(.Q..#..@...F..YSK..M..#o.....D.m..-.....k}...BT..V......'.....`.d..~;..9+..6...<b.eZ..y^0]0..I...=.6.....}.0<.Z...M...Y135.e.....b...U0F~.-.HT......l2.s.q`-....y...e....dPZ....~.zT.M.... "r.E/k. .....Lj@'........Pcd&.(..mxF_w.."K..x!..--Y`..A.....Be.jH.A..\..j.....du#.....]^...>......].i.FMO..].9n1",Y...F...EW.9.....0TY.T...Cv!i`%...Hz@.]..U.!Y...#Dv&pi.z(.mn.A....@Q.0.%...&.4.v.cw(.`cd'\|..M9..."...,.......

C:\Users\user\AppData\Local\Update\tk\images\pwrdLogo75.gif Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1171
Entropy (8bit):	7.289201491091023
Encrypted:	false
SSDEEP:
MD5:	7013CFC23ED23BFF3BDA4952266FA7F4
SHA1:	E5B1DED49095332236439538ECD9DD0B1FD4934B
SHA-256:	462A8FF8FD051A8100E8C6C086F497E4056ACE5B20B44791F4AAB964B010A448
SHA-512:	A887A5EC33B82E4DE412564E86632D9A984E8498F02D8FE081CC4AC091A68DF6CC1A82F4BF99906CFB6EA9D0EF47ADAC2D1B0778DCB997FB24E62FC7A6D77D41
Malicious:	false
Preview:	GIF89a0.K.............................f.................f...ff.f3.f..33.3.........f..ff.f3.3f.33.3.f..ff.ff.f3ff333f.3f.33.33f.3......................................................................!.. -dl-.!.......,....0.K....@.pH,...GD.<:..%SR.Z......<.V.$l.....z......:.. .\|v[D..f...z.W.G.Vr...NgsU.yl..qU..`.......`fe`.......Fg....(.&...g.Y.. .."..q.V.$.'.Ez.W....y...Y.U...(#Xrf.........Xux.U..........(U.4...X....G.B..t..1S...R..Y. ...l ..".>.h......,%K....A.....<s....#..8.iK.....a.y$h..DQh.PE)....6.....MyL.qzF..... ."..Y0..a......2..*t..Ma..b...M..R.....\..st..=....Q......,>s`....Qt.,..B.R.....!.$..%.....(...s...B.T...`,".h(. D....8..dC..\Q.p.......x.#A.....:..du..(D.XV......7....S.#n8a....2`...f.:G,...==(......`!..$...t....b..../N\|...f..J.x... P&.\|.d._!N...].1w.3D.0!....@o&H...N.B.J....pz8..w.i....=r.............@5.-!.......H."..[.j.AB<..p....h...V.D..6.h...ab1F.g...I !.V~.H..V.........:.G..\|c...,.....TD5..c[.W.....LC.....FJ..71[..lH.M.....8.:$......

C:\Users\user\AppData\Local\Update\tk\images\tai-ku.gif Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5473
Entropy (8bit):	7.754239979431754
Encrypted:	false
SSDEEP:
MD5:	048AFE69735F6974D2CA7384B879820C
SHA1:	267A9520C4390221DCE50177E789A4EBD590F484
SHA-256:	E538F8F4934CA6E1CE29416D292171F28E67DA6C72ED9D236BA42F37445EA41E
SHA-512:	201DA67A52DADA3AE7C533DE49D3C08A9465F7AA12317A0AE90A8C9C04AA69A85EC00AF2D0069023CD255DDA8768977C03C73516E4848376250E8D0D53D232CB
Malicious:	false
Preview:	GIF89ad.d...................RJJ...B99.......RBB..B11ZBB!....R991!!...)....{{B!!R)).JJ.ss.ZZ.BB.kk.RR.JJ.BB9...JJR!!.ZZ.BB.11.99.{s.sk.kc.cZ.ZR.JB.ZR.JB.JB.RJ.B9.91.B9...{.JB.91.B9.B9.1){)!.)!.9)..ZR.JB{91.cR{1).ZJ.ZJ.RB.J9.B1.B1.9).1!....{B9.{k.scc1).kZZ)!c)!.9).B1.9).9).1!.1!.1!.B).9!.9!.1..).....{.sZ1)R)!.B1.B1.ZBR!..9).ZB.9).R9.R9.1!.J1.J1.B).B).9!.9!.1..1..).....sZ.J9.ZB.cJJ!.{1!.B).9!{)..9!.J).B!.B!.9..R1).kJ)!.B1{9).R9.cB.Z9.Z9.B).Z9.B).R1.9!.R1.J).J).B!.1..9....{.s.J9.{Z.ZB.sR.kJk1!.cB.cB.R1.R).1..B!.J!.B.....R91.J1).c.kJ.J).Z1.B!.B!..9!..{R.sJ.Z9.R1{9!..s.R9.Z...J91Z9){B)...............B91..1)!..............................RJR............B)1......R19........BJ.9B..{..s{......!.......,....d.d.@............0@PHa.....p...7.8.y...C.s6Z.%Q.#s.`:B.N....4jd.K.0..\|y....F@.......1~ ......'Y.B"C&R.V.R.4$k.3...D.......EfY3..M........BDV._.....\..).]..>s..$H\%y0WL...d.......D..'..v..1Kz.Zp$;S

C:\Users\user\AppData\Local\Update\tk\license.terms Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2267
Entropy (8bit):	5.097909341674822
Encrypted:	false
SSDEEP:
MD5:	C88F99DECEC11AFA967AD33D314F87FE
SHA1:	58769F631EB2C8DED0C274AB1D399085CC7AA845
SHA-256:	2CDE822B93CA16AE535C954B7DFE658B4AD10DF2A193628D1B358F1765E8B198
SHA-512:	4CD59971A2614891B2F0E24FD8A42A706AE10A2E54402D774E5DAA5F6A37DE186F1A45B1722A7C0174F9F80625B13D7C9F48FDB03A7DDBC6E6881F56537B5478
Malicious:	false
Preview:	This software is copyrighted by the Regents of the University of.California, Sun Microsystems, Inc., Scriptics Corporation, ActiveState.Corporation, Apple Inc. and other parties. The following terms apply to.all files associated with the software unless explicitly disclaimed in.individual files...The authors hereby grant permission to use, copy, modify, distribute,.and license this software and its documentation for any purpose, provided.that existing copyright notices are retained in all copies and that this.notice is included verbatim in any distributions. No written agreement,.license, or royalty fee is required for any of the authorized uses..Modifications to this software may be copyrighted by their authors.and need not follow the licensing terms described here, provided that.the new terms are clearly indicated on the first page of each file where.they apply...IN NO EVENT SHALL THE AUTHORS OR DISTRIBUTORS BE LIABLE TO ANY PARTY.FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQ

C:\Users\user\AppData\Local\Update\tk\listbox.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	14594
Entropy (8bit):	4.895853767062079
Encrypted:	false
SSDEEP:
MD5:	C33963D3A512F2E728F722E584C21552
SHA1:	75499CFA62F2DA316915FADA2580122DC3318BAD
SHA-256:	39721233855E97BFA508959B6DD91E1924456E381D36FDFC845E589D82B1B0CC
SHA-512:	EA01D8CB36D446ACE31C5D7E50DFAE575576FD69FD5D413941EEBBA7CCC1075F6774AF3C69469CD7BAF6E1068AA5E5B4C560F550EDD2A8679124E48C55C8E8D7
Malicious:	false
Preview:	# listbox.tcl --.#.# This file defines the default bindings for Tk listbox widgets.# and provides procedures that help in implementing those bindings..#.# Copyright (c) 1994 The Regents of the University of California..# Copyright (c) 1994-1995 Sun Microsystems, Inc..# Copyright (c) 1998 by Scriptics Corporation..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES...#--------------------------------------------------------------------------.# tk::Priv elements used in this file:.#.# afterId -..Token returned by "after" for autoscanning..# listboxPrev -.The last element to be selected or deselected.#...during a selection operation..# listboxSelection -.All of the items that were selected before the.#...current selection operation (such as a mouse.#...drag) started; used to cancel an operation..#--------------------------------------------------------------------------..#-------------------------------------

C:\Users\user\AppData\Local\Update\tk\megawidget.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9569
Entropy (8bit):	4.736161258754494
Encrypted:	false
SSDEEP:
MD5:	7176A4FE8EC3EA648854F1FC1BB2EA89
SHA1:	28D96419585881C6222BC917EDB9A5863E7C519B
SHA-256:	D454FC4E25D9DFC704556A689A17AA6F3D726F99592995952BC6492FC8F19F6E
SHA-512:	8C33E1CD3490945DDC5DA0585E655A7FC78C9950886F68C096D103AE510C1024632AB3D41E9573937BB4359D365FFB8F5A10B1CA7BFBD37442F40985107C1C8D
Malicious:	false
Preview:	# megawidget.tcl.#.#.Basic megawidget support classes. Experimental for any use other than.#.the ::tk::IconList megawdget, which is itself only designed for use in.#.the Unix file dialogs..#.# Copyright (c) 2009-2010 Donal K. Fellows.#.# See the file "license.terms" for information on usage and redistribution of.# this file, and for a DISCLAIMER OF ALL WARRANTIES..#..package require Tk 8.6...::oo::class create ::tk::Megawidget {. superclass ::oo::class. method unknown {w args} {..if {[string match .* $w]} {.. [self] create $w {}$args.. return $w..}..next $w {}$args. }. unexport new unknown. self method create {name superclasses body} {..next $name [list \...superclass ::tk::MegawidgetClass {*}$superclasses]\;$body. }.}..::oo::class create ::tk::MegawidgetClass {. variable w hull options IdleCallbacks. constructor args {..# Extract the "widget name" from the object name..set w [namespace tail [self]]...# Configure things..tclParseConfigSpec [my varname op

C:\Users\user\AppData\Local\Update\tk\menu.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	38077
Entropy (8bit):	4.872052715667624
Encrypted:	false
SSDEEP:
MD5:	181ED74919F081EEB34269500E228470
SHA1:	953EB429F6D98562468327858ED0967BDC21B5AD
SHA-256:	564AC0040176CC5744E3860ABC36B5FFBC648DA20B26A710DC3414EAE487299B
SHA-512:	220E496B464575115BAF1DEDE838E70D5DDD6D199B5B8ACC1763E66D66801021B2D7CD0E1E1846868782116AD8A1F127682073D6EACD7E73F91BCED89F620109
Malicious:	false
Preview:	# menu.tcl --.#.# This file defines the default bindings for Tk menus and menubuttons..# It also implements keyboard traversal of menus and implements a few.# other utility procedures related to menus..#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..# Copyright (c) 1998-1999 by Scriptics Corporation..# Copyright (c) 2007 Daniel A. Steffen <das@users.sourceforge.net>.#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# Elements of tk::Priv that are used in this file:.#.# cursor -..Saves the -cursor option for the posted menubutton..# focus -..Saves the focus during a menu selection operation..#...Focus gets restored here when the menu is unposted..# grabGlobal -..Used in conjunction with tk::Priv(oldGrab): if.#...tk::Priv(oldGrab) is non-empty, then tk::Pr

C:\Users\user\AppData\Local\Update\tk\mkpsenc.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	29352
Entropy (8bit):	5.110577585375791
Encrypted:	false
SSDEEP:
MD5:	5F3793E7E582111C17C85E23194AEFD5
SHA1:	925D973B70252384D1DE9B388C6C2038E646FDDF
SHA-256:	0AC9D11D4046EF4D8E6D219F6941BF69C6AE448C6A1C2F7FC382F84B5786F660
SHA-512:	2922546BA69232DBC205FE83EF54916E334E7AC93B7A26A208341F9C101209DA84C73F48C52BDB8E63E71A545853652B86378EBEB88F000BC16FCFB0EF5D8517
Malicious:	false
Preview:	# mkpsenc.tcl --.#.# This file generates the postscript prolog used by Tk...namespace eval ::tk {. # Creates Postscript encoding vector for ISO-8859-1 (could theoretically. # handle any 8-bit encoding, but Tk never generates characters outside. # ASCII).. #. proc CreatePostscriptEncoding {} {..variable psglyphs..# Now check for known. Even if it is known, it can be other than we..# need. GhostScript seems to be happy with such approach..set result "\[\n"..for {set i 0} {$i<256} {incr i 8} {.. for {set j 0} {$j<8} {incr j} {...set enc [encoding convertfrom "iso8859-1" \....[format %c [expr {$i+$j}]]]...catch {... set hexcode {}... set hexcode [format %04X [scan $enc %c]]...}...if {[info exists psglyphs($hexcode)]} {... append result "/$psglyphs($hexcode)"...} else {... append result "/space"...}.. }.. append result "\n"..}..append result "\]"..return $result. }.. # List of adobe glyph names. Converted from glyphlist.txt, downloaded from. # Ad

C:\Users\user\AppData\Local\Update\tk\msgbox.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	16527
Entropy (8bit):	4.679051291122852
Encrypted:	false
SSDEEP:
MD5:	C93F295967350F7010207874992E01A5
SHA1:	CAE8EF749F7618326B3307DA7ED6DEBB380286DD
SHA-256:	52C5B87C99C142D5FC77E0C22B78B7CD63A4861756FD6B39648A2E9A8EDDE953
SHA-512:	F7E60211C0BC1ECEDE03022D622C5B9AAEAE3C203A60B6B034E1886F857C8FAD6BA6B1F7BA1EE7D733720775E7108F1BFD4C5B54A0F4919CE4EB43851D1190F8
Malicious:	false
Preview:	# msgbox.tcl --.#.#.Implements messageboxes for platforms that do not have native.#.messagebox support..#.# Copyright (c) 1994-1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# Ensure existence of ::tk::dialog namespace.#.namespace eval ::tk::dialog {}..image create bitmap ::tk::dialog::b1 -foreground black \.-data "#define b1_width 32\n#define b1_height 32.static unsigned char q1_bits[] = {. 0x00, 0xf8, 0x1f, 0x00, 0x00, 0x07, 0xe0, 0x00, 0xc0, 0x00, 0x00, 0x03,. 0x20, 0x00, 0x00, 0x04, 0x10, 0x00, 0x00, 0x08, 0x08, 0x00, 0x00, 0x10,. 0x04, 0x00, 0x00, 0x20, 0x02, 0x00, 0x00, 0x40, 0x02, 0x00, 0x00, 0x40,. 0x01, 0x00, 0x00, 0x80, 0x01, 0x00, 0x00, 0x80, 0x01, 0x00, 0x00, 0x80,. 0x01, 0x00, 0x00, 0x80, 0x01, 0x00, 0x00, 0x80, 0x01, 0x00, 0x00, 0x80,. 0x01, 0x00, 0x00, 0x80, 0x02, 0x00, 0x00, 0x40, 0x02, 0x00, 0x00, 0x40,. 0x04, 0x00, 0x00, 0x20, 0x08, 0x00,

C:\Users\user\AppData\Local\Update\tk\msgs\cs.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4158
Entropy (8bit):	4.744283779865612
Encrypted:	false
SSDEEP:
MD5:	EBAFA3EE899EBB06D52C204493CEE27A
SHA1:	95E6C71E4525A8DD91E488B952665AE9C5FBDDED
SHA-256:	D1B0FED0BEA51B3FAF08D8634034C7388BE7148F9B807460B7D185706DB8416F
SHA-512:	ADDE3C85A7A4148BAFD6C8B8902FC8C229F1D1AAF118BE85F44E4667237E66938864E2B7B4486B7C68C89EB4559F1D8367F9F563B9C6C8BCAB66118B36E670B8
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset cs "&Abort" "&P\u0159eru\u0161it". ::msgcat::mcset cs "&About..." "&O programu...". ::msgcat::mcset cs "All Files" "V\u0161echny soubory". ::msgcat::mcset cs "Application Error" "Chyba programu". ::msgcat::mcset cs "Bold Italic". ::msgcat::mcset cs "&Blue" "&Modr\341". ::msgcat::mcset cs "Cancel" "Zru\u0161it". ::msgcat::mcset cs "&Cancel" "&Zru\u0161it". ::msgcat::mcset cs "Cannot change to the directory \"%1\$s\".\nPermission denied." "Nemohu zm\u011bnit atku\341ln\355 adres\341\u0159 na \"%1\$s\".\nP\u0159\355stup odm\355tnut.". ::msgcat::mcset cs "Choose Directory" "V\375b\u011br adres\341\u0159e". ::msgcat::mcset cs "Cl&ear" "Sma&zat". ::msgcat::mcset cs "&Clear Console" "&Smazat konzolu". ::msgcat::mcset cs "Color" "Barva". ::msgcat::mcset cs "Console" "Konzole". ::msgcat::mcset cs "&Copy" "&Kop\355rovat". ::msgcat::mcset cs "Cu&t" "V&y\u0159\355znout". ::msgcat::mcset cs "&Delete" "&Smazat"

C:\Users\user\AppData\Local\Update\tk\msgs\da.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3909
Entropy (8bit):	4.6030170761850915
Encrypted:	false
SSDEEP:
MD5:	C414C6972F0AAD5DFA31297919D0587F
SHA1:	529AE0B0CB9D1DBC7F8844F346149E151DE0A36B
SHA-256:	85E6CEE6001927376725F91EAA55D17B3D9E38643E17755A42C05FE491C63BDE
SHA-512:	0F2A777B9C3D6C525097E19D1CC4525E9BAF78E0CABF54DD693C64BC1FD4EA75402D906A8302489997BA83ABA5AFD7CA1DE30FFE0888CD19950F56A9D38B018A
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset da "&Abort" "&Afbryd". ::msgcat::mcset da "&About..." "&Om...". ::msgcat::mcset da "All Files" "Alle filer". ::msgcat::mcset da "Application Error" "Programfejl". ::msgcat::mcset da "&Blue" "&Bl\u00E5". ::msgcat::mcset da "Cancel" "Annuller". ::msgcat::mcset da "&Cancel" "&Annuller". ::msgcat::mcset da "Cannot change to the directory \"%1\$s\".\nPermission denied." "Kan ikke skifte til katalog \"%1\$s\".\nIngen rettigheder.". ::msgcat::mcset da "Choose Directory" "V\u00E6lg katalog". ::msgcat::mcset da "Cl&ear" "&Ryd". ::msgcat::mcset da "&Clear Console" "&Ryd konsolen". ::msgcat::mcset da "Color" "Farve". ::msgcat::mcset da "Console" "Konsol". ::msgcat::mcset da "&Copy" "&Kopier". ::msgcat::mcset da "Cu&t" "Kli&p". ::msgcat::mcset da "&Delete" "&Slet". ::msgcat::mcset da "Details >>" "Detailer". ::msgcat::mcset da "Directory \"%1\$s\" does not exist." "Katalog \"%1\$s\" findes ikke.". ::msg

C:\Users\user\AppData\Local\Update\tk\msgs\de.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4823
Entropy (8bit):	4.5738552657551566
Encrypted:	false
SSDEEP:
MD5:	07DF877A1166E81256273F1183B5BDC9
SHA1:	CB455F910208E2E55B27A96ABD845FEEDA88711A
SHA-256:	06DD7572626DF5CB0A8D3AFFBAC9BB74CB12469076836D66FD19AE5B5FAB42C7
SHA-512:	197B09F37647D1D5130A084EA1D99D0CC16C815EC0AC31EC07875BEB2DFAE2197E2AF3E323FE8CB35F90912D76D3EB88D1E56F6E026F87AEDFADB7534BA2675A
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset de "&Abort" "&Abbruch". ::msgcat::mcset de "&About..." "&\u00dcber...". ::msgcat::mcset de "All Files" "Alle Dateien". ::msgcat::mcset de "Application Error" "Applikationsfehler". ::msgcat::mcset de "&Apply" "&Anwenden". ::msgcat::mcset de "Bold" "Fett". ::msgcat::mcset de "Bold Italic" "Fett kursiv". ::msgcat::mcset de "&Blue" "&Blau". ::msgcat::mcset de "Cancel" "Abbruch". ::msgcat::mcset de "&Cancel" "&Abbruch". ::msgcat::mcset de "Cannot change to the directory \"%1\$s\".\nPermission denied." "Kann nicht in das Verzeichnis \"%1\$s\" wechseln.\nKeine Rechte vorhanden.". ::msgcat::mcset de "Choose Directory" "W\u00e4hle Verzeichnis". ::msgcat::mcset de "Cl&ear" "&R\u00fccksetzen". ::msgcat::mcset de "&Clear Console" "&Konsole l\u00f6schen". ::msgcat::mcset de "Color" "Farbe". ::msgcat::mcset de "Console" "Konsole". ::msgcat::mcset de "&Copy" "&Kopieren". ::msgcat::mcset de "Cu&t" "Aus&schneid

C:\Users\user\AppData\Local\Update\tk\msgs\el.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8698
Entropy (8bit):	4.296709418881547
Encrypted:	false
SSDEEP:
MD5:	C802EA5388476451CD76934417761AA6
SHA1:	25531DF6262E3B1170055735C5A874B9124FEA83
SHA-256:	1D56D0A7C07D34BB8165CBA47FA49351B8BC5A9DB244290B9601C5885D16155C
SHA-512:	251FABBE8B596C74BC1231823C60F5F99CF55A29212327723F5DBE604F678E8E464F2D604D1049754B7C02350712B83BCF4D9542D8167F3CAB9C9B7E5C88EC7D
Malicious:	false
Preview:	## Messages for the Greek (Hellenic - "el") language..## Please report any changes/suggestions to:.## petasis@iit.demokritos.gr..namespace eval ::tk {. ::msgcat::mcset el "&Abort" "\u03a4\u03b5\u03c1\u03bc\u03b1\u03c4\u03b9\u03c3\u03bc\u03cc\u03c2". ::msgcat::mcset el "About..." "\u03a3\u03c7\u03b5\u03c4\u03b9\u03ba\u03ac...". ::msgcat::mcset el "All Files" "\u038c\u03bb\u03b1 \u03c4\u03b1 \u0391\u03c1\u03c7\u03b5\u03af\u03b1". ::msgcat::mcset el "Application Error" "\u039b\u03ac\u03b8\u03bf\u03c2 \u0395\u03c6\u03b1\u03c1\u03bc\u03bf\u03b3\u03ae\u03c2". ::msgcat::mcset el "&Blue" "\u039c\u03c0\u03bb\u03b5". ::msgcat::mcset el "&Cancel" "\u0391\u03ba\u03cd\u03c1\u03c9\u03c3\u03b7". ::msgcat::mcset el \."Cannot change to the directory \"%1\$s\".\nPermission denied." \."\u0394\u03b5\u03bd \u03b5\u03af\u03bd\u03b1\u03b9 \u03b4\u03c5\u03bd\u03b1\u03c4\u03ae \u03b7 \u03b1\u03bb\u03bb\u03b1\u03b3\u03ae \u03ba\u

C:\Users\user\AppData\Local\Update\tk\msgs\en.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3286
Entropy (8bit):	4.214322279125194
Encrypted:	false
SSDEEP:
MD5:	64725ED622DBF1CB3F00479BA84157D7
SHA1:	575429AEABAF6640425AC1BC397B3382C1ED1122
SHA-256:	673C76A48ADA09A154CB038534BF90E3B9C0BA5FD6B1619DB33507DE65553362
SHA-512:	4EBDCAB20D095789BB8D94476CCFD29DEE8DFCF96F1C2030387F0521827A140E22BBB0DAD4B73EABE26D70E1642C9981BC5CBBF0045FEABB9EF98C7CDB67795E
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset en "&Abort". ::msgcat::mcset en "&About...". ::msgcat::mcset en "All Files". ::msgcat::mcset en "Application Error". ::msgcat::mcset en "&Apply". ::msgcat::mcset en "Bold". ::msgcat::mcset en "Bold Italic". ::msgcat::mcset en "&Blue". ::msgcat::mcset en "Cancel". ::msgcat::mcset en "&Cancel". ::msgcat::mcset en "Cannot change to the directory \"%1\$s\".\nPermission denied.". ::msgcat::mcset en "Choose Directory". ::msgcat::mcset en "Cl&ear". ::msgcat::mcset en "&Clear Console". ::msgcat::mcset en "Color". ::msgcat::mcset en "Console". ::msgcat::mcset en "&Copy". ::msgcat::mcset en "Cu&t". ::msgcat::mcset en "&Delete". ::msgcat::mcset en "Details >>". ::msgcat::mcset en "Directory \"%1\$s\" does not exist.". ::msgcat::mcset en "&Directory:". ::msgcat::mcset en "&Edit". ::msgcat::mcset en "Effects". ::msgcat::mcset en "Error: %1\$s". ::msgcat::mcset en "E&xit". ::msgcat

C:\Users\user\AppData\Local\Update\tk\msgs\en_gb.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	63
Entropy (8bit):	4.185724027617087
Encrypted:	false
SSDEEP:
MD5:	EC6A7E69AB0B8B767367DB54CC0499A8
SHA1:	6C2D6B622429AB8C17E07C2E0F546469823ABE57
SHA-256:	FB93D455A9D9CF3F822C968DFB273ED931E433F2494D71D6B5F8D83DDE7EACC2
SHA-512:	72077EAB988979EB2EE292ACDB72537172A5E96B4262CE7278B76F0FEBD7E850D18221DB551D1DE3C6EB520985B5E9642936BEEB66032F920593276784525702
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset en_gb Color Colour.}.

C:\Users\user\AppData\Local\Update\tk\msgs\eo.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3916
Entropy (8bit):	4.556739397782912
Encrypted:	false
SSDEEP:
MD5:	09EF4B30B49A71FD4DEA931E334896E1
SHA1:	6C2366CE5961CFDA53259A43E087A813CEE41841
SHA-256:	5DE113DC4CE0DF0D8C54D4812C15EC31387127BF9AFEA028D20C6A5AA8E3AB85
SHA-512:	9DB3BB6B76B1299AE4612DF2A2872ECEE6642FC7DF971BE3A22437154AD25E81E1B1F3E1AA7A281CB3F48F8F8198A846BCB008CCFF91A9720440AFE5BAB7DE84
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset eo "&Abort" "&\u0108esigo". ::msgcat::mcset eo "&About..." "Pri...". ::msgcat::mcset eo "All Files" "\u0108ioj dosieroj". ::msgcat::mcset eo "Application Error" "Aplikoerraro". ::msgcat::mcset eo "&Blue" "&Blua". ::msgcat::mcset eo "Cancel" "Rezignu". ::msgcat::mcset eo "&Cancel" "&Rezignu". ::msgcat::mcset eo "Cannot change to the directory \"%1\$s\".\nPermission denied." "Neeble \u0109angi al dosierulon \"%1\$s\".\nVi ne rajtas tion.". ::msgcat::mcset eo "Choose Directory" "Elektu Dosierujo". ::msgcat::mcset eo "Cl&ear" "&Klaru". ::msgcat::mcset eo "&Clear Console" "&Klaru konzolon". ::msgcat::mcset eo "Color" "Farbo". ::msgcat::mcset eo "Console" "Konzolo". ::msgcat::mcset eo "&Copy" "&Kopiu". ::msgcat::mcset eo "Cu&t" "&Enpo\u015digu". ::msgcat::mcset eo "&Delete" "&Forprenu". ::msgcat::mcset eo "Details >>" "Detaloj >>". ::msgcat::mcset eo "Directory \"%1\$s\" does not exist." "La dosieruj

C:\Users\user\AppData\Local\Update\tk\msgs\es.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3948
Entropy (8bit):	4.486102294561867
Encrypted:	false
SSDEEP:
MD5:	93FFA957E3DCF851DD7EBE587A38F2D5
SHA1:	8C3516F79FB72F32848B40091DA67C81E40FDEFE
SHA-256:	91DC4718DC8566C36E4BCD0C292C01F467CA7661EFF601B870ABCDFE4A94ECBB
SHA-512:	8EC7048DDFF521DE444F697EAB305777BAC24AEA37716DA4FE5374E93CEF66DDD58D535BE8FCBCD2636D623337643B1242798BB8AC7292EA2D81AE030C3A605C
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset es "&Abort" "&Abortar". ::msgcat::mcset es "&About..." "&Acerca de ...". ::msgcat::mcset es "All Files" "Todos los archivos". ::msgcat::mcset es "Application Error" "Error de la aplicaci\u00f3n". ::msgcat::mcset es "&Blue" "&Azul". ::msgcat::mcset es "Cancel" "Cancelar". ::msgcat::mcset es "&Cancel" "&Cancelar". ::msgcat::mcset es "Cannot change to the directory \"%1\$s\".\nPermission denied." "No es posible acceder al directorio \"%1\$s\".\nPermiso denegado.". ::msgcat::mcset es "Choose Directory" "Elegir directorio". ::msgcat::mcset es "Cl&ear" "&Borrar". ::msgcat::mcset es "&Clear Console" "&Borrar consola". ::msgcat::mcset es "Color". ::msgcat::mcset es "Console" "Consola". ::msgcat::mcset es "&Copy" "&Copiar". ::msgcat::mcset es "Cu&t" "Cor&tar". ::msgcat::mcset es "&Delete" "&Borrar". ::msgcat::mcset es "Details >>" "Detalles >>". ::msgcat::mcset es "Directory \"%1\$s\" does not exist." "

C:\Users\user\AppData\Local\Update\tk\msgs\fr.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3805
Entropy (8bit):	4.582498923493114
Encrypted:	false
SSDEEP:
MD5:	9FC55235C334F6F6026D5B38AFFB9E10
SHA1:	CAD3805900E860B9491E3EE5C2C0F52ADCA67065
SHA-256:	0A8BBB4D1FD87BF7A90DDFA50F4724994C9CE78D1F3E91CF40C1177DB7941DC5
SHA-512:	FBB5E72BC376DDB9F43B8C79398CA287AFAAAF8292A8CB3AF63241973B1748FD578D49075A1287DA054BA81D3ED61A723F3DE9E10855D5E85620B371D70D9BBD
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset fr "&Abort" "&Annuler". ::msgcat::mcset fr "About..." "\u00c0 propos...". ::msgcat::mcset fr "All Files" "Tous les fichiers". ::msgcat::mcset fr "Application Error" "Erreur d'application". ::msgcat::mcset fr "&Blue" "&Bleu". ::msgcat::mcset fr "Cancel" "Annuler". ::msgcat::mcset fr "&Cancel" "&Annuler". ::msgcat::mcset fr "Cannot change to the directory \"%1\$s\".\nPermission denied." "Impossible d'acc\u00e9der au r\u00e9pertoire \"%1\$s\".\nPermission refus\u00e9e.". ::msgcat::mcset fr "Choose Directory" "Choisir r\u00e9pertoire". ::msgcat::mcset fr "Cl&ear" "Effacer". ::msgcat::mcset fr "Color" "Couleur". ::msgcat::mcset fr "Console". ::msgcat::mcset fr "Copy" "Copier". ::msgcat::mcset fr "Cu&t" "Couper". ::msgcat::mcset fr "Delete" "Effacer". ::msgcat::mcset fr "Details >>" "D\u00e9tails >>". ::msgcat::mcset fr "Directory \"%1\$s\" does not exist." "Le r\u00e9pertoire \"%1\$s\" n'existe pas.".

C:\Users\user\AppData\Local\Update\tk\msgs\hu.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4600
Entropy (8bit):	4.752507976327236
Encrypted:	false
SSDEEP:
MD5:	E1BA9C40A350BAD78611839A59065BF0
SHA1:	1A148D230C9F8D748D96A79CD4E261AF264D6524
SHA-256:	C8134EAD129E44E9C5043E1DAD81A6A900F0DE71DB3468E2603840038687F1D8
SHA-512:	17EC7F14C708C4D8C77731C26D0CE8AF6EBAB3D1CA878FB9682F15F0546031E39EF601683832631CA329549A630F2C9A3A69B1CC6E3CC927353605834FC62CAE
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset hu "&Abort" "&Megszak\u00edt\u00e1s". ::msgcat::mcset hu "&About..." "N\u00e9vjegy...". ::msgcat::mcset hu "All Files" "Minden f\u00e1jl". ::msgcat::mcset hu "Application Error" "Alkalmaz\u00e1s hiba". ::msgcat::mcset hu "&Blue" "&K\u00e9k". ::msgcat::mcset hu "Cancel" "M\u00e9gsem". ::msgcat::mcset hu "&Cancel" "M\u00e9g&sem". ::msgcat::mcset hu "Cannot change to the directory \"%1\$s\".\nPermission denied." "A k\u00f6nyvt\u00e1rv\u00e1lt\u00e1s nem siker\u00fclt: \"%1\$s\".\nHozz\u00e1f\u00e9r\u00e9s megtagadva.". ::msgcat::mcset hu "Choose Directory" "K\u00f6nyvt\u00e1r kiv\u00e1laszt\u00e1sa". ::msgcat::mcset hu "Cl&ear" "T\u00f6rl\u00e9s". ::msgcat::mcset hu "&Clear Console" "&T\u00f6rl\u00e9s Konzol". ::msgcat::mcset hu "Color" "Sz\u00edn". ::msgcat::mcset hu "Console" "Konzol". ::msgcat::mcset hu "&Copy" "&M\u00e1sol\u00e1s". ::msgcat::mcset hu "Cu&t" "&Kiv\u00e1g\u00e1s". ::msgcat::mcset hu "

C:\Users\user\AppData\Local\Update\tk\msgs\it.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3692
Entropy (8bit):	4.444986253861924
Encrypted:	false
SSDEEP:
MD5:	ADB80EC5B23FC906A1A3313A30D789E6
SHA1:	5FB163BC1086D3366228204078F219FE4BB67CB3
SHA-256:	9F83DD0309ED621100F3187FFCDAE50B75F5973BBE74AF550A78EF0010495DED
SHA-512:	BA6E0C165561CDAEAB565EF1FED4087AB3B41EC3C18432C1BDA9B011E5C7C2E12F6B2CFC9F5C0CFAC1134AE53D80459D8E5B638739C61A851232047DEA7F3BA2
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset it "&Abort" "&Interrompi". ::msgcat::mcset it "&About..." "Informazioni...". ::msgcat::mcset it "All Files" "Tutti i file". ::msgcat::mcset it "Application Error" "Errore dell' applicazione". ::msgcat::mcset it "&Blue" "&Blu". ::msgcat::mcset it "Cancel" "Annulla". ::msgcat::mcset it "&Cancel" "&Annulla". ::msgcat::mcset it "Cannot change to the directory \"%1\$s\".\nPermission denied." "Impossibile accedere alla directory \"%1\$s\".\nPermesso negato.". ::msgcat::mcset it "Choose Directory" "Scegli una directory". ::msgcat::mcset it "Cl&ear" "Azzera". ::msgcat::mcset it "&Clear Console" "Azzera Console". ::msgcat::mcset it "Color" "Colore". ::msgcat::mcset it "Console". ::msgcat::mcset it "&Copy" "Copia". ::msgcat::mcset it "Cu&t" "Taglia". ::msgcat::mcset it "Delete" "Cancella". ::msgcat::mcset it "Details >>" "Dettagli >>". ::msgcat::mcset it "Directory \"%1\$s\" does not exist." "La director

C:\Users\user\AppData\Local\Update\tk\msgs\nl.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4466
Entropy (8bit):	4.472386382725933
Encrypted:	false
SSDEEP:
MD5:	B628EAFD489335ED620014B56821B792
SHA1:	8F6AFF68B42B747D30870D6DA7E058294921406A
SHA-256:	D3D07AAD792C0E83F4704B304931EA549D12CBB3D99A573D9815E954A5710707
SHA-512:	C33D097D2897D20F75A197E30B859DC83C8B4E42F260150BC7205918779D77A8C2390BE65376622F6705C38ECDF6F14B6ABAD29EDE3DE79603025BBBC39BEBC7
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset nl "&Abort" "&Afbreken". ::msgcat::mcset nl "&About..." "Over...". ::msgcat::mcset nl "All Files" "Alle Bestanden". ::msgcat::mcset nl "Application Error" "Toepassingsfout". ::msgcat::mcset nl "&Apply" "Toepassen". ::msgcat::mcset nl "Bold" "Vet". ::msgcat::mcset nl "Bold Italic" "Vet Cursief". ::msgcat::mcset nl "&Blue" "&Blauw". ::msgcat::mcset nl "Cancel" "Annuleren". ::msgcat::mcset nl "&Cancel" "&Annuleren". ::msgcat::mcset nl "Cannot change to the directory \"%1\$s\".\nPermission denied." "Kan niet naar map \"%1\$s\" gaan.\nU heeft hiervoor geen toestemming.". ::msgcat::mcset nl "Choose Directory" "Kies map". ::msgcat::mcset nl "Cl&ear" "Wissen". ::msgcat::mcset nl "&Clear Console" "&Wis Console". ::msgcat::mcset nl "Color" "Kleur". ::msgcat::mcset nl "Console". ::msgcat::mcset nl "&Copy" "Kopi\u00ebren". ::msgcat::mcset nl "Cu&t" "Knippen". ::msgcat::mcset nl "&Delete" "Wissen". ::

C:\Users\user\AppData\Local\Update\tk\msgs\pl.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4841
Entropy (8bit):	4.754441208797498
Encrypted:	false
SSDEEP:
MD5:	17B63EFE0A99F44D27DD41C4CC0A8A7B
SHA1:	3E45C0102B287908D770A31D1906678E785088C2
SHA-256:	1993B4EC2DC009D2E6CA185D0BD565D3F33A4EFA79BACA39E4F97F574D63F305
SHA-512:	F8B9E7BC76A4ED5F948A9E505F3B1A321E322DD57CF88BEF36B6A9AF793462E45432709402151B4BB520B12B089A043CA23FF86106ED7B5C73DFBB6E233907F4
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset pl "&Abort" "&Przerwij". ::msgcat::mcset pl "&About..." "O programie...". ::msgcat::mcset pl "All Files" "Wszystkie pliki". ::msgcat::mcset pl "Application Error" "B\u0142\u0105d w programie". ::msgcat::mcset pl "&Apply" "Zastosuj". ::msgcat::mcset pl "Bold" "Pogrubienie". ::msgcat::mcset pl "Bold Italic" "Pogrubiona kursywa". ::msgcat::mcset pl "&Blue" "&Niebieski". ::msgcat::mcset pl "Cancel" "Anuluj". ::msgcat::mcset pl "&Cancel" "&Anuluj". ::msgcat::mcset pl "Cannot change to the directory \"%1\$s\".\nPermission denied." "Nie mo\u017cna otworzy\u0107 katalogu \"%1\$s\".\nOdmowa dost\u0119pu.". ::msgcat::mcset pl "Choose Directory" "Wybierz katalog". ::msgcat::mcset pl "Cl&ear" "&Wyczy\u015b\u0107". ::msgcat::mcset pl "&Clear Console" "&Wyczy\u015b\u0107 konsol\u0119". ::msgcat::mcset pl "Color" "Kolor". ::msgcat::mcset pl "Console" "Konsola". ::msgcat::mcset pl "&Copy" "&Kopiuj". ::msgcat::

C:\Users\user\AppData\Local\Update\tk\msgs\pt.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3913
Entropy (8bit):	4.5841256573492135
Encrypted:	false
SSDEEP:
MD5:	236356817E391D8871EA59667F47DA0C
SHA1:	948EE95F4549DA8C7D412911D17B4B62CBA22ADD
SHA-256:	AD0E466131D3789DE321D9D0588E19E4647BA82EDE41EEE6EBEF464786F8BDBE
SHA-512:	3AB10D1980D4C1367EA0BB54E50709DF32A870E851EDE80F30F66DA4B09C1ACFFF4E77C462BD815DD67F485DDFF77FEBD09CA29D77EEE55FE8A00D115D600C32
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset pt "&Abort" "&Abortar". ::msgcat::mcset pt "About..." "Sobre ...". ::msgcat::mcset pt "All Files" "Todos os arquivos". ::msgcat::mcset pt "Application Error" "Erro de aplica\u00e7\u00e3o". ::msgcat::mcset pt "&Blue" "&Azul". ::msgcat::mcset pt "Cancel" "Cancelar". ::msgcat::mcset pt "&Cancel" "&Cancelar". ::msgcat::mcset pt "Cannot change to the directory \"%1\$s\".\nPermission denied." "N\u00e3o foi poss\u00edvel mudar para o diret\u00f3rio \"%1\$s\".\nPermiss\u00e3o negada.". ::msgcat::mcset pt "Choose Directory" "Escolha um diret\u00f3rio". ::msgcat::mcset pt "Cl&ear" "Apagar". ::msgcat::mcset pt "&Clear Console" "Apagar Console". ::msgcat::mcset pt "Color" "Cor". ::msgcat::mcset pt "Console". ::msgcat::mcset pt "&Copy" "Copiar". ::msgcat::mcset pt "Cu&t" "Recortar". ::msgcat::mcset pt "&Delete" "Excluir". ::msgcat::mcset pt "Details >>" "Detalhes >>". ::msgcat::mcset pt "Directory \"%1\$s\"

C:\Users\user\AppData\Local\Update\tk\msgs\ru.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7214
Entropy (8bit):	4.358559144448363
Encrypted:	false
SSDEEP:
MD5:	D7C27DBDF7B349BE13E09F35BA61A5F8
SHA1:	40A52544B557F19736EA1767BFBF5708A9BBC318
SHA-256:	C863DEBAB79F9682FD0D52D864E328E7333D03F4E9A75DBB342C30807EFDCFFB
SHA-512:	DAF10336096B0574F060757CB6DD24049692F81B969B01BB8FA212035D955B8DA53F5ECDE3613E6AEF3C47165F075CC14363E4B854B2407EA452EAB4D4D31955
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset ru "&Abort" "&\u041e\u0442\u043c\u0435\u043d\u0438\u0442\u044c". ::msgcat::mcset ru "&About..." "\u041f\u0440\u043e...". ::msgcat::mcset ru "All Files" "\u0412\u0441\u0435 \u0444\u0430\u0439\u043b\u044b". ::msgcat::mcset ru "Application Error" "\u041e\u0448\u0438\u0431\u043a\u0430 \u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0435". ::msgcat::mcset ru "&Blue" " &\u0413\u043e\u043b\u0443\u0431\u043e\u0439". ::msgcat::mcset ru "Cancel" "\u041e\u0442&\u043c\u0435\u043d\u0430". ::msgcat::mcset ru "&Cancel" "\u041e\u0442&\u043c\u0435\u043d\u0430". ::msgcat::mcset ru "Cannot change to the directory \"%1\$s\".\nPermission denied." \...."\u041d\u0435 \u043c\u043e\u0433\u0443 \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433 \"%1\$s\".\n\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043f\u0440\u0430\u0432 \u0434\u043e\u0441\u0442\u0443\u043f\u0430".

C:\Users\user\AppData\Local\Update\tk\msgs\sv.msg Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3832
Entropy (8bit):	4.609382297476727
Encrypted:	false
SSDEEP:
MD5:	DB1712B1C1FF0E3A46F8E86FBB78AA4D
SHA1:	28D9DB9CBEE791C09BD272D9C2A6C3DA80EB89EA
SHA-256:	B76EBFA21BC1E937A04A04E5122BE64B5CDEE1F47C7058B71D8B923D70C3B17B
SHA-512:	F79CD72DCD6D1B4212A5058DA5A020E8A157E72E6D84CAFB96463E76C1CED5AC367A2295EF743FDE70C9AB1CF2F4D88A4A73300DFD4F799AA3ECDA6FBF04E588
Malicious:	false
Preview:	namespace eval ::tk {. ::msgcat::mcset sv "&Abort" "&Avsluta". ::msgcat::mcset sv "&About..." "&Om...". ::msgcat::mcset sv "All Files" "Samtliga filer". ::msgcat::mcset sv "Application Error" "Programfel". ::msgcat::mcset sv "&Blue" "&Bl\u00e5". ::msgcat::mcset sv "Cancel" "Avbryt". ::msgcat::mcset sv "&Cancel" "&Avbryt". ::msgcat::mcset sv "Cannot change to the directory \"%1\$s\".\nPermission denied." "Kan ej n\u00e5 mappen \"%1\$s\".\nSaknar r\u00e4ttigheter.". ::msgcat::mcset sv "Choose Directory" "V\u00e4lj mapp". ::msgcat::mcset sv "Cl&ear" "&Radera". ::msgcat::mcset sv "&Clear Console" "&Radera konsollen". ::msgcat::mcset sv "Color" "F\u00e4rg". ::msgcat::mcset sv "Console" "Konsoll". ::msgcat::mcset sv "&Copy" "&Kopiera". ::msgcat::mcset sv "Cu&t" "Klipp u&t". ::msgcat::mcset sv "&Delete" "&Radera". ::msgcat::mcset sv "Details >>" "Detaljer >>". ::msgcat::mcset sv "Directory \"%1\$s\" does not exist." "Mappen \"%1\$s\" finns

C:\Users\user\AppData\Local\Update\tk\obsolete.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5594
Entropy (8bit):	4.9941618573215525
Encrypted:	false
SSDEEP:
MD5:	7763C90F811620A6C1F0A36BAF9B89CA
SHA1:	30E24595DD683E470FE9F12814D27D6D266B511E
SHA-256:	F6929A5E0D18BC4C6666206C63AC4AAA66EDC4B9F456DFC083300CFA95A44BCD
SHA-512:	2E2887392C67D05EA85DB2E6BFD4AA27779BC82D3B607A7DD221A99EFF0D2A21A6BA47A4F2D2CDFC7CFECD7E93B2B38064C4D5A51406471AE142EC9CC71F5C48
Malicious:	false
Preview:	# obsolete.tcl --.#.# This file contains obsolete procedures that people really shouldn't.# be using anymore, but which are kept around for backward compatibility..#.# Copyright (c) 1994 The Regents of the University of California..# Copyright (c) 1994 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# The procedures below are here strictly for backward compatibility with.# Tk version 3.6 and earlier. The procedures are no longer needed, so.# they are no-ops. You should not use these procedures anymore, since.# they may be removed in some future release...proc tk_menuBar args {}.proc tk_bindForTraversal args {}..# ::tk::classic::restore --.#.# Restore the pre-8.5 (Tk classic) look as the widget defaults for classic.# Tk widgets..#.# The value following an 'option add' call is the new 8.5 value..#.namespace eval ::tk::classic {. # This may need to be adjusted for some windo

C:\Users\user\AppData\Local\Update\tk\optMenu.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1586
Entropy (8bit):	4.733749898743743
Encrypted:	false
SSDEEP:
MD5:	D17FE676A057F373B44C9197114F5A69
SHA1:	9745C83EEC8565602F8D74610424848009FFA670
SHA-256:	76DBDBF9216678D48D1640F8FD1E278E7140482E1CAC7680127A9A425CC61DEE
SHA-512:	FF7D9EB64D4367BB11C567E64837CB1DAAA9BE0C8A498CAD00BF63AF45C1826632BC3A09E65D6F51B26EBF2D07285802813ED55C5D697460FC95AF30A943EF8F
Malicious:	false
Preview:	# optMenu.tcl --.#.# This file defines the procedure tk_optionMenu, which creates.# an option button and its associated menu..#.# Copyright (c) 1994 The Regents of the University of California..# Copyright (c) 1994 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# ::tk_optionMenu --.# This procedure creates an option button named $w and an associated.# menu. Together they provide the functionality of Motif option menus:.# they can be used to select one of many values, and the current value.# appears in the global variable varName, as well as in the text of.# the option menubutton. The name of the menu is returned as the.# procedure's result, so that the caller can use it to change configuration.# options on the menu or otherwise manipulate it..#.# Arguments:.# w -...The name to use for the menubutton..# varName -..Global variable to hold the currently selected value..# first

C:\Users\user\AppData\Local\Update\tk\palette.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8174
Entropy (8bit):	4.9180898441277705
Encrypted:	false
SSDEEP:
MD5:	ABE618A0891CD6909B945A2098C77D75
SHA1:	A322CCFB33FF73E4A4730B5B21DE4290F9D94622
SHA-256:	60B8579368BB3063F16D25F007385111E0EF8D97BB296B03656DC176E351E3CA
SHA-512:	2DF5A50F3CA7D21F43651651879BCAE1433FF44B0A7ECE349CCF73BECC4780160125B21F69348C97DCD60503FC79A6525DB723962197E8550B42D0AE257FD8E7
Malicious:	false
Preview:	# palette.tcl --.#.# This file contains procedures that change the color palette used.# by Tk..#.# Copyright (c) 1995-1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# ::tk_setPalette --.# Changes the default color scheme for a Tk application by setting.# default colors in the option database and by modifying all of the.# color options for existing widgets that have the default value..#.# Arguments:.# The arguments consist of either a single color name, which.# will be used as the new background color (all other colors will.# be computed from this) or an even number of values consisting of.# option names and values. The name for an option is the one used.# for the option database, such as activeForeground, not -activeforeground...proc ::tk_setPalette {args} {. if {[winfo depth .] == 1} {..# Just return on monochrome displays, otherwise errors will occur..return. }.

C:\Users\user\AppData\Local\Update\tk\panedwindow.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5176
Entropy (8bit):	4.933519639131517
Encrypted:	false
SSDEEP:
MD5:	2DA0A23CC9D6FD970FE00915EA39D8A2
SHA1:	DFE3DC663C19E9A50526A513043D2393869D8F90
SHA-256:	4ADF738B17691489C71C4B9D9A64B12961ADA8667B81856F7ADBC61DFFEADF29
SHA-512:	B458F3D391DF9522D4E7EAE8640AF308B4209CE0D64FD490BFC0177FDE970192295C1EA7229CE36D14FC3E582C7649460B8B7B0214E0FF5629B2B430A99307D4
Malicious:	false
Preview:	# panedwindow.tcl --.#.# This file defines the default bindings for Tk panedwindow widgets and.# provides procedures that help in implementing those bindings...bind Panedwindow <Button-1> { ::tk::panedwindow::MarkSash %W %x %y 1 }.bind Panedwindow <Button-2> { ::tk::panedwindow::MarkSash %W %x %y 0 }..bind Panedwindow <B1-Motion> { ::tk::panedwindow::DragSash %W %x %y 1 }.bind Panedwindow <B2-Motion> { ::tk::panedwindow::DragSash %W %x %y 0 }..bind Panedwindow <ButtonRelease-1> {::tk::panedwindow::ReleaseSash %W 1}.bind Panedwindow <ButtonRelease-2> {::tk::panedwindow::ReleaseSash %W 0}..bind Panedwindow <Motion> { ::tk::panedwindow::Motion %W %x %y }..bind Panedwindow <Leave> { ::tk::panedwindow::Leave %W }..# Initialize namespace.namespace eval ::tk::panedwindow {}..# ::tk::panedwindow::MarkSash --.#.# Handle marking the correct sash for possible dragging.#.# Arguments:.# w..the widget.# x..widget local x coord.# y..widget local y coord.# proxy.whether this should be a prox

C:\Users\user\AppData\Local\Update\tk\pkgIndex.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	363
Entropy (8bit):	4.977735142707899
Encrypted:	false
SSDEEP:
MD5:	A6448AF2C8FAFC9A4F42EACA6BF6AB2E
SHA1:	0B295B46B6DF906E89F40A907022068BC6219302
SHA-256:	CD44EE7F76C37C0C522BD0CFCA41C38CDEDDC74392B2191A3AF1A63D9D18888E
SHA-512:	5B1A8CA5B09B7281DE55460D21D5195C4EE086BEBDC35FA561001181490669FFC67D261F99EAA900467FE97E980EB733C5FFBF9D8C541EDE18992BF4A435C749
Malicious:	false
Preview:	if {[catch {package present Tcl 8.6.0}]} { return }.if {($::tcl_platform(platform) eq "unix") && ([info exists ::env(DISPLAY)]..\|\| ([info exists ::argv] && ("-display" in $::argv)))} {. package ifneeded Tk 8.6.9 [list load [file join $dir .. .. bin libtk8.6.dll] Tk].} else {. package ifneeded Tk 8.6.9 [list load [file join $dir .. .. bin tk86t.dll] Tk].}.

C:\Users\user\AppData\Local\Update\tk\safetk.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7381
Entropy (8bit):	4.833263771361282
Encrypted:	false
SSDEEP:
MD5:	EFC567E407C48BF2BE4E09CB18DEFC11
SHA1:	EDEDB6776963B7D629C6ACE9440D24EB78DEA878
SHA-256:	9708F5A1E81E1C3FEAF189020105BE28D27AA8808FF9FB2DCCA040500CF2642A
SHA-512:	BDA5F92BD2F7B9CD29C5A732EC77A71291778A0EC3EABE81575C55DE3E207F663BA28DA4C95174045A74EFFF71B95D907C9D056BAA9E585E6F6DC14A133760BC
Malicious:	false
Preview:	# safetk.tcl --.#.# Support procs to use Tk in safe interpreters..#.# Copyright (c) 1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES...# see safetk.n for documentation..#.#.# Note: It is now ok to let untrusted code being executed.# between the creation of the interp and the actual loading.# of Tk in that interp because the C side Tk_Init will.# now look up the master interp and ask its safe::TkInit.# for the actual parameters to use for it's initialization (if allowed),.# not relying on the slave state..#..# We use opt (optional arguments parsing).package require opt 0.4.1;..namespace eval ::safe {.. # counter for safe toplevels. variable tkSafeId 0.}..#.# tkInterpInit : prepare the slave interpreter for tk loading.# most of the real job is done by loadTk.# returns the slave name (tkInterpInit does).#.proc ::safe::tkInterpIni

C:\Users\user\AppData\Local\Update\tk\scale.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	7766
Entropy (8bit):	4.933555104215445
Encrypted:	false
SSDEEP:
MD5:	1CE32CDAEB04C75BFCEEA5FB94B8A9F0
SHA1:	CC7614C9EADE999963EE78B422157B7B0739894C
SHA-256:	58C662DD3D2C653786B05AA2C88831F4E971B9105E4869D866FB6186E83ED365
SHA-512:	1EE5A187615AE32F17936931B30FEA9551F9E3022C1F45A2BCA81624404F4E68022FCF0B03FBD61820EC6958983A8F2FBFC3AD2EC158433F8E8DE9B8FCF48476
Malicious:	false
Preview:	# scale.tcl --.#.# This file defines the default bindings for Tk scale widgets and provides.# procedures that help in implementing the bindings..#.# Copyright (c) 1994 The Regents of the University of California..# Copyright (c) 1994-1995 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# The code below creates the default class bindings for entries..#-------------------------------------------------------------------------..# Standard Motif bindings:..bind Scale <Enter> {. if {$tk_strictMotif} {..set tk::Priv(activeBg) [%W cget -activebackground]..%W configure -activebackground [%W cget -background]. }. tk::ScaleActivate %W %x %y.}.bind Scale <Motion> {. tk::ScaleActivate %W %x %y.}.bind Scale <Leave> {. if {$tk_strictMotif} {..%W configure -activebackground $tk::Priv(activeBg). }.

C:\Users\user\AppData\Local\Update\tk\scrlbar.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12748
Entropy (8bit):	5.026700023745507
Encrypted:	false
SSDEEP:
MD5:	4CBFFC4E6B3F56A5890E3F7C31C6C378
SHA1:	75DB5205B311F55D1CA1D863B8688A628BF6012A
SHA-256:	6BA3E2D62BD4856D7D7AE87709FCAA23D81EFC38C375C6C5D91639555A84C35D
SHA-512:	65DF7AE09E06C200A8456748DC89095BB8417253E01EC4FDAFB28A84483147DDC77AAF6B49BE9E18A326A94972086A99044BEE3CE5CF8026337DFC6972C92C04
Malicious:	false
Preview:	# scrlbar.tcl --.#.# This file defines the default bindings for Tk scrollbar widgets..# It also provides procedures that help in implementing the bindings..#.# Copyright (c) 1994 The Regents of the University of California..# Copyright (c) 1994-1996 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# The code below creates the default class bindings for scrollbars..#-------------------------------------------------------------------------..# Standard Motif bindings:.if {[tk windowingsystem] eq "x11" \|\| [tk windowingsystem] eq "aqua"} {..bind Scrollbar <Enter> {. if {$tk_strictMotif} {..set tk::Priv(activeBg) [%W cget -activebackground]..%W configure -activebackground [%W cget -background]. }. %W activate [%W identify %x %y].}.bind Scrollbar <Motion> {. %W activate [%W identify %x %y].}..# The

C:\Users\user\AppData\Local\Update\tk\spinbox.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	15640
Entropy (8bit):	5.001694129885997
Encrypted:	false
SSDEEP:
MD5:	9971530F110AC2FB7D7EC91789EA2364
SHA1:	AB553213C092EF077524ED56FC37DA29404C79A7
SHA-256:	5D6E939B44F630A29C4FCB1E2503690C453118607FF301BEF3C07FA980D5075A
SHA-512:	81B4CEC39B03FBECA59781AA54960F0A10A09733634F401D5553E1AAA3EBF12A110C9D555946FCDD70A9CC897514663840745241AD741DC440BB081A12DCF411
Malicious:	false
Preview:	# spinbox.tcl --.#.# This file defines the default bindings for Tk spinbox widgets and provides.# procedures that help in implementing those bindings. The spinbox builds.# off the entry widget, so it can reuse Entry bindings and procedures..#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..# Copyright (c) 1999-2000 Jeffrey Hobbs.# Copyright (c) 2000 Ajuba Solutions.#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# Elements of tk::Priv that are used in this file:.#.# afterId -..If non-null, it means that auto-scanning is underway.#...and it gives the "after" id for the next auto-scan.#...command to be executed..# mouseMoved -..Non-zero means the mouse has moved a significant.#...amount since the button went down (so, for example,.#...start dragging out a

C:\Users\user\AppData\Local\Update\tk\tclIndex Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	20270
Entropy (8bit):	4.749624735829406
Encrypted:	false
SSDEEP:
MD5:	4AD192C43972A6A4834D1D5A7C511750
SHA1:	09CA39647AA1C14DB16014055E48A9B0237639BA
SHA-256:	8E8ECECFD6046FE413F37A91933EEA086E31959B3FBEB127AFDD05CD9141BE9A
SHA-512:	287FAADBC6F65FCC3EA9C1EC10B190712BB36A06D28E59F8D268EA585B4E6B13494BA111DFF6AC2EBF998578999C9C36965C714510FC21A9ACB65FF9B75097CB
Malicious:	false
Preview:	# Tcl autoload index file, version 2.0.# This file is generated by the "auto_mkindex" command.# and sourced to set up indexing information for one or.# more commands. Typically each line is a command that.# sets an element in the auto_index array, where the.# element name is the name of a command and the value is.# a script that loads the command...set auto_index(::tk::dialog::error::Return) [list source [file join $dir bgerror.tcl]].set auto_index(::tk::dialog::error::Details) [list source [file join $dir bgerror.tcl]].set auto_index(::tk::dialog::error::SaveToLog) [list source [file join $dir bgerror.tcl]].set auto_index(::tk::dialog::error::Destroy) [list source [file join $dir bgerror.tcl]].set auto_index(::tk::dialog::error::bgerror) [list source [file join $dir bgerror.tcl]].set auto_index(bgerror) [list source [file join $dir bgerror.tcl]].set auto_index(::tk::ButtonInvoke) [list source [file join $dir button.tcl]].set auto_index(::tk::ButtonAutoInvoke) [list source [file join

C:\Users\user\AppData\Local\Update\tk\tearoff.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5142
Entropy (8bit):	4.672280480827932
Encrypted:	false
SSDEEP:
MD5:	214FA0731A27E33826F2303750B64784
SHA1:	C2DA41761FB7BAE38DDDEFA22AB57B337F54F5D8
SHA-256:	FB6B35ECB1438BB8A2D816B86FB0C55500C6EA8D24AECB359CC3C7D3B3C54DE0
SHA-512:	2E2A2412CBB090C0728333480B0E07C85087ED932974A235D5BC8C9725DE937520205D988872E1B5BEFA1E80201E046C500BC875A5CBD584A5099930EBBD115A
Malicious:	false
Preview:	# tearoff.tcl --.#.# This file contains procedures that implement tear-off menus..#.# Copyright (c) 1994 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# ::tk::TearoffMenu --.# Given the name of a menu, this procedure creates a torn-off menu.# that is identical to the given menu (including nested submenus)..# The new torn-off menu exists as a toplevel window managed by the.# window manager. The return value is the name of the new menu..# The window is created at the point specified by x and y.#.# Arguments:.# w -...The menu to be torn-off (duplicated)..# x -...x coordinate where window is created.# y -...y coordinate where window is created..proc ::tk::TearOffMenu {w {x 0} {y 0}} {. # Find a unique name to use for the torn-off menu. Find the first. # ancestor of w that is a toplevel but not a menu,

C:\Users\user\AppData\Local\Update\tk\text.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	33155
Entropy (8bit):	4.908284262811967
Encrypted:	false
SSDEEP:
MD5:	03CC27E28E0CFCE1B003C3E936797AB0
SHA1:	C7FE5AE7F35C86EC3724F6A111EAAF2C1A18ABE9
SHA-256:	BCCC1039F0EB331C4BB6BD5848051BB745F242016952723478C93B009F63D254
SHA-512:	5091B10EE8446E6853EF7060EC13AB8CADA0D6448F9081FEBD07546C061F69FC273BBF23BA7AF05D8359E618DD68A5C27F0453480FE3F26E744DB19BFCD115C7
Malicious:	false
Preview:	# text.tcl --.#.# This file defines the default bindings for Tk text widgets and provides.# procedures that help in implementing the bindings..#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..# Copyright (c) 1998 by Scriptics Corporation..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# Elements of ::tk::Priv that are used in this file:.#.# afterId -..If non-null, it means that auto-scanning is underway.#...and it gives the "after" id for the next auto-scan.#...command to be executed..# char -..Character position on the line; kept in order.#...to allow moving up or down past short lines while.#...still remembering the desired position..# mouseMoved -..Non-zero means the mouse has moved a significant.#...amount since the button went down (so, for exampl

C:\Users\user\AppData\Local\Update\tk\tk.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	23142
Entropy (8bit):	5.097142507145225
Encrypted:	false
SSDEEP:
MD5:	3250EC5B2EFE5BBE4D3EC271F94E5359
SHA1:	6A0FE910041C8DF4F3CDC19871813792E8CC4E4C
SHA-256:	E1067A0668DEBB2D8E8EC3B7BC1AEC3723627649832B20333F9369F28E4DFDBF
SHA-512:	F8E403F3D59D44333BCE2AA7917E6D8115BEC0FE5AE9A1306F215018B05056467643B7AA228154DDCED176072BC903DFB556CB2638F5C55C1285C376079E8FE3
Malicious:	false
Preview:	# tk.tcl --.#.# Initialization script normally executed in the interpreter for each Tk-based.# application. Arranges class bindings for widgets..#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1996 Sun Microsystems, Inc..# Copyright (c) 1998-2000 Ajuba Solutions..#.# See the file "license.terms" for information on usage and redistribution of.# this file, and for a DISCLAIMER OF ALL WARRANTIES...# Verify that we have Tk binary and script components from the same release.package require -exact Tk 8.6.9...# Create a ::tk namespace.namespace eval ::tk {. # Set up the msgcat commands. namespace eval msgcat {..namespace export mc mcmax. if {[interp issafe] \|\| [catch {package require msgcat}]} {. # The msgcat package is not available. Supply our own. # minimal replacement.. proc mc {src args} {. return [format $src {*}$args]. }. proc mcmax {args} {.

C:\Users\user\AppData\Local\Update\tk\tkfbox.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	38373
Entropy (8bit):	5.143151103117394
Encrypted:	false
SSDEEP:
MD5:	21985684C432CB918A3E862517842F75
SHA1:	4DBACAEEF8454C1B08993D76857C5F09AA75405A
SHA-256:	AE448DF6FDBBA45D450ABEFEF12799F8362177B0B9FE06F3CA3CB0EDA5E6AA58
SHA-512:	AFEA6C47001455D7E40A5A7728FA4DFAD7BB66B02191E807BB15355847F5B265DEEE6015516807B10E1273710A3D03FAAC7856CB16EFA773813105B23A11960F
Malicious:	false
Preview:	# tkfbox.tcl --.#.#.Implements the "TK" standard file selection dialog box. This dialog.#.box is used on the Unix platforms whenever the tk_strictMotif flag is.#.not set..#.#.The "TK" standard file selection dialog box is similar to the file.#.selection dialog box on Win95(TM). The user can navigate the.#.directories by clicking on the folder icons or by selecting the.#."Directory" option menu. The user can select files by clicking on the.#.file icons or by entering a filename in the "Filename:" entry..#.# Copyright (c) 1994-1998 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..namespace eval ::tk::dialog {}.namespace eval ::tk::dialog::file {. namespace import -force ::tk::msgcat::*. variable showHiddenBtn 0. variable showHiddenVar 1.. # Create the images if they did not already exist.. if {![info exists ::tk::Priv(updirImage)]} {..set ::tk::Priv(updirImage)

C:\Users\user\AppData\Local\Update\tk\ttk\altTheme.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3683
Entropy (8bit):	4.872530668776095
Encrypted:	false
SSDEEP:
MD5:	8FF9D357AF3806D997BB8654E95F530C
SHA1:	62292163299CC229031BB4EAFBE900323056561A
SHA-256:	E36864B33D7C2B47FE26646377BE86FB341BBF2B6DF13E33BD799E87D24FC193
SHA-512:	ECDC47E7D1F0F9C0C052ACA2EB2DE10E78B2256E8DB85D7B52F365C1074A4E24CDB1C7A2780B36DFA36F174FF87B6A31C49F61CC0AC3D2412B3915234D911C9C
Malicious:	false
Preview:	#.# Ttk widget set: Alternate theme.#..namespace eval ttk::theme::alt {.. variable colors. array set colors {..-frame .."#d9d9d9"..-window.."#ffffff"..-darker ."#c3c3c3"..-border.."#414141"..-activebg ."#ececec"..-disabledfg."#a3a3a3"..-selectbg."#4a6984"..-selectfg."#ffffff"..-altindicator."#aaaaaa". }.. ttk::style theme settings alt {...ttk::style configure "." \.. -background .$colors(-frame) \.. -foreground .black \.. -troughcolor.$colors(-darker) \.. -bordercolor.$colors(-border) \.. -selectbackground .$colors(-selectbg) \.. -selectforeground .$colors(-selectfg) \.. -font ..TkDefaultFont \.. ;...ttk::style map "." -background \.. [list disabled $colors(-frame) active $colors(-activebg)] ;..ttk::style map "." -foreground [list disabled $colors(-disabledfg)] ;. ttk::style map "." -embossed [list disabled 1] ;...ttk::style configure TButton \.. -anchor center -width -11 -padding "1 1" \.. -relief raised -shiftrelief 1 \.. -highl

C:\Users\user\AppData\Local\Update\tk\ttk\aquaTheme.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2245
Entropy (8bit):	4.988082031411997
Encrypted:	false
SSDEEP:
MD5:	6466DBA5F7DDB28F280A24E2397DD875
SHA1:	060C504D08B014EB388EFAF48E3720CE5D7F0132
SHA-256:	CBC17D1C434CACD0AB42CDCC4D62ED193F926447189AD258C13738D4EC154A80
SHA-512:	5FAAC1C5FC868DCE8B7A9431BEAEB8117ADDE5C752306CAD7B6FA8123758F2CF37FB1CF18CAC2934F7D07B14FAFCE01581BAD0CA952BFECFCBD9E1E26FF9A64C
Malicious:	false
Preview:	#.# Aqua theme (OSX native look and feel).#..namespace eval ttk::theme::aqua {. ttk::style theme settings aqua {...ttk::style configure . \.. -font TkDefaultFont \.. -background systemWindowBody \.. -foreground systemModelessDialogActiveText \.. -selectbackground systemHighlight \.. -selectforeground systemModelessDialogActiveText \.. -selectborderwidth 0 \.. -insertwidth 1...ttk::style map . \.. -foreground {disabled systemModelessDialogInactiveText... background systemModelessDialogInactiveText} \.. -selectbackground {background systemHighlightSecondary... !focus systemHighlightSecondary} \.. -selectforeground {background systemModelessDialogInactiveText... !focus systemDialogActiveText}...# Workaround for #1100117:..# Actually, on Aqua we probably shouldn't stipple images in..# disabled buttons even if it did work.....ttk::style configure . -stipple {}...ttk::style configure TButton -anchor center -width -6..ttk::style configure Toolbutton -

C:\Users\user\AppData\Local\Update\tk\ttk\button.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2978
Entropy (8bit):	4.8919006418640265
Encrypted:	false
SSDEEP:
MD5:	EA7CF40852AFD55FFDA9DB29A0E11322
SHA1:	B7B42FAC93E250B54EB76D95048AC3132B10E6D8
SHA-256:	391B6E333D16497C4B538A7BDB5B16EF11359B6E3B508D470C6E3703488E3B4D
SHA-512:	123D78D6AC34AF4833D05814220757DCCF2A9AF4761FE67A8FE5F67A0D258B3C8D86ED346176FFB936AB3717CFD75B4FAB7373F7853D44FA356BE6E3A75E51B9
Malicious:	false
Preview:	#.# Bindings for Buttons, Checkbuttons, and Radiobuttons..#.# Notes: <Button1-Leave>, <Button1-Enter> only control the "pressed".# state; widgets remain "active" if the pointer is dragged out..# This doesn't seem to be conventional, but it's a nice way.# to provide extra feedback while the grab is active..# (If the button is released off the widget, the grab deactivates and.# we get a <Leave> event then, which turns off the "active" state).#.# Normally, <ButtonRelease> and <ButtonN-Enter/Leave> events are .# delivered to the widget which received the initial <ButtonPress>.# event. However, Tk [grab]s (#1223103) and menu interactions.# (#1222605) can interfere with this. To guard against spurious.# <Button1-Enter> events, the <Button1-Enter> binding only sets.# the pressed state if the button is currently active..#..namespace eval ttk::button {}..bind TButton <Enter> ..{ %W instate !disabled {%W state active} }.bind TButton <Leave>..{ %W state !active }.bind TButton <Key-space>.{ ttk:

C:\Users\user\AppData\Local\Update\tk\ttk\clamTheme.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4742
Entropy (8bit):	4.859511673200619
Encrypted:	false
SSDEEP:
MD5:	AA2987DC061DAA998B73A1AD937EE4BB
SHA1:	33FE9DFA76FB08B9D8D5C3554D13482D330C2DB1
SHA-256:	4ED0ACDD29FC1FB45C6BDC9EFB2CBADE34B93C45D5DBB269A4A4A3044CF4CB7A
SHA-512:	5A83B1FC88E42BB1DAD60D89CD5F2193E6AB59C4902A6C727E0090D1F395C2F122521FDFF250A14109EE5113D5034319199FB260129416EA962559350F217A03
Malicious:	false
Preview:	#.# "Clam" theme..#.# Inspired by the XFCE family of Gnome themes..#..namespace eval ttk::theme::clam {. variable colors . array set colors {..-disabledfg.."#999999"..-frame .."#dcdad5"..-window .."#ffffff"..-dark..."#cfcdc8"..-darker .."#bab5ab"..-darkest.."#9e9a91"..-lighter.."#eeebe7"..-lightest .."#ffffff"..-selectbg.."#4a6984"..-selectfg.."#ffffff"..-altindicator.."#5895bc"..-disabledaltindicator."#a0a0a0". }.. ttk::style theme settings clam {...ttk::style configure "." \.. -background $colors(-frame) \.. -foreground black \.. -bordercolor $colors(-darkest) \.. -darkcolor $colors(-dark) \.. -lightcolor $colors(-lighter) \.. -troughcolor $colors(-darker) \.. -selectbackground $colors(-selectbg) \.. -selectforeground $colors(-selectfg) \.. -selectborderwidth 0 \.. -font TkDefaultFont \.. ;...ttk::style map "." \.. -background [list disabled $colors(-frame) \.... active $colors(-lighter)] \.. -foreground [list disabled $colors(

C:\Users\user\AppData\Local\Update\tk\ttk\classicTheme.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3828
Entropy (8bit):	4.892728136244756
Encrypted:	false
SSDEEP:
MD5:	7DBF35F3F0F9FB68626019FF94EFBCD3
SHA1:	213F18224BF0573744836CD3BEDC83D5E443A406
SHA-256:	30E6766E9B8292793395324E412B0F5A8888512B84B080E247F95BF6EFB11A9D
SHA-512:	9081E5C89ECDE8337C5A52531DEF24924C0BCB3A1F0596D3B986CC59E635F67A78327ABF26209BF71A9BA370A93174298E6ABD11586382D7D70ADEA7E5CCF854
Malicious:	false
Preview:	#.# "classic" Tk theme..#.# Implements Tk's traditional Motif-like look and feel..#..namespace eval ttk::theme::classic {.. variable colors; array set colors {..-frame.."#d9d9d9"..-window.."#ffffff"..-activebg."#ececec"..-troughbg."#c3c3c3"..-selectbg."#c3c3c3"..-selectfg."#000000"..-disabledfg."#a3a3a3"..-indicator."#b03060"..-altindicator."#b05e5e". }.. ttk::style theme settings classic {..ttk::style configure "." \.. -font..TkDefaultFont \.. -background..$colors(-frame) \.. -foreground..black \.. -selectbackground.$colors(-selectbg) \.. -selectforeground.$colors(-selectfg) \.. -troughcolor.$colors(-troughbg) \.. -indicatorcolor.$colors(-frame) \.. -highlightcolor.$colors(-frame) \.. -highlightthickness.1 \.. -selectborderwidth.1 \.. -insertwidth.2 \.. ;...# To match pre-Xft X11 appearance, use:..#.ttk::style configure . -font {Helvetica 12 bold}...ttk::style map "." -background \.. [list disabled $colors(-frame) active $colors(-activeb

C:\Users\user\AppData\Local\Update\tk\ttk\combobox.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	12493
Entropy (8bit):	5.024195855137721
Encrypted:	false
SSDEEP:
MD5:	FBCAA6A08D9830114248F91E10D4C918
SHA1:	FA63C94824BEBD3531086816650D3F3FA73FE434
SHA-256:	9D80AA9701E82862467684D3DFF1A9EC5BBC2BBBA4F4F070518BBDE7E38499BB
SHA-512:	B377C31CC9137851679CBA0560EFE4265792D1576BD781DD42C22014A7A8F3D10D9D48A1154BB88A2987197594C8B728B71FA689CE1B32928F8513796A6A0AA3
Malicious:	false
Preview:	#.# Combobox bindings..#.# <<NOTE-WM-TRANSIENT>>:.#.#.Need to set [wm transient] just before mapping the popdown.#.instead of when it's created, in case a containing frame.#.has been reparented [#1818441]..#.#.On Windows: setting [wm transient] prevents the parent.#.toplevel from becoming inactive when the popdown is posted.#.(Tk 8.4.8+).#.#.On X11: WM_TRANSIENT_FOR on override-redirect windows.#.may be used by compositing managers and by EWMH-aware.#.window managers (even though the older ICCCM spec says.#.it's meaningless)..#.#.On OSX: [wm transient] does utterly the wrong thing..#.Instead, we use [MacWindowStyle "help" "noActivates hideOnSuspend"]..#.The "noActivates" attribute prevents the parent toplevel.#.from deactivating when the popdown is posted, and is also.#.necessary for "help" windows to receive mouse events..#."hideOnSuspend" makes the popdown disappear (resp. reappear).#.when the parent toplevel is deactivated (resp. reactivated)..#.(see [#1814778]). Also set [wm resiz

C:\Users\user\AppData\Local\Update\tk\ttk\cursors.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4007
Entropy (8bit):	4.827479665184231
Encrypted:	false
SSDEEP:
MD5:	74596004DFDBF2ECF6AF9C851156415D
SHA1:	933318C992B705BF9F8511621B4458ECB8772788
SHA-256:	7BDFFA1C2692C5D1CF67B518F9ACB32FA4B4D9936ED076F4DB835943BC1A00D6
SHA-512:	0D600B21DB67BF9DADBDD49559573078EFB41E473E94124AC4D2551BC10EC764846DC1F7674DAA79F8D2A8AEB4CA27A5E11C2F30EDE47E3ECEE77D60D7842262
Malicious:	false
Preview:	#.# Map symbolic cursor names to platform-appropriate cursors..#.# The following cursors are defined:.#.#.standard.-- default cursor for most controls.#.""..-- inherit cursor from parent window.#.none..-- no cursor.#.#.text..-- editable widgets (entry, text).#.link..-- hyperlinks within text.#.crosshair.-- graphic selection, fine control.#.busy..-- operation in progress.#.forbidden.-- action not allowed.#.#.hresize..-- horizontal resizing.#.vresize..-- vertical resizing.#.# Also resize cursors for each of the compass points,.# {nw,n,ne,w,e,sw,s,se}resize..#.# Platform notes:.#.# Windows doesn't distinguish resizing at the 8 compass points,.# only horizontal, vertical, and the two diagonals..#.# OSX doesn't have resize cursors for nw, ne, sw, or se corners..# We use the Tk-defined X11 fallbacks for these..#.# X11 doesn't have a "forbidden" cursor (usually a slashed circle);.# "pirate" seems to be the conventional cursor for this purpose..#.# Windows has an IDC_HELP cursor, but it's not

C:\Users\user\AppData\Local\Update\tk\ttk\entry.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	16408
Entropy (8bit):	4.974125903666712
Encrypted:	false
SSDEEP:
MD5:	F9B29AB14304F18E32821A29233BE816
SHA1:	6D0253274D777E081FA36CC38E51C2ABB9259D0E
SHA-256:	62D1DF52C510A83103BADAB4F3A77ABB1AA3A0E1E21F68ECE0CECCA2CA2F1341
SHA-512:	698DB665E29B29864F9FE65934CCA83A5092D81D5130FFD1EAC68C51327AE9EBC007A60A60E1AF37063017E448CE84A4024D4A412990A1078287B605DF344C70
Malicious:	false
Preview:	#.# DERIVED FROM: tk/library/entry.tcl r1.22.#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..# Copyright (c) 2004, Joe English.#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..namespace eval ttk {. namespace eval entry {..variable State...set State(x) 0..set State(selectMode) none..set State(anchor) 0..set State(scanX) 0..set State(scanIndex) 0..set State(scanMoved) 0...# Button-2 scan speed is (scanNum/scanDen) characters..# per pixel of mouse movement...# The standard Tk entry widget uses the equivalent of..# scanNum = 10, scanDen = average character width...# I don't know why that was chosen...#..set State(scanNum) 1..set State(scanDen) 1..set State(deadband) 3.;# #pixels for mouse-moved deadband.. }.}..### Option database settings..#.option add *TEntry.cursor [ttk::cursor text] widgetDefault..### Bindings..#.# Removed

C:\Users\user\AppData\Local\Update\tk\ttk\fonts.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5576
Entropy (8bit):	4.956417003071239
Encrypted:	false
SSDEEP:
MD5:	7017B5C1D53F341F703322A40C76C925
SHA1:	57540C56C92CC86F94B47830A00C29F826DEF28E
SHA-256:	0EB518251FBE9CF0C9451CC1FEF6BB6AEE16D62DA00B0050C83566DA053F68D0
SHA-512:	FD18976A8FBB7E59B12944C2628DBD66D463B2F7342661C8F67160DF37A393FA3C0CE7FDDA31073674B7A46E0A0A7D0A7B29EBE0D9488AFD9EF8B3A39410B5A8
Malicious:	false
Preview:	#.# Font specifications..#.# This file, [source]d at initialization time, sets up the following.# symbolic fonts based on the current platform:.#.# TkDefaultFont.-- default for GUI items not otherwise specified.# TkTextFont.-- font for user text (entry, listbox, others).# TkFixedFont.-- standard fixed width font.# TkHeadingFont.-- headings (column headings, etc).# TkCaptionFont -- dialog captions (primary text in alert dialogs, etc.).# TkTooltipFont.-- font to use for tooltip windows.# TkIconFont.-- font to use for icon captions.# TkMenuFont.-- used to use for menu items.#.# In Tk 8.5, some of these fonts may be provided by the TIP#145 implementation.# (On Windows and Mac OS X as of Oct 2007)..#.# +++ Platform notes:.#.# Windows:.#.The default system font changed from "MS Sans Serif" to "Tahoma".# .in Windows XP/Windows 2000..#.#.MS documentation says to use "Tahoma 8" in Windows 2000/XP,.#.although many MS programs still use "MS Sans Serif 8".#.#.Should use SystemParametersInfo() inst

C:\Users\user\AppData\Local\Update\tk\ttk\menubutton.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4913
Entropy (8bit):	4.841521491900473
Encrypted:	false
SSDEEP:
MD5:	DB24841643CEBD38D5FFD1D42B42E7F4
SHA1:	E394AF7FAF83FAD863C7B13D855FCF3705C4F1C7
SHA-256:	81B0B7818843E293C55FF541BD95168DB51FE760941D32C7CDE9A521BB42E956
SHA-512:	380272D003D5F90C13571952D0C73F5FCE2A22330F98F29707F3D5BFC29C99D9BF11A947CF2CA64CF7B8DF5E4AFE56FFA00F9455BB30D15611FC5C86130346BE
Malicious:	false
Preview:	#.# Bindings for Menubuttons..#.# Menubuttons have three interaction modes:.#.# Pulldown: Press menubutton, drag over menu, release to activate menu entry.# Popdown: Click menubutton to post menu.# Keyboard: <Key-space> or accelerator key to post menu.#.# (In addition, when menu system is active, "dropdown" -- menu posts.# on mouse-over. Ttk menubuttons don't implement this)..#.# For keyboard and popdown mode, we hand off to tk_popup and let .# the built-in Tk bindings handle the rest of the interaction..#.# ON X11:.#.# Standard Tk menubuttons use a global grab on the menubutton..# This won't work for Ttk menubuttons in pulldown mode,.# since we need to process the final <ButtonRelease> event,.# and this might be delivered to the menu. So instead we.# rely on the passive grab that occurs on <ButtonPress> events,.# and transition to popdown mode when the mouse is released.# or dragged outside the menubutton..# .# ON WINDOWS:.#.# I'm not sure what the hell is going on here. [$menu pos

C:\Users\user\AppData\Local\Update\tk\ttk\notebook.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	5619
Entropy (8bit):	4.937953914483602
Encrypted:	false
SSDEEP:
MD5:	82C9DFC512E143DDA78F91436937D4DD
SHA1:	26ABC23C1E0C201A217E3CEA7A164171418973B0
SHA-256:	D1E5267CDE3D7BE408B4C94220F7E1833C9D452BB9BA3E194E12A5EB2F9ADB80
SHA-512:	A9D3C04AD67E0DC3F1C12F9E21EF28A61FA84DBF710313D4CA656BDF35DFBBFBA9C268C018004C1F5614DB3A1128025D795BC14B4FFFAA5603A5313199798D04
Malicious:	false
Preview:	#.# Bindings for TNotebook widget.#..namespace eval ttk::notebook {. variable TLNotebooks ;# See enableTraversal.}..bind TNotebook <ButtonPress-1>..{ ttk::notebook::Press %W %x %y }.bind TNotebook <Key-Right>..{ ttk::notebook::CycleTab %W 1; break }.bind TNotebook <Key-Left>..{ ttk::notebook::CycleTab %W -1; break }.bind TNotebook <Control-Key-Tab>.{ ttk::notebook::CycleTab %W 1; break }.bind TNotebook <Control-Shift-Key-Tab>.{ ttk::notebook::CycleTab %W -1; break }.catch {.bind TNotebook <Control-ISO_Left_Tab>.{ ttk::notebook::CycleTab %W -1; break }.}.bind TNotebook <Destroy>..{ ttk::notebook::Cleanup %W }..# ActivateTab $nb $tab --.#.Select the specified tab and set focus..#.# Desired behavior:.#.+ take focus when reselecting the currently-selected tab;.#.+ keep focus if the notebook already has it;.#.+ otherwise set focus to the first traversable widget.#. in the newly-selected tab;.#.+ do not leave the focus in a deselected tab..#.proc ttk::notebook::ActivateTab {w tab} {.

C:\Users\user\AppData\Local\Update\tk\ttk\panedwindow.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1920
Entropy (8bit):	4.916119835701688
Encrypted:	false
SSDEEP:
MD5:	A12915FA5CAF93E23518E9011200F5A4
SHA1:	A61F665A408C10419FB81001578D99B43D048720
SHA-256:	CE0053D637B580170938CF552B29AE890559B98EB28038C2F0A23A265DDEB273
SHA-512:	669E1D66F1223CCA6CEB120914D5D876BD3CF401EE4A46F35825361076F19C7341695596A7DBB00D6CFF4624666FB4E7A2D8E7108C3C56A12BDA7B04E99E6F9A
Malicious:	false
Preview:	#.# Bindings for ttk::panedwindow widget..#..namespace eval ttk::panedwindow {. variable State. array set State {..pressed 0. .pressX.-..pressY.-..sash .-..sashPos -. }.}..## Bindings:.#.bind TPanedwindow <ButtonPress-1> .{ ttk::panedwindow::Press %W %x %y }.bind TPanedwindow <B1-Motion>..{ ttk::panedwindow::Drag %W %x %y }.bind TPanedwindow <ButtonRelease-1> .{ ttk::panedwindow::Release %W %x %y }..bind TPanedwindow <Motion> ..{ ttk::panedwindow::SetCursor %W %x %y }.bind TPanedwindow <Enter> ..{ ttk::panedwindow::SetCursor %W %x %y }.bind TPanedwindow <Leave> ..{ ttk::panedwindow::ResetCursor %W }.# See <<NOTE-PW-LEAVE-NOTIFYINFERIOR>>.bind TPanedwindow <<EnteredChild>>.{ ttk::panedwindow::ResetCursor %W }..## Sash movement:.#.proc ttk::panedwindow::Press {w x y} {. variable State.. set sash [$w identify $x $y]. if {$sash eq ""} {. .set State(pressed) 0..return. }. set State(pressed) .1. set State(pressX) .$x. set State(pressY) .$y. set State(sa

C:\Users\user\AppData\Local\Update\tk\ttk\progress.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1089
Entropy (8bit):	4.7101709883442755
Encrypted:	false
SSDEEP:
MD5:	B0074341A4BDA36BCDFF3EBCAE39EB73
SHA1:	D070A01CC5A787249BC6DAD184B249C4DD37396A
SHA-256:	A9C34F595E547CE94EE65E27C415195D2B210653A9FFCFB39559C5E0FA9C06F8
SHA-512:	AF23563602886A648A42B03CC5485D84FCC094AB90B08DF5261434631B6C31CE38D83A3A60CC7820890C797F6C778D5B5EFF47671CE3EE4710AB14C6110DCC35
Malicious:	false
Preview:	#.# Ttk widget set: progress bar utilities..#..namespace eval ttk::progressbar {. variable Timers.;# Map: widget name -> after ID.}..# Autoincrement --.#.Periodic callback procedure for autoincrement mode.#.proc ttk::progressbar::Autoincrement {pb steptime stepsize} {. variable Timers.. if {![winfo exists $pb]} {. .# widget has been destroyed -- cancel timer..unset -nocomplain Timers($pb)..return. }.. set Timers($pb) [after $steptime \. .[list ttk::progressbar::Autoincrement $pb $steptime $stepsize] ].. $pb step $stepsize.}..# ttk::progressbar::start --.#.Start autoincrement mode. Invoked by [$pb start] widget code..#.proc ttk::progressbar::start {pb {steptime 50} {stepsize 1}} {. variable Timers. if {![info exists Timers($pb)]} {..Autoincrement $pb $steptime $stepsize. }.}..# ttk::progressbar::stop --.#.Cancel autoincrement mode. Invoked by [$pb stop] widget code..#.proc ttk::progressbar::stop {pb} {. variable Timers. if {[info exists Timers($pb

C:\Users\user\AppData\Local\Update\tk\ttk\scale.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2698
Entropy (8bit):	4.7624002445430955
Encrypted:	false
SSDEEP:
MD5:	B41A9DF31924DEA36D69CB62891E8472
SHA1:	4C2877FBB210FDBBDE52EA8B5617F68AD2DF7B93
SHA-256:	25D0FE2B415292872EF7ACDB2DFA12D04C080B7F9B1C61F28C81AA2236180479
SHA-512:	A50DB6DA3D40D07610629DE45F06A438C6F2846324C3891C54C99074CFB7BEED329F27918C8A85BADB22C6B64740A2053B891F8E5D129D9B0A1FF103E7137D83
Malicious:	false
Preview:	# scale.tcl - Copyright (C) 2004 Pat Thoyts <patthoyts@users.sourceforge.net>.#.# Bindings for the TScale widget..namespace eval ttk::scale {. variable State. array set State {..dragging 0. }.}..bind TScale <ButtonPress-1> { ttk::scale::Press %W %x %y }.bind TScale <B1-Motion> { ttk::scale::Drag %W %x %y }.bind TScale <ButtonRelease-1> { ttk::scale::Release %W %x %y }..bind TScale <ButtonPress-2> { ttk::scale::Jump %W %x %y }.bind TScale <B2-Motion> { ttk::scale::Drag %W %x %y }.bind TScale <ButtonRelease-2> { ttk::scale::Release %W %x %y }..bind TScale <ButtonPress-3> { ttk::scale::Jump %W %x %y }.bind TScale <B3-Motion> { ttk::scale::Drag %W %x %y }.bind TScale <ButtonRelease-3> { ttk::scale::Release %W %x %y }..## Keyboard navigation bindings:.#.bind TScale <<LineStart>> { %W set [%W cget -from] }.bind TScale <<LineEnd>> { %W set [%W cget -to] }..bind TScale <<PrevChar>> { ttk::scale::Increment %W -1 }.bind TScale <<PrevLine>> {

C:\Users\user\AppData\Local\Update\tk\ttk\scrollbar.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	3097
Entropy (8bit):	4.913511104649656
Encrypted:	false
SSDEEP:
MD5:	93181DBE76EF9C39849A09242D6DF8C0
SHA1:	DE3B47AFC3E5371BF1CD0541790A9B78A97570AB
SHA-256:	5932043286A30A3CFFB2B6CE68CCDB9172A718F32926E25D3A962AE63CAD515C
SHA-512:	5C85284E063A5DE17F6CE432B3EF899D046A78725BD1F930229576BED1116C03A3EE0611B988E9903F47DA8F694483E5A76464450C48EB14622F6784004B8F7E
Malicious:	false
Preview:	#.# Bindings for TScrollbar widget.#..# Still don't have a working ttk::scrollbar under OSX -.# Swap in a [tk::scrollbar] on that platform,.# unless user specifies -class or -style..#.if {[tk windowingsystem] eq "aqua"} {. rename ::ttk::scrollbar ::ttk::_scrollbar. proc ttk::scrollbar {w args} {..set constructor ::tk::scrollbar..foreach {option _} $args {.. if {$option eq "-class" \|\| $option eq "-style"} {...set constructor ::ttk::_scrollbar...break.. }..}..return [$constructor $w {*}$args]. }.}..namespace eval ttk::scrollbar {. variable State. # State(xPress).--. # State(yPress).-- initial position of mouse at start of drag.. # State(first).-- value of -first at start of drag..}..bind TScrollbar <ButtonPress-1> .{ ttk::scrollbar::Press %W %x %y }.bind TScrollbar <B1-Motion>..{ ttk::scrollbar::Drag %W %x %y }.bind TScrollbar <ButtonRelease-1>.{ ttk::scrollbar::Release %W %x %y }..bind TScrollbar <ButtonPress-2> .{ ttk::scrollbar::Jump %W %x %y }.bind TScrollb

C:\Users\user\AppData\Local\Update\tk\ttk\sizegrip.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2406
Entropy (8bit):	4.78080326075935
Encrypted:	false
SSDEEP:
MD5:	3C8916A58C6EE1D61836E500A54C9321
SHA1:	54F3F709698FAD020A048668749CB5A09EDE35AB
SHA-256:	717D2EDD71076EA059903C7144588F8BBD8B0AFE69A55CBF23953149D6694D33
SHA-512:	2B71569A5A96CAC1B708E894A2466B1054C3FAE5405E10799B182012141634BD2A7E9E9F516658E1A6D6E9E776E397608B581501A6CFE2EB4EC54459E9ECB267
Malicious:	false
Preview:	#.# Sizegrip widget bindings..#.# Dragging a sizegrip widget resizes the containing toplevel..#.# NOTE: the sizegrip widget must be in the lower right hand corner..#..switch -- [tk windowingsystem] {. x11 -. win32 {..option add *TSizegrip.cursor [ttk::cursor seresize] widgetDefault. }. aqua {. .# Aqua sizegrips use default Arrow cursor.. }.}..namespace eval ttk::sizegrip {. variable State. array set State {..pressed .0..pressX ..0..pressY ..0..width ..0..height ..0..widthInc.1..heightInc.1. resizeX 1. resizeY 1..toplevel .{}. }.}..bind TSizegrip <ButtonPress-1> ..{ ttk::sizegrip::Press.%W %X %Y }.bind TSizegrip <B1-Motion> ..{ ttk::sizegrip::Drag .%W %X %Y }.bind TSizegrip <ButtonRelease-1> .{ ttk::sizegrip::Release %W %X %Y }..proc ttk::sizegrip::Press {W X Y} {. variable State.. if {[$W instate disabled]} { return }.. set top [winfo toplevel $W].. # If the toplevel is not resizable then bail. foreach {State(resiz

C:\Users\user\AppData\Local\Update\tk\ttk\spinbox.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4255
Entropy (8bit):	4.9576194953603006
Encrypted:	false
SSDEEP:
MD5:	86BCA3AB915C2774425B70420E499140
SHA1:	FD4798D79EEBA9CFFABCB2548068591DB531A716
SHA-256:	51F8A6C772648541684B48622FFE41B77871A185A8ACD11E9DEC9EC41D65D9CD
SHA-512:	659FB7E1631ED898E3C11670A04B953EB05CECB42A3C5EFBDD1BD97A7F99061920FD5DB3915476F224BB2C72358623E1B474B0FC3FBB7FD3734487B87A388FD7
Malicious:	false
Preview:	#.# ttk::spinbox bindings.#..namespace eval ttk::spinbox { }..### Spinbox bindings..#.# Duplicate the Entry bindings, override if needed:.#..ttk::copyBindings TEntry TSpinbox..bind TSpinbox <Motion>...{ ttk::spinbox::Motion %W %x %y }.bind TSpinbox <ButtonPress-1> ..{ ttk::spinbox::Press %W %x %y }.bind TSpinbox <ButtonRelease-1> .{ ttk::spinbox::Release %W }.bind TSpinbox <Double-Button-1> .{ ttk::spinbox::DoubleClick %W %x %y }.bind TSpinbox <Triple-Button-1> .{} ;# disable TEntry triple-click..bind TSpinbox <KeyPress-Up>..{ event generate %W <<Increment>> }.bind TSpinbox <KeyPress-Down> ..{ event generate %W <<Decrement>> }..bind TSpinbox <<Increment>>..{ ttk::spinbox::Spin %W +1 }.bind TSpinbox <<Decrement>> ..{ ttk::spinbox::Spin %W -1 }..ttk::bindMouseWheel TSpinbox ..[list ttk::spinbox::MouseWheel %W]..## Motion --.#.Sets cursor..#.proc ttk::spinbox::Motion {w x y} {. if { [$w identify $x $y] eq "textarea". && [$w instate {!readonly !disabled}]. } {..ttk::setCurso

C:\Users\user\AppData\Local\Update\tk\ttk\treeview.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8898
Entropy (8bit):	4.860766938410698
Encrypted:	false
SSDEEP:
MD5:	46B1D0EADBCF11AC51DD14B1A215AE04
SHA1:	339026AE9533F4C331ADF8C71799B222DDD89D4F
SHA-256:	DB6FAA8540C322F3E314968256D8AFFF39A1E4700EC17C7EFE364241F355D80F
SHA-512:	0FC81426857949D5AC9FE7FF3C85A1270BD35BF6E6EAF3FE7AE0DE22A0C0E5CD96D6C9471216DC1DA673FAD949CA96A3751C3D3222474D2206AA9D8A455BA12E
Malicious:	false
Preview:	#.# ttk::treeview widget bindings and utilities..#..namespace eval ttk::treeview {. variable State.. # Enter/Leave/Motion. #. set State(activeWidget) .{}. set State(activeHeading) .{}.. # Press/drag/release:. #. set State(pressMode) .none. set State(pressX)..0.. # For pressMode == "resize". set State(resizeColumn).#0.. # For pressmode == "heading". set State(heading) .{}.}..### Widget bindings..#..bind Treeview.<Motion> ..{ ttk::treeview::Motion %W %x %y }.bind Treeview.<B1-Leave>..{ #nothing }.bind Treeview.<Leave>...{ ttk::treeview::ActivateHeading {} {}}.bind Treeview.<ButtonPress-1> .{ ttk::treeview::Press %W %x %y }.bind Treeview.<Double-ButtonPress-1> .{ ttk::treeview::DoubleClick %W %x %y }.bind Treeview.<ButtonRelease-1> .{ ttk::treeview::Release %W %x %y }.bind Treeview.<B1-Motion> ..{ ttk::treeview::Drag %W %x %y }.bind Treeview .<KeyPress-Up> .{ ttk::treeview::Keynav %W up }.bind Treeview .<KeyPress-Down> .{ ttk::treeview::Keynav %

C:\Users\user\AppData\Local\Update\tk\ttk\ttk.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4546
Entropy (8bit):	4.888987944406022
Encrypted:	false
SSDEEP:
MD5:	E38B399865C45E49419C01FF2ADDCE75
SHA1:	F8A79CBC97A32622922D4A3A5694BCCB3F19DECB
SHA-256:	61BAA0268770F127394A006340D99CE831A1C7AD773181C0C13122F7D2C5B7F6
SHA-512:	285F520B648F5EC70DD79190C3B456F4D6DA2053210985F9E2C84139D8D51908296E4962B336894EE30536F09FAE84B912BC2ABF44A7011620F66CC5D9F71A8C
Malicious:	false
Preview:	#.# Ttk widget set initialization script..#..### Source library scripts..#..namespace eval ::ttk {. variable library. if {![info exists library]} {..set library [file dirname [info script]]. }.}..source [file join $::ttk::library fonts.tcl].source [file join $::ttk::library cursors.tcl].source [file join $::ttk::library utils.tcl]..## ttk::deprecated $old $new --.#.Define $old command as a deprecated alias for $new command.#.$old and $new must be fully namespace-qualified..#.proc ttk::deprecated {old new} {. interp alias {} $old {} ttk::do'deprecate $old $new.}.## do'deprecate --.#.Implementation procedure for deprecated commands --.#.issue a warning (once), then re-alias old to new..#.proc ttk::do'deprecate {old new args} {. deprecated'warning $old $new. interp alias {} $old {} $new. uplevel 1 [linsert $args 0 $new].}..## deprecated'warning --.#.Gripe about use of deprecated commands..#.proc ttk::deprecated'warning {old new} {. puts stderr "$old deprecated -- u

C:\Users\user\AppData\Local\Update\tk\ttk\utils.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	8562
Entropy (8bit):	4.958950985117383
Encrypted:	false
SSDEEP:
MD5:	65193FE52D77B8726B75FBF909EE860A
SHA1:	991DEDD4666462DD9776FDF6C21F24D6CF794C85
SHA-256:	C7CC9A15CFA999CF3763772729CC59F629E7E060AF67B7D783C50530B9B756E1
SHA-512:	E43989F5F368D2E19C9A3521FB82C6C1DD9EEB91DF936A980FFC7674C8B236CB84E113908B8C9899B85430E8FC30315BDEC891071822D701C91C5978096341B7
Malicious:	false
Preview:	#.# Utilities for widget implementations..#..### Focus management..#.# See also: #1516479.#..## ttk::takefocus --.#.This is the default value of the "-takefocus" option.#.for ttk::* widgets that participate in keyboard navigation..#.# NOTES:.#.tk::FocusOK (called by tk_focusNext) tests [winfo viewable].#.if -takefocus is 1, empty, or missing; but not if it's a.#.script prefix, so we have to check that here as well..#.#.proc ttk::takefocus {w} {. expr {[$w instate !disabled] && [winfo viewable $w]}.}..## ttk::GuessTakeFocus --.#.This routine is called as a fallback for widgets.#.with a missing or empty -takefocus option..#.#.It implements the same heuristics as tk::FocusOK..#.proc ttk::GuessTakeFocus {w} {. # Don't traverse to widgets with '-state disabled':. #. if {![catch {$w cget -state} state] && $state eq "disabled"} {..return 0. }.. # Allow traversal to widgets with explicit key or focus bindings:. #. if {[regexp {Key\|Focus} [concat [bind $w] [bind [winfo c

C:\Users\user\AppData\Local\Update\tk\ttk\vistaTheme.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	9670
Entropy (8bit):	4.6132627565634055
Encrypted:	false
SSDEEP:
MD5:	ED071B9CEA98B7594A7E74593211BD38
SHA1:	90998A1A51BCBAA3B4D72B08F5CBF19E330148D2
SHA-256:	98180630FC1E8D7D7C1B20A5FF3352C8BD8CF259DD4EB3B829B8BD4CB8AE76A4
SHA-512:	60C1EA45481AF5CFA3C5E579514DD3F4AC6C8D168553F374D0A3B3E1342E76CB71FA825C306233E185BED057E2B99877BAF9A5E88EBD48CF6DE171A8E7F6A230
Malicious:	false
Preview:	#.# Settings for Microsoft Windows Vista and Server 2008.#..# The Vista theme can only be defined on Windows Vista and above. The theme.# is created in C due to the need to assign a theme-enabled function for .# detecting when themeing is disabled. On systems that cannot support the.# Vista theme, there will be no such theme created and we must not.# evaluate this script...if {"vista" ni [ttk::style theme names]} {. return.}..namespace eval ttk::theme::vista {.. ttk::style theme settings vista {.. .ttk::style configure . \.. -background SystemButtonFace \.. -foreground SystemWindowText \.. -selectforeground SystemHighlightText \.. -selectbackground SystemHighlight \.. -insertcolor SystemWindowText \.. -font TkDefaultFont \.. ;...ttk::style map "." \.. -foreground [list disabled SystemGrayText] \.. ;...ttk::style configure TButton -anchor center -padding {1 1} -width -11..ttk::style configure TRadiobutton -padding 2..ttk::style configure TCheckbutton -pa

C:\Users\user\AppData\Local\Update\tk\ttk\winTheme.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2867
Entropy (8bit):	4.876730704118724
Encrypted:	false
SSDEEP:
MD5:	0AE8205DFBA3C9B8EEAD01AC11C965D6
SHA1:	61E8D2E909CF46886F6EA8571D4234DD336FEFB3
SHA-256:	93E4011CAA9F01802D6DD5E02C3104E619084799E949974DFEE5E0C94D1E3952
SHA-512:	E4448B922CA0FB425F879988537B9DB8F8C8A5A773805607574499506FDD9DEEB9CD41660E497002F78727AFBE3BEC17D9674E99CEF4A9D66FFD9C4536AFE153
Malicious:	false
Preview:	#.# Settings for 'winnative' theme..#..namespace eval ttk::theme::winnative {. ttk::style theme settings winnative {...ttk::style configure "." \.. -background SystemButtonFace \.. -foreground SystemWindowText \.. -selectforeground SystemHighlightText \.. -selectbackground SystemHighlight \.. -fieldbackground SystemWindow \.. -insertcolor SystemWindowText \.. -troughcolor SystemScrollbar \.. -font TkDefaultFont \.. ;...ttk::style map "." -foreground [list disabled SystemGrayText] ;. ttk::style map "." -embossed [list disabled 1] ;...ttk::style configure TButton \.. -anchor center -width -11 -relief raised -shiftrelief 1..ttk::style configure TCheckbutton -padding "2 4"..ttk::style configure TRadiobutton -padding "2 4"..ttk::style configure TMenubutton \.. -padding "8 4" -arrowsize 3 -relief raised...ttk::style map TButton -relief {{!disabled pressed} sunken}...ttk::style configure TEntry \.. -padding 2 -selectborderwidth 0 -insertwidth 1..t

C:\Users\user\AppData\Local\Update\tk\ttk\xpTheme.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2375
Entropy (8bit):	4.931678702435916
Encrypted:	false
SSDEEP:
MD5:	BD892A940333C1B804DF5C4594B0A5E6
SHA1:	4E187F09F45898749CFE7860EDEF0D5EB83D764E
SHA-256:	196C6FEF40FB6296D7762F30058AA73273083906F72F490E69FC77F1D5589B88
SHA-512:	8273A8F789D695601A7BC74DFA2A6BD7FE280EC528869F502A578E90B6DD1613C4BCC5B6CD0D93A5CA0E6538BE740CD370F634DA84064213E1F50B919EBF35B8
Malicious:	false
Preview:	#.# Settings for 'xpnative' theme.#..namespace eval ttk::theme::xpnative {.. ttk::style theme settings xpnative {...ttk::style configure . \.. -background SystemButtonFace \.. -foreground SystemWindowText \.. -selectforeground SystemHighlightText \.. -selectbackground SystemHighlight \.. -insertcolor SystemWindowText \.. -font TkDefaultFont \.. ;...ttk::style map "." \.. -foreground [list disabled SystemGrayText] \.. ;...ttk::style configure TButton -anchor center -padding {1 1} -width -11..ttk::style configure TRadiobutton -padding 2..ttk::style configure TCheckbutton -padding 2..ttk::style configure TMenubutton -padding {8 4}...ttk::style configure TNotebook -tabmargins {2 2 2 0}..ttk::style map TNotebook.Tab \.. -expand [list selected {2 2 2 2}]...# Treeview:..ttk::style configure Heading -font TkHeadingFont..ttk::style configure Treeview -background SystemWindow..ttk::style map Treeview \.. -background [list selected SystemHighlight] \.. -fore

C:\Users\user\AppData\Local\Update\tk\unsupported.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	10252
Entropy (8bit):	5.02143730499245
Encrypted:	false
SSDEEP:
MD5:	C832FDF24CA1F5C5E9B33FA5ECD11CAC
SHA1:	8082FDE50C428D2511B05F529FCCF02651D5AC93
SHA-256:	E34D828E740F151B96022934AAEC7BB8343E23D040FB54C04641888F51767EB8
SHA-512:	58BEB05778271D4C91527B1CB23491962789D95ACCBC6C28E25D05BD3D6172AAC9A90E7741CD606C69FB8CECC29EE515DA7C7D4E6098BF67F08F18DFB7983323
Malicious:	false
Preview:	# unsupported.tcl --.#.# Commands provided by Tk without official support. Use them at your.# own risk. They may change or go away without notice..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES...# ----------------------------------------------------------------------.# Unsupported compatibility interface for folks accessing Tk's private.# commands and variable against recommended usage..# ----------------------------------------------------------------------..namespace eval ::tk::unsupported {.. # Map from the old global names of Tk private commands to their. # new namespace-encapsulated names... variable PrivateCommands. array set PrivateCommands {..tkButtonAutoInvoke..::tk::ButtonAutoInvoke..tkButtonDown...::tk::ButtonDown..tkButtonEnter...::tk::ButtonEnter..tkButtonInvoke...::tk::ButtonInvoke..tkButtonLeave...::tk::ButtonLeave..tkButtonUp...::tk::ButtonUp..tkCancelRepeat...::tk::Cance

C:\Users\user\AppData\Local\Update\tk\xmfbox.tcl Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	26075
Entropy (8bit):	4.9212533677507535
Encrypted:	false
SSDEEP:
MD5:	F863B7C5680017EE9F744900CC6C3834
SHA1:	155E6E8752F6D48EF8D32CE2228E17EE58C2768E
SHA-256:	9C78A976BBC933863FB0E4C23EE62B26F8EB3D7F101D7D32E6768579499E43B1
SHA-512:	34F5B51EA1A2EFCD53B51A74E7E9B69FB154E017527BBD1CB3961F1619E74BE9D49D0583D193DBA7E8A3904F6C7446F278BC7977011DCCDAEBBE42D71FA5630C
Malicious:	false
Preview:	# xmfbox.tcl --.#.#.Implements the "Motif" style file selection dialog for the.#.Unix platform. This implementation is used only if the.#."::tk_strictMotif" flag is set..#.# Copyright (c) 1996 Sun Microsystems, Inc..# Copyright (c) 1998-2000 Scriptics Corporation.#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES...namespace eval ::tk::dialog {}.namespace eval ::tk::dialog::file {}...# ::tk::MotifFDialog --.#.#.Implements a file dialog similar to the standard Motif file.#.selection box..#.# Arguments:.#.type.."open" or "save".#.args..Options parsed by the procedure..#.# Results:.#.When -multiple is set to 0, this returns the absolute pathname.#.of the selected file. (NOTE: This is not the same as a single.#.element list.).#.#.When -multiple is set to > 0, this returns a Tcl list of absolute.# pathnames. The argument for -multiple is ignored, but for consistency.# with Windows it defines the max

C:\Users\user\AppData\Local\Update\ucrtbase.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1035720
Entropy (8bit):	6.627165721762628
Encrypted:	false
SSDEEP:
MD5:	7E39D82ADF5DA0B51A968C764E0E15C1
SHA1:	79E75CCDE95798F21A34E5650B29DBEBE79C1B43
SHA-256:	D67926328A72816D2944D7C88DF6FF4BFCCD41A9CE39AF0309A0639829D0E7FB
SHA-512:	1C58D53C40535F80F482A5F406EF5BF9C2F963B9DB5969C37EF47B0C59522A1A9BDE3F3589538A7AE7D99D567A43170B384761E572C740010FEB86894CE7322A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........of...5...5...5..5...5...5&..5...5...5...4...5...4...5...4...5...4...5...4..5...5...5...4...5Rich...5........PE..d...d%............" .....:...........Z..............................................*.....`A................................................ ................ ...........!.......... ...T........................... f..............................................text....9.......:.................. ..`.rdata.......P.......>..............@..@.data....&..........................@....pdata....... ......................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\unicodedata.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1096720
Entropy (8bit):	5.341209009962621
Encrypted:	false
SSDEEP:
MD5:	84FB421643CAB316CE623AA84395A950
SHA1:	4FBA083864B3811B8A09644D559186ECB347C387
SHA-256:	5578C3054F8846BE86E686FB73B62B1F931D3ED1A7859B87925A96774371DBA4
SHA-512:	A2132F93B0E4292DC9C32DA2A6478769EC4F58BE5C36EE2701E2A66154EA1DC2C0684FC7698E7C3AC04F5C1D366CB9633A9366E5A38B7FF7A964FF25EA266F9F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............,..,..,..l,..,...-..,...-..,...-..,...-..,Y..-..,...-..,..,...,Y..-..,Y..-..,Y..,..,Y..-..,Rich..,........PE..d....ok_.........." .....J...Z.......)....................................................`......................................... ...X...x...................$...................`)..T............................)..0............`...............................text...6I.......J.................. ..`.rdata..2....`...0...N..............@..@.data................~..............@....pdata..$...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\unins000.dat Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	4177
Entropy (8bit):	4.081833777503375
Encrypted:	false
SSDEEP:
MD5:	1F8F2407C5A6DAB63FF8A54D1706E5E8
SHA1:	7F3951180BD8AC8FDE5E23FF849A492188550C74
SHA-256:	638E2C9FF0C91C0D44ECA542C873E3E34D68A312C9DA53FD0DFF43F95B5493A6
SHA-512:	284D7CC3CDF83F83DFA040C00A05DBD313DB24EF0D8860A913A70C465AC250A1F0EE600D5DC73D3B21AEDA6B6C10A4679AF1FDC22C4C090254F346FEF21C01FD
Malicious:	false
Preview:	Inno Setup Uninstall Log (b)....................................{2634BE4C-127C-4E6A-927F-2F6832AE96CE}..........................................................................................Namang..................................................................................................................................Q...%................................................................................................................B./....z.....G................7.4.5.7.7.3......h.a.r.d.z......C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.N.a.m.a.n.g................2...... .....z....J...IFPS....&........................................................................................................ANYMETHOD.....................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TMAINFORM....TMAINFORM.........TUNINSTALLPROGRESSFORM....TUNINSTALLPROGRESSFORM.........TNEWSTATICTEXT....TNEWSTATICTEXT.........TNEWBUTTON

C:\Users\user\AppData\Local\Update\unins000.exe Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	2675089
Entropy (8bit):	6.340987948040815
Encrypted:	false
SSDEEP:
MD5:	2C0431D5D6E010F9671A7F3537AE3969
SHA1:	0075646B2F67EEB4762B8996E2146D11A9E01E2D
SHA-256:	DD3603DB45EF10FFD5E1A12B06CF13F8A95BE1DC04BC9B2D70D1B4CA364D9BA9
SHA-512:	2965C523D922FAC5F4DAF95215F5BB872631951488C7600FE106BDA95C1569386BF6FE9ED78F1D6FDA6B8DACC63C95344FD91F4E79B6D7D926980EF8599C8D06
Malicious:	false
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......^..................%...........%.......%...@..........................`)...........@......@....................'.......&..5...0'..&................................................... '.....................L.&.H.....&......................text.....%.......%................. ..`.itext...&....%..(....%............. ..`.data...dZ....%..\....%.............@....bss.....x...0&..........................idata...5....&..6....&.............@....didata.......&......@&.............@....edata........'......J&.............@..@.tls....D.....'..........................rdata..].... '......L&.............@..@.rsrc....&...0'..(...N&.............@..@............. (......<'.............@..@........................................................

C:\Users\user\AppData\Local\Update\vcruntime140.dll Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	101672
Entropy (8bit):	6.566355945650465
Encrypted:	false
SSDEEP:
MD5:	8697C106593E93C11ADC34FAA483C4A0
SHA1:	CD080C51A97AA288CE6394D6C029C06CCB783790
SHA-256:	FF43E813785EE948A937B642B03050BB4B1C6A5E23049646B891A66F65D4C833
SHA-512:	724BBED7CE6F7506E5D0B43399FB3861DDA6457A2AD2FAFE734F8921C9A4393B480CDD8A435DBDBD188B90236CB98583D5D005E24FA80B5A0622A6322E6F3987
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!/.NeNl.eNl.eNl....gNl.l6..nNl.eNm.INl..>o.hNl..>h.uNl..>i.zNl..>l.dNl..>..dNl..>n.dNl.RicheNl.................PE..d...M8.^.........." .........^...... .....................................................`A........................................`1..4....9.......p.......P.......L..(A..........H...T...............................0............................................text...b........................... ..`.rdata...?.......@..................@..@.data...0....@.......4..............@....pdata.......P.......8..............@..@_RDATA.......`.......D..............@..@.rsrc........p.......F..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\win32api.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	132608
Entropy (8bit):	5.879911590206213
Encrypted:	false
SSDEEP:
MD5:	511367F74DD035502F2DC895B6A752E7
SHA1:	40E319F0ACE8CF7C6D7C1FB3041C7D3D9F9787EB
SHA-256:	202DD28E5D0451F2C672A4537116C70929CA6BBC5EDD9115ED8A99F734F430FF
SHA-512:	7EE506C35C8B3A54F6CC1CF40ABE6672A86780ADA82024C519498C1D30A1A045FF79BD5A34116258503241880722DA87A361F4DFEA2729AF7F812BC54D723D20
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9\|T.X...X...X... ...X.......X.......X.......X.......X...>...X.......X.......X...X...Y.......X.......X.......X..Rich.X..................PE..d...G..^.........." .........................................................P............`.................................................$...................(............@..........T............................................ ..........@....................text............................... ..`.rdata....... ......................@..@.data...."......."..................@....pdata..(...........................@..@.gfids..4....0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Update\win32ui.pyd Download File
Process:	C:\Users\user\AppData\Local\Namang\namang.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1439744
Entropy (8bit):	5.3150356865033
Encrypted:	false
SSDEEP:
MD5:	473CA8209CA6DEDAC757C43143F1C5F5
SHA1:	602655F59C1BDC512032B53DEF3F1F4D1512A6BD
SHA-256:	BE3EB6E02039199042929C1C97707D0EE80068F25504117CCC6750FC45142AF3
SHA-512:	DF7CB1FC2D1B5D6F11DF49390F6194F190F0BFD0224A0B1045B852AE90D284A121646EF93330F47AF514C8A3B7FFD0A9A89D70F2C332CDBC7DD537991E9207C9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o]aw+<.$+<.$+<.$"D.$'<.$.g.%)<.$.e.%)<.$...$%<.$Eg.%(<.$Eg.% <.$Eg.%;<.$Eg.%/<.$?Z.%(<.$+<.$.9.$.g.%.<.$.g.%<.$.g.$<.$.g.%*<.$Rich+<.$................PE..d...5..^.........." ..........................(...........................................`..............................................S..@...h....@.......p...............`..L]..p...T...................h...(......................X0...........................text...P........................... ..`.rdata.............................@..@.data...."...@.......$..............@....pdata.......p......................@..@.tls......... .......\|..............@....gfids..$....0.......~..............@..@.rsrc........@......................@..@.reloc..L]...`...^..................@..B........................................................................................................................................

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.99466202432366
TrID:	Win32 Executable (generic) a (10002005/4) 98.45% Inno Setup installer (109748/4) 1.08% Win32 EXE PECompact compressed (generic) (41571/9) 0.41% Win16/32 Executable Delphi generic (2074/23) 0.02% Generic Win/DOS Executable (2004/3) 0.02%
File name:	Mario Deluxe InstaII.exe
File size:	31289608
MD5:	f316fa6263a9ccc6c99984a4b55f6384
SHA1:	fc2da9c0625d517a1d6b16ecf3948de1de4ba1ec
SHA256:	385878ab41b52271d0360cbb92e2a7d2f662b010c189d4dad913abf2bc0d49ad
SHA512:	c40dfc8d3a64fe5746a1daef45d22ef952563c083598f082b429540f2c0558e84dc6fad4f9fb00f0057b832ba10d39c7deea1577c309b5488bd1befd14295e47
SSDEEP:	786432:qFTT8sARpZRPUU6483154BijdAel7HpP1Wo19TIg4:68sARpHUU648T7uaP1WWO
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

File Icon


Icon Hash:	f0d0d0e0ce86cecc

Static PE Info

General
Entrypoint:	0x4b5eec
Entrypoint Section:	.itext
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI, RELOCS_STRIPPED
DLL Characteristics:	TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x5EC61807 [Thu May 21 05:56:23 2020 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	5a594319a0d69dbc452e748bcf05892e

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=LGN Software
Signature Validation Error:	A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
Error Number:	-2146762487
Not Before, Not After	1/1/2013 12:00:00 AM 1/1/2099 12:00:00 AM
Subject Chain	CN=LGN Software
Version:	3
Thumbprint MD5:	438ACB6761948B4E5EF41C716EA67E35
Thumbprint SHA-1:	D203EE44E3C4B1923E08BE25FE983B0BAE161E24
Thumbprint SHA-256:	8171BB39708B17460A1AD21F51883CFC1340FAB6BDE5ED83BD4105319C4F29AD
Serial:	63FFC8AFD4DFAE894C16553C56C9B02B

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
add esp, FFFFFFA4h
push ebx
push esi
push edi
xor eax, eax
mov dword ptr [ebp-3Ch], eax
mov dword ptr [ebp-40h], eax
mov dword ptr [ebp-5Ch], eax
mov dword ptr [ebp-30h], eax
mov dword ptr [ebp-38h], eax
mov dword ptr [ebp-34h], eax
mov dword ptr [ebp-2Ch], eax
mov dword ptr [ebp-28h], eax
mov dword ptr [ebp-14h], eax
mov eax, 004B10D8h
call 00007F39D06C2405h
xor eax, eax
push ebp
push 004B65DEh
push dword ptr fs:[eax]
mov dword ptr fs:[eax], esp
xor edx, edx
push ebp
push 004B659Ah
push dword ptr fs:[edx]
mov dword ptr fs:[edx], esp
mov eax, dword ptr [004BE634h]
call 00007F39D0764B17h
call 00007F39D076466Eh
lea edx, dword ptr [ebp-14h]
xor eax, eax
call 00007F39D06D7E78h
mov edx, dword ptr [ebp-14h]
mov eax, 004C1D3Ch
call 00007F39D06BCFF7h
push 00000002h
push 00000000h
push 00000001h
mov ecx, dword ptr [004C1D3Ch]
mov dl, 01h
mov eax, dword ptr [004237A4h]
call 00007F39D06D8EDFh
mov dword ptr [004C1D40h], eax
xor edx, edx
push ebp
push 004B6546h
push dword ptr fs:[edx]
mov dword ptr fs:[edx], esp
call 00007F39D0764B9Fh
mov dword ptr [004C1D48h], eax
mov eax, dword ptr [004C1D48h]
cmp dword ptr [eax+0Ch], 01h
jne 00007F39D076B19Ah
mov eax, dword ptr [004C1D48h]
mov edx, 00000028h
call 00007F39D06D97D4h
mov edx, dword ptr [004C1D48h]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0xc4000	0x9a	.edata
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc2000	0xf36	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc7000	0x180c0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x1dd5a58	0x16b0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xc6000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xc22e4	0x244	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0xc3000	0x1a4	.didata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xb3604	0xb3800	False	0.344847612726	data	6.35432911534	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.itext	0xb5000	0x1684	0x1800	False	0.544596354167	data	5.97090156552	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0xb7000	0x37a4	0x3800	False	0.361049107143	data	5.04216206778	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.bss	0xbb000	0x6da0	0x0	False	0	empty	0.0	IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.idata	0xc2000	0xf36	0x1000	False	0.3681640625	data	4.89870464796	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.didata	0xc3000	0x1a4	0x200	False	0.345703125	data	2.75636286825	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.edata	0xc4000	0x9a	0x200	False	0.2578125	data	1.87222286659	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.tls	0xc5000	0x18	0x0	False	0	empty	0.0	IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rdata	0xc6000	0x5d	0x200	False	0.189453125	data	1.38389437522	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0xc7000	0x180c0	0x18200	False	0.142264410622	data	3.84636506671	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0xc74f8	0x468	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0xc7960	0x988	data	English	United States
RT_ICON	0xc82e8	0x10a8	dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0	English	United States
RT_ICON	0xc9390	0x25a8	dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0	English	United States
RT_ICON	0xcb938	0x10828	data	English	United States
RT_STRING	0xdc160	0x360	data
RT_STRING	0xdc4c0	0x260	data
RT_STRING	0xdc720	0x45c	data
RT_STRING	0xdcb7c	0x40c	data
RT_STRING	0xdcf88	0x2d4	data
RT_STRING	0xdd25c	0xb8	data
RT_STRING	0xdd314	0x9c	data
RT_STRING	0xdd3b0	0x374	data
RT_STRING	0xdd724	0x398	data
RT_STRING	0xddabc	0x368	data
RT_STRING	0xdde24	0x2a4	data
RT_RCDATA	0xde0c8	0x10	data
RT_RCDATA	0xde0d8	0x2c4	data
RT_RCDATA	0xde39c	0x2c	data
RT_GROUP_ICON	0xde3c8	0x4c	data	English	United States
RT_VERSION	0xde414	0x584	data	English	United States
RT_MANIFEST	0xde998	0x726	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States

Imports

DLL	Import
kernel32.dll	GetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
comctl32.dll	InitCommonControls
version.dll	GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
user32.dll	CreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
oleaut32.dll	SysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
netapi32.dll	NetWkstaGetInfo, NetApiBufferFree
advapi32.dll	RegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

Exports

Name	Ordinal	Address
TMethodImplementationIntercept	3	0x454058
__dbk_fcall_wrapper	2	0x40d0a0
dbkFCallWrapperAddr	1	0x4be63c

Version Infos

Description	Data
LegalCopyright
FileVersion
CompanyName	LGN Software
Comments	This installation was built with Inno Setup.
ProductName	Namang
ProductVersion	3.0.2
FileDescription	Namang Setup
OriginalFileName
Translation	0x0000 0x04b0

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
01/27/21-06:23:15.911463	TCP	2515	WEB-MISC PCT Client_Hello overflow attempt	49748	443	192.168.2.3	172.67.185.155
01/27/21-06:30:54.332279	TCP	2515	WEB-MISC PCT Client_Hello overflow attempt	49850	443	192.168.2.3	104.21.19.70

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 27, 2021 06:52:37.786834002 CET	49750	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:52:37.833561897 CET	443	49750	172.67.185.155	192.168.2.3
Jan 27, 2021 06:52:37.834820032 CET	49750	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:52:37.882735014 CET	49750	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:52:37.928942919 CET	443	49750	172.67.185.155	192.168.2.3
Jan 27, 2021 06:52:37.929831982 CET	443	49750	172.67.185.155	192.168.2.3
Jan 27, 2021 06:52:37.929876089 CET	443	49750	172.67.185.155	192.168.2.3
Jan 27, 2021 06:52:37.932437897 CET	49750	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:52:37.936078072 CET	49750	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:52:37.937261105 CET	49750	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:52:37.983038902 CET	443	49750	172.67.185.155	192.168.2.3
Jan 27, 2021 06:52:37.985658884 CET	443	49750	172.67.185.155	192.168.2.3
Jan 27, 2021 06:52:38.143986940 CET	443	49750	172.67.185.155	192.168.2.3
Jan 27, 2021 06:52:38.144036055 CET	443	49750	172.67.185.155	192.168.2.3
Jan 27, 2021 06:52:38.144073963 CET	443	49750	172.67.185.155	192.168.2.3
Jan 27, 2021 06:52:38.148639917 CET	49750	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:52:38.154920101 CET	49750	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:52:38.205687046 CET	443	49750	172.67.185.155	192.168.2.3
Jan 27, 2021 06:52:38.209443092 CET	49750	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:50.572967052 CET	49759	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:50.619344950 CET	443	49759	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:50.619503021 CET	49759	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:50.675642967 CET	49759	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:50.721952915 CET	443	49759	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:50.724524975 CET	443	49759	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:50.724581957 CET	443	49759	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:50.724657059 CET	49759	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:50.727957964 CET	49759	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:50.728770971 CET	49759	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:50.773899078 CET	443	49759	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:50.774559975 CET	443	49759	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:50.816109896 CET	49761	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:50.862482071 CET	443	49761	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:50.862649918 CET	49761	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:50.929549932 CET	49761	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:50.929577112 CET	443	49759	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:50.929615021 CET	443	49759	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:50.929641008 CET	443	49759	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:50.929719925 CET	49759	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:50.936490059 CET	49759	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:50.975759983 CET	443	49761	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:50.977150917 CET	443	49761	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:50.977195024 CET	443	49761	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:50.977333069 CET	49761	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:50.979974031 CET	49761	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:50.980788946 CET	49761	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:50.982765913 CET	443	49759	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:50.982861042 CET	49759	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.026108980 CET	443	49761	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.026756048 CET	443	49761	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.083868027 CET	49763	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.130028963 CET	443	49763	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.130143881 CET	49763	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.169478893 CET	49763	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.183178902 CET	443	49761	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.183228970 CET	443	49761	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.183255911 CET	443	49761	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.183317900 CET	49761	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.189960003 CET	49761	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.201778889 CET	49764	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.215764999 CET	443	49763	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.217792988 CET	443	49763	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.217848063 CET	443	49763	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.217910051 CET	49763	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.224488020 CET	49763	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.225332022 CET	49763	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.236695051 CET	443	49761	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.236778021 CET	49761	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.248259068 CET	443	49764	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.248411894 CET	49764	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.270368099 CET	443	49763	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.271140099 CET	443	49763	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.302474976 CET	49764	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.348912954 CET	443	49764	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.350023985 CET	443	49764	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.350070000 CET	443	49764	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.350137949 CET	49764	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.353048086 CET	49764	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.353921890 CET	49764	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.399334908 CET	443	49764	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.400099993 CET	443	49764	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.437117100 CET	443	49763	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.437170982 CET	443	49763	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.437197924 CET	443	49763	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.437235117 CET	49763	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.443165064 CET	49763	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.490036964 CET	443	49763	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.490160942 CET	49763	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.567270041 CET	443	49764	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.567322969 CET	443	49764	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.567353964 CET	443	49764	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.567421913 CET	49764	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.572931051 CET	49764	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.619539976 CET	443	49764	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.619622946 CET	49764	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.734003067 CET	49765	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.780436993 CET	443	49765	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.780582905 CET	49765	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.832063913 CET	49765	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.878060102 CET	443	49765	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.880516052 CET	443	49765	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.880556107 CET	443	49765	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.880625963 CET	49765	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.883347988 CET	49765	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.884288073 CET	49765	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:51.929074049 CET	443	49765	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:51.929944038 CET	443	49765	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:52.094376087 CET	443	49765	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:52.094427109 CET	443	49765	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:52.094451904 CET	443	49765	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:52.094501972 CET	49765	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:52.099946022 CET	49765	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:54:52.146089077 CET	443	49765	172.67.185.155	192.168.2.3
Jan 27, 2021 06:54:52.146220922 CET	49765	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:20.397214890 CET	49769	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:20.443229914 CET	443	49769	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:20.444925070 CET	49769	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:20.469429970 CET	49769	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:20.506241083 CET	49770	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:20.515436888 CET	443	49769	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:20.516547918 CET	443	49769	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:20.516566992 CET	443	49769	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:20.516628981 CET	49769	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:20.518539906 CET	49769	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:20.519188881 CET	49769	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:20.552529097 CET	443	49770	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:20.552804947 CET	49770	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:20.564414024 CET	443	49769	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:20.564924955 CET	443	49769	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:20.576834917 CET	49770	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:20.623030901 CET	443	49770	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:20.625004053 CET	443	49770	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:20.625022888 CET	443	49770	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:20.625123024 CET	49770	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:20.627420902 CET	49770	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:20.628045082 CET	49770	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:20.673484087 CET	443	49770	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:20.674081087 CET	443	49770	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:20.701412916 CET	49771	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:20.747035980 CET	443	49771	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:20.747173071 CET	49771	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:20.765153885 CET	49771	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:20.810791016 CET	443	49771	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:20.814007044 CET	443	49771	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:20.814023972 CET	443	49771	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:20.814115047 CET	49771	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:20.815505981 CET	49771	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:20.815964937 CET	49771	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:20.858383894 CET	443	49769	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:20.858433962 CET	443	49769	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:20.858459949 CET	443	49769	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:20.858525038 CET	49769	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:20.861085892 CET	443	49771	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:20.861427069 CET	443	49771	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:20.862896919 CET	49769	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:20.909126043 CET	443	49769	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:20.909228086 CET	49769	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:20.963901997 CET	443	49770	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:20.963922977 CET	443	49770	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:20.963929892 CET	443	49770	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:20.964004993 CET	49770	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:20.967853069 CET	49770	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:21.014295101 CET	443	49770	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:21.014367104 CET	49770	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:21.019157887 CET	443	49771	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:21.019181967 CET	443	49771	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:21.019188881 CET	443	49771	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:21.019285917 CET	49771	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:21.023150921 CET	49771	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:21.069240093 CET	443	49771	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:21.069324970 CET	49771	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:39.786500931 CET	49774	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:39.832885027 CET	443	49774	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:39.833075047 CET	49774	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:39.852428913 CET	49774	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:39.898804903 CET	443	49774	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:39.899636030 CET	443	49774	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:39.899693012 CET	443	49774	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:39.899790049 CET	49774	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:39.901025057 CET	49774	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:39.901531935 CET	49774	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:39.947376966 CET	443	49774	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:39.947547913 CET	443	49774	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:39.952210903 CET	49775	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:39.998193026 CET	443	49775	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:39.998421907 CET	49775	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:40.024785042 CET	49775	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:40.070909977 CET	443	49775	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:40.073683977 CET	443	49775	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:40.073739052 CET	443	49775	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:40.073862076 CET	49775	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:40.075016975 CET	49775	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:40.076035023 CET	49775	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:40.119257927 CET	443	49774	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:40.119302988 CET	443	49774	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:40.119338989 CET	443	49774	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:40.119375944 CET	49774	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:40.120789051 CET	443	49775	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:40.121874094 CET	443	49775	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:40.122919083 CET	49774	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:40.169274092 CET	443	49774	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:40.169410944 CET	49774	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:40.285473108 CET	443	49775	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:40.285521984 CET	443	49775	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:40.285568953 CET	443	49775	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:40.285615921 CET	49775	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:40.289603949 CET	49775	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:40.337847948 CET	443	49775	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:40.338589907 CET	49775	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:56.232378006 CET	49778	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:56.278836012 CET	443	49778	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:56.280020952 CET	49778	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:56.298568964 CET	49778	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:56.344875097 CET	443	49778	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:56.347453117 CET	443	49778	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:56.347501040 CET	443	49778	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:56.347594976 CET	49778	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:56.348925114 CET	49778	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:56.349397898 CET	49778	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:56.395466089 CET	443	49778	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:56.395915031 CET	443	49778	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:56.558496952 CET	443	49778	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:56.558525085 CET	443	49778	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:56.558540106 CET	443	49778	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:56.558602095 CET	49778	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:56.563211918 CET	49778	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:55:56.609781027 CET	443	49778	172.67.185.155	192.168.2.3
Jan 27, 2021 06:55:56.609879971 CET	49778	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:14.807780027 CET	49779	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:14.854203939 CET	443	49779	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:14.854372025 CET	49779	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:14.912179947 CET	49779	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:14.958679914 CET	443	49779	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:14.961575031 CET	443	49779	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:14.961628914 CET	443	49779	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:14.961710930 CET	49779	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:14.963718891 CET	49779	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:14.964428902 CET	49779	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:15.009865999 CET	443	49779	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:15.010481119 CET	443	49779	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:15.178150892 CET	443	49779	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:15.178184032 CET	443	49779	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:15.178220034 CET	443	49779	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:15.178272009 CET	49779	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:15.193627119 CET	49779	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:15.243323088 CET	443	49779	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:15.243484020 CET	49779	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.506386042 CET	49784	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.553492069 CET	443	49784	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.553620100 CET	49784	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.572216988 CET	49784	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.579241037 CET	49785	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.581233025 CET	49786	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.618194103 CET	443	49784	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.620579004 CET	443	49784	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.620634079 CET	443	49784	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.620716095 CET	49784	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.622389078 CET	49784	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.622967005 CET	49784	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.625236034 CET	443	49785	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.625339031 CET	49785	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.627294064 CET	443	49786	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.627409935 CET	49786	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.654086113 CET	49785	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.657154083 CET	49786	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.668349981 CET	443	49784	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.668756008 CET	443	49784	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.701224089 CET	443	49785	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.702110052 CET	443	49785	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.702153921 CET	443	49785	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.702227116 CET	49785	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.703819036 CET	49785	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.704245090 CET	443	49786	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.704305887 CET	49785	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.705820084 CET	443	49786	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.705862999 CET	443	49786	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.705960989 CET	49786	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.707202911 CET	49786	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.707720995 CET	49786	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.717581034 CET	49787	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.749783993 CET	443	49785	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.750128984 CET	443	49785	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.753139973 CET	443	49786	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.753607988 CET	443	49786	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.763322115 CET	443	49787	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.763451099 CET	49787	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.784291029 CET	49787	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.828237057 CET	443	49784	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.828259945 CET	443	49784	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.828267097 CET	443	49784	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.828344107 CET	49784	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.831881046 CET	49784	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.831957102 CET	443	49787	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.833466053 CET	443	49787	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.833494902 CET	443	49787	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.833564043 CET	49787	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.834819078 CET	49787	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.835325956 CET	49787	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.878113985 CET	443	49784	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.878199100 CET	49784	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.880394936 CET	443	49787	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.880846024 CET	443	49787	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.915524960 CET	443	49785	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.915569067 CET	443	49785	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.915599108 CET	443	49785	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.915659904 CET	49785	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.919393063 CET	49785	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:50.965888023 CET	443	49785	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:50.965967894 CET	49785	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:51.042664051 CET	443	49786	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:51.042736053 CET	443	49786	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:51.042762041 CET	443	49786	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:51.042795897 CET	49786	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:51.045958042 CET	443	49787	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:51.046005011 CET	443	49787	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:51.046036005 CET	443	49787	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:51.046180010 CET	49787	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:51.049355030 CET	49786	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:51.050646067 CET	49787	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:51.095649958 CET	443	49786	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:51.095726013 CET	49786	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:56:51.096649885 CET	443	49787	172.67.185.155	192.168.2.3
Jan 27, 2021 06:56:51.096719980 CET	49787	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:57:50.355340958 CET	49791	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:57:50.401712894 CET	443	49791	172.67.185.155	192.168.2.3
Jan 27, 2021 06:57:50.401844978 CET	49791	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:57:50.418082952 CET	49791	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:57:50.465826035 CET	443	49791	172.67.185.155	192.168.2.3
Jan 27, 2021 06:57:50.467063904 CET	443	49791	172.67.185.155	192.168.2.3
Jan 27, 2021 06:57:50.467109919 CET	443	49791	172.67.185.155	192.168.2.3
Jan 27, 2021 06:57:50.467206955 CET	49791	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:57:50.468456984 CET	49791	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:57:50.468842030 CET	49791	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:57:50.514702082 CET	443	49791	172.67.185.155	192.168.2.3
Jan 27, 2021 06:57:50.514873028 CET	443	49791	172.67.185.155	192.168.2.3
Jan 27, 2021 06:57:50.682111025 CET	443	49791	172.67.185.155	192.168.2.3
Jan 27, 2021 06:57:50.682157040 CET	443	49791	172.67.185.155	192.168.2.3
Jan 27, 2021 06:57:50.682183027 CET	443	49791	172.67.185.155	192.168.2.3
Jan 27, 2021 06:57:50.682321072 CET	49791	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:57:50.685852051 CET	49791	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:57:50.732203960 CET	443	49791	172.67.185.155	192.168.2.3
Jan 27, 2021 06:57:50.732350111 CET	49791	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:24.903033972 CET	49796	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:24.937288046 CET	49797	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:24.949080944 CET	443	49796	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:24.949213028 CET	49796	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:24.969784021 CET	49796	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:24.983688116 CET	443	49797	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:24.983808994 CET	49797	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.003386974 CET	49797	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.015826941 CET	443	49796	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.018738031 CET	443	49796	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.018783092 CET	443	49796	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.018853903 CET	49796	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.020194054 CET	49796	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.020661116 CET	49796	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.049596071 CET	443	49797	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.051009893 CET	443	49797	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.051050901 CET	443	49797	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.051139116 CET	49797	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.052341938 CET	49797	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.052778006 CET	49797	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.066097975 CET	443	49796	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.066492081 CET	443	49796	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.098547935 CET	443	49797	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.098901033 CET	443	49797	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.305752039 CET	49798	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.352027893 CET	443	49798	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.356492043 CET	49798	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.372756958 CET	49798	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.375199080 CET	443	49796	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.375240088 CET	443	49796	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.375268936 CET	443	49796	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.375351906 CET	49796	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.378458977 CET	49796	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.408535004 CET	443	49797	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.408580065 CET	443	49797	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.408607960 CET	443	49797	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.408653021 CET	49797	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.412174940 CET	49797	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.419044971 CET	443	49798	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.420516968 CET	443	49798	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.420559883 CET	443	49798	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.421087027 CET	49798	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.422403097 CET	49798	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.422854900 CET	49798	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.424670935 CET	443	49796	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.424748898 CET	49796	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.461255074 CET	443	49797	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.461368084 CET	49797	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.468540907 CET	443	49798	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.468991995 CET	443	49798	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.523654938 CET	49799	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.569535971 CET	443	49799	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.570116997 CET	49799	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.587728024 CET	49799	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.630592108 CET	443	49798	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.630654097 CET	443	49798	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.630676031 CET	443	49798	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.630753994 CET	49798	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.633614063 CET	443	49799	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.633902073 CET	49798	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.639970064 CET	443	49799	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.640016079 CET	443	49799	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.640108109 CET	49799	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.641988993 CET	49799	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.642566919 CET	49799	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.680537939 CET	443	49798	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.680653095 CET	49798	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:25.687637091 CET	443	49799	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:25.688190937 CET	443	49799	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:26.036201000 CET	443	49799	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:26.036250114 CET	443	49799	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:26.036277056 CET	443	49799	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:26.036314011 CET	49799	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:26.039640903 CET	49799	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:26.085688114 CET	443	49799	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:26.085853100 CET	49799	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:44.130060911 CET	49802	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:44.132491112 CET	49803	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:44.176049948 CET	443	49802	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:44.176184893 CET	49802	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:44.178745031 CET	443	49803	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:44.178929090 CET	49803	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:44.196089983 CET	49802	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:44.198086023 CET	49803	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:44.241971970 CET	443	49802	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:44.244308949 CET	443	49803	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:44.244443893 CET	443	49802	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:44.244462013 CET	443	49802	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:44.244611979 CET	49802	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:44.245311022 CET	443	49803	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:44.245331049 CET	443	49803	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:44.245419025 CET	49803	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:44.245732069 CET	49802	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:44.246460915 CET	49802	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:44.246828079 CET	49803	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:44.247209072 CET	49803	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:44.291476965 CET	443	49802	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:44.292218924 CET	443	49802	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:44.292840004 CET	443	49803	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:44.293149948 CET	443	49803	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:44.450139046 CET	443	49802	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:44.450159073 CET	443	49802	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:44.450165033 CET	443	49802	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:44.450371981 CET	49802	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:44.453572989 CET	49802	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:44.499943972 CET	443	49802	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:44.500086069 CET	49802	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:44.592535019 CET	443	49803	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:44.592577934 CET	443	49803	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:44.592602968 CET	443	49803	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:44.592644930 CET	49803	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:44.598598003 CET	49803	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:58:44.645112991 CET	443	49803	172.67.185.155	192.168.2.3
Jan 27, 2021 06:58:44.645297050 CET	49803	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:20.852622986 CET	49808	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:20.900367975 CET	443	49808	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:20.900654078 CET	49808	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:20.922646046 CET	49808	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:20.970768929 CET	443	49808	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:20.972265005 CET	443	49808	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:20.972284079 CET	443	49808	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:20.972359896 CET	49808	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:20.974669933 CET	49808	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:20.975127935 CET	49808	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:20.985218048 CET	49809	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.020622015 CET	443	49808	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.020944118 CET	443	49808	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.030886889 CET	443	49809	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.031328917 CET	49809	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.065071106 CET	49809	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.111145973 CET	443	49809	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.112773895 CET	443	49809	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.112807035 CET	443	49809	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.112904072 CET	49809	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.115084887 CET	49809	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.115612030 CET	49809	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.161959887 CET	443	49809	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.162494898 CET	443	49809	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.189205885 CET	443	49808	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.189229012 CET	443	49808	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.189239025 CET	443	49808	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.189567089 CET	49808	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.196798086 CET	49808	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.242908955 CET	443	49808	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.244550943 CET	49808	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.250724077 CET	49810	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.296622992 CET	443	49810	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.300864935 CET	49810	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.324246883 CET	49810	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.371622086 CET	443	49810	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.373709917 CET	443	49810	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.373754978 CET	443	49810	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.373828888 CET	49810	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.375961065 CET	49810	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.376415014 CET	49810	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.421835899 CET	443	49810	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.422257900 CET	443	49810	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.448271990 CET	49811	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.470840931 CET	443	49809	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.470874071 CET	443	49809	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.470889091 CET	443	49809	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.471152067 CET	49809	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.476963997 CET	49809	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.494409084 CET	443	49811	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.496294022 CET	49811	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.524044037 CET	443	49809	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.525221109 CET	49809	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.526660919 CET	49811	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.574112892 CET	443	49811	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.576081991 CET	443	49811	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.576153994 CET	443	49811	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.576329947 CET	49811	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.578613997 CET	443	49810	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.578644991 CET	443	49810	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.578670979 CET	443	49810	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.578753948 CET	49810	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.579308033 CET	49811	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.579700947 CET	49811	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.587616920 CET	49810	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.624994040 CET	443	49811	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.625224113 CET	443	49811	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.633685112 CET	443	49810	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.633768082 CET	49810	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.791837931 CET	443	49811	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.791862011 CET	443	49811	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.791872978 CET	443	49811	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.792512894 CET	49811	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.795931101 CET	49811	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:21.843786955 CET	443	49811	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:21.844027996 CET	49811	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:39.535451889 CET	49814	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:39.581698895 CET	443	49814	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:39.584017992 CET	49814	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:39.604650021 CET	49814	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:39.650752068 CET	443	49814	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:39.652739048 CET	443	49814	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:39.652781010 CET	443	49814	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:39.653119087 CET	49814	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:39.654087067 CET	49814	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:39.654481888 CET	49814	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:39.700160027 CET	443	49814	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:39.700331926 CET	443	49814	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:39.860863924 CET	443	49814	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:39.860923052 CET	443	49814	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:39.860954046 CET	443	49814	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:39.861082077 CET	49814	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:39.864501953 CET	49814	443	192.168.2.3	172.67.185.155
Jan 27, 2021 06:59:39.910990953 CET	443	49814	172.67.185.155	192.168.2.3
Jan 27, 2021 06:59:39.911163092 CET	49814	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:07.087239027 CET	49818	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:07.133059025 CET	443	49818	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:07.133171082 CET	49818	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:07.151298046 CET	49818	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:07.196974993 CET	443	49818	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:07.198487043 CET	443	49818	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:07.198513031 CET	443	49818	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:07.198602915 CET	49818	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:07.200397015 CET	49818	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:07.201006889 CET	49818	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:07.248054981 CET	443	49818	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:07.248075962 CET	443	49818	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:07.410433054 CET	443	49818	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:07.410471916 CET	443	49818	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:07.410492897 CET	443	49818	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:07.410567999 CET	49818	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:07.414244890 CET	49818	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:07.460161924 CET	443	49818	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:07.460508108 CET	49818	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:34.388215065 CET	49822	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:34.434386969 CET	443	49822	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:34.434542894 CET	49822	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:34.455674887 CET	49822	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:34.502346039 CET	443	49822	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:34.503700018 CET	443	49822	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:34.503734112 CET	443	49822	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:34.503814936 CET	49822	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:34.504968882 CET	49822	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:34.505400896 CET	49822	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:34.551420927 CET	443	49822	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:34.551901102 CET	443	49822	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:34.712441921 CET	443	49822	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:34.712472916 CET	443	49822	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:34.712486029 CET	443	49822	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:34.713654041 CET	49822	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:34.718036890 CET	49822	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:34.764812946 CET	443	49822	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:34.766196966 CET	49822	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:35.028137922 CET	49823	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:35.074362993 CET	443	49823	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:35.075901031 CET	49823	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:35.099667072 CET	49823	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:35.145922899 CET	443	49823	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:35.148654938 CET	443	49823	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:35.148684025 CET	443	49823	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:35.150054932 CET	49823	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:35.151292086 CET	49823	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:35.152973890 CET	49823	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:35.197935104 CET	443	49823	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:35.199554920 CET	443	49823	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:35.226182938 CET	49824	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:35.272370100 CET	443	49824	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:35.274363041 CET	49824	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:35.301666975 CET	49824	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:35.347615957 CET	443	49824	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:35.348787069 CET	443	49824	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:35.348810911 CET	443	49824	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:35.348897934 CET	49824	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:35.350078106 CET	49824	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:35.353537083 CET	49824	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:35.361290932 CET	443	49823	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:35.361313105 CET	443	49823	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:35.361325979 CET	443	49823	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:35.361397982 CET	49823	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:35.369913101 CET	49823	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:35.395860910 CET	443	49824	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:35.399385929 CET	443	49824	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:35.416132927 CET	443	49823	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:35.416491032 CET	49823	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:35.561270952 CET	443	49824	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:35.561320066 CET	443	49824	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:35.561356068 CET	443	49824	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:35.561482906 CET	49824	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:35.564665079 CET	49824	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:35.610769987 CET	443	49824	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:35.613940001 CET	49824	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:50.444777966 CET	49826	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:50.490854025 CET	443	49826	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:50.493268967 CET	49826	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:50.521248102 CET	49826	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:50.567192078 CET	443	49826	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:50.568660975 CET	443	49826	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:50.568681002 CET	443	49826	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:50.569006920 CET	49826	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:50.571981907 CET	49826	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:50.572380066 CET	49826	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:50.617789030 CET	443	49826	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:50.618354082 CET	443	49826	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:50.783274889 CET	443	49826	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:50.783310890 CET	443	49826	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:50.783334017 CET	443	49826	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:50.783536911 CET	49826	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:50.787290096 CET	49826	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:50.833465099 CET	443	49826	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:50.833631039 CET	49826	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:59.169228077 CET	49827	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:59.215529919 CET	443	49827	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:59.215711117 CET	49827	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:59.247463942 CET	49827	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:59.293467045 CET	443	49827	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:59.295504093 CET	443	49827	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:59.296978951 CET	443	49827	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:59.297053099 CET	49827	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:59.298568964 CET	49827	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:59.299050093 CET	49827	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:59.344508886 CET	443	49827	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:59.345635891 CET	443	49827	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:59.441317081 CET	49828	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:59.487278938 CET	443	49828	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:59.488023996 CET	49828	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:59.518630981 CET	49828	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:59.518919945 CET	443	49827	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:59.518943071 CET	443	49827	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:59.518955946 CET	443	49827	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:59.519102097 CET	49827	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:59.523518085 CET	49827	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:59.564666986 CET	443	49828	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:59.566015959 CET	443	49828	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:59.566045046 CET	443	49828	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:59.566827059 CET	49828	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:59.569802999 CET	443	49827	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:59.569978952 CET	49827	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:59.573471069 CET	49828	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:59.573872089 CET	49828	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:59.619297981 CET	443	49828	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:59.619609118 CET	443	49828	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:59.795106888 CET	443	49828	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:59.795155048 CET	443	49828	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:59.795181036 CET	443	49828	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:59.795217991 CET	49828	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:59.803633928 CET	49828	443	192.168.2.3	172.67.185.155
Jan 27, 2021 07:00:59.849917889 CET	443	49828	172.67.185.155	192.168.2.3
Jan 27, 2021 07:00:59.850076914 CET	49828	443	192.168.2.3	172.67.185.155

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 27, 2021 06:49:49.519506931 CET	63492	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:49:49.570370913 CET	53	63492	8.8.8.8	192.168.2.3
Jan 27, 2021 06:49:50.665815115 CET	60831	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:49:50.716685057 CET	53	60831	8.8.8.8	192.168.2.3
Jan 27, 2021 06:49:51.589586020 CET	60100	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:49:51.640284061 CET	53	60100	8.8.8.8	192.168.2.3
Jan 27, 2021 06:49:52.572510004 CET	53195	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:49:52.621463060 CET	53	53195	8.8.8.8	192.168.2.3
Jan 27, 2021 06:49:53.670738935 CET	50141	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:49:53.729845047 CET	53	50141	8.8.8.8	192.168.2.3
Jan 27, 2021 06:49:54.727401972 CET	53023	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:49:54.775537968 CET	53	53023	8.8.8.8	192.168.2.3
Jan 27, 2021 06:49:57.959806919 CET	49563	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:49:58.016213894 CET	53	49563	8.8.8.8	192.168.2.3
Jan 27, 2021 06:50:01.326978922 CET	51352	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:50:01.385359049 CET	53	51352	8.8.8.8	192.168.2.3
Jan 27, 2021 06:50:02.750904083 CET	59349	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:50:02.798823118 CET	53	59349	8.8.8.8	192.168.2.3
Jan 27, 2021 06:50:06.323421001 CET	57084	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:50:06.371510983 CET	53	57084	8.8.8.8	192.168.2.3
Jan 27, 2021 06:50:12.379122972 CET	58823	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:50:12.427324057 CET	53	58823	8.8.8.8	192.168.2.3
Jan 27, 2021 06:50:13.363406897 CET	57568	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:50:13.411218882 CET	53	57568	8.8.8.8	192.168.2.3
Jan 27, 2021 06:50:15.667851925 CET	50540	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:50:15.750592947 CET	53	50540	8.8.8.8	192.168.2.3
Jan 27, 2021 06:50:32.893431902 CET	54366	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:50:32.943254948 CET	53	54366	8.8.8.8	192.168.2.3
Jan 27, 2021 06:50:38.632014990 CET	53034	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:50:38.680149078 CET	53	53034	8.8.8.8	192.168.2.3
Jan 27, 2021 06:50:53.866764069 CET	57762	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:50:53.924648046 CET	53	57762	8.8.8.8	192.168.2.3
Jan 27, 2021 06:51:11.440157890 CET	55435	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:51:11.539280891 CET	53	55435	8.8.8.8	192.168.2.3
Jan 27, 2021 06:51:12.413760900 CET	50713	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:51:12.472992897 CET	53	50713	8.8.8.8	192.168.2.3
Jan 27, 2021 06:51:13.188735962 CET	56132	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:51:13.251708031 CET	53	56132	8.8.8.8	192.168.2.3
Jan 27, 2021 06:51:14.141109943 CET	58987	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:51:15.142519951 CET	58987	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:51:15.961539984 CET	53	58987	8.8.8.8	192.168.2.3
Jan 27, 2021 06:51:15.962611914 CET	53	58987	8.8.8.8	192.168.2.3
Jan 27, 2021 06:51:16.568805933 CET	56579	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:51:16.625472069 CET	53	56579	8.8.8.8	192.168.2.3
Jan 27, 2021 06:51:16.683573961 CET	60633	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:51:16.755579948 CET	53	60633	8.8.8.8	192.168.2.3
Jan 27, 2021 06:51:17.240086079 CET	61292	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:51:17.296149969 CET	53	61292	8.8.8.8	192.168.2.3
Jan 27, 2021 06:51:17.878973007 CET	63619	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:51:17.935332060 CET	53	63619	8.8.8.8	192.168.2.3
Jan 27, 2021 06:51:19.890830994 CET	64938	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:51:19.947320938 CET	53	64938	8.8.8.8	192.168.2.3
Jan 27, 2021 06:51:20.955254078 CET	61946	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:51:21.014708996 CET	53	61946	8.8.8.8	192.168.2.3
Jan 27, 2021 06:51:21.437009096 CET	64910	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:51:21.493505955 CET	53	64910	8.8.8.8	192.168.2.3
Jan 27, 2021 06:51:21.528671026 CET	52123	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:51:21.589277029 CET	53	52123	8.8.8.8	192.168.2.3
Jan 27, 2021 06:51:50.700524092 CET	56130	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:51:50.751456976 CET	53	56130	8.8.8.8	192.168.2.3
Jan 27, 2021 06:51:52.238257885 CET	56338	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:51:52.307447910 CET	53	56338	8.8.8.8	192.168.2.3
Jan 27, 2021 06:52:37.720608950 CET	59420	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:52:37.777326107 CET	53	59420	8.8.8.8	192.168.2.3
Jan 27, 2021 06:54:39.933487892 CET	58784	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:54:39.981434107 CET	53	58784	8.8.8.8	192.168.2.3
Jan 27, 2021 06:54:40.704185963 CET	63978	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:54:40.770881891 CET	53	63978	8.8.8.8	192.168.2.3
Jan 27, 2021 06:54:42.847887993 CET	62938	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:54:42.915258884 CET	53	62938	8.8.8.8	192.168.2.3
Jan 27, 2021 06:54:50.457169056 CET	55708	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:54:50.505342960 CET	53	55708	8.8.8.8	192.168.2.3
Jan 27, 2021 06:54:50.624233007 CET	56803	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:54:50.697108030 CET	53	56803	8.8.8.8	192.168.2.3
Jan 27, 2021 06:54:50.729573011 CET	57145	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:54:50.732765913 CET	55359	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:54:50.783380032 CET	53	55359	8.8.8.8	192.168.2.3
Jan 27, 2021 06:54:50.787961960 CET	53	57145	8.8.8.8	192.168.2.3
Jan 27, 2021 06:54:50.942758083 CET	58306	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:54:50.999460936 CET	53	58306	8.8.8.8	192.168.2.3
Jan 27, 2021 06:54:51.092626095 CET	64124	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:54:51.149301052 CET	53	64124	8.8.8.8	192.168.2.3
Jan 27, 2021 06:54:51.195370913 CET	49361	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:54:51.251768112 CET	53	49361	8.8.8.8	192.168.2.3
Jan 27, 2021 06:55:20.283544064 CET	63150	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:55:20.340018034 CET	53	63150	8.8.8.8	192.168.2.3
Jan 27, 2021 06:55:20.398766994 CET	53279	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:55:20.457917929 CET	53	53279	8.8.8.8	192.168.2.3
Jan 27, 2021 06:55:20.630129099 CET	56881	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:55:20.688456059 CET	53	56881	8.8.8.8	192.168.2.3
Jan 27, 2021 06:55:39.707221031 CET	53642	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:55:39.763847113 CET	53	53642	8.8.8.8	192.168.2.3
Jan 27, 2021 06:55:39.887976885 CET	55667	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:55:39.947415113 CET	53	55667	8.8.8.8	192.168.2.3
Jan 27, 2021 06:55:56.168582916 CET	54833	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:55:56.229715109 CET	53	54833	8.8.8.8	192.168.2.3
Jan 27, 2021 06:56:14.699215889 CET	62476	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:56:14.755848885 CET	53	62476	8.8.8.8	192.168.2.3
Jan 27, 2021 06:56:50.419534922 CET	49705	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:56:50.476077080 CET	53	49705	8.8.8.8	192.168.2.3
Jan 27, 2021 06:56:50.504870892 CET	61477	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:56:50.512633085 CET	61633	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:56:50.565512896 CET	53	61477	8.8.8.8	192.168.2.3
Jan 27, 2021 06:56:50.569029093 CET	53	61633	8.8.8.8	192.168.2.3
Jan 27, 2021 06:56:50.655575037 CET	55949	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:56:50.715830088 CET	53	55949	8.8.8.8	192.168.2.3
Jan 27, 2021 06:57:23.242384911 CET	57601	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:57:23.293409109 CET	53	57601	8.8.8.8	192.168.2.3
Jan 27, 2021 06:57:24.082519054 CET	49342	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:57:24.133501053 CET	53	49342	8.8.8.8	192.168.2.3
Jan 27, 2021 06:57:50.241899967 CET	56253	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:57:50.301533937 CET	53	56253	8.8.8.8	192.168.2.3
Jan 27, 2021 06:58:24.773154020 CET	49667	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:58:24.821034908 CET	53	49667	8.8.8.8	192.168.2.3
Jan 27, 2021 06:58:24.843626976 CET	55439	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:58:24.891571999 CET	53	55439	8.8.8.8	192.168.2.3
Jan 27, 2021 06:58:25.226176023 CET	57069	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:58:25.276992083 CET	53	57069	8.8.8.8	192.168.2.3
Jan 27, 2021 06:58:25.462343931 CET	57659	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:58:25.510164976 CET	53	57659	8.8.8.8	192.168.2.3
Jan 27, 2021 06:58:43.965035915 CET	54717	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:58:43.966547966 CET	63975	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:58:44.012974977 CET	53	54717	8.8.8.8	192.168.2.3
Jan 27, 2021 06:58:44.023022890 CET	53	63975	8.8.8.8	192.168.2.3
Jan 27, 2021 06:59:20.749219894 CET	56639	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:59:20.808593035 CET	53	56639	8.8.8.8	192.168.2.3
Jan 27, 2021 06:59:20.850198030 CET	51856	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:59:20.907813072 CET	53	51856	8.8.8.8	192.168.2.3
Jan 27, 2021 06:59:21.171025991 CET	56546	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:59:21.230145931 CET	53	56546	8.8.8.8	192.168.2.3
Jan 27, 2021 06:59:21.394169092 CET	62152	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:59:21.444907904 CET	53	62152	8.8.8.8	192.168.2.3
Jan 27, 2021 06:59:39.398464918 CET	53470	53	192.168.2.3	8.8.8.8
Jan 27, 2021 06:59:39.455122948 CET	53	53470	8.8.8.8	192.168.2.3
Jan 27, 2021 07:00:06.860737085 CET	56446	53	192.168.2.3	8.8.8.8
Jan 27, 2021 07:00:06.908823967 CET	53	56446	8.8.8.8	192.168.2.3
Jan 27, 2021 07:00:34.083309889 CET	59631	53	192.168.2.3	8.8.8.8
Jan 27, 2021 07:00:34.140316010 CET	53	59631	8.8.8.8	192.168.2.3
Jan 27, 2021 07:00:34.899435043 CET	55515	53	192.168.2.3	8.8.8.8
Jan 27, 2021 07:00:34.947453022 CET	53	55515	8.8.8.8	192.168.2.3
Jan 27, 2021 07:00:35.087872982 CET	64547	53	192.168.2.3	8.8.8.8
Jan 27, 2021 07:00:35.144273996 CET	53	64547	8.8.8.8	192.168.2.3
Jan 27, 2021 07:00:50.272522926 CET	51759	53	192.168.2.3	8.8.8.8
Jan 27, 2021 07:00:50.332206011 CET	53	51759	8.8.8.8	192.168.2.3
Jan 27, 2021 07:00:59.009440899 CET	59207	53	192.168.2.3	8.8.8.8
Jan 27, 2021 07:00:59.069559097 CET	53	59207	8.8.8.8	192.168.2.3
Jan 27, 2021 07:00:59.309932947 CET	54269	53	192.168.2.3	8.8.8.8
Jan 27, 2021 07:00:59.369115114 CET	53	54269	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jan 27, 2021 06:52:37.720608950 CET	192.168.2.3	8.8.8.8	0x6b5d	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:54:50.457169056 CET	192.168.2.3	8.8.8.8	0x674	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:54:50.729573011 CET	192.168.2.3	8.8.8.8	0x6e43	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:54:50.732765913 CET	192.168.2.3	8.8.8.8	0x94fa	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:54:51.092626095 CET	192.168.2.3	8.8.8.8	0x2419	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:54:51.195370913 CET	192.168.2.3	8.8.8.8	0xcac5	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:55:20.283544064 CET	192.168.2.3	8.8.8.8	0x3c8a	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:55:20.398766994 CET	192.168.2.3	8.8.8.8	0x875f	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:55:20.630129099 CET	192.168.2.3	8.8.8.8	0x5f3c	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:55:39.707221031 CET	192.168.2.3	8.8.8.8	0x88ea	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:55:39.887976885 CET	192.168.2.3	8.8.8.8	0x6dda	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:55:56.168582916 CET	192.168.2.3	8.8.8.8	0x4fae	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:56:14.699215889 CET	192.168.2.3	8.8.8.8	0x97bc	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:56:50.419534922 CET	192.168.2.3	8.8.8.8	0xf300	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:56:50.504870892 CET	192.168.2.3	8.8.8.8	0x3555	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:56:50.512633085 CET	192.168.2.3	8.8.8.8	0xb14a	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:56:50.655575037 CET	192.168.2.3	8.8.8.8	0x8d5b	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:57:50.241899967 CET	192.168.2.3	8.8.8.8	0xc82f	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:58:24.773154020 CET	192.168.2.3	8.8.8.8	0xf0ef	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:58:24.843626976 CET	192.168.2.3	8.8.8.8	0x4ce5	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:58:25.226176023 CET	192.168.2.3	8.8.8.8	0x190f	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:58:25.462343931 CET	192.168.2.3	8.8.8.8	0x68ee	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:58:43.965035915 CET	192.168.2.3	8.8.8.8	0x23	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:58:43.966547966 CET	192.168.2.3	8.8.8.8	0x3e3	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:59:20.749219894 CET	192.168.2.3	8.8.8.8	0x575e	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:59:20.850198030 CET	192.168.2.3	8.8.8.8	0xd60d	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:59:21.171025991 CET	192.168.2.3	8.8.8.8	0xdeba	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:59:21.394169092 CET	192.168.2.3	8.8.8.8	0x8cb0	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 06:59:39.398464918 CET	192.168.2.3	8.8.8.8	0x4119	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 07:00:06.860737085 CET	192.168.2.3	8.8.8.8	0x49c6	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 07:00:34.083309889 CET	192.168.2.3	8.8.8.8	0xef9e	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 07:00:34.899435043 CET	192.168.2.3	8.8.8.8	0xd51c	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 07:00:35.087872982 CET	192.168.2.3	8.8.8.8	0x5425	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 07:00:50.272522926 CET	192.168.2.3	8.8.8.8	0x6937	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 07:00:59.009440899 CET	192.168.2.3	8.8.8.8	0x6cd8	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)
Jan 27, 2021 07:00:59.309932947 CET	192.168.2.3	8.8.8.8	0xd8ae	Standard query (0)	scookie.notrespone.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jan 27, 2021 06:52:37.777326107 CET	8.8.8.8	192.168.2.3	0x6b5d	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:52:37.777326107 CET	8.8.8.8	192.168.2.3	0x6b5d	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:54:39.981434107 CET	8.8.8.8	192.168.2.3	0xe605	No error (0)	prda.aadg.msidentity.com	www.tm.a.prd.aadg.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)
Jan 27, 2021 06:54:50.505342960 CET	8.8.8.8	192.168.2.3	0x674	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:54:50.505342960 CET	8.8.8.8	192.168.2.3	0x674	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:54:50.783380032 CET	8.8.8.8	192.168.2.3	0x94fa	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:54:50.783380032 CET	8.8.8.8	192.168.2.3	0x94fa	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:54:50.787961960 CET	8.8.8.8	192.168.2.3	0x6e43	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:54:50.787961960 CET	8.8.8.8	192.168.2.3	0x6e43	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:54:51.149301052 CET	8.8.8.8	192.168.2.3	0x2419	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:54:51.149301052 CET	8.8.8.8	192.168.2.3	0x2419	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:54:51.251768112 CET	8.8.8.8	192.168.2.3	0xcac5	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:54:51.251768112 CET	8.8.8.8	192.168.2.3	0xcac5	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:55:20.340018034 CET	8.8.8.8	192.168.2.3	0x3c8a	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:55:20.340018034 CET	8.8.8.8	192.168.2.3	0x3c8a	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:55:20.457917929 CET	8.8.8.8	192.168.2.3	0x875f	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:55:20.457917929 CET	8.8.8.8	192.168.2.3	0x875f	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:55:20.688456059 CET	8.8.8.8	192.168.2.3	0x5f3c	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:55:20.688456059 CET	8.8.8.8	192.168.2.3	0x5f3c	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:55:39.763847113 CET	8.8.8.8	192.168.2.3	0x88ea	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:55:39.763847113 CET	8.8.8.8	192.168.2.3	0x88ea	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:55:39.947415113 CET	8.8.8.8	192.168.2.3	0x6dda	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:55:39.947415113 CET	8.8.8.8	192.168.2.3	0x6dda	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:55:56.229715109 CET	8.8.8.8	192.168.2.3	0x4fae	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:55:56.229715109 CET	8.8.8.8	192.168.2.3	0x4fae	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:56:14.755848885 CET	8.8.8.8	192.168.2.3	0x97bc	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:56:14.755848885 CET	8.8.8.8	192.168.2.3	0x97bc	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:56:50.476077080 CET	8.8.8.8	192.168.2.3	0xf300	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:56:50.476077080 CET	8.8.8.8	192.168.2.3	0xf300	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:56:50.565512896 CET	8.8.8.8	192.168.2.3	0x3555	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:56:50.565512896 CET	8.8.8.8	192.168.2.3	0x3555	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:56:50.569029093 CET	8.8.8.8	192.168.2.3	0xb14a	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:56:50.569029093 CET	8.8.8.8	192.168.2.3	0xb14a	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:56:50.715830088 CET	8.8.8.8	192.168.2.3	0x8d5b	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:56:50.715830088 CET	8.8.8.8	192.168.2.3	0x8d5b	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:57:23.293409109 CET	8.8.8.8	192.168.2.3	0xcc4	No error (0)	prda.aadg.msidentity.com	www.tm.a.prd.aadg.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)
Jan 27, 2021 06:57:50.301533937 CET	8.8.8.8	192.168.2.3	0xc82f	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:57:50.301533937 CET	8.8.8.8	192.168.2.3	0xc82f	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:58:24.821034908 CET	8.8.8.8	192.168.2.3	0xf0ef	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:58:24.821034908 CET	8.8.8.8	192.168.2.3	0xf0ef	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:58:24.891571999 CET	8.8.8.8	192.168.2.3	0x4ce5	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:58:24.891571999 CET	8.8.8.8	192.168.2.3	0x4ce5	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:58:25.276992083 CET	8.8.8.8	192.168.2.3	0x190f	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:58:25.276992083 CET	8.8.8.8	192.168.2.3	0x190f	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:58:25.510164976 CET	8.8.8.8	192.168.2.3	0x68ee	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:58:25.510164976 CET	8.8.8.8	192.168.2.3	0x68ee	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:58:44.012974977 CET	8.8.8.8	192.168.2.3	0x23	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:58:44.012974977 CET	8.8.8.8	192.168.2.3	0x23	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:58:44.023022890 CET	8.8.8.8	192.168.2.3	0x3e3	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:58:44.023022890 CET	8.8.8.8	192.168.2.3	0x3e3	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:59:20.808593035 CET	8.8.8.8	192.168.2.3	0x575e	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:59:20.808593035 CET	8.8.8.8	192.168.2.3	0x575e	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:59:20.907813072 CET	8.8.8.8	192.168.2.3	0xd60d	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:59:20.907813072 CET	8.8.8.8	192.168.2.3	0xd60d	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:59:21.230145931 CET	8.8.8.8	192.168.2.3	0xdeba	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:59:21.230145931 CET	8.8.8.8	192.168.2.3	0xdeba	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:59:21.444907904 CET	8.8.8.8	192.168.2.3	0x8cb0	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:59:21.444907904 CET	8.8.8.8	192.168.2.3	0x8cb0	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 06:59:39.455122948 CET	8.8.8.8	192.168.2.3	0x4119	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 06:59:39.455122948 CET	8.8.8.8	192.168.2.3	0x4119	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 07:00:06.908823967 CET	8.8.8.8	192.168.2.3	0x49c6	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 07:00:06.908823967 CET	8.8.8.8	192.168.2.3	0x49c6	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 07:00:34.140316010 CET	8.8.8.8	192.168.2.3	0xef9e	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 07:00:34.140316010 CET	8.8.8.8	192.168.2.3	0xef9e	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 07:00:34.947453022 CET	8.8.8.8	192.168.2.3	0xd51c	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 07:00:34.947453022 CET	8.8.8.8	192.168.2.3	0xd51c	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 07:00:35.144273996 CET	8.8.8.8	192.168.2.3	0x5425	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 07:00:35.144273996 CET	8.8.8.8	192.168.2.3	0x5425	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 07:00:50.332206011 CET	8.8.8.8	192.168.2.3	0x6937	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 07:00:50.332206011 CET	8.8.8.8	192.168.2.3	0x6937	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 07:00:59.069559097 CET	8.8.8.8	192.168.2.3	0x6cd8	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 07:00:59.069559097 CET	8.8.8.8	192.168.2.3	0x6cd8	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)
Jan 27, 2021 07:00:59.369115114 CET	8.8.8.8	192.168.2.3	0xd8ae	No error (0)	scookie.notrespone.com		172.67.185.155	A (IP address)	IN (0x0001)
Jan 27, 2021 07:00:59.369115114 CET	8.8.8.8	192.168.2.3	0xd8ae	No error (0)	scookie.notrespone.com		104.21.19.70	A (IP address)	IN (0x0001)

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Mario Deluxe InstaII.exe PID: 5728 Parent PID: 5644

General

Start time:	06:50:00
Start date:	27/01/2021
Path:	C:\Users\user\Desktop\Mario Deluxe InstaII.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\Mario Deluxe InstaII.exe' -install
Imagebase:	0x400000
File size:	31289608 bytes
MD5 hash:	F316FA6263A9CCC6C99984A4B55F6384
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low

Chronological Activities

Analysis Process: Mario Deluxe InstaII.tmp PID: 2540 Parent PID: 5728

General

Start time:	06:50:02
Start date:	27/01/2021
Path:	C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\AppData\Local\Temp\is-LE572.tmp\Mario Deluxe InstaII.tmp' /SL5='$E021E,30541068,861184,C:\Users\user\Desktop\Mario Deluxe InstaII.exe' -install
Imagebase:	0x400000
File size:	2651648 bytes
MD5 hash:	83FC883CAAF182C20D7472508A0826D2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low

Chronological Activities

Analysis Process: Mario Deluxe InstaII.exe PID: 2292 Parent PID: 2540

General

Start time:	06:50:09
Start date:	27/01/2021
Path:	C:\Users\user\Desktop\Mario Deluxe InstaII.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\Mario Deluxe InstaII.exe' /SILENT
Imagebase:	0x400000
File size:	31289608 bytes
MD5 hash:	F316FA6263A9CCC6C99984A4B55F6384
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low

Chronological Activities

Analysis Process: Mario Deluxe InstaII.exe PID: 5312 Parent PID: 5644

General

Start time:	06:50:10
Start date:	27/01/2021
Path:	C:\Users\user\Desktop\Mario Deluxe InstaII.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\Mario Deluxe InstaII.exe' /install
Imagebase:	0x1a0000
File size:	31289608 bytes
MD5 hash:	F316FA6263A9CCC6C99984A4B55F6384
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: Mario Deluxe InstaII.tmp PID: 3216 Parent PID: 2292

General

Start time:	06:50:12
Start date:	27/01/2021
Path:	C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\AppData\Local\Temp\is-0FO9K.tmp\Mario Deluxe InstaII.tmp' /SL5='$40372,30541068,861184,C:\Users\user\Desktop\Mario Deluxe InstaII.exe' /SILENT
Imagebase:	0x400000
File size:	2651648 bytes
MD5 hash:	83FC883CAAF182C20D7472508A0826D2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low

Chronological Activities

Analysis Process: Mario Deluxe InstaII.exe PID: 5312 Parent PID: 5644

General

Start time:	06:50:19
Start date:	27/01/2021
Path:	C:\Users\user\Desktop\Mario Deluxe InstaII.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Desktop\Mario Deluxe InstaII.exe' /load
Imagebase:	0x400000
File size:	31289608 bytes
MD5 hash:	F316FA6263A9CCC6C99984A4B55F6384
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: namang.exe PID: 6608 Parent PID: 3216

General

Start time:	06:50:51
Start date:	27/01/2021
Path:	C:\Users\user\AppData\Local\Namang\namang.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Namang\namang.exe
Imagebase:	0x400000
File size:	74468528 bytes
MD5 hash:	55CDDB0D895741E9E0CF8ACE2619015D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: download.exe PID: 7008 Parent PID: 3216

General

Start time:	06:50:59
Start date:	27/01/2021
Path:	C:\Users\user\AppData\Local\Namang\download.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Namang\download.exe
Imagebase:	0xd80000
File size:	429568 bytes
MD5 hash:	56E17751A0F1F506EE7CA9F35BD77738
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	low

Chronological Activities

Analysis Process: namang.exe PID: 6464 Parent PID: 528

General

Start time:	06:52:55
Start date:	27/01/2021
Path:	C:\Users\user\AppData\Local\Update\namang.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Update\namang.exe
Imagebase:	0x400000
File size:	74468528 bytes
MD5 hash:	55CDDB0D895741E9E0CF8ACE2619015D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: namang.exe PID: 5508 Parent PID: 528

General

Start time:	06:52:55
Start date:	27/01/2021
Path:	C:\Users\user\AppData\Local\Packages\Update\namang.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Packages\Update\namang.exe
Imagebase:	0x400000
File size:	74468528 bytes
MD5 hash:	55CDDB0D895741E9E0CF8ACE2619015D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: namang.exe PID: 7072 Parent PID: 528

General

Start time:	06:52:55
Start date:	27/01/2021
Path:	C:\Users\user\AppData\Local\Google\Update\namang.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Google\Update\namang.exe
Imagebase:	0x400000
File size:	74468528 bytes
MD5 hash:	55CDDB0D895741E9E0CF8ACE2619015D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: Mario Deluxe InstaII.exe PID: 5728 Parent PID: 5644 Mario Deluxe InstaII.exeCOMMON

Execution Graph

Execution Coverage:	3.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	11.9%
Total number of Nodes:	837
Total number of Limit Nodes:	32

Executed Functions

Function 004B5114, Relevance: 47.4, APIs: 7, Strings: 20, Instructions: 165
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 73%

			E004B5114(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				long _t39;
				_Unknown_base(*)()* _t42;
				_Unknown_base(*)()* _t43;
				_Unknown_base(*)()* _t46;
				signed int _t51;
				void* _t111;
				void* _t112;
				intOrPtr _t129;
				struct HINSTANCE__* _t148;
				intOrPtr* _t150;
				intOrPtr _t152;
				intOrPtr _t153;

				_t152 = _t153;
				_t112 = 7;
				do {
					_push(0);
					_push(0);
					_t112 = _t112 - 1;
				} while (_t112 != 0);
				_push(_t152);
				_push(0x4b5388);
				_push( *[fs:eax]);
				 *[fs:eax] = _t153;
				 *0x4be664 =  *0x4be664 - 1;
				if( *0x4be664 >= 0) {
					L19:
					_pop(_t129);
					 *[fs:eax] = _t129;
					_push(0x4b538f);
					return E00407A80( &_v60, 0xe);
				} else {
					_t148 = GetModuleHandleW(L"kernel32.dll");
					_t39 = GetVersion();
					_t111 = 0;
					if(_t39 != 0x600) {
						_t150 = GetProcAddress(_t148, "SetDefaultDllDirectories");
						if(_t150 != 0) {
							 *_t150(0x800);
							asm("sbb ebx, ebx");
							_t111 = 1;
						}
					}
					if(_t111 == 0) {
						_t46 = GetProcAddress(_t148, "SetDllDirectoryW");
						if(_t46 != 0) {
							 *_t46(0x4b53e4);
						}
						E0040E520( &_v8);
						E00407E00(0x4be668, _v8);
						if( *0x4be668 != 0) {
							_t51 =  *0x4be668;
							if(_t51 != 0) {
								_t51 =  *(_t51 - 4);
							}
							if( *((short*)( *0x4be668 + _t51 * 2 - 2)) != 0x5c) {
								E004086E4(0x4be668, 0x4b53f4);
							}
							E0040873C( &_v12, L"uxtheme.dll",  *0x4be668);
							E0040E54C(_v12, _t111);
							E0040873C( &_v16, L"userenv.dll",  *0x4be668);
							E0040E54C(_v16, _t111);
							E0040873C( &_v20, L"setupapi.dll",  *0x4be668);
							E0040E54C(_v20, _t111);
							E0040873C( &_v24, L"apphelp.dll",  *0x4be668);
							E0040E54C(_v24, _t111);
							E0040873C( &_v28, L"propsys.dll",  *0x4be668);
							E0040E54C(_v28, _t111);
							E0040873C( &_v32, L"dwmapi.dll",  *0x4be668);
							E0040E54C(_v32, _t111);
							E0040873C( &_v36, L"cryptbase.dll",  *0x4be668);
							E0040E54C(_v36, _t111);
							E0040873C( &_v40, L"oleacc.dll",  *0x4be668);
							E0040E54C(_v40, _t111);
							E0040873C( &_v44, L"version.dll",  *0x4be668);
							E0040E54C(_v44, _t111);
							E0040873C( &_v48, L"profapi.dll",  *0x4be668);
							E0040E54C(_v48, _t111);
							E0040873C( &_v52, L"comres.dll",  *0x4be668);
							E0040E54C(_v52, _t111);
							E0040873C( &_v56, L"clbcatq.dll",  *0x4be668);
							E0040E54C(_v56, _t111);
							E0040873C( &_v60, L"ntmarta.dll",  *0x4be668);
							E0040E54C(_v60, _t111);
						}
					}
					_t42 = GetProcAddress(_t148, "SetSearchPathMode");
					if(_t42 != 0) {
						 *_t42(0x8001);
					}
					_t43 = GetProcAddress(_t148, "SetProcessDEPPolicy");
					if(_t43 != 0) {
						 *_t43(1); // executed
					}
					goto L19;
				}
			}

0x004b5115
0x004b5117
0x004b511c
0x004b511c
0x004b511e
0x004b5120
0x004b5120
0x004b5128
0x004b5129
0x004b512e
0x004b5131
0x004b5134
0x004b513b
0x004b536d
0x004b536f
0x004b5372
0x004b5375
0x004b5387
0x004b5141
0x004b514b
0x004b514d
0x004b5154
0x004b515a
0x004b5167
0x004b516b
0x004b5172
0x004b5177
0x004b5179
0x004b5179
0x004b516b
0x004b517c
0x004b5188
0x004b518f
0x004b5196
0x004b5196
0x004b519b
0x004b51a8
0x004b51b4
0x004b51ba
0x004b51c1
0x004b51c6
0x004b51c6
0x004b51d4
0x004b51e0
0x004b51e0
0x004b51f3
0x004b51fb
0x004b520e
0x004b5216
0x004b5229
0x004b5231
0x004b5244
0x004b524c
0x004b525f
0x004b5267
0x004b527a
0x004b5282
0x004b5295
0x004b529d
0x004b52b0
0x004b52b8
0x004b52cb
0x004b52d3
0x004b52e6
0x004b52ee
0x004b5301
0x004b5309
0x004b531c
0x004b5324
0x004b5337
0x004b533f
0x004b533f
0x004b51b4
0x004b534a
0x004b5351
0x004b5358
0x004b5358
0x004b5360
0x004b5367
0x004b536b
0x004b536b
0x00000000
0x004b5367

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,00000000,004B5388,?,?,?,?,00000000,00000000), ref: 004B5146
GetVersion.KERNEL32(kernel32.dll,00000000,004B5388,?,?,?,?,00000000,00000000), ref: 004B514D
GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 004B5162
GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 004B5188

Part of subcall function 0040E54C: SetErrorMode.KERNEL32(00008000), ref: 0040E55A
Part of subcall function 0040E54C: LoadLibraryW.KERNEL32(00000000,00000000,0040E5AE,?,00000000,0040E5CC,?,00008000), ref: 0040E58F

GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 004B534A
GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 004B5360
SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,00000000,004B5388,?,?,?,?,00000000,00000000), ref: 004B536B

Strings

cryptbase.dll, xrefs: 004B528A
profapi.dll, xrefs: 004B52DB
version.dll, xrefs: 004B52C0
apphelp.dll, xrefs: 004B5239
clbcatq.dll, xrefs: 004B5311
kernel32.dll, xrefs: 004B5141
userenv.dll, xrefs: 004B5203
hK, xrefs: 004B51D6
SetDllDirectoryW, xrefs: 004B5182
comres.dll, xrefs: 004B52F6
SetSearchPathMode, xrefs: 004B5344
SetProcessDEPPolicy, xrefs: 004B535A
ntmarta.dll, xrefs: 004B532C
uxtheme.dll, xrefs: 004B51E8
setupapi.dll, xrefs: 004B521E
dwmapi.dll, xrefs: 004B526F
propsys.dll, xrefs: 004B5254
hK, xrefs: 004B51A3
oleacc.dll, xrefs: 004B52A5
SetDefaultDllDirectories, xrefs: 004B515C

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressProc$ErrorHandleLibraryLoadModeModulePolicyProcessVersion
String ID: SetDefaultDllDirectories$SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$apphelp.dll$clbcatq.dll$comres.dll$cryptbase.dll$dwmapi.dll$hK$hK$kernel32.dll$ntmarta.dll$oleacc.dll$profapi.dll$propsys.dll$setupapi.dll$userenv.dll$uxtheme.dll$version.dll
API String ID: 2248137261-3182217745
Opcode ID: 68b2adb77f8f7151d30e1a894141e6e7486eaa9f98baa6450b00b79ea83e97ab
Instruction ID: 14362f36823de93a6bafc63c1bb5288ecf7b8ac372eee3bc1917329a49ba756d
Opcode Fuzzy Hash: 68b2adb77f8f7151d30e1a894141e6e7486eaa9f98baa6450b00b79ea83e97ab
Instruction Fuzzy Hash: 57513C34601504ABE701EBA6DC82FDEB3A5AB94348BA4493BE40077395DF7C9D428B6D

Uniqueness

Uniqueness Score: -1.00%

Function 004AF904, Relevance: 7.6, APIs: 5, Instructions: 80
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E004AF904(void* __eax) {
				char _v44;
				struct _SYSTEM_INFO _v80;
				long _v84;
				char _v88;
				long _t22;
				int _t28;
				void* _t37;
				struct _MEMORY_BASIC_INFORMATION* _t40;
				long _t41;
				void** _t42;

				_t42 =  &(_v80.dwPageSize);
				 *_t42 = __eax;
				_t40 =  &_v44;
				GetSystemInfo( &_v80); // executed
				_t22 = VirtualQuery( *_t42, _t40, 0x1c);
				if(_t22 == 0) {
					L17:
					return _t22;
				} else {
					while(1) {
						_t22 = _t40->AllocationBase;
						if(_t22 !=  *_t42) {
							goto L17;
						}
						if(_t40->State != 0x1000 || (_t40->Protect & 0x00000001) != 0) {
							L15:
							_t22 = VirtualQuery(_t40->BaseAddress + _t40->RegionSize, _t40, 0x1c);
							if(_t22 == 0) {
								goto L17;
							}
							continue;
						} else {
							_v88 = 0;
							_t41 = _t40->Protect;
							if(_t41 == 1 || _t41 == 2 || _t41 == 0x10 || _t41 == 0x20) {
								_t28 = VirtualProtect(_t40->BaseAddress, _t40->RegionSize, 0x40,  &_v84); // executed
								if(_t28 != 0) {
									_v88 = 1;
								}
							}
							_t37 = 0;
							while(_t37 < _t40->RegionSize) {
								E004AF8FC(_t40->BaseAddress + _t37);
								_t37 = _t37 + _v80.dwPageSize;
							}
							if(_v88 != 0) {
								VirtualProtect( *_t40, _t40->RegionSize, _v84,  &_v84); // executed
							}
							goto L15;
						}
					}
					goto L17;
				}
			}

0x004af908
0x004af90b
0x004af90e
0x004af917
0x004af923
0x004af92a
0x004af9d6
0x004af9d6
0x004af930
0x004af9c3
0x004af9c3
0x004af9c9
0x00000000
0x00000000
0x004af93c
0x004af9af
0x004af9ba
0x004af9c1
0x00000000
0x00000000
0x00000000
0x004af944
0x004af944
0x004af949
0x004af94f
0x004af96e
0x004af975
0x004af977
0x004af977
0x004af975
0x004af97c
0x004af98d
0x004af984
0x004af989
0x004af989
0x004af997
0x004af9aa
0x004af9aa
0x00000000
0x004af997
0x004af93c
0x00000000
0x004af9c3

APIs

GetSystemInfo.KERNEL32(?), ref: 004AF917
VirtualQuery.KERNEL32(?,?,0000001C,?), ref: 004AF923
VirtualProtect.KERNEL32(?,?,00000040,0000001C,?,?,0000001C), ref: 004AF96E
VirtualProtect.KERNEL32(?,?,?,0000001C,?,?,00000040,0000001C,?,?,0000001C), ref: 004AF9AA
VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C,?), ref: 004AF9BA

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Virtual$ProtectQuery$InfoSystem
String ID:
API String ID: 2441996862-0
Opcode ID: 9f7787049e468a5f18debe52421e9e6cdf0c574af4885d60206e685c39788fad
Instruction ID: 9e45b338133956b17b8a8ad54cf185b01de6f5181235357074ed8b47fe3ad323
Opcode Fuzzy Hash: 9f7787049e468a5f18debe52421e9e6cdf0c574af4885d60206e685c39788fad
Instruction Fuzzy Hash: 96216DB1104304BED720EA95C884F6BB7EC9F56354F04482EF5C4C3681D338E949CB66

Uniqueness

Uniqueness Score: -1.00%

Function 0040B044, Relevance: 3.1, APIs: 2, Instructions: 63
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E0040B044(char __eax, void* __ebx, intOrPtr* __edx, void* __eflags) {
				char _v8;
				short _v12;
				void* _v16;
				char _v20;
				char _v24;
				void* _t29;
				void* _t40;
				intOrPtr* _t44;
				intOrPtr _t55;
				void* _t61;

				_push(__ebx);
				_v24 = 0;
				_v20 = 0;
				_t44 = __edx;
				_v8 = __eax;
				E00407B04(_v8);
				_push(_t61);
				_push(0x40b104);
				_push( *[fs:eax]);
				 *[fs:eax] = _t61 + 0xffffffec;
				_t21 =  &_v16;
				L00403730();
				GetLocaleInfoW( &_v16 & 0x0000ffff, 3, _t21, 4);
				E0040858C( &_v20, 4,  &_v16);
				E0040873C(_t44, _v20, _v8);
				_t29 = E0040AEF4( *_t44, _t44); // executed
				if(_t29 == 0) {
					_v12 = 0;
					E0040858C( &_v24, 4,  &_v16);
					E0040873C(_t44, _v24, _v8);
					_t40 = E0040AEF4( *_t44, _t44); // executed
					if(_t40 == 0) {
						E00407A20(_t44);
					}
				}
				_pop(_t55);
				 *[fs:eax] = _t55;
				_push(E0040B10B);
				E00407A80( &_v24, 2);
				return E00407A20( &_v8);
			}

0x0040b04a
0x0040b04d
0x0040b050
0x0040b053
0x0040b055
0x0040b05b
0x0040b062
0x0040b063
0x0040b068
0x0040b06b
0x0040b070
0x0040b076
0x0040b07f
0x0040b08f
0x0040b09c
0x0040b0a3
0x0040b0aa
0x0040b0ac
0x0040b0bd
0x0040b0ca
0x0040b0d1
0x0040b0d8
0x0040b0dc
0x0040b0dc
0x0040b0d8
0x0040b0e3
0x0040b0e6
0x0040b0e9
0x0040b0f6
0x0040b103

APIs

GetUserDefaultUILanguage.KERNEL32(00000003,?,00000004,00000000,0040B104,?,?), ref: 0040B076
GetLocaleInfoW.KERNEL32(?,00000003,?,00000004,00000000,0040B104,?,?), ref: 0040B07F

Part of subcall function 0040AEF4: FindFirstFileW.KERNEL32(00000000,?,00000000,0040AF52,?,?), ref: 0040AF27
Part of subcall function 0040AEF4: FindClose.KERNEL32(00000000,00000000,?,00000000,0040AF52,?,?), ref: 0040AF37

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
String ID:
API String ID: 3216391948-0
Opcode ID: 044937d21d1936a91ef9b6e1a310017a9e27582e27e23f6d989339badd03c388
Instruction ID: a9cfc37755e84068b6e5d0711ea0537dd567252b91127d2e7da10f621904fc04
Opcode Fuzzy Hash: 044937d21d1936a91ef9b6e1a310017a9e27582e27e23f6d989339badd03c388
Instruction Fuzzy Hash: 35113674A041099BDB00EB95C9529AEB3B9EF44304F50447FA515B73C1DB785E058A6E

Uniqueness

Uniqueness Score: -1.00%

Function 0040AEF4, Relevance: 3.0, APIs: 2, Instructions: 33
fileCOMMON

Download Yara Rule

C-Code - Quality: 46%

			E0040AEF4(char __eax, signed int __ebx) {
				char _v8;
				struct _WIN32_FIND_DATAW _v600;
				void* _t15;
				intOrPtr _t24;
				void* _t27;

				_push(__ebx);
				_v8 = __eax;
				E00407B04(_v8);
				_push(_t27);
				_push(0x40af52);
				_push( *[fs:eax]);
				 *[fs:eax] = _t27 + 0xfffffdac;
				_t15 = FindFirstFileW(E004084EC(_v8),  &_v600); // executed
				if((__ebx & 0xffffff00 | _t15 != 0xffffffff) != 0) {
					FindClose(_t15);
				}
				_pop(_t24);
				 *[fs:eax] = _t24;
				_push(E0040AF59);
				return E00407A20( &_v8);
			}

0x0040aefd
0x0040aefe
0x0040af04
0x0040af0b
0x0040af0c
0x0040af11
0x0040af14
0x0040af27
0x0040af34
0x0040af37
0x0040af37
0x0040af3e
0x0040af41
0x0040af44
0x0040af51

APIs

FindFirstFileW.KERNEL32(00000000,?,00000000,0040AF52,?,?), ref: 0040AF27
FindClose.KERNEL32(00000000,00000000,?,00000000,0040AF52,?,?), ref: 0040AF37

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: bba38ffe097e2c5d51b68bca4dd41d34791c3125f335f0c7ddbac3aaaf9dd96f
Instruction ID: b27eefbf95a445daf5872925c41aeb1c7ded3ce7930a436f9b8cfd192dc84724
Opcode Fuzzy Hash: bba38ffe097e2c5d51b68bca4dd41d34791c3125f335f0c7ddbac3aaaf9dd96f
Instruction Fuzzy Hash: 5FF0B471518209BFC710FB75CD4294EB7ACEB043147A005B6B504F32C1E638AF149519

Uniqueness

Uniqueness Score: -1.00%

Function 0040AB18, Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 78%

			E0040AB18(char __eax, void* __ebx, void* __ecx, void* __edx) {
				char _v8;
				char* _v12;
				void* _v16;
				int _v20;
				short _v542;
				long _t51;
				long _t85;
				long _t87;
				long _t89;
				long _t91;
				long _t93;
				void* _t97;
				intOrPtr _t106;
				intOrPtr _t108;
				void* _t112;
				void* _t113;
				intOrPtr _t114;

				_t112 = _t113;
				_t114 = _t113 + 0xfffffde4;
				_t97 = __edx;
				_v8 = __eax;
				E00407B04(_v8);
				_push(_t112);
				_push(0x40ad3d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t114;
				if(_v8 != 0) {
					E0040A34C( &_v542, E004084EC(_v8), 0x105);
				} else {
					GetModuleFileNameW(0,  &_v542, 0x105);
				}
				if(_v542 == 0) {
					L18:
					_pop(_t106);
					 *[fs:eax] = _t106;
					_push(E0040AD44);
					return E00407A20( &_v8);
				} else {
					_v12 = 0;
					_t51 = RegOpenKeyExW(0x80000001, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
					if(_t51 == 0) {
						L10:
						_push(_t112);
						_push(0x40ad20);
						_push( *[fs:eax]);
						 *[fs:eax] = _t114;
						E0040A928( &_v542, 0x105);
						if(RegQueryValueExW(_v16,  &_v542, 0, 0, 0,  &_v20) != 0) {
							if(RegQueryValueExW(_v16, E0040AE30, 0, 0, 0,  &_v20) == 0) {
								_v12 = E004053F0(_v20);
								RegQueryValueExW(_v16, E0040AE30, 0, 0, _v12,  &_v20);
								E00408550(_t97, _v12);
							}
						} else {
							_v12 = E004053F0(_v20);
							RegQueryValueExW(_v16,  &_v542, 0, 0, _v12,  &_v20);
							E00408550(_t97, _v12);
						}
						_pop(_t108);
						 *[fs:eax] = _t108;
						_push(E0040AD27);
						if(_v12 != 0) {
							E0040540C(_v12);
						}
						return RegCloseKey(_v16);
					} else {
						_t85 = RegOpenKeyExW(0x80000002, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
						if(_t85 == 0) {
							goto L10;
						} else {
							_t87 = RegOpenKeyExW(0x80000001, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
							if(_t87 == 0) {
								goto L10;
							} else {
								_t89 = RegOpenKeyExW(0x80000002, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
								if(_t89 == 0) {
									goto L10;
								} else {
									_t91 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Locales", 0, 0xf0019,  &_v16); // executed
									if(_t91 == 0) {
										goto L10;
									} else {
										_t93 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v16); // executed
										if(_t93 != 0) {
											goto L18;
										} else {
											goto L10;
										}
									}
								}
							}
						}
					}
				}
			}

0x0040ab19
0x0040ab1b
0x0040ab22
0x0040ab24
0x0040ab2a
0x0040ab31
0x0040ab32
0x0040ab37
0x0040ab3a
0x0040ab41
0x0040ab6d
0x0040ab43
0x0040ab51
0x0040ab51
0x0040ab7a
0x0040ad27
0x0040ad29
0x0040ad2c
0x0040ad2f
0x0040ad3c
0x0040ab80
0x0040ab82
0x0040ab9a
0x0040aba1
0x0040ac41
0x0040ac43
0x0040ac44
0x0040ac49
0x0040ac4c
0x0040ac5a
0x0040ac7b
0x0040acca
0x0040acd4
0x0040acec
0x0040acf6
0x0040acf6
0x0040ac7d
0x0040ac85
0x0040ac9f
0x0040aca9
0x0040aca9
0x0040acfd
0x0040ad00
0x0040ad03
0x0040ad0c
0x0040ad11
0x0040ad11
0x0040ad1f
0x0040aba7
0x0040abbc
0x0040abc3
0x00000000
0x0040abc5
0x0040abda
0x0040abe1
0x00000000
0x0040abe3
0x0040abf8
0x0040abff
0x00000000
0x0040ac01
0x0040ac16
0x0040ac1d
0x00000000
0x0040ac1f
0x0040ac34
0x0040ac3b
0x00000000
0x00000000
0x00000000
0x00000000
0x0040ac3b
0x0040ac1d
0x0040abff
0x0040abe1
0x0040abc3
0x0040aba1

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040AD3D,?,?), ref: 0040AB51
RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040AD3D,?,?), ref: 0040AB9A
RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040AD3D,?,?), ref: 0040ABBC
RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000), ref: 0040ABDA
RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001), ref: 0040ABF8
RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002), ref: 0040AC16
RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 0040AC34
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,0040AD20,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040AD3D), ref: 0040AC74
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,?,00000000,0040AD20,?,80000001), ref: 0040AC9F
RegCloseKey.ADVAPI32(?,0040AD27,00000000,00000000,?,?,?,00000000,00000000,00000000,?,00000000,0040AD20,?,80000001,Software\Embarcadero\Locales), ref: 0040AD1A

Strings

Software\Borland\Delphi\Locales, xrefs: 0040AC2A
Software\Embarcadero\Locales, xrefs: 0040AB90, 0040ABB2
Software\Borland\Locales, xrefs: 0040AC0C
Software\CodeGear\Locales, xrefs: 0040ABD0, 0040ABEE

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Open$QueryValue$CloseFileModuleName
String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
API String ID: 2701450724-3496071916
Opcode ID: 8af598c5208afc10239ec938650b713086258bd8f52ea94da89803fd33d180c8
Instruction ID: cdbeddac4db4dda9279672c2614f8dce2a18b15a4a55f9a64fe791b6da82c449
Opcode Fuzzy Hash: 8af598c5208afc10239ec938650b713086258bd8f52ea94da89803fd33d180c8
Instruction Fuzzy Hash: FB514371A80308BEEB10DA95CC46FAE77BCEB08709F504477BA04F75C1D6B8AA50975E

Uniqueness

Uniqueness Score: -1.00%

Function 0040426C, Relevance: 12.2, APIs: 8, Instructions: 221
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 91%

			E0040426C(void* __eax, signed int __edi, void* __ebp) {
				struct _MEMORY_BASIC_INFORMATION _v44;
				void* _v48;
				signed int __ebx;
				void* _t58;
				signed int _t61;
				int _t65;
				signed int _t67;
				void _t70;
				int _t71;
				signed int _t78;
				void* _t79;
				signed int _t81;
				intOrPtr _t82;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				signed int _t92;
				void* _t96;
				signed int _t99;
				void* _t103;
				intOrPtr _t104;
				void* _t106;
				void* _t108;
				signed int _t113;
				void* _t115;
				void* _t116;

				_t56 = __eax;
				_t89 =  *(__eax - 4);
				_t78 =  *0x4bb059; // 0x0
				if((_t89 & 0x00000007) != 0) {
					__eflags = _t89 & 0x00000005;
					if((_t89 & 0x00000005) != 0) {
						_pop(_t78);
						__eflags = _t89 & 0x00000003;
						if((_t89 & 0x00000003) == 0) {
							_push(_t78);
							_push(__edi);
							_t116 = _t115 + 0xffffffdc;
							_t103 = __eax - 0x10;
							E00403C48();
							_t58 = _t103;
							 *_t116 =  *_t58;
							_v48 =  *((intOrPtr*)(_t58 + 4));
							_t92 =  *(_t58 + 0xc);
							if((_t92 & 0x00000008) != 0) {
								_t79 = _t103;
								_t113 = _t92 & 0xfffffff0;
								_t99 = 0;
								__eflags = 0;
								while(1) {
									VirtualQuery(_t79,  &_v44, 0x1c);
									_t61 = VirtualFree(_t79, 0, 0x8000);
									__eflags = _t61;
									if(_t61 == 0) {
										_t99 = _t99 | 0xffffffff;
										goto L10;
									}
									_t104 = _v44.RegionSize;
									__eflags = _t113 - _t104;
									if(_t113 > _t104) {
										_t113 = _t113 - _t104;
										_t79 = _t79 + _t104;
										continue;
									}
									goto L10;
								}
							} else {
								_t65 = VirtualFree(_t103, 0, 0x8000); // executed
								if(_t65 == 0) {
									_t99 = __edi | 0xffffffff;
								} else {
									_t99 = 0;
								}
							}
							L10:
							if(_t99 == 0) {
								 *_v48 =  *_t116;
								 *( *_t116 + 4) = _v48;
							}
							 *0x4bdb78 = 0;
							return _t99;
						} else {
							return 0xffffffff;
						}
					} else {
						goto L31;
					}
				} else {
					__eflags = __bl;
					__ebx =  *__edx;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L14;
							}
							asm("pause");
							__eflags =  *0x4bb989;
							if(__eflags != 0) {
								continue;
							} else {
								Sleep(0);
								__edx = __edx;
								__ecx = __ecx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__eflags != 0) {
									Sleep(0xa);
									__edx = __edx;
									__ecx = __ecx;
									continue;
								}
							}
							goto L14;
						}
					}
					L14:
					_t14 = __edx + 0x14;
					 *_t14 =  *(__edx + 0x14) - 1;
					__eflags =  *_t14;
					__eax =  *(__edx + 0x10);
					if( *_t14 == 0) {
						__eflags = __eax;
						if(__eax == 0) {
							L20:
							 *(__ebx + 0x14) = __eax;
						} else {
							__eax =  *(__edx + 0xc);
							__ecx =  *(__edx + 8);
							 *(__eax + 8) = __ecx;
							 *(__ecx + 0xc) = __eax;
							__eax = 0;
							__eflags =  *((intOrPtr*)(__ebx + 0x18)) - __edx;
							if( *((intOrPtr*)(__ebx + 0x18)) == __edx) {
								goto L20;
							}
						}
						 *__ebx = __al;
						__eax = __edx;
						__edx =  *(__edx - 4);
						__bl =  *0x4bb059; // 0x0
						L31:
						__eflags = _t78;
						_t81 = _t89 & 0xfffffff0;
						_push(_t101);
						_t106 = _t56;
						if(__eflags != 0) {
							while(1) {
								_t67 = 0x100;
								asm("lock cmpxchg [0x4bbae8], ah");
								if(__eflags == 0) {
									goto L32;
								}
								asm("pause");
								__eflags =  *0x4bb989;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									_t67 = 0x100;
									asm("lock cmpxchg [0x4bbae8], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L32;
							}
						}
						L32:
						__eflags = (_t106 - 4)[_t81] & 0x00000001;
						_t87 = (_t106 - 4)[_t81];
						if(((_t106 - 4)[_t81] & 0x00000001) != 0) {
							_t67 = _t81 + _t106;
							_t88 = _t87 & 0xfffffff0;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E00403AC0(_t67);
							}
						} else {
							_t88 = _t87 | 0x00000008;
							__eflags = _t88;
							(_t106 - 4)[_t81] = _t88;
						}
						__eflags =  *(_t106 - 4) & 0x00000008;
						if(( *(_t106 - 4) & 0x00000008) != 0) {
							_t88 =  *(_t106 - 8);
							_t106 = _t106 - _t88;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E00403AC0(_t106);
							}
						}
						__eflags = _t81 - 0x13ffe0;
						if(_t81 == 0x13ffe0) {
							__eflags =  *0x4bbaf0 - 0x13ffe0;
							if( *0x4bbaf0 != 0x13ffe0) {
								_t82 = _t106 + 0x13ffe0;
								E00403B60(_t67);
								 *((intOrPtr*)(_t82 - 4)) = 2;
								 *0x4bbaf0 = 0x13ffe0;
								 *0x4bbaec = _t82;
								 *0x4bbae8 = 0;
								__eflags = 0;
								return 0;
							} else {
								_t108 = _t106 - 0x10;
								_t70 =  *_t108;
								_t96 =  *(_t108 + 4);
								 *(_t70 + 4) = _t96;
								 *_t96 = _t70;
								 *0x4bbae8 = 0;
								_t71 = VirtualFree(_t108, 0, 0x8000);
								__eflags = _t71 - 1;
								asm("sbb eax, eax");
								return _t71;
							}
						} else {
							 *(_t106 - 4) = _t81 + 3;
							 *(_t106 - 8 + _t81) = _t81;
							E00403B00(_t106, _t88, _t81);
							 *0x4bbae8 = 0;
							__eflags = 0;
							return 0;
						}
					} else {
						__eflags = __eax;
						 *(__edx + 0x10) = __ecx;
						 *(__ecx - 4) = __eax;
						if(__eflags == 0) {
							__ecx =  *(__ebx + 8);
							 *(__edx + 0xc) = __ebx;
							 *(__edx + 8) = __ecx;
							 *(__ecx + 0xc) = __edx;
							 *(__ebx + 8) = __edx;
							 *__ebx = 0;
							__eax = 0;
							__eflags = 0;
							_pop(__ebx);
							return 0;
						} else {
							__eax = 0;
							__eflags = 0;
							 *__ebx = __al;
							_pop(__ebx);
							return 0;
						}
					}
				}
			}

0x0040426c
0x0040426c
0x00404275
0x0040427b
0x00404364
0x00404367
0x00404454
0x00404455
0x00404458
0x00403cf8
0x00403cfa
0x00403cfc
0x00403d01
0x00403d04
0x00403d09
0x00403d0d
0x00403d13
0x00403d17
0x00403d1d
0x00403d39
0x00403d3d
0x00403d40
0x00403d40
0x00403d42
0x00403d4a
0x00403d57
0x00403d5c
0x00403d5e
0x00403d60
0x00403d63
0x00403d63
0x00403d65
0x00403d69
0x00403d6b
0x00403d6d
0x00403d6f
0x00000000
0x00403d6f
0x00000000
0x00403d6b
0x00403d1f
0x00403d27
0x00403d2e
0x00403d34
0x00403d30
0x00403d30
0x00403d30
0x00403d2e
0x00403d73
0x00403d75
0x00403d7e
0x00403d87
0x00403d87
0x00403d8a
0x00403d9a
0x0040445e
0x00404463
0x00404463
0x00000000
0x00000000
0x00000000
0x00404281
0x00404281
0x00404283
0x00404285
0x004042e8
0x004042e8
0x004042ed
0x004042f1
0x00000000
0x00000000
0x004042f3
0x004042f5
0x004042fc
0x00000000
0x004042fe
0x00404302
0x00404307
0x00404308
0x00404309
0x0040430e
0x00404312
0x0040431c
0x00404321
0x00404322
0x00000000
0x00404322
0x00404312
0x00000000
0x004042fc
0x004042e8
0x00404287
0x00404287
0x00404287
0x00404287
0x0040428b
0x0040428e
0x004042bc
0x004042be
0x004042d3
0x004042d3
0x004042c0
0x004042c0
0x004042c3
0x004042c6
0x004042c9
0x004042cc
0x004042ce
0x004042d1
0x00000000
0x00000000
0x004042d1
0x004042d6
0x004042d8
0x004042da
0x004042dd
0x0040436d
0x00404370
0x00404372
0x00404374
0x00404375
0x00404377
0x00404328
0x00404328
0x0040432d
0x00404335
0x00000000
0x00000000
0x00404337
0x00404339
0x00404340
0x00000000
0x00404342
0x00404344
0x00404349
0x0040434e
0x00404356
0x0040435a
0x00000000
0x0040435a
0x00404356
0x00000000
0x00404340
0x00404328
0x00404379
0x00404379
0x00404381
0x00404385
0x004043bc
0x004043bf
0x004043c2
0x004043c4
0x004043ca
0x004043cc
0x004043cc
0x00404387
0x00404387
0x00404387
0x0040438a
0x0040438a
0x0040438e
0x00404392
0x004043d4
0x004043d7
0x004043d9
0x004043db
0x004043e1
0x004043e5
0x004043e5
0x004043e1
0x00404394
0x0040439a
0x004043ec
0x004043f6
0x00404424
0x0040442a
0x0040442f
0x00404436
0x00404440
0x00404446
0x0040444d
0x00404451
0x004043f8
0x004043f8
0x004043fb
0x004043fd
0x00404400
0x00404403
0x00404405
0x00404414
0x00404419
0x0040441c
0x00404420
0x00404420
0x0040439c
0x0040439f
0x004043a2
0x004043aa
0x004043af
0x004043b6
0x004043ba
0x004043ba
0x00404290
0x00404290
0x00404292
0x00404298
0x0040429b
0x004042a4
0x004042a7
0x004042aa
0x004042ad
0x004042b0
0x004042b3
0x004042b6
0x004042b6
0x004042b8
0x004042b9
0x0040429d
0x0040429d
0x0040429d
0x0040429f
0x004042a1
0x004042a2
0x004042a2
0x0040429b
0x0040428e

APIs

Sleep.KERNEL32(00000000,?,?,00000000,0040BB40,0040BBA6,?,00000000,?,?,0040BEC9,00000000,?,00000000,0040C3CA,00000000), ref: 00404302
Sleep.KERNEL32(0000000A,00000000,?,?,00000000,0040BB40,0040BBA6,?,00000000,?,?,0040BEC9,00000000,?,00000000,0040C3CA), ref: 0040431C

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: bb44cecb062a42ab294f9ebbddb74143d6ecf503913ace061e42b720e5e9e313
Instruction ID: daf3465a9571387f72e828d046180f4ce70f3b260d456b91f151aa63c4646fa2
Opcode Fuzzy Hash: bb44cecb062a42ab294f9ebbddb74143d6ecf503913ace061e42b720e5e9e313
Instruction Fuzzy Hash: AA71E2B17042008BD715DF29CC84B16BBD8AF85715F2482BFE984AB3D2D7B899418789

Uniqueness

Uniqueness Score: -1.00%

Function 004B639F, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 103
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 85%

			E004B639F(void* __ebx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				intOrPtr _t17;
				struct HWND__* _t21;
				struct HWND__* _t22;
				struct HWND__* _t25;
				intOrPtr _t26;
				intOrPtr _t28;
				intOrPtr _t36;
				intOrPtr _t39;
				int _t40;
				intOrPtr _t41;
				intOrPtr _t43;
				struct HWND__* _t46;
				intOrPtr _t47;
				intOrPtr _t50;
				intOrPtr _t60;
				intOrPtr _t62;
				intOrPtr _t68;
				intOrPtr _t69;
				intOrPtr _t70;
				void* _t73;
				void* _t74;

				_t74 = __eflags;
				_t72 = __esi;
				_t71 = __edi;
				_t52 = __ebx;
				_pop(_t62);
				 *[fs:eax] = _t62;
				_t17 =  *0x4c1d40; // 0x0
				 *0x4c1d40 = 0;
				E00405CE8(_t17);
				_t21 = E0040E450(0, L"STATIC", 0,  *0x4be634, 0, 0, 0, 0, 0, 0, 0); // executed
				 *0x4ba450 = _t21;
				_t22 =  *0x4ba450; // 0xe021e
				 *0x4c1d38 = SetWindowLongW(_t22, 0xfffffffc, E004AF688);
				_t25 =  *0x4ba450; // 0xe021e
				 *(_t73 - 0x58) = _t25;
				 *((char*)(_t73 - 0x54)) = 0;
				_t26 =  *0x4c1d48; // 0x4de39c
				_t4 = _t26 + 0x20; // 0x1d2050c
				 *((intOrPtr*)(_t73 - 0x50)) =  *_t4;
				 *((char*)(_t73 - 0x4c)) = 0;
				_t28 =  *0x4c1d48; // 0x4de39c
				_t7 = _t28 + 0x24; // 0xd2400
				 *((intOrPtr*)(_t73 - 0x48)) =  *_t7;
				 *((char*)(_t73 - 0x44)) = 0;
				E0041A87C(L"/SL5=\"$%x,%d,%d,", 2, _t73 - 0x58, _t73 - 0x40);
				_push( *((intOrPtr*)(_t73 - 0x40)));
				_push( *0x4c1d3c);
				_push(0x4b667c);
				E00422BC4(_t73 - 0x5c, __ebx, __esi, _t74);
				_push( *((intOrPtr*)(_t73 - 0x5c)));
				E004087C4(_t73 - 0x3c, __ebx, 4, __edi, __esi);
				_t36 =  *0x4c1d54; // 0x0, executed
				E004AF714(_t36, _t52, 0x4ba44c,  *((intOrPtr*)(_t73 - 0x3c)), _t71, _t72, __fp0); // executed
				if( *0x4ba448 != 0xffffffff) {
					_t50 =  *0x4ba448; // 0x0
					E004AF5F8(_t50);
				}
				_pop(_t68);
				 *[fs:eax] = _t68;
				_push(E004B6550);
				_t39 =  *0x4c1d40; // 0x0
				_t40 = E00405CE8(_t39);
				if( *0x4c1d54 != 0) {
					_t70 =  *0x4c1d54; // 0x0
					_t40 = E004AF1A4(0, _t70, 0xfa, 0x32); // executed
				}
				if( *0x4c1d4c != 0) {
					_t47 =  *0x4c1d4c; // 0x0
					_t40 = RemoveDirectoryW(E004084EC(_t47)); // executed
				}
				if( *0x4ba450 != 0) {
					_t46 =  *0x4ba450; // 0xe021e
					_t40 = DestroyWindow(_t46); // executed
				}
				if( *0x4c1d30 != 0) {
					_t41 =  *0x4c1d30; // 0x0
					_t60 =  *0x4c1d34; // 0x1
					_t69 =  *0x426bb0; // 0x426bb4
					E00408D08(_t41, _t60, _t69);
					_t43 =  *0x4c1d30; // 0x0
					E0040540C(_t43);
					 *0x4c1d30 = 0;
					return 0;
				}
				return _t40;
			}

0x004b639f
0x004b639f
0x004b639f
0x004b639f
0x004b63a1
0x004b63a4
0x004b63cf
0x004b63d6
0x004b63dc
0x004b6403
0x004b6408
0x004b6414
0x004b641f
0x004b6428
0x004b642d
0x004b6430
0x004b6434
0x004b6439
0x004b643c
0x004b643f
0x004b6443
0x004b6448
0x004b644b
0x004b644e
0x004b645f
0x004b6464
0x004b6467
0x004b646d
0x004b6475
0x004b647a
0x004b6485
0x004b6492
0x004b6497
0x004b64a3
0x004b64a5
0x004b64aa
0x004b64aa
0x004b64b1
0x004b64b4
0x004b64b7
0x004b64bc
0x004b64c1
0x004b64cd
0x004b64db
0x004b64e3
0x004b64e3
0x004b64ef
0x004b64f1
0x004b64fc
0x004b64fc
0x004b6508
0x004b650a
0x004b6510
0x004b6510
0x004b651c
0x004b651e
0x004b6523
0x004b6529
0x004b652f
0x004b6534
0x004b6539
0x004b6540
0x00000000
0x004b6540
0x004b6545

APIs

Part of subcall function 0040E450: CreateWindowExW.USER32 ref: 0040E48F

SetWindowLongW.USER32 ref: 004B641A

Part of subcall function 00422BC4: GetCommandLineW.KERNEL32(00000000,00422C06,?,?,00000000,?,004B647A,004B667C,?), ref: 00422BDA

Part of subcall function 004AF714: CreateProcessW.KERNEL32 ref: 004AF784
Part of subcall function 004AF714: CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004AF814,00000000,004AF804,00000000), ref: 004AF798
Part of subcall function 004AF714: MsgWaitForMultipleObjects.USER32 ref: 004AF7B1
Part of subcall function 004AF714: GetExitCodeProcess.KERNEL32 ref: 004AF7C5
Part of subcall function 004AF714: CloseHandle.KERNEL32(?,?,004BA44C,00000001,?,00000000,000000FF,000004FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004AF7CE

RemoveDirectoryW.KERNEL32(00000000,004B6550), ref: 004B64FC
DestroyWindow.USER32(000E021E,004B6550), ref: 004B6510

Strings

InnoSetupLdrWindow, xrefs: 004B63F7
STATIC, xrefs: 004B63FC
/SL5="$%x,%d,%d,, xrefs: 004B645A

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Window$CloseCreateHandleProcess$CodeCommandDestroyDirectoryExitLineLongMultipleObjectsRemoveWait
String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
API String ID: 3586484885-3001827809
Opcode ID: 3336f65c966fe36ad7587ac9acf267b8e8210ce6e91d17542745454ea8e171b3
Instruction ID: b7eaecffb53aa05ddf1cf37d982a6b9f715e6a16dd8061e16f501f9384e95f83
Opcode Fuzzy Hash: 3336f65c966fe36ad7587ac9acf267b8e8210ce6e91d17542745454ea8e171b3
Instruction Fuzzy Hash: 74413974600240DFD764EBA9EC45B9A37B4FB89308F51463BE4019B2B2DB7CA855CB2D

Uniqueness

Uniqueness Score: -1.00%

Function 004AF714, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 61%

			E004AF714(void* __eax, void* __ebx, DWORD* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				struct _STARTUPINFOW _v76;
				void* _v88;
				void* _v92;
				int _t23;
				intOrPtr _t49;
				DWORD* _t51;
				void* _t56;

				_v8 = 0;
				_t51 = __ecx;
				_t53 = __edx;
				_t41 = __eax;
				_push(_t56);
				_push(0x4af7e9);
				_push( *[fs:eax]);
				 *[fs:eax] = _t56 + 0xffffffa8;
				_push(0x4af804);
				_push(__eax);
				_push(0x4af814);
				_push(__edx);
				E004087C4( &_v8, __eax, 4, __ecx, __edx);
				E00405884( &_v76, 0x44);
				_v76.cb = 0x44;
				_t23 = CreateProcessW(0, E004084EC(_v8), 0, 0, 0, 0, 0, 0,  &_v76,  &_v92); // executed
				_t58 = _t23;
				if(_t23 == 0) {
					E004AF33C(0x72, _t41, 0, _t53, _t58);
				}
				CloseHandle(_v88);
				do {
					E004AF6E8();
				} while (MsgWaitForMultipleObjects(1,  &_v92, 0, 0xffffffff, 0x4ff) == 1);
				E004AF6E8();
				GetExitCodeProcess(_v92, _t51); // executed
				CloseHandle(_v92);
				_pop(_t49);
				 *[fs:eax] = _t49;
				_push(0x4af7f0);
				return E00407A20( &_v8);
			}

0x004af71f
0x004af722
0x004af724
0x004af726
0x004af72a
0x004af72b
0x004af730
0x004af733
0x004af736
0x004af73b
0x004af73c
0x004af741
0x004af74a
0x004af759
0x004af75e
0x004af784
0x004af789
0x004af78b
0x004af78f
0x004af78f
0x004af798
0x004af79d
0x004af79d
0x004af7b6
0x004af7bb
0x004af7c5
0x004af7ce
0x004af7d5
0x004af7d8
0x004af7db
0x004af7e8

APIs

CreateProcessW.KERNEL32 ref: 004AF784
CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004AF814,00000000,004AF804,00000000), ref: 004AF798
MsgWaitForMultipleObjects.USER32 ref: 004AF7B1
GetExitCodeProcess.KERNEL32 ref: 004AF7C5
CloseHandle.KERNEL32(?,?,004BA44C,00000001,?,00000000,000000FF,000004FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004AF7CE

Part of subcall function 004AF33C: GetLastError.KERNEL32(00000000,004AF3E3,?,?,00000000), ref: 004AF35F

Strings

D, xrefs: 004AF75E

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CloseHandleProcess$CodeCreateErrorExitLastMultipleObjectsWait
String ID: D
API String ID: 3356880605-2746444292
Opcode ID: d24d345b1e63e396f028edbb06d8d13123cfcf4b17ffea6e22d5a060aaca728b
Instruction ID: aed82a99fc7c4294e21d4a72de24efe39242c504942d712e9f968ed89c43dfc9
Opcode Fuzzy Hash: d24d345b1e63e396f028edbb06d8d13123cfcf4b17ffea6e22d5a060aaca728b
Instruction Fuzzy Hash: EB1172756442086BDB10EBE6CC82F9FB7ACDF15714F60043BF604E72C1DA789905866D

Uniqueness

Uniqueness Score: -1.00%

Function 004B5A90, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 56
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 60%

			E004B5A90(void* __ebx, void* __ecx, void* __edx, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _t16;
				intOrPtr _t32;
				intOrPtr _t41;

				_t27 = __ebx;
				_push(0);
				_push(0);
				_push(0);
				_push(_t41);
				_push(0x4b5b5a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t41;
				 *0x4c10dc =  *0x4c10dc - 1;
				if( *0x4c10dc < 0) {
					 *0x4c10e0 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"Wow64DisableWow64FsRedirection");
					 *0x4c10e4 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"Wow64RevertWow64FsRedirection");
					if( *0x4c10e0 == 0 ||  *0x4c10e4 == 0) {
						_t16 = 0;
					} else {
						_t16 = 1;
					}
					 *0x4c10e8 = _t16;
					E00422D44( &_v12);
					E00422660(_v12,  &_v8);
					E004086E4( &_v8, L"shell32.dll");
					E00421230(_v8, _t27, 0x8000); // executed
					E004232EC(0x4c783afb,  &_v16);
				}
				_pop(_t32);
				 *[fs:eax] = _t32;
				_push(0x4b5b61);
				return E00407A80( &_v16, 3);
			}

0x004b5a90
0x004b5a93
0x004b5a95
0x004b5a97
0x004b5a9b
0x004b5a9c
0x004b5aa1
0x004b5aa4
0x004b5aa7
0x004b5aae
0x004b5ac9
0x004b5ae3
0x004b5aef
0x004b5afa
0x004b5afe
0x004b5afe
0x004b5afe
0x004b5b00
0x004b5b08
0x004b5b13
0x004b5b20
0x004b5b2d
0x004b5b3a
0x004b5b3a
0x004b5b41
0x004b5b44
0x004b5b47
0x004b5b59

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004B5B5A,?,00000000,00000000,00000000), ref: 004B5ABE

Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116), ref: 0040E1D2

GetModuleHandleW.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004B5B5A,?,00000000,00000000,00000000), ref: 004B5AD8

Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00000000), ref: 0040E20B

Strings

shell32.dll, xrefs: 004B5B1B
Wow64DisableWow64FsRedirection, xrefs: 004B5AB4
kernel32.dll, xrefs: 004B5AB9, 004B5AD3
Wow64RevertWow64FsRedirection, xrefs: 004B5ACE

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
API String ID: 1646373207-2130885113
Opcode ID: d3436a8aef5dc403501eca62794627bf535e37fb620941cc2275c971991e602d
Instruction ID: 6ea4a141a574a621f9963068001d000fcf1dfb25abde6d391abeb26bafe3dfd6
Opcode Fuzzy Hash: d3436a8aef5dc403501eca62794627bf535e37fb620941cc2275c971991e602d
Instruction Fuzzy Hash: 89119430604744AED744EBA7DD42FDDB764EB45704F60447BF401A6591CABC6A44C63D

Uniqueness

Uniqueness Score: -1.00%

Function 00403EE8, Relevance: 9.0, APIs: 7, Instructions: 298
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 68%

			E00403EE8(signed int __eax) {
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* _t96;
				void** _t99;
				signed int _t104;
				signed int _t109;
				signed int _t110;
				intOrPtr* _t114;
				void* _t116;
				void* _t121;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				unsigned int _t141;
				signed int _t142;
				void* _t144;
				void* _t147;
				intOrPtr _t148;
				signed int _t150;
				long _t156;
				intOrPtr _t159;
				signed int _t162;

				_t95 = __eax;
				_t129 =  *0x4bb059; // 0x0
				if(__eax > 0xa2c) {
					__eflags = __eax - 0x40a2c;
					if(__eax > 0x40a2c) {
						_pop(_t120);
						__eflags = __eax;
						if(__eax >= 0) {
							_push(_t120);
							_t162 = __eax;
							_t2 = _t162 + 0x10010; // 0x10110
							_t156 = _t2 - 0x00000001 + 0x00000004 & 0xffff0000;
							_t96 = VirtualAlloc(0, _t156, 0x101000, 4); // executed
							_t121 = _t96;
							if(_t121 != 0) {
								_t147 = _t121;
								 *((intOrPtr*)(_t147 + 8)) = _t162;
								 *(_t147 + 0xc) = _t156 | 0x00000004;
								E00403C48();
								_t99 =  *0x4bdb80; // 0x4bdb7c
								 *_t147 = 0x4bdb7c;
								 *0x4bdb80 = _t121;
								 *(_t147 + 4) = _t99;
								 *_t99 = _t121;
								 *0x4bdb78 = 0;
								_t121 = _t121 + 0x10;
							}
							return _t121;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t67 = _t95 + 0xd3; // 0x1d3
						_t125 = (_t67 & 0xffffff00) + 0x30;
						__eflags = _t129;
						if(__eflags != 0) {
							while(1) {
								asm("lock cmpxchg [0x4bbae8], ah");
								if(__eflags == 0) {
									goto L42;
								}
								asm("pause");
								__eflags =  *0x4bb989;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									asm("lock cmpxchg [0x4bbae8], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L42;
							}
						}
						L42:
						_t68 = _t125 - 0xb30; // -2445
						_t141 = _t68;
						_t142 = _t141 >> 0xd;
						_t131 = _t141 >> 8;
						_t104 = 0xffffffff << _t131 &  *(0x4bbaf8 + _t142 * 4);
						__eflags = 0xffffffff;
						if(0xffffffff == 0) {
							_t132 = _t142;
							__eflags = 0xfffffffe << _t132 &  *0x4bbaf4;
							if((0xfffffffe << _t132 &  *0x4bbaf4) == 0) {
								_t133 =  *0x4bbaf0; // 0x0
								_t134 = _t133 - _t125;
								__eflags = _t134;
								if(_t134 < 0) {
									_t109 = E00403BCC(_t125);
								} else {
									_t110 =  *0x4bbaec; // 0x22710a0
									_t109 = _t110 - _t125;
									 *0x4bbaec = _t109;
									 *0x4bbaf0 = _t134;
									 *(_t109 - 4) = _t125 | 0x00000002;
								}
								 *0x4bbae8 = 0;
								return _t109;
							} else {
								asm("bsf edx, eax");
								asm("bsf ecx, eax");
								_t135 = _t132 | _t142 << 0x00000005;
								goto L50;
							}
						} else {
							asm("bsf eax, eax");
							_t135 = _t131 & 0xffffffe0 | _t104;
							L50:
							_push(_t152);
							_push(_t145);
							_t148 = 0x4bbb78 + _t135 * 8;
							_t159 =  *((intOrPtr*)(_t148 + 4));
							_t114 =  *((intOrPtr*)(_t159 + 4));
							 *((intOrPtr*)(_t148 + 4)) = _t114;
							 *_t114 = _t148;
							__eflags = _t148 - _t114;
							if(_t148 == _t114) {
								asm("rol eax, cl");
								_t80 = 0x4bbaf8 + _t142 * 4;
								 *_t80 =  *(0x4bbaf8 + _t142 * 4) & 0xfffffffe;
								__eflags =  *_t80;
								if( *_t80 == 0) {
									asm("btr [0x4bbaf4], edx");
								}
							}
							_t150 = 0xfffffff0 &  *(_t159 - 4);
							_t144 = 0xfffffff0 - _t125;
							__eflags = 0xfffffff0;
							if(0xfffffff0 == 0) {
								_t89 =  &((_t159 - 4)[0xfffffffffffffffc]);
								 *_t89 =  *(_t159 - 4 + _t150) & 0x000000f7;
								__eflags =  *_t89;
							} else {
								_t116 = _t125 + _t159;
								 *((intOrPtr*)(_t116 - 4)) = 0xfffffffffffffff3;
								 *(0xfffffff0 + _t116 - 8) = 0xfffffff0;
								__eflags = 0xfffffff0 - 0xb30;
								if(0xfffffff0 >= 0xb30) {
									E00403B00(_t116, 0xfffffffffffffff3, _t144);
								}
							}
							_t93 = _t125 + 2; // 0x1a5
							 *(_t159 - 4) = _t93;
							 *0x4bbae8 = 0;
							return _t159;
						}
					}
				} else {
					__eflags = __cl;
					_t6 = __edx + 0x4bb990; // 0xc8c8c8c8
					__eax =  *_t6 & 0x000000ff;
					__ebx = 0x4b7080 + ( *_t6 & 0x000000ff) * 8;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L5;
							}
							__ebx = __ebx + 0x20;
							__eflags = __ebx;
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__ebx != 0) {
								__ebx = __ebx + 0x20;
								__eflags = __ebx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__ebx != 0) {
									__ebx = __ebx - 0x40;
									asm("pause");
									__eflags =  *0x4bb989;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [ebx], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
								}
							}
							goto L5;
						}
					}
					L5:
					__edx =  *(__ebx + 8);
					__eax =  *(__edx + 0x10);
					__ecx = 0xfffffff8;
					__eflags = __edx - __ebx;
					if(__edx == __ebx) {
						__edx =  *(__ebx + 0x18);
						__ecx =  *(__ebx + 2) & 0x0000ffff;
						__ecx = ( *(__ebx + 2) & 0x0000ffff) + __eax;
						__eflags = __eax -  *(__ebx + 0x14);
						if(__eax >  *(__ebx + 0x14)) {
							_push(__esi);
							_push(__edi);
							__eflags =  *0x4bb059;
							if(__eflags != 0) {
								while(1) {
									__eax = 0x100;
									asm("lock cmpxchg [0x4bbae8], ah");
									if(__eflags == 0) {
										goto L22;
									}
									asm("pause");
									__eflags =  *0x4bb989;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [0x4bbae8], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
									goto L22;
								}
							}
							L22:
							 *(__ebx + 1) =  *(__ebx + 1) &  *0x4bbaf4;
							__eflags =  *(__ebx + 1) &  *0x4bbaf4;
							if(( *(__ebx + 1) &  *0x4bbaf4) == 0) {
								__ecx =  *(__ebx + 4) & 0x0000ffff;
								__edi =  *0x4bbaf0; // 0x0
								__eflags = __edi - ( *(__ebx + 4) & 0x0000ffff);
								if(__edi < ( *(__ebx + 4) & 0x0000ffff)) {
									__eax =  *(__ebx + 6) & 0x0000ffff;
									__edi = __eax;
									__eax = E00403BCC(__eax);
									__esi = __eax;
									__eflags = __eax;
									if(__eax != 0) {
										goto L35;
									} else {
										 *0x4bbae8 = __al;
										 *__ebx = __al;
										_pop(__edi);
										_pop(__esi);
										_pop(__ebx);
										return __eax;
									}
								} else {
									__esi =  *0x4bbaec; // 0x22710a0
									__ecx =  *(__ebx + 6) & 0x0000ffff;
									__edx = __ecx + 0xb30;
									__eflags = __edi - __ecx + 0xb30;
									if(__edi >= __ecx + 0xb30) {
										__edi = __ecx;
									}
									__esi = __esi - __edi;
									 *0x4bbaf0 =  *0x4bbaf0 - __edi;
									 *0x4bbaec = __esi;
									goto L35;
								}
							} else {
								asm("bsf eax, esi");
								__esi = __eax * 8;
								__ecx =  *(0x4bbaf8 + __eax * 4);
								asm("bsf ecx, ecx");
								__ecx =  *(0x4bbaf8 + __eax * 4) + __eax * 8 * 4;
								__edi = 0x4bbb78 + ( *(0x4bbaf8 + __eax * 4) + __eax * 8 * 4) * 8;
								__esi =  *(__edi + 4);
								__edx =  *(__esi + 4);
								 *(__edi + 4) = __edx;
								 *__edx = __edi;
								__eflags = __edi - __edx;
								if(__edi == __edx) {
									__edx = 0xfffffffe;
									asm("rol edx, cl");
									_t38 = 0x4bbaf8 + __eax * 4;
									 *_t38 =  *(0x4bbaf8 + __eax * 4) & 0xfffffffe;
									__eflags =  *_t38;
									if( *_t38 == 0) {
										asm("btr [0x4bbaf4], eax");
									}
								}
								__edi = 0xfffffff0;
								__edi = 0xfffffff0 &  *(__esi - 4);
								__eflags = 0xfffffff0 - 0x10a60;
								if(0xfffffff0 < 0x10a60) {
									_t52 =  &((__esi - 4)[0xfffffffffffffffc]);
									 *_t52 = (__esi - 4)[0xfffffffffffffffc] & 0x000000f7;
									__eflags =  *_t52;
								} else {
									__edx = __edi;
									__edi =  *(__ebx + 6) & 0x0000ffff;
									__edx = __edx - __edi;
									__eax = __edi + __esi;
									__ecx = __edx + 3;
									 *(__eax - 4) = __ecx;
									 *(__edx + __eax - 8) = __edx;
									__eax = E00403B00(__eax, __ecx, __edx);
								}
								L35:
								_t56 = __edi + 6; // 0x6
								__ecx = _t56;
								 *(__esi - 4) = _t56;
								__eax = 0;
								 *0x4bbae8 = __al;
								 *__esi = __ebx;
								 *((intOrPtr*)(__esi + 0x10)) = 0;
								 *((intOrPtr*)(__esi + 0x14)) = 1;
								 *(__ebx + 0x18) = __esi;
								_t61 = __esi + 0x20; // 0x22710c0
								__eax = _t61;
								__ecx =  *(__ebx + 2) & 0x0000ffff;
								__edx = __ecx + __eax;
								 *(__ebx + 0x10) = __ecx + __eax;
								__edi = __edi + __esi;
								__edi = __edi - __ecx;
								__eflags = __edi;
								 *(__ebx + 0x14) = __edi;
								 *__ebx = 0;
								 *(__eax - 4) = __esi;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return __eax;
							}
						} else {
							_t19 = __edx + 0x14;
							 *_t19 =  *(__edx + 0x14) + 1;
							__eflags =  *_t19;
							 *(__ebx + 0x10) = __ecx;
							 *__ebx = 0;
							 *(__eax - 4) = __edx;
							_pop(__ebx);
							return __eax;
						}
					} else {
						 *(__edx + 0x14) =  *(__edx + 0x14) + 1;
						__ecx = 0xfffffff8 &  *(__eax - 4);
						__eflags = 0xfffffff8;
						 *(__edx + 0x10) = 0xfffffff8 &  *(__eax - 4);
						 *(__eax - 4) = __edx;
						if(0xfffffff8 == 0) {
							__ecx =  *(__edx + 8);
							 *(__ecx + 0xc) = __ebx;
							 *(__ebx + 8) = __ecx;
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						} else {
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}

0x00403ee8
0x00403ef4
0x00403efa
0x00404148
0x0040414d
0x00404260
0x00404261
0x00404263
0x00403c94
0x00403c98
0x00403c9a
0x00403ca4
0x00403cb4
0x00403cb9
0x00403cbd
0x00403cbf
0x00403cc1
0x00403cc7
0x00403cca
0x00403ccf
0x00403cd4
0x00403cda
0x00403ce0
0x00403ce3
0x00403ce5
0x00403cec
0x00403cec
0x00403cf5
0x00404269
0x00404269
0x0040426b
0x0040426b
0x00404153
0x00404153
0x0040415f
0x00404162
0x00404164
0x0040410c
0x00404111
0x00404119
0x00000000
0x00000000
0x0040411b
0x0040411d
0x00404124
0x00000000
0x00404126
0x00404128
0x00404132
0x0040413a
0x0040413e
0x00000000
0x0040413e
0x0040413a
0x00000000
0x00404124
0x0040410c
0x00404166
0x00404166
0x00404166
0x0040416e
0x00404171
0x0040417b
0x0040417b
0x00404182
0x00404195
0x00404199
0x0040419f
0x004041b8
0x004041be
0x004041be
0x004041c0
0x004041de
0x004041c2
0x004041c2
0x004041c7
0x004041c9
0x004041ce
0x004041d7
0x004041d7
0x004041e3
0x004041eb
0x004041a1
0x004041a1
0x004041ab
0x004041b3
0x00000000
0x004041b3
0x00404184
0x00404187
0x0040418a
0x004041ec
0x004041ec
0x004041ed
0x004041ee
0x004041f5
0x004041f8
0x004041fb
0x004041fe
0x00404200
0x00404202
0x00404209
0x0040420b
0x0040420b
0x0040420b
0x00404212
0x00404214
0x00404214
0x00404212
0x00404220
0x00404225
0x00404225
0x00404227
0x00404248
0x00404248
0x00404248
0x00404229
0x00404229
0x0040422f
0x00404232
0x00404236
0x0040423c
0x0040423e
0x0040423e
0x0040423c
0x0040424d
0x00404250
0x00404253
0x0040425f
0x0040425f
0x00404182
0x00403f00
0x00403f00
0x00403f02
0x00403f02
0x00403f09
0x00403f10
0x00403f68
0x00403f68
0x00403f6d
0x00403f71
0x00000000
0x00000000
0x00403f73
0x00403f73
0x00403f76
0x00403f7b
0x00403f7f
0x00403f81
0x00403f81
0x00403f84
0x00403f89
0x00403f8d
0x00403f8f
0x00403f92
0x00403f94
0x00403f9b
0x00000000
0x00403f9d
0x00403f9f
0x00403fa4
0x00403fa9
0x00403fad
0x00403fb5
0x00000000
0x00403fb5
0x00403fad
0x00403f9b
0x00403f8d
0x00000000
0x00403f7f
0x00403f68
0x00403f12
0x00403f12
0x00403f15
0x00403f18
0x00403f1d
0x00403f1f
0x00403f38
0x00403f3b
0x00403f3f
0x00403f41
0x00403f44
0x00403fbc
0x00403fbd
0x00403fbe
0x00403fc5
0x00403fc7
0x00403fc7
0x00403fcc
0x00403fd4
0x00000000
0x00000000
0x00403fd6
0x00403fd8
0x00403fdf
0x00000000
0x00403fe1
0x00403fe3
0x00403fe8
0x00403fed
0x00403ff5
0x00403ff9
0x00000000
0x00403ff9
0x00403ff5
0x00000000
0x00403fdf
0x00403fc7
0x00404000
0x00404004
0x00404004
0x0040400a
0x0040407c
0x00404080
0x00404086
0x00404088
0x004040b0
0x004040b4
0x004040b6
0x004040bb
0x004040bd
0x004040bf
0x00000000
0x004040c1
0x004040c1
0x004040c6
0x004040c8
0x004040c9
0x004040ca
0x004040cb
0x004040cb
0x0040408a
0x0040408a
0x00404090
0x00404094
0x0040409a
0x0040409c
0x0040409e
0x0040409e
0x004040a0
0x004040a2
0x004040a8
0x00000000
0x004040a8
0x0040400c
0x0040400c
0x0040400f
0x00404016
0x0040401d
0x00404020
0x00404023
0x0040402a
0x0040402d
0x00404030
0x00404033
0x00404035
0x00404037
0x00404039
0x0040403e
0x00404040
0x00404040
0x00404040
0x00404047
0x00404049
0x00404049
0x00404047
0x00404050
0x00404055
0x00404058
0x0040405e
0x004040cc
0x004040cc
0x004040cc
0x00404060
0x00404060
0x00404062
0x00404066
0x00404068
0x0040406b
0x0040406e
0x00404071
0x00404075
0x00404075
0x004040d1
0x004040d1
0x004040d1
0x004040d4
0x004040d7
0x004040d9
0x004040de
0x004040e0
0x004040e3
0x004040ea
0x004040ed
0x004040ed
0x004040f0
0x004040f4
0x004040f7
0x004040fa
0x004040fc
0x004040fc
0x004040fe
0x00404101
0x00404104
0x00404107
0x00404108
0x00404109
0x0040410a
0x0040410a
0x00403f46
0x00403f46
0x00403f46
0x00403f46
0x00403f4a
0x00403f4d
0x00403f50
0x00403f53
0x00403f54
0x00403f54
0x00403f21
0x00403f21
0x00403f25
0x00403f25
0x00403f28
0x00403f2b
0x00403f2e
0x00403f58
0x00403f5b
0x00403f5e
0x00403f61
0x00403f64
0x00403f65
0x00403f30
0x00403f30
0x00403f33
0x00403f34
0x00403f34
0x00403f2e
0x00403f1f

APIs

Sleep.KERNEL32(00000000,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403F9F
Sleep.KERNEL32(0000000A,00000000,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403FB5
Sleep.KERNEL32(00000000,00000000,?,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403FE3
Sleep.KERNEL32(0000000A,00000000,00000000,?,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403FF9

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: a5f41a95b234689400651ffc7a7e648ad6c8ae29c578f3c4a4f7439c6b153684
Instruction ID: d98b69cfe0522def9def3360e9182a2a8bb24ce33fa39324cc86f3a67812f259
Opcode Fuzzy Hash: a5f41a95b234689400651ffc7a7e648ad6c8ae29c578f3c4a4f7439c6b153684
Instruction Fuzzy Hash: 99C123B2A002018BCB15CF69EC84356BFE4EB89311F1882BFE514AB3D5D7B89941C7D8

Uniqueness

Uniqueness Score: -1.00%

Function 004B60E8, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 165
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 75%

			E004B60E8(void* __ebx, void* __edi, void* __esi, void* __fp0) {
				intOrPtr _t26;
				intOrPtr _t31;
				intOrPtr _t37;
				intOrPtr _t38;
				intOrPtr _t42;
				intOrPtr _t44;
				intOrPtr _t47;
				intOrPtr _t51;
				intOrPtr _t53;
				intOrPtr _t55;
				intOrPtr _t56;
				intOrPtr _t59;
				intOrPtr _t61;
				WCHAR* _t63;
				intOrPtr _t69;
				intOrPtr _t74;
				int _t75;
				intOrPtr _t76;
				intOrPtr _t78;
				struct HWND__* _t81;
				intOrPtr _t82;
				intOrPtr _t86;
				void* _t90;
				intOrPtr _t93;
				intOrPtr _t99;
				intOrPtr _t101;
				intOrPtr _t107;
				intOrPtr _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				void* _t120;
				intOrPtr _t121;

				_t119 = __esi;
				_t118 = __edi;
				_t85 = __ebx;
				_pop(_t101);
				_pop(_t88);
				 *[fs:eax] = _t101;
				E004AF664(_t88);
				if( *0x4ba440 == 0) {
					if(( *0x4c1d29 & 0x00000001) == 0 &&  *0x4ba441 == 0) {
						_t61 =  *0x4ba674; // 0x4c0d0c
						_t4 = _t61 + 0x2b4; // 0x0
						_t63 = E004084EC( *_t4);
						_t88 = _t120 - 0x28;
						_t101 =  *0x4c1c00; // 0x0
						E00426F08(0xb1, _t120 - 0x28, _t101);
						if(MessageBoxW(0, E004084EC( *((intOrPtr*)(_t120 - 0x28))), _t63, 0x24) != 6) {
							 *0x4ba44c = 2;
							E0041F238();
						}
					}
					E004056D0();
					E004AEFDC(_t120 - 0x2c, _t85, _t101, _t118, _t119); // executed
					E00407E00(0x4c1d4c,  *((intOrPtr*)(_t120 - 0x2c)));
					_t26 =  *0x4c1d3c; // 0x0
					E00422954(_t26, _t88, _t120 - 0x34);
					E004226C8( *((intOrPtr*)(_t120 - 0x34)), _t85, _t120 - 0x30, L".tmp", _t118, _t119);
					_push( *((intOrPtr*)(_t120 - 0x30)));
					_t31 =  *0x4c1d4c; // 0x0
					E00422660(_t31, _t120 - 0x38);
					_pop(_t90);
					E0040873C(0x4c1d50, _t90,  *((intOrPtr*)(_t120 - 0x38)));
					_t107 =  *0x4c1d50; // 0x0
					E00407E00(0x4c1d54, _t107);
					_t37 =  *0x4c1d48; // 0x4de39c
					_t15 = _t37 + 0x14; // 0x1d2af6c
					_t38 =  *0x4c1d40; // 0x0
					E00423CE8(_t38,  *_t15);
					_push(_t120);
					_push(0x4b63a9);
					_push( *[fs:edx]);
					 *[fs:edx] = _t121;
					 *0x4c1d98 = 0;
					_t42 = E00423D00(1, 0, 1, 0); // executed
					 *0x4c1d44 = _t42;
					_push(_t120);
					_push(0x4b6398);
					_push( *[fs:eax]);
					 *[fs:eax] = _t121;
					_t44 =  *0x4c1d48; // 0x4de39c
					_t16 = _t44 + 0x18; // 0x287600
					 *0x4c1d98 = E004053F0( *_t16);
					_t47 =  *0x4c1d48; // 0x4de39c
					_t17 = _t47 + 0x18; // 0x287600
					_t86 =  *0x4c1d98; // 0x7fc20010
					E00405884(_t86,  *_t17);
					_push(_t120);
					_push(0x4b62e7);
					_push( *[fs:eax]);
					 *[fs:eax] = _t121;
					_t51 =  *0x424cd8; // 0x424d30
					_t93 =  *0x4c1d40; // 0x0
					_t53 = E00424748(_t93, 1, _t51); // executed
					 *0x4c1d9c = _t53;
					_push(_t120);
					_push(0x4b62d6);
					_push( *[fs:eax]);
					 *[fs:eax] = _t121;
					_t55 =  *0x4c1d48; // 0x4de39c
					_t18 = _t55 + 0x18; // 0x287600
					_t56 =  *0x4c1d9c; // 0x22811d0
					E00424A24(_t56,  *_t18, _t86);
					_pop(_t114);
					 *[fs:eax] = _t114;
					_push(E004B62DD);
					_t59 =  *0x4c1d9c; // 0x22811d0
					return E00405CE8(_t59);
				} else {
					_t69 =  *0x4ba674; // 0x4c0d0c
					_t1 = _t69 + 0x18c; // 0x0
					E004AFA2C( *_t1, __ebx, __edi, __esi);
					 *0x4ba44c = 0;
					_pop(_t115);
					 *[fs:eax] = _t115;
					_push(E004B6550);
					_t74 =  *0x4c1d40; // 0x0
					_t75 = E00405CE8(_t74);
					if( *0x4c1d54 != 0) {
						_t117 =  *0x4c1d54; // 0x0
						_t75 = E004AF1A4(0, _t117, 0xfa, 0x32); // executed
					}
					if( *0x4c1d4c != 0) {
						_t82 =  *0x4c1d4c; // 0x0
						_t75 = RemoveDirectoryW(E004084EC(_t82)); // executed
					}
					if( *0x4ba450 != 0) {
						_t81 =  *0x4ba450; // 0xe021e
						_t75 = DestroyWindow(_t81); // executed
					}
					if( *0x4c1d30 != 0) {
						_t76 =  *0x4c1d30; // 0x0
						_t99 =  *0x4c1d34; // 0x1
						_t116 =  *0x426bb0; // 0x426bb4
						E00408D08(_t76, _t99, _t116);
						_t78 =  *0x4c1d30; // 0x0
						E0040540C(_t78);
						 *0x4c1d30 = 0;
						return 0;
					}
					return _t75;
				}
			}

0x004b60e8
0x004b60e8
0x004b60e8
0x004b60ea
0x004b60ec
0x004b60ed
0x004b610d
0x004b6119
0x004b613e
0x004b614b
0x004b6150
0x004b6156
0x004b615c
0x004b615f
0x004b6167
0x004b617f
0x004b6181
0x004b618b
0x004b618b
0x004b617f
0x004b6190
0x004b6198
0x004b61a5
0x004b61ad
0x004b61b2
0x004b61c2
0x004b61ca
0x004b61ce
0x004b61d3
0x004b61e0
0x004b61e1
0x004b61eb
0x004b61f1
0x004b61f6
0x004b61fb
0x004b61fe
0x004b6203
0x004b620a
0x004b620b
0x004b6210
0x004b6213
0x004b6218
0x004b6230
0x004b6235
0x004b623c
0x004b623d
0x004b6242
0x004b6245
0x004b6248
0x004b624d
0x004b6255
0x004b625a
0x004b625f
0x004b6262
0x004b626c
0x004b6273
0x004b6274
0x004b6279
0x004b627c
0x004b627f
0x004b6285
0x004b6292
0x004b6297
0x004b629e
0x004b629f
0x004b62a4
0x004b62a7
0x004b62aa
0x004b62af
0x004b62b4
0x004b62b9
0x004b62c0
0x004b62c3
0x004b62c6
0x004b62cb
0x004b62d5
0x004b611b
0x004b611b
0x004b6120
0x004b6126
0x004b612d
0x004b64b1
0x004b64b4
0x004b64b7
0x004b64bc
0x004b64c1
0x004b64cd
0x004b64db
0x004b64e3
0x004b64e3
0x004b64ef
0x004b64f1
0x004b64fc
0x004b64fc
0x004b6508
0x004b650a
0x004b6510
0x004b6510
0x004b651c
0x004b651e
0x004b6523
0x004b6529
0x004b652f
0x004b6534
0x004b6539
0x004b6540
0x00000000
0x004b6540
0x004b6545
0x004b6545

APIs

MessageBoxW.USER32(00000000,00000000,00000000,00000024), ref: 004B6177

Part of subcall function 004AFA2C: MessageBoxW.USER32(00000000,00000000,Setup,00000010), ref: 004AFA96

RemoveDirectoryW.KERNEL32(00000000,004B6550), ref: 004B64FC
DestroyWindow.USER32(000E021E,004B6550), ref: 004B6510

Part of subcall function 004AF1A4: Sleep.KERNEL32(?,?,?,?,0000000D,?,004B64E8,000000FA,00000032,004B6550), ref: 004AF1C3
Part of subcall function 004AF1A4: GetLastError.KERNEL32(?,?,?,0000000D,?,004B64E8,000000FA,00000032,004B6550), ref: 004AF1E6
Part of subcall function 004AF1A4: GetLastError.KERNEL32(?,?,?,0000000D,?,004B64E8,000000FA,00000032,004B6550), ref: 004AF1F0

Strings

.tmp, xrefs: 004B61BD
0MB, xrefs: 004B627F

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ErrorLastMessage$DestroyDirectoryRemoveSleepWindow
String ID: .tmp$0MB
API String ID: 3858953238-176122739
Opcode ID: cac19965b38667485c6eaf2bd50fc37efffa93d10f563febf20b5a662215514b
Instruction ID: dd8228bb87b5c3f826920660d5879d0b5443f76f7ba5c686a8b7b1af545f285c
Opcode Fuzzy Hash: cac19965b38667485c6eaf2bd50fc37efffa93d10f563febf20b5a662215514b
Instruction Fuzzy Hash: F6615B746102009FD765EF69EC85E9A37A5EB4A308F51443AF802976B2DA3CBC51CB2D

Uniqueness

Uniqueness Score: -1.00%

Function 00407750, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 86%

			E00407750() {
				void* _t20;
				void* _t23;
				intOrPtr _t31;
				intOrPtr* _t33;
				void* _t46;
				struct HINSTANCE__* _t49;
				void* _t56;

				if( *0x4b7004 != 0) {
					E00407630();
					E004076B8(_t46);
					 *0x4b7004 = 0;
				}
				if( *0x4bdbcc != 0 && GetCurrentThreadId() ==  *0x4bdbf4) {
					E00407388(0x4bdbc8);
					E0040768C(0x4bdbc8);
				}
				if( *0x004BDBC0 != 0 ||  *0x4bb054 == 0) {
					L8:
					if( *((char*)(0x4bdbc0)) == 2 &&  *0x4b7000 == 0) {
						 *0x004BDBA4 = 0;
					}
					if( *((char*)(0x4bdbc0)) != 0) {
						L14:
						E004073B0();
						if( *((char*)(0x4bdbc0)) <= 1 ||  *0x4b7000 != 0) {
							_t15 =  *0x004BDBA8;
							if( *0x004BDBA8 != 0) {
								E0040B40C(_t15);
								_t31 =  *((intOrPtr*)(0x4bdba8));
								_t8 = _t31 + 0x10; // 0x400000
								_t49 =  *_t8;
								_t9 = _t31 + 4; // 0x400000
								if(_t49 !=  *_t9 && _t49 != 0) {
									FreeLibrary(_t49);
								}
							}
						}
						E00407388(0x4bdb98);
						if( *((char*)(0x4bdbc0)) == 1) {
							 *0x004BDBBC();
						}
						if( *((char*)(0x4bdbc0)) != 0) {
							E0040768C(0x4bdb98);
						}
						if( *0x4bdb98 == 0) {
							if( *0x4bb038 != 0) {
								 *0x4bb038();
							}
							ExitProcess( *0x4b7000); // executed
						}
						memcpy(0x4bdb98,  *0x4bdb98, 0xc << 2);
						_t56 = _t56 + 0xc;
						0x4b7000 = 0x4b7000;
						0x4bdb98 = 0x4bdb98;
						goto L8;
					} else {
						_t20 = E004054B4();
						_t44 = _t20;
						if(_t20 == 0) {
							goto L14;
						} else {
							goto L13;
						}
						do {
							L13:
							E00405CE8(_t44);
							_t23 = E004054B4();
							_t44 = _t23;
						} while (_t23 != 0);
						goto L14;
					}
				} else {
					do {
						_t33 =  *0x4bb054; // 0x0
						 *0x4bb054 = 0;
						 *_t33();
					} while ( *0x4bb054 != 0);
					L8:
					while(1) {
					}
				}
			}

0x00407764
0x00407766
0x0040776b
0x00407772
0x00407772
0x0040777e
0x00407792
0x0040779c
0x0040779c
0x004077a5
0x004077c9
0x004077cd
0x004077d6
0x004077d6
0x004077dd
0x004077fc
0x004077fc
0x00407805
0x0040780c
0x00407811
0x00407813
0x00407818
0x0040781b
0x0040781b
0x0040781e
0x00407821
0x00407828
0x00407828
0x00407821
0x00407811
0x0040782f
0x00407838
0x0040783a
0x0040783a
0x00407841
0x00407845
0x00407845
0x0040784d
0x00407856
0x00407858
0x00407858
0x00407861
0x00407861
0x00407873
0x00407873
0x00407875
0x00407876
0x00000000
0x004077df
0x004077df
0x004077e4
0x004077e8
0x00000000
0x00000000
0x00000000
0x00000000
0x004077ea
0x004077ea
0x004077ec
0x004077f1
0x004077f6
0x004077f8
0x00000000
0x004077ea
0x004077b0
0x004077b0
0x004077b0
0x004077b9
0x004077be
0x004077c0
0x00000000
0x004077c9
0x00000000
0x004077c9

APIs

GetCurrentThreadId.KERNEL32 ref: 00407780
FreeLibrary.KERNEL32(00400000,?,?,?,0040788A,004054FF,00405546,?,?,0040555F,?,?,?,?,00453AE2,00000000), ref: 00407828
ExitProcess.KERNEL32(00000000,?,?,?,0040788A,004054FF,00405546,?,?,0040555F,?,?,?,?,00453AE2,00000000), ref: 00407861

Part of subcall function 004076B8: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?,0040555F), ref: 004076F1
Part of subcall function 004076B8: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?), ref: 004076F7
Part of subcall function 004076B8: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?), ref: 00407712
Part of subcall function 004076B8: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?), ref: 00407718

Strings

MZP, xrefs: 00407827

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
String ID: MZP
API String ID: 3490077880-2889622443
Opcode ID: 1ba9ccdc5e5ec41ea7066db700fb32a50d39e50ecd0d58aa72eac7c5645d258d
Instruction ID: 4bb8ca2865ae45d0ec72c9e6ca862cba493d08d50c1d65b63798a8296780cd14
Opcode Fuzzy Hash: 1ba9ccdc5e5ec41ea7066db700fb32a50d39e50ecd0d58aa72eac7c5645d258d
Instruction Fuzzy Hash: 76317220E087415BE721BB7A888875B76E09B45315F14897FE541A33D2D77CB884CB6F

Uniqueness

Uniqueness Score: -1.00%

Function 00407748, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 86%

			E00407748() {
				intOrPtr* _t14;
				void* _t23;
				void* _t26;
				intOrPtr _t34;
				intOrPtr* _t36;
				void* _t50;
				struct HINSTANCE__* _t53;
				void* _t62;

				 *((intOrPtr*)(_t14 +  *_t14)) =  *((intOrPtr*)(_t14 +  *_t14)) + _t14 +  *_t14;
				if( *0x4b7004 != 0) {
					E00407630();
					E004076B8(_t50);
					 *0x4b7004 = 0;
				}
				if( *0x4bdbcc != 0 && GetCurrentThreadId() ==  *0x4bdbf4) {
					E00407388(0x4bdbc8);
					E0040768C(0x4bdbc8);
				}
				if( *0x004BDBC0 != 0 ||  *0x4bb054 == 0) {
					L9:
					if( *((char*)(0x4bdbc0)) == 2 &&  *0x4b7000 == 0) {
						 *0x004BDBA4 = 0;
					}
					if( *((char*)(0x4bdbc0)) != 0) {
						L15:
						E004073B0();
						if( *((char*)(0x4bdbc0)) <= 1 ||  *0x4b7000 != 0) {
							_t18 =  *0x004BDBA8;
							if( *0x004BDBA8 != 0) {
								E0040B40C(_t18);
								_t34 =  *((intOrPtr*)(0x4bdba8));
								_t8 = _t34 + 0x10; // 0x400000
								_t53 =  *_t8;
								_t9 = _t34 + 4; // 0x400000
								if(_t53 !=  *_t9 && _t53 != 0) {
									FreeLibrary(_t53);
								}
							}
						}
						E00407388(0x4bdb98);
						if( *((char*)(0x4bdbc0)) == 1) {
							 *0x004BDBBC();
						}
						if( *((char*)(0x4bdbc0)) != 0) {
							E0040768C(0x4bdb98);
						}
						if( *0x4bdb98 == 0) {
							if( *0x4bb038 != 0) {
								 *0x4bb038();
							}
							ExitProcess( *0x4b7000); // executed
						}
						memcpy(0x4bdb98,  *0x4bdb98, 0xc << 2);
						_t62 = _t62 + 0xc;
						0x4b7000 = 0x4b7000;
						0x4bdb98 = 0x4bdb98;
						goto L9;
					} else {
						_t23 = E004054B4();
						_t48 = _t23;
						if(_t23 == 0) {
							goto L15;
						} else {
							goto L14;
						}
						do {
							L14:
							E00405CE8(_t48);
							_t26 = E004054B4();
							_t48 = _t26;
						} while (_t26 != 0);
						goto L15;
					}
				} else {
					do {
						_t36 =  *0x4bb054; // 0x0
						 *0x4bb054 = 0;
						 *_t36();
					} while ( *0x4bb054 != 0);
					L9:
					while(1) {
					}
				}
			}

0x0040774a
0x00407764
0x00407766
0x0040776b
0x00407772
0x00407772
0x0040777e
0x00407792
0x0040779c
0x0040779c
0x004077a5
0x004077c9
0x004077cd
0x004077d6
0x004077d6
0x004077dd
0x004077fc
0x004077fc
0x00407805
0x0040780c
0x00407811
0x00407813
0x00407818
0x0040781b
0x0040781b
0x0040781e
0x00407821
0x00407828
0x00407828
0x00407821
0x00407811
0x0040782f
0x00407838
0x0040783a
0x0040783a
0x00407841
0x00407845
0x00407845
0x0040784d
0x00407856
0x00407858
0x00407858
0x00407861
0x00407861
0x00407873
0x00407873
0x00407875
0x00407876
0x00000000
0x004077df
0x004077df
0x004077e4
0x004077e8
0x00000000
0x00000000
0x00000000
0x00000000
0x004077ea
0x004077ea
0x004077ec
0x004077f1
0x004077f6
0x004077f8
0x00000000
0x004077ea
0x004077b0
0x004077b0
0x004077b0
0x004077b9
0x004077be
0x004077c0
0x00000000
0x004077c9
0x00000000
0x004077c9

APIs

GetCurrentThreadId.KERNEL32 ref: 00407780
FreeLibrary.KERNEL32(00400000,?,?,?,0040788A,004054FF,00405546,?,?,0040555F,?,?,?,?,00453AE2,00000000), ref: 00407828
ExitProcess.KERNEL32(00000000,?,?,?,0040788A,004054FF,00405546,?,?,0040555F,?,?,?,?,00453AE2,00000000), ref: 00407861

Part of subcall function 004076B8: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?,0040555F), ref: 004076F1
Part of subcall function 004076B8: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?), ref: 004076F7
Part of subcall function 004076B8: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?), ref: 00407712
Part of subcall function 004076B8: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?), ref: 00407718

Strings

MZP, xrefs: 00407827

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
String ID: MZP
API String ID: 3490077880-2889622443
Opcode ID: 1e4888025ee955e8cc7e0f2d2f1a13e961f3985afae2446d4f356ca194078bac
Instruction ID: bfc25cbdcfe625b544084418af651039c1e49876b6b13a82c314e6a817d38f33
Opcode Fuzzy Hash: 1e4888025ee955e8cc7e0f2d2f1a13e961f3985afae2446d4f356ca194078bac
Instruction Fuzzy Hash: E3314D20E087419BE721BB7A888935B7BA09B05315F14897FE541A73D2D77CB884CB6F

Uniqueness

Uniqueness Score: -1.00%

Function 004B5000, Relevance: 6.0, APIs: 4, Instructions: 43
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 79%

			E004B5000(void* __ecx, void* __edx) {
				intOrPtr _t19;
				intOrPtr _t22;

				_push(_t22);
				_push(0x4b50d7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t22;
				 *0x4bb98c =  *0x4bb98c - 1;
				if( *0x4bb98c < 0) {
					E00405B74();
					E004051A8();
					SetThreadLocale(0x400); // executed
					E0040A250();
					 *0x4b700c = 2;
					 *0x4bb01c = 0x4036b0;
					 *0x4bb020 = 0x4036b8;
					 *0x4bb05a = 2;
					 *0x4bb060 = E0040CAA4();
					 *0x4bb008 = 0x4095a0;
					E00405BCC(E00405BB0());
					 *0x4bb068 = 0xd7b0;
					 *0x4bb344 = 0xd7b0;
					 *0x4bb620 = 0xd7b0;
					 *0x4bb050 = GetCommandLineW();
					 *0x4bb04c = E00403810();
					 *0x4bb97c = GetACP();
					 *0x4bb980 = 0x4b0;
					 *0x4bb044 = GetCurrentThreadId();
					E0040CAB8();
				}
				_pop(_t19);
				 *[fs:eax] = _t19;
				_push(0x4b50de);
				return 0;
			}

0x004b5005
0x004b5006
0x004b500b
0x004b500e
0x004b5011
0x004b5018
0x004b501e
0x004b5023
0x004b502d
0x004b5032
0x004b5037
0x004b503e
0x004b5048
0x004b5052
0x004b505e
0x004b5063
0x004b5072
0x004b5077
0x004b5080
0x004b5089
0x004b5097
0x004b50a1
0x004b50ab
0x004b50b0
0x004b50bf
0x004b50c4
0x004b50c4
0x004b50cb
0x004b50ce
0x004b50d1
0x004b50d6

APIs

SetThreadLocale.KERNEL32(00000400,00000000,004B50D7), ref: 004B502D

Part of subcall function 0040A250: InitializeCriticalSection.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A255
Part of subcall function 0040A250: GetVersion.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A263
Part of subcall function 0040A250: GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A28A
Part of subcall function 0040A250: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A290
Part of subcall function 0040A250: GetModuleHandleW.KERNEL32(kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2A4
Part of subcall function 0040A250: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A2AA
Part of subcall function 0040A250: GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadUILanguage,00000000,kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2BE
Part of subcall function 0040A250: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A2C4

Part of subcall function 0040CAA4: GetSystemInfo.KERNEL32 ref: 0040CAA8

GetCommandLineW.KERNEL32(00000400,00000000,004B50D7), ref: 004B5092

Part of subcall function 00403810: GetStartupInfoW.KERNEL32 ref: 00403821

GetACP.KERNEL32(00000400,00000000,004B50D7), ref: 004B50A6
GetCurrentThreadId.KERNEL32 ref: 004B50BA

Part of subcall function 0040CAB8: GetVersion.KERNEL32(004B50C9,00000400,00000000,004B50D7), ref: 0040CAB8

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressHandleModuleProc$InfoThreadVersion$CommandCriticalCurrentInitializeLineLocaleSectionStartupSystem
String ID:
API String ID: 2740004594-0
Opcode ID: aeeb1ef19c021384e5e919f33d2f1f63d534ea4b25bb20b8f726cabb6b9d9f22
Instruction ID: 4c04e7183c3d5c6504f231a905193e891933426fc174ea8e71756e1f90614aff
Opcode Fuzzy Hash: aeeb1ef19c021384e5e919f33d2f1f63d534ea4b25bb20b8f726cabb6b9d9f22
Instruction Fuzzy Hash: 46111CB04047449FE311BF76A8062267BA8EB05309B508A7FE110662E2EBFD15048FEE

Uniqueness

Uniqueness Score: -1.00%

Function 004AEFDC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 73%

			E004AEFDC(void* __eax, long __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char* _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				int _t30;
				intOrPtr _t63;
				void* _t71;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t76;

				_t71 = __edi;
				_t54 = __ebx;
				_t75 = _t76;
				_t55 = 4;
				do {
					_push(0);
					_push(0);
					_t55 = _t55 - 1;
				} while (_t55 != 0);
				_push(_t55);
				_push(__ebx);
				_t73 = __eax;
				_t78 = 0;
				_push(_t75);
				_push(0x4af0d1);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				while(1) {
					E00422D70( &_v12, _t54, _t55, _t78); // executed
					_t55 = L".tmp";
					E004AEEC0(0, _t54, L".tmp", _v12, _t71, _t73,  &_v8); // executed
					_t30 = CreateDirectoryW(E004084EC(_v8), 0); // executed
					if(_t30 != 0) {
						break;
					}
					_t54 = GetLastError();
					_t78 = _t54 - 0xb7;
					if(_t54 != 0xb7) {
						E00426F08(0x3b,  &_v32, _v8);
						_v28 = _v32;
						E00419E18( &_v36, _t54, 0);
						_v24 = _v36;
						E004232EC(_t54,  &_v40);
						_v20 = _v40;
						E00426ED8(0x70, 2,  &_v28,  &_v16);
						_t55 = _v16;
						E0041F264(_v16, 1);
						E0040711C();
					}
				}
				E00407E00(_t73, _v8);
				__eflags = 0;
				_pop(_t63);
				 *[fs:eax] = _t63;
				_push(E004AF0D8);
				E00407A80( &_v40, 3);
				return E00407A80( &_v16, 3);
			}

0x004aefdc
0x004aefdc
0x004aefdd
0x004aefdf
0x004aefe4
0x004aefe4
0x004aefe6
0x004aefe8
0x004aefe8
0x004aefeb
0x004aefec
0x004aefee
0x004aeff0
0x004aeff2
0x004aeff3
0x004aeff8
0x004aeffb
0x004aeffe
0x004af005
0x004af00d
0x004af014
0x004af024
0x004af02b
0x00000000
0x00000000
0x004af032
0x004af034
0x004af03a
0x004af048
0x004af050
0x004af05c
0x004af064
0x004af06c
0x004af074
0x004af081
0x004af086
0x004af090
0x004af095
0x004af095
0x004af03a
0x004af0a4
0x004af0a9
0x004af0ab
0x004af0ae
0x004af0b1
0x004af0be
0x004af0d0

APIs

CreateDirectoryW.KERNEL32(00000000,00000000,?,00000000,004AF0D1,?,?,?,00000003,00000000,00000000,?,004B619D), ref: 004AF024
GetLastError.KERNEL32(00000000,00000000,?,00000000,004AF0D1,?,?,?,00000003,00000000,00000000,?,004B619D), ref: 004AF02D

Strings

.tmp, xrefs: 004AF00D

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID: .tmp
API String ID: 1375471231-2986845003
Opcode ID: c75eac645f26e3426e01610e57b4024922a873173148b92a04778a5a1a6e5061
Instruction ID: b7596c477a5c5600326e1223ca3cfb4fcc6b3a27470c234041d6d6c97c1718c4
Opcode Fuzzy Hash: c75eac645f26e3426e01610e57b4024922a873173148b92a04778a5a1a6e5061
Instruction Fuzzy Hash: EB217675A042189FDB10EBA5C842ADFB3B9EB49304F51447BF901B7381DA3C6E058BA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040E450, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040E450(long __eax, WCHAR* __edx, void* _a4, struct HINSTANCE__* _a8, struct HMENU__* _a12, struct HWND__* _a16, int _a20, int _a24, int _a28, int _a32, long _a36) {
				WCHAR* _v8;
				void* _t13;
				struct HWND__* _t24;
				WCHAR* _t29;
				long _t32;

				_v8 = _t29;
				_t32 = __eax;
				_t13 = E00405740();
				_t24 = CreateWindowExW(_t32, __edx, _v8, _a36, _a32, _a28, _a24, _a20, _a16, _a12, _a8, _a4); // executed
				E00405730(_t13);
				return _t24;
			}

0x0040e457
0x0040e45c
0x0040e45e
0x0040e48f
0x0040e498
0x0040e4a4

APIs

CreateWindowExW.USER32 ref: 0040E48F

Strings

InnoSetupLdrWindow, xrefs: 0040E453
STATIC, xrefs: 0040E48D

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CreateWindow
String ID: InnoSetupLdrWindow$STATIC
API String ID: 716092398-2209255943
Opcode ID: 4ba199ab3c1e041c72a50ebd66c3ee798d5f8225e8fee486b5eb3d70e3749009
Instruction ID: 770f17d29583ffea265d4876c6cd55b491c436ce5e2cc0b006eebdc9bc405b2a
Opcode Fuzzy Hash: 4ba199ab3c1e041c72a50ebd66c3ee798d5f8225e8fee486b5eb3d70e3749009
Instruction Fuzzy Hash: 73F07FB6600118AF9B84DE9EDC85E9B77ECEB4D264B05412ABA08E7201D634ED118BA4

Uniqueness

Uniqueness Score: -1.00%

Function 004AF1A4, Relevance: 5.0, APIs: 4, Instructions: 45
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E004AF1A4(long __eax, intOrPtr __edx, long _a4, long _a8) {
				intOrPtr _v8;
				long _t5;
				long _t9;
				void* _t10;
				void* _t13;
				void* _t15;
				void* _t16;

				_t5 = __eax;
				_v8 = __edx;
				_t9 = __eax;
				_t15 = _t10 - 1;
				if(_t15 < 0) {
					L10:
					return _t5;
				}
				_t16 = _t15 + 1;
				_t13 = 0;
				while(1) {
					_t19 = _t13 - 1;
					if(_t13 != 1) {
						__eflags = _t13 - 1;
						if(__eflags > 0) {
							Sleep(_a4);
						}
					} else {
						Sleep(_a8);
					}
					_t5 = E0042714C(_t9, _v8, _t19); // executed
					if(_t5 != 0) {
						goto L10;
					}
					_t5 = GetLastError();
					if(_t5 == 2) {
						goto L10;
					}
					_t5 = GetLastError();
					if(_t5 == 3) {
						goto L10;
					}
					_t13 = _t13 + 1;
					_t16 = _t16 - 1;
					if(_t16 != 0) {
						continue;
					}
					goto L10;
				}
				goto L10;
			}

0x004af1a4
0x004af1ab
0x004af1ae
0x004af1b2
0x004af1b5
0x004af203
0x004af203
0x004af203
0x004af1b7
0x004af1b8
0x004af1ba
0x004af1ba
0x004af1bd
0x004af1ca
0x004af1cd
0x004af1d3
0x004af1d3
0x004af1bf
0x004af1c3
0x004af1c3
0x004af1dd
0x004af1e4
0x00000000
0x00000000
0x004af1e6
0x004af1ee
0x00000000
0x00000000
0x004af1f0
0x004af1f8
0x00000000
0x00000000
0x004af1fa
0x004af1fb
0x004af1fc
0x00000000
0x00000000
0x00000000
0x004af1fc
0x00000000

APIs

Sleep.KERNEL32(?,?,?,?,0000000D,?,004B64E8,000000FA,00000032,004B6550), ref: 004AF1C3
Sleep.KERNEL32(?,?,?,?,0000000D,?,004B64E8,000000FA,00000032,004B6550), ref: 004AF1D3
GetLastError.KERNEL32(?,?,?,0000000D,?,004B64E8,000000FA,00000032,004B6550), ref: 004AF1E6
GetLastError.KERNEL32(?,?,?,0000000D,?,004B64E8,000000FA,00000032,004B6550), ref: 004AF1F0

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ErrorLastSleep
String ID:
API String ID: 1458359878-0
Opcode ID: c1e87398912020d40a8f3f3fc67c7cd229e5b3e9e72c69b22c238851739674ee
Instruction ID: 41f2dccd4b5f7aab24c83a5e2e8d9b15ebe3d7cab8471b1031266df413ad678e
Opcode Fuzzy Hash: c1e87398912020d40a8f3f3fc67c7cd229e5b3e9e72c69b22c238851739674ee
Instruction Fuzzy Hash: F0F09632705224E65624A5EEDC46D6FB298DEB2364720463BE904D7341D438CC4543A9

Uniqueness

Uniqueness Score: -1.00%

Function 0041FF94, Relevance: 4.6, APIs: 3, Instructions: 93
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E0041FF94(void* __eax, void* __ebx, signed int* __ecx, signed int* __edx, void* __edi, void* __esi, signed int* _a4) {
				char _v8;
				char _v9;
				int _v16;
				void* _v20;
				void* _v24;
				int _v28;
				int _t33;
				int _t43;
				int _t64;
				intOrPtr _t72;
				intOrPtr _t74;
				signed int* _t77;
				signed int* _t79;
				void* _t81;
				void* _t82;
				intOrPtr _t83;

				_t81 = _t82;
				_t83 = _t82 + 0xffffffe8;
				_v8 = 0;
				_t77 = __ecx;
				_t79 = __edx;
				_push(_t81);
				_push(0x420094);
				_push( *[fs:eax]);
				 *[fs:eax] = _t83;
				_v9 = 0;
				E00407E48( &_v8, __eax);
				E00407FB0( &_v8);
				_t33 = GetFileVersionInfoSizeW(E004084EC(_v8),  &_v16); // executed
				_t64 = _t33;
				if(_t64 == 0) {
					_pop(_t72);
					 *[fs:eax] = _t72;
					_push(0x42009b);
					return E00407A20( &_v8);
				} else {
					_v20 = E004053F0(_t64);
					_push(_t81);
					_push(0x420077);
					_push( *[fs:edx]);
					 *[fs:edx] = _t83;
					_t43 = GetFileVersionInfoW(E004084EC(_v8), _v16, _t64, _v20); // executed
					if(_t43 != 0 && VerQueryValueW(_v20, 0x4200a8,  &_v24,  &_v28) != 0) {
						 *_t79 =  *(_v24 + 0x10) >> 0x00000010 & 0x0000ffff;
						 *_t77 =  *(_v24 + 0x10) & 0x0000ffff;
						 *_a4 =  *(_v24 + 0x14) >> 0x00000010 & 0x0000ffff;
						_v9 = 1;
					}
					_pop(_t74);
					 *[fs:eax] = _t74;
					_push(0x42007e);
					return E0040540C(_v20);
				}
			}

0x0041ff95
0x0041ff97
0x0041ff9f
0x0041ffa2
0x0041ffa4
0x0041ffaa
0x0041ffab
0x0041ffb0
0x0041ffb3
0x0041ffb6
0x0041ffbf
0x0041ffc7
0x0041ffd9
0x0041ffde
0x0041ffe2
0x00420080
0x00420083
0x00420086
0x00420093
0x0041ffe8
0x0041ffef
0x0041fff4
0x0041fff5
0x0041fffa
0x0041fffd
0x00420012
0x00420019
0x00420041
0x0042004a
0x0042005b
0x0042005d
0x0042005d
0x00420063
0x00420066
0x00420069
0x00420076
0x00420076

APIs

GetFileVersionInfoSizeW.VERSION(00000000,?,00000000,00420094), ref: 0041FFD9
GetFileVersionInfoW.VERSION(00000000,?,00000000,?,00000000,00420077,?,00000000,?,00000000,00420094), ref: 00420012
VerQueryValueW.VERSION(?,004200A8,?,?,00000000,?,00000000,?,00000000,00420077,?,00000000,?,00000000,00420094), ref: 0042002C

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileInfoVersion$QuerySizeValue
String ID:
API String ID: 2179348866-0
Opcode ID: db1b7188df03ba7b3b32e0e3197f16d1bbb1710ebdecda22b0e2c2fca2e7d661
Instruction ID: 087fa93cc02b824bee97242c1a4c1e6fbe52d07f241be95d6751b2a9bfa32856
Opcode Fuzzy Hash: db1b7188df03ba7b3b32e0e3197f16d1bbb1710ebdecda22b0e2c2fca2e7d661
Instruction Fuzzy Hash: 19314771A042199FD710DFA9D941DAFB7F8EB48700B91447AF944E3252D778DD00C765

Uniqueness

Uniqueness Score: -1.00%

Function 0040B110, Relevance: 3.1, APIs: 2, Instructions: 93
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E0040B110(intOrPtr __eax, void* __ebx, signed int __ecx, signed int __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _t41;
				signed short _t43;
				signed short _t46;
				signed int _t60;
				intOrPtr _t68;
				void* _t79;
				signed int* _t81;
				intOrPtr _t84;

				_t79 = __edi;
				_t61 = __ecx;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t81 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E00407B04(_v8);
				E00407B04(_v12);
				_push(_t84);
				_push(0x40b227);
				_push( *[fs:eax]);
				 *[fs:eax] = _t84;
				E00407A20(__ecx);
				if(_v12 == 0) {
					L14:
					_pop(_t68);
					 *[fs:eax] = _t68;
					_push(E0040B22E);
					return E00407A80( &_v28, 6);
				}
				E00407E48( &_v20, _v12);
				_t41 = _v12;
				if(_t41 != 0) {
					_t41 =  *(_t41 - 4);
				}
				_t60 = _t41;
				if(_t60 < 1) {
					L7:
					_t43 = E0040AE34(_v8, _t60, _t61,  &_v16, _t81); // executed
					if(_v16 == 0) {
						L00403730();
						E0040A7E4(_t43, _t60,  &_v24, _t79, _t81);
						_t46 = E0040AF60(_v20, _t60, _t81, _v24, _t79, _t81); // executed
						__eflags =  *_t81;
						if( *_t81 == 0) {
							__eflags =  *0x4bdc0c;
							if( *0x4bdc0c == 0) {
								L00403738();
								E0040A7E4(_t46, _t60,  &_v28, _t79, _t81);
								E0040AF60(_v20, _t60, _t81, _v28, _t79, _t81);
							}
						}
						__eflags =  *_t81;
						if(__eflags == 0) {
							E0040B044(_v20, _t60, _t81, __eflags); // executed
						}
					} else {
						E0040AF60(_v20, _t60, _t81, _v16, _t79, _t81);
					}
					goto L14;
				}
				while( *((short*)(_v12 + _t60 * 2 - 2)) != 0x2e) {
					_t60 = _t60 - 1;
					__eflags = _t60;
					if(_t60 != 0) {
						continue;
					}
					goto L7;
				}
				_t61 = _t60;
				E004088AC(_v12, _t60, 1,  &_v20);
				goto L7;
			}

0x0040b110
0x0040b110
0x0040b113
0x0040b115
0x0040b117
0x0040b119
0x0040b11b
0x0040b11d
0x0040b11f
0x0040b120
0x0040b121
0x0040b123
0x0040b126
0x0040b12c
0x0040b134
0x0040b13b
0x0040b13c
0x0040b141
0x0040b144
0x0040b149
0x0040b152
0x0040b20c
0x0040b20e
0x0040b211
0x0040b214
0x0040b226
0x0040b226
0x0040b15e
0x0040b163
0x0040b168
0x0040b16d
0x0040b16d
0x0040b16f
0x0040b174
0x0040b19b
0x0040b1a1
0x0040b1aa
0x0040b1bb
0x0040b1c3
0x0040b1d0
0x0040b1d5
0x0040b1d8
0x0040b1da
0x0040b1e1
0x0040b1e3
0x0040b1eb
0x0040b1f8
0x0040b1f8
0x0040b1e1
0x0040b1fd
0x0040b200
0x0040b207
0x0040b207
0x0040b1ac
0x0040b1b4
0x0040b1b4
0x00000000
0x0040b1aa
0x0040b176
0x0040b196
0x0040b197
0x0040b199
0x00000000
0x00000000
0x00000000
0x0040b199
0x0040b185
0x0040b18f
0x00000000

APIs

GetUserDefaultUILanguage.KERNEL32(00000000,0040B227,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040B2AE,00000000,?,00000105), ref: 0040B1BB
GetSystemDefaultUILanguage.KERNEL32(00000000,0040B227,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040B2AE,00000000,?,00000105), ref: 0040B1E3

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: DefaultLanguage$SystemUser
String ID:
API String ID: 384301227-0
Opcode ID: 8091743a5a45bbad2069f173d476493d8776fa257b9783c2651a700d4e0e0a8f
Instruction ID: e5bcb09f7540d0846d638ab8db7cc306f2a88a3609992180fc1e837192b0f5a6
Opcode Fuzzy Hash: 8091743a5a45bbad2069f173d476493d8776fa257b9783c2651a700d4e0e0a8f
Instruction Fuzzy Hash: B0313070A142499BDB10EBA5C891AAEB7B5EF48304F50857BE400B73D1DB7CAD41CB9E

Uniqueness

Uniqueness Score: -1.00%

Function 0040B234, Relevance: 3.1, APIs: 2, Instructions: 55
libraryCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E0040B234(void* __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				short _v530;
				char _v536;
				char _v540;
				void* _t44;
				intOrPtr _t45;
				void* _t49;
				void* _t52;

				_v536 = 0;
				_v540 = 0;
				_v8 = 0;
				_t49 = __eax;
				_push(_t52);
				_push(0x40b2ee);
				_push( *[fs:eax]);
				 *[fs:eax] = _t52 + 0xfffffde8;
				GetModuleFileNameW(0,  &_v530, 0x105);
				E00408550( &_v536, _t49);
				_push(_v536);
				E0040858C( &_v540, 0x105,  &_v530);
				_pop(_t44); // executed
				E0040B110(_v540, 0,  &_v8, _t44, __edi, _t49); // executed
				if(_v8 != 0) {
					LoadLibraryExW(E004084EC(_v8), 0, 2);
				}
				_pop(_t45);
				 *[fs:eax] = _t45;
				_push(E0040B2F5);
				E00407A80( &_v540, 2);
				return E00407A20( &_v8);
			}

0x0040b241
0x0040b247
0x0040b24d
0x0040b250
0x0040b254
0x0040b255
0x0040b25a
0x0040b25d
0x0040b270
0x0040b27d
0x0040b288
0x0040b29a
0x0040b2a8
0x0040b2a9
0x0040b2b2
0x0040b2c1
0x0040b2c6
0x0040b2ca
0x0040b2cd
0x0040b2d0
0x0040b2e0
0x0040b2ed

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040B2EE,?,?,00000000), ref: 0040B270
LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040B2EE,?,?,00000000), ref: 0040B2C1

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileLibraryLoadModuleName
String ID:
API String ID: 1159719554-0
Opcode ID: c89eb0a175d0b8486c29a163bc28afc1dff8206c8c77fc3926f93841ada109dc
Instruction ID: c66d7809fa1512833e1e01641763b0ecb7dd00f0751393a0e64d94d028879d96
Opcode Fuzzy Hash: c89eb0a175d0b8486c29a163bc28afc1dff8206c8c77fc3926f93841ada109dc
Instruction Fuzzy Hash: 35116070A4421CABDB10EB55CD86BDE77B8DB04304F5144BEE508B32C1DA785F848AA9

Uniqueness

Uniqueness Score: -1.00%

Function 0042714C, Relevance: 3.0, APIs: 2, Instructions: 42
fileCOMMON

Download Yara Rule

C-Code - Quality: 60%

			E0042714C(void* __eax, void* __edx, void* __eflags) {
				int _v8;
				char _v16;
				long _v20;
				int _t13;
				intOrPtr _t27;
				void* _t32;
				void* _t34;
				intOrPtr _t35;

				_t32 = _t34;
				_t35 = _t34 + 0xfffffff0;
				if(E00427100(__eax,  &_v16) != 0) {
					_push(_t32);
					_push(0x4271a9);
					_push( *[fs:eax]);
					 *[fs:eax] = _t35;
					_t13 = DeleteFileW(E004084EC(__edx)); // executed
					_v8 = _t13;
					_v20 = GetLastError();
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(E004271B0);
					return E0042713C( &_v16);
				} else {
					_v8 = 0;
					return _v8;
				}
			}

0x0042714d
0x0042714f
0x00427164
0x0042716f
0x00427170
0x00427175
0x00427178
0x00427183
0x00427188
0x00427190
0x00427195
0x00427198
0x0042719b
0x004271a8
0x00427166
0x00427168
0x004271c1
0x004271c1

APIs

DeleteFileW.KERNEL32(00000000,00000000,004271A9,?,0000000D,00000000), ref: 00427183
GetLastError.KERNEL32(00000000,00000000,004271A9,?,0000000D,00000000), ref: 0042718B

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: DeleteErrorFileLast
String ID:
API String ID: 2018770650-0
Opcode ID: fb265b3914bec14af5fbd2795fa5d6ad5009cb2eebf404f6a7520a979d54d266
Instruction ID: 5c745cc114b774f2c3f546e8241c6a746048c5dd5cabe09facdda73b7663d901
Opcode Fuzzy Hash: fb265b3914bec14af5fbd2795fa5d6ad5009cb2eebf404f6a7520a979d54d266
Instruction Fuzzy Hash: 24F0C831B082289FDB01DFB6AC414BEB3E8DF0971479149BBE804E3341EA795D2086A8

Uniqueness

Uniqueness Score: -1.00%

Function 00421230, Relevance: 3.0, APIs: 2, Instructions: 33
libraryCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E00421230(void* __eax, void* __ebx, int __edx) {
				struct HINSTANCE__* _v12;
				int _v16;
				int _t4;
				struct HINSTANCE__* _t9;
				void* _t12;
				intOrPtr _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;

				_t18 = _t19;
				_t20 = _t19 + 0xfffffff4;
				_t12 = __eax;
				_t4 = SetErrorMode(__edx); // executed
				_v16 = _t4;
				_push(_t18);
				_push(0x4212a2);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				asm("fnstcw word [ebp-0x2]");
				_push(_t18);
				_push(0x421284);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				_t9 = LoadLibraryW(E004084EC(_t12)); // executed
				_v12 = _t9;
				_pop(_t16);
				 *[fs:eax] = _t16;
				_push(0x42128b);
				asm("fclex");
				asm("fldcw word [ebp-0x2]");
				return 0;
			}

0x00421231
0x00421233
0x00421237
0x0042123a
0x0042123f
0x00421244
0x00421245
0x0042124a
0x0042124d
0x00421250
0x00421255
0x00421256
0x0042125b
0x0042125e
0x00421269
0x0042126e
0x00421273
0x00421276
0x00421279
0x0042127e
0x00421280
0x00421283

APIs

SetErrorMode.KERNEL32 ref: 0042123A
LoadLibraryW.KERNEL32(00000000,00000000,00421284,?,00000000,004212A2), ref: 00421269

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ErrorLibraryLoadMode
String ID:
API String ID: 2987862817-0
Opcode ID: 5d62b3fe4766baadd73c675683546c7f58e01c4ce11fe1a914dda1a55ed8f36c
Instruction ID: 4174928c950a8c4d8a753a2a73b5e5f46ee32f9a8ef6f103d2b3a03bcfaff51e
Opcode Fuzzy Hash: 5d62b3fe4766baadd73c675683546c7f58e01c4ce11fe1a914dda1a55ed8f36c
Instruction Fuzzy Hash: 15F08270A14744BFDB115F779C5282BBAACE709B047A348BAF800F2691E53C48208574

Uniqueness

Uniqueness Score: -1.00%

Function 004052D4, Relevance: 2.6, APIs: 2, Instructions: 63
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004052D4() {
				intOrPtr _t13;
				intOrPtr* _t14;
				int _t18;
				intOrPtr* _t23;
				void* _t25;
				void* _t26;
				void* _t28;
				void* _t31;

				_t28 =  *0x004BBADC;
				while(_t28 != 0x4bbad8) {
					_t2 = _t28 + 4; // 0x4bbad8
					VirtualFree(_t28, 0, 0x8000); // executed
					_t28 =  *_t2;
				}
				_t25 = 0x37;
				_t13 = 0x4b7080;
				do {
					 *((intOrPtr*)(_t13 + 0xc)) = _t13;
					 *((intOrPtr*)(_t13 + 8)) = _t13;
					 *((intOrPtr*)(_t13 + 0x10)) = 1;
					 *((intOrPtr*)(_t13 + 0x14)) = 0;
					_t13 = _t13 + 0x20;
					_t25 = _t25 - 1;
				} while (_t25 != 0);
				 *0x4bbad8 = 0x4bbad8;
				 *0x004BBADC = 0x4bbad8;
				_t26 = 0x400;
				_t23 = 0x4bbb78;
				do {
					_t14 = _t23;
					 *_t14 = _t14;
					_t8 = _t14 + 4; // 0x4bbb78
					 *_t8 = _t14;
					_t23 = _t23 + 8;
					_t26 = _t26 - 1;
				} while (_t26 != 0);
				 *0x4bbaf4 = 0;
				E00405884(0x4bbaf8, 0x80);
				_t18 = 0;
				 *0x4bbaf0 = 0;
				_t31 =  *0x004BDB80;
				while(_t31 != 0x4bdb7c) {
					_t10 = _t31 + 4; // 0x4bdb7c
					_t18 = VirtualFree(_t31, 0, 0x8000);
					_t31 =  *_t10;
				}
				 *0x4bdb7c = 0x4bdb7c;
				 *0x004BDB80 = 0x4bdb7c;
				return _t18;
			}

0x004052e2
0x004052f9
0x004052e7
0x004052f2
0x004052f7
0x004052f7
0x004052fd
0x00405302
0x00405307
0x00405309
0x0040530e
0x00405311
0x0040531a
0x0040531d
0x00405320
0x00405320
0x00405323
0x00405325
0x00405328
0x0040532d
0x00405332
0x00405332
0x00405334
0x00405336
0x00405336
0x00405339
0x0040533c
0x0040533c
0x00405341
0x00405352
0x00405357
0x00405359
0x0040535e
0x00405375
0x00405363
0x0040536e
0x00405373
0x00405373
0x00405379
0x0040537b
0x00405382

APIs

VirtualFree.KERNEL32(004BBAD8,00000000,00008000,?,?,?,?,004053D4,0040CB76,00000000,0040CB94), ref: 004052F2
VirtualFree.KERNEL32(004BDB7C,00000000,00008000,004BBAD8,00000000,00008000,?,?,?,?,004053D4,0040CB76,00000000,0040CB94), ref: 0040536E

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 2ac254642d4a9788115c799da738c06d3b344f11962515fad3d8dec7c1c1ac76
Instruction ID: 8dfda0fc8014d777c4f42bdf36328f4fb77b4e1ecbcf9529c7d2d9386e1eba40
Opcode Fuzzy Hash: 2ac254642d4a9788115c799da738c06d3b344f11962515fad3d8dec7c1c1ac76
Instruction Fuzzy Hash: A5116D71A046008FC7689F199840B67BBE4EB88754F15C0BFE549EB791D7B8AC018F9C

Uniqueness

Uniqueness Score: -1.00%

Function 004232EC, Relevance: 1.5, APIs: 1, Instructions: 28
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004232EC(long __eax, void* __edx) {
				short _v2052;
				signed int _t7;
				void* _t10;
				signed int _t16;
				void* _t17;

				_t10 = __edx;
				_t7 = FormatMessageW(0x3200, 0, __eax, 0,  &_v2052, 0x400, 0); // executed
				while(_t7 > 0) {
					_t16 =  *(_t17 + _t7 * 2 - 2) & 0x0000ffff;
					if(_t16 <= 0x20) {
						L1:
						_t7 = _t7 - 1;
						__eflags = _t7;
						continue;
					} else {
						_t20 = _t16 - 0x2e;
						if(_t16 == 0x2e) {
							goto L1;
						}
					}
					break;
				}
				return E00407BA8(_t10, _t7, _t17, _t20);
			}

0x004232f3
0x0042330b
0x00423313
0x00423317
0x00423320
0x00423312
0x00423312
0x00423312
0x00000000
0x00423322
0x00423322
0x00423326
0x00000000
0x00000000
0x00423326
0x00000000
0x00423320
0x00423339

APIs

FormatMessageW.KERNEL32(00003200,00000000,00000000,00000000,?,00000400,00000000,00000000,00423C1E,00000000,00423C6F,?,00423E28), ref: 0042330B

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: 8c28d4cd2feba8420b72e2c8323dac74420019247290cbce7f55a68a80108edc
Instruction ID: 75fedbff241bec6efc8727d26b236f8c34027f11b3bdd8370f626a5f6d270aaf
Opcode Fuzzy Hash: 8c28d4cd2feba8420b72e2c8323dac74420019247290cbce7f55a68a80108edc
Instruction Fuzzy Hash: 89E0D86075432121F624A9052C03B7B2129A7C0B12FE084367A80DE3D5DEADAF55525E

Uniqueness

Uniqueness Score: -1.00%

Function 00422A18, Relevance: 1.5, APIs: 1, Instructions: 27
COMMON

Download Yara Rule

C-Code - Quality: 31%

			E00422A18(void* __eax, void* __ebx, void* __ecx, void* __eflags) {
				char _v8;
				intOrPtr _t21;
				intOrPtr _t24;

				_push(0);
				_push(_t24);
				_push(0x422a5e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t24;
				E004229AC(__eax, __ecx,  &_v8, __eflags);
				GetFileAttributesW(E004084EC(_v8)); // executed
				_pop(_t21);
				 *[fs:eax] = _t21;
				_push(E00422A65);
				return E00407A20( &_v8);
			}

0x00422a1b
0x00422a22
0x00422a23
0x00422a28
0x00422a2b
0x00422a33
0x00422a41
0x00422a4a
0x00422a4d
0x00422a50
0x00422a5d

APIs

GetFileAttributesW.KERNEL32(00000000,00000000,00422A5E,?,?,00000000,?,00422A71,00422DE2,00000000,00422E27,?,?,00000000,00000000), ref: 00422A41

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 8cd9a521966ca01502d57987e2d96a70fbf8ec2bcb71e07358b87aea606a80f7
Instruction ID: ce0c41168f735205187e46b6c3e9294348714fcf51f30dd0002a5427be662740
Opcode Fuzzy Hash: 8cd9a521966ca01502d57987e2d96a70fbf8ec2bcb71e07358b87aea606a80f7
Instruction Fuzzy Hash: D7E09231704308BBD721EB76DE9291AB7ECD788700BA14876B500E7682E6B86E108418

Uniqueness

Uniqueness Score: -1.00%

Function 00423DA8, Relevance: 1.5, APIs: 1, Instructions: 26
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00423DA8(signed int __ecx, void* __edx, signed char _a4, signed char _a8) {
				void* _t17;

				_t17 = CreateFileW(E004084EC(__edx),  *(0x4b92e0 + (_a8 & 0x000000ff) * 4),  *(0x4b92ec + (_a4 & 0x000000ff) * 4), 0,  *(0x4b92fc + (__ecx & 0x000000ff) * 4), 0x80, 0); // executed
				return _t17;
			}

0x00423de5
0x00423ded

APIs

CreateFileW.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 00423DE5

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: dd9159e21b70a0e7bcb8d3c3b5b03a1c2ffc365921e6ade8a7c7864e99aae5ed
Instruction ID: 37fe8146f2431012b4276926014d9d5fd10bf57e8855788e2bc853c5fce69268
Opcode Fuzzy Hash: dd9159e21b70a0e7bcb8d3c3b5b03a1c2ffc365921e6ade8a7c7864e99aae5ed
Instruction Fuzzy Hash: 81E048716441283FD6149ADE7C91F76779C9709754F404563F684D7281C4A59D1086FC

Uniqueness

Uniqueness Score: -1.00%

Function 00409FA8, Relevance: 1.5, APIs: 1, Instructions: 26
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00409FA8(void* __eax) {
				short _v532;
				void* __ebx;
				void* __esi;
				intOrPtr _t14;
				void* _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t16 = __eax;
				_t22 =  *((intOrPtr*)(__eax + 0x10));
				if( *((intOrPtr*)(__eax + 0x10)) == 0) {
					GetModuleFileNameW( *(__eax + 4),  &_v532, 0x20a);
					_t14 = E0040B234(_t21, _t16, _t18, _t19, _t22); // executed
					_t20 = _t14;
					 *((intOrPtr*)(_t16 + 0x10)) = _t20;
					if(_t20 == 0) {
						 *((intOrPtr*)(_t16 + 0x10)) =  *((intOrPtr*)(_t16 + 4));
					}
				}
				return  *((intOrPtr*)(_t16 + 0x10));
			}

0x00409fb0
0x00409fb2
0x00409fb6
0x00409fc6
0x00409fcf
0x00409fd4
0x00409fd6
0x00409fdb
0x00409fe0
0x00409fe0
0x00409fdb
0x00409fee

APIs

GetModuleFileNameW.KERNEL32(?,?,0000020A), ref: 00409FC6

Part of subcall function 0040B234: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040B2EE,?,?,00000000), ref: 0040B270
Part of subcall function 0040B234: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040B2EE,?,?,00000000), ref: 0040B2C1

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileModuleName$LibraryLoad
String ID:
API String ID: 4113206344-0
Opcode ID: 2301add7ea149dd4fbebfdf59b7b3942b6e3d1df22e9777a155c308e994de31e
Instruction ID: 1beb63cefa55d3dba2b36e2095187d50c135a0cf4330adb642bee8d6847d8901
Opcode Fuzzy Hash: 2301add7ea149dd4fbebfdf59b7b3942b6e3d1df22e9777a155c308e994de31e
Instruction Fuzzy Hash: 7BE0C971A013119BCB10DE58C8C5A4A3798AB08754F044AA6AD24DF387D3B5DD1487D5

Uniqueness

Uniqueness Score: -1.00%

Function 00423ED8, Relevance: 1.5, APIs: 1, Instructions: 11
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00423ED8(intOrPtr* __eax) {
				int _t4;
				intOrPtr* _t7;

				_t7 = __eax;
				_t4 = SetEndOfFile( *(__eax + 4)); // executed
				if(_t4 == 0) {
					return E00423CAC( *_t7);
				}
				return _t4;
			}

0x00423ed9
0x00423edf
0x00423ee6
0x00000000
0x00423eea
0x00423ef0

APIs

SetEndOfFile.KERNEL32(?,7FC20010,004B6356,00000000), ref: 00423EDF

Part of subcall function 00423CAC: GetLastError.KERNEL32(004237FC,00423D4F,?,?,00000000,?,004B5F76,00000001,00000000,00000002,00000000,004B659A,?,00000000,004B65DE), ref: 00423CAF

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ErrorFileLast
String ID:
API String ID: 734332943-0
Opcode ID: 09339d9670a81d77462708df034512c3e9d7a5ee9c38b49a5b5d33688a33920b
Instruction ID: ae15968ab9cd064c61534cde2c099b4aac4a7b80231ae1acb8e6de6fcc6ca8bf
Opcode Fuzzy Hash: 09339d9670a81d77462708df034512c3e9d7a5ee9c38b49a5b5d33688a33920b
Instruction Fuzzy Hash: 58C04C61300210478B04EEBBD5C190666E85B582157414466B904DB216E67DD9158615

Uniqueness

Uniqueness Score: -1.00%

Function 0040CAA4, Relevance: 1.5, APIs: 1, Instructions: 6
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040CAA4() {
				intOrPtr _v16;
				struct _SYSTEM_INFO* _t3;

				GetSystemInfo(_t3); // executed
				return _v16;
			}

0x0040caa8
0x0040cab4

APIs

GetSystemInfo.KERNEL32 ref: 0040CAA8

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 9dd1f6b5bb1b0da35443b21aa4a452d0333aba70165927044b368234b0936b7a
Instruction ID: 4f21eec972071caf62eebbeb90550a79e4d7a8082c8b53f17589c9beddeb5e45
Opcode Fuzzy Hash: 9dd1f6b5bb1b0da35443b21aa4a452d0333aba70165927044b368234b0936b7a
Instruction Fuzzy Hash: CDA012984088002AC404AB194C4340F39C819C1114FC40224745CB62C2E61D866403DB

Uniqueness

Uniqueness Score: -1.00%

Function 00403BCC, Relevance: 1.3, APIs: 1, Instructions: 41
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403BCC(signed int __eax) {
				void* _t4;
				intOrPtr _t7;
				signed int _t8;
				void** _t10;
				void* _t12;
				void* _t14;

				_t8 = __eax;
				E00403B60(__eax);
				_t4 = VirtualAlloc(0, 0x13fff0, 0x1000, 4); // executed
				if(_t4 == 0) {
					 *0x4bbaf0 = 0;
					return 0;
				} else {
					_t10 =  *0x4bbadc; // 0x4bbad8
					_t14 = _t4;
					 *_t14 = 0x4bbad8;
					 *0x4bbadc = _t4;
					 *(_t14 + 4) = _t10;
					 *_t10 = _t4;
					_t12 = _t14 + 0x13fff0;
					 *((intOrPtr*)(_t12 - 4)) = 2;
					 *0x4bbaf0 = 0x13ffe0 - _t8;
					_t7 = _t12 - _t8;
					 *0x4bbaec = _t7;
					 *(_t7 - 4) = _t8 | 0x00000002;
					return _t7;
				}
			}

0x00403bce
0x00403bd0
0x00403be3
0x00403bea
0x00403c3c
0x00403c45
0x00403bec
0x00403bec
0x00403bf2
0x00403bf4
0x00403bfa
0x00403bff
0x00403c02
0x00403c06
0x00403c11
0x00403c1e
0x00403c26
0x00403c28
0x00403c35
0x00403c39
0x00403c39

APIs

VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,000001A3,004041E3,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000), ref: 00403BE3

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: cb8f292e3956ad7a1a5e0c92f19b435d8be5366ce3ed5ca5418bf36ecf0e0e1a
Instruction ID: ee114c9f451a66722181258b66a673b4223530c98f306d9f720d31c7abdd50f3
Opcode Fuzzy Hash: cb8f292e3956ad7a1a5e0c92f19b435d8be5366ce3ed5ca5418bf36ecf0e0e1a
Instruction Fuzzy Hash: 71F087F2F002404FE7249F799D40742BAE8E709315B10827EE908EB799E7F488018B88

Uniqueness

Uniqueness Score: -1.00%

Function 00403CF6, Relevance: 1.3, APIs: 1, Instructions: 41
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E00403CF6(void* __eax) {
				struct _MEMORY_BASIC_INFORMATION _v44;
				void* _v48;
				void* _t13;
				int _t20;
				void* _t22;
				signed int _t26;
				signed int _t29;
				signed int _t30;
				void* _t34;
				intOrPtr _t35;
				signed int _t39;
				void* _t41;
				void* _t42;

				_push(_t29);
				_t42 = _t41 + 0xffffffdc;
				_t34 = __eax - 0x10;
				E00403C48();
				_t13 = _t34;
				 *_t42 =  *_t13;
				_v48 =  *((intOrPtr*)(_t13 + 4));
				_t26 =  *(_t13 + 0xc);
				if((_t26 & 0x00000008) != 0) {
					_t22 = _t34;
					_t39 = _t26 & 0xfffffff0;
					_t30 = 0;
					while(1) {
						VirtualQuery(_t22,  &_v44, 0x1c);
						if(VirtualFree(_t22, 0, 0x8000) == 0) {
							break;
						}
						_t35 = _v44.RegionSize;
						if(_t39 > _t35) {
							_t39 = _t39 - _t35;
							_t22 = _t22 + _t35;
							continue;
						}
						goto L10;
					}
					_t30 = _t30 | 0xffffffff;
				} else {
					_t20 = VirtualFree(_t34, 0, 0x8000); // executed
					if(_t20 == 0) {
						_t30 = _t29 | 0xffffffff;
					} else {
						_t30 = 0;
					}
				}
				L10:
				if(_t30 == 0) {
					 *_v48 =  *_t42;
					 *( *_t42 + 4) = _v48;
				}
				 *0x4bdb78 = 0;
				return _t30;
			}

0x00403cfa
0x00403cfc
0x00403d01
0x00403d04
0x00403d09
0x00403d0d
0x00403d13
0x00403d17
0x00403d1d
0x00403d39
0x00403d3d
0x00403d40
0x00403d42
0x00403d4a
0x00403d5e
0x00000000
0x00000000
0x00403d65
0x00403d6b
0x00403d6d
0x00403d6f
0x00000000
0x00403d6f
0x00000000
0x00403d6b
0x00403d60
0x00403d1f
0x00403d27
0x00403d2e
0x00403d34
0x00403d30
0x00403d30
0x00403d30
0x00403d2e
0x00403d73
0x00403d75
0x00403d7e
0x00403d87
0x00403d87
0x00403d8a
0x00403d9a

APIs

VirtualFree.KERNEL32(?,00000000,00008000), ref: 00403D27
VirtualQuery.KERNEL32(?,?,0000001C), ref: 00403D4A
VirtualFree.KERNEL32(?,00000000,00008000,?,?,0000001C), ref: 00403D57

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Virtual$Free$Query
String ID:
API String ID: 778034434-0
Opcode ID: 70118730a538275f8eba95c50282fe5a7e92951222106072b386c800723d93a4
Instruction ID: 6789628300bf7aa479fe1b8b627d7daf3441881ad106b622f2e79b23e4dc796b
Opcode Fuzzy Hash: 70118730a538275f8eba95c50282fe5a7e92951222106072b386c800723d93a4
Instruction Fuzzy Hash: C5F06D353046005FD311DF1AC844B17BBE9EFC5711F15C67AE888973A1E635DD018796

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040A928, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140
stringlibraryfileCOMMON

Download Yara Rule

C-Code - Quality: 78%

			E0040A928(short* __eax, intOrPtr __edx) {
				short* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v20;
				struct _WIN32_FIND_DATAW _v612;
				short _v1134;
				signed int _t50;
				signed int _t51;
				void* _t55;
				signed int _t88;
				signed int _t89;
				intOrPtr* _t90;
				signed int _t101;
				signed int _t102;
				short* _t112;
				struct HINSTANCE__* _t113;
				short* _t115;
				short* _t116;
				void* _t117;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_t113 = GetModuleHandleW(L"kernel32.dll");
				if(_t113 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_t115 = _v8 + 4;
						goto L10;
					} else {
						if( *((short*)(_v8 + 2)) == 0x5c) {
							_t116 = E0040A904(_v8 + 4);
							if( *_t116 != 0) {
								_t14 = _t116 + 2; // 0x2
								_t115 = E0040A904(_t14);
								if( *_t115 != 0) {
									L10:
									_t88 = _t115 - _v8;
									_t89 = _t88 >> 1;
									if(_t88 < 0) {
										asm("adc ebx, 0x0");
									}
									_t43 = _t89 + 1;
									if(_t89 + 1 <= 0x105) {
										E0040A34C( &_v1134, _v8, _t43);
										while( *_t115 != 0) {
											_t112 = E0040A904(_t115 + 2);
											_t50 = _t112 - _t115;
											_t51 = _t50 >> 1;
											if(_t50 < 0) {
												asm("adc eax, 0x0");
											}
											if(_t51 + _t89 + 1 <= 0x105) {
												_t55 =  &_v1134 + _t89 + _t89;
												_t101 = _t112 - _t115;
												_t102 = _t101 >> 1;
												if(_t101 < 0) {
													asm("adc edx, 0x0");
												}
												E0040A34C(_t55, _t115, _t102 + 1);
												_v20 = FindFirstFileW( &_v1134,  &_v612);
												if(_v20 != 0xffffffff) {
													FindClose(_v20);
													if(lstrlenW( &(_v612.cFileName)) + _t89 + 1 + 1 <= 0x105) {
														 *((short*)(_t117 + _t89 * 2 - 0x46a)) = 0x5c;
														E0040A34C( &_v1134 + _t89 + _t89 + 2,  &(_v612.cFileName), 0x105 - _t89 - 1);
														_t89 = _t89 + lstrlenW( &(_v612.cFileName)) + 1;
														_t115 = _t112;
														continue;
													}
												}
											}
											goto L24;
										}
										E0040A34C(_v8,  &_v1134, _v12);
									}
								}
							}
						}
					}
				} else {
					_t90 = GetProcAddress(_t113, "GetLongPathNameW");
					if(_t90 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v1134);
						_push(_v8);
						if( *_t90() == 0) {
							goto L4;
						} else {
							E0040A34C(_v8,  &_v1134, _v12);
						}
					}
				}
				L24:
				return _v16;
			}

0x0040a934
0x0040a937
0x0040a93d
0x0040a94a
0x0040a94e
0x0040a98d
0x0040a994
0x0040a9d4
0x00000000
0x0040a996
0x0040a99e
0x0040a9af
0x0040a9b5
0x0040a9bb
0x0040a9c3
0x0040a9c9
0x0040a9d7
0x0040a9d9
0x0040a9dc
0x0040a9de
0x0040a9e0
0x0040a9e0
0x0040a9e3
0x0040a9eb
0x0040a9fc
0x0040aac3
0x0040aa0e
0x0040aa12
0x0040aa14
0x0040aa16
0x0040aa18
0x0040aa18
0x0040aa23
0x0040aa33
0x0040aa37
0x0040aa39
0x0040aa3b
0x0040aa3d
0x0040aa3d
0x0040aa43
0x0040aa5b
0x0040aa62
0x0040aa68
0x0040aa84
0x0040aa86
0x0040aaad
0x0040aabf
0x0040aac1
0x00000000
0x0040aac1
0x0040aa84
0x0040aa62
0x00000000
0x0040aa23
0x0040aad9
0x0040aad9
0x0040a9eb
0x0040a9c9
0x0040a9b5
0x0040a99e
0x0040a950
0x0040a95b
0x0040a95f
0x00000000
0x0040a961
0x0040a961
0x0040a96c
0x0040a970
0x0040a975
0x00000000
0x0040a977
0x0040a983
0x0040a983
0x0040a975
0x0040a95f
0x0040aade
0x0040aae7

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,004162BC,?,?), ref: 0040A945
GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 0040A956
FindFirstFileW.KERNEL32(?,?,kernel32.dll,004162BC,?,?), ref: 0040AA56
FindClose.KERNEL32(?,?,?,kernel32.dll,004162BC,?,?), ref: 0040AA68
lstrlenW.KERNEL32(?,?,?,?,kernel32.dll,004162BC,?,?), ref: 0040AA74
lstrlenW.KERNEL32(?,?,?,?,?,kernel32.dll,004162BC,?,?), ref: 0040AAB9

Strings

kernel32.dll, xrefs: 0040A940
GetLongPathNameW, xrefs: 0040A950
\, xrefs: 0040AA86

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Findlstrlen$AddressCloseFileFirstHandleModuleProc
String ID: GetLongPathNameW$\$kernel32.dll
API String ID: 1930782624-3908791685
Opcode ID: 2e7747c66ca0daf9bf73dcf24122f514d4f35ae2d915a4be054088bbf24f0c4d
Instruction ID: 0568a8f2c4c85ac628058e700237ad117df8c3680498263a44950cac296231c5
Opcode Fuzzy Hash: 2e7747c66ca0daf9bf73dcf24122f514d4f35ae2d915a4be054088bbf24f0c4d
Instruction Fuzzy Hash: 7841A071B003189BCB20DE98CD85A9EB3B5AB44310F1485B69945F72C1EB7CAE51CF4A

Uniqueness

Uniqueness Score: -1.00%

Function 004AF100, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 42
shutdownCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E004AF100() {
				int _v4;
				struct _TOKEN_PRIVILEGES _v16;
				void* _v20;
				int _t7;

				if(E0041FF2C() != 2) {
					L5:
					_t7 = ExitWindowsEx(2, 0);
					asm("sbb eax, eax");
					return _t7 + 1;
				}
				if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v20) != 0) {
					LookupPrivilegeValueW(0, L"SeShutdownPrivilege",  &(_v16.Privileges));
					_v16.PrivilegeCount = 1;
					_v4 = 2;
					AdjustTokenPrivileges(_v20, 0,  &_v16, 0, 0, 0);
					if(GetLastError() == 0) {
						goto L5;
					}
					return 0;
				}
				return 0;
			}

0x004af10b
0x004af168
0x004af16c
0x004af174
0x00000000
0x004af176
0x004af11d
0x004af12f
0x004af134
0x004af13c
0x004af156
0x004af162
0x00000000
0x00000000
0x00000000
0x004af164
0x00000000

APIs

GetCurrentProcess.KERNEL32(00000028), ref: 004AF110
OpenProcessToken.ADVAPI32(00000000,00000028), ref: 004AF116
LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 004AF12F
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 004AF156
GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 004AF15B
ExitWindowsEx.USER32(00000002,00000000), ref: 004AF16C

Strings

SeShutdownPrivilege, xrefs: 004AF128

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
String ID: SeShutdownPrivilege
API String ID: 107509674-3733053543
Opcode ID: 8e5a84c14a70d88db4b642b50940ef19e8415a26a34c47856276ad77353cc172
Instruction ID: 7dac40d64cb4e9f407b68a4455ade4cde001687ddfd0dce28971008a8d09d756
Opcode Fuzzy Hash: 8e5a84c14a70d88db4b642b50940ef19e8415a26a34c47856276ad77353cc172
Instruction Fuzzy Hash: 51F06D70684301B6E610A6F28C07F6B21C89B56B58F500C3EF644E91C2D7BDD85D867B

Uniqueness

Uniqueness Score: -1.00%

Function 004AF9D8, Relevance: 6.0, APIs: 4, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004AF9D8() {
				struct HRSRC__* _t10;
				void* _t11;
				void* _t12;

				_t10 = FindResourceW(0, 0x2b67, 0xa);
				if(_t10 == 0) {
					E004AF81C();
				}
				if(SizeofResource(0, _t10) != 0x2c) {
					E004AF81C();
				}
				_t11 = LoadResource(0, _t10);
				if(_t11 == 0) {
					E004AF81C();
				}
				_t12 = LockResource(_t11);
				if(_t12 == 0) {
					E004AF81C();
				}
				return _t12;
			}

0x004af9e7
0x004af9eb
0x004af9ed
0x004af9ed
0x004af9fd
0x004af9ff
0x004af9ff
0x004afa0c
0x004afa10
0x004afa12
0x004afa12
0x004afa1d
0x004afa21
0x004afa23
0x004afa23
0x004afa2b

APIs

FindResourceW.KERNEL32(00000000,00002B67,0000000A,?,004B5F8E,00000000,004B6546,?,00000001,00000000,00000002,00000000,004B659A,?,00000000,004B65DE), ref: 004AF9E2
SizeofResource.KERNEL32(00000000,00000000,00000000,00002B67,0000000A,?,004B5F8E,00000000,004B6546,?,00000001,00000000,00000002,00000000,004B659A), ref: 004AF9F5
LoadResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,00002B67,0000000A,?,004B5F8E,00000000,004B6546,?,00000001,00000000,00000002,00000000), ref: 004AFA07
LockResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00002B67,0000000A,?,004B5F8E,00000000,004B6546,?,00000001,00000000,00000002), ref: 004AFA18

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Resource$FindLoadLockSizeof
String ID:
API String ID: 3473537107-0
Opcode ID: 02808190384345e6b6e95f370ea09fbbffea242a438a722aaaec786d6965ba00
Instruction ID: b4304edc7477ba19fc58783748d8fb6d5fb92d5907bfc8b650660916f3b2bd49
Opcode Fuzzy Hash: 02808190384345e6b6e95f370ea09fbbffea242a438a722aaaec786d6965ba00
Instruction Fuzzy Hash: D8E0758074530625F52436F728D7B6B040C5B37B4DF00453FB644A92C3DEAC8C5C022E

Uniqueness

Uniqueness Score: -1.00%

Function 0040A4CC, Relevance: 4.6, APIs: 3, Instructions: 99
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E0040A4CC(signed short __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				intOrPtr _v12;
				short _v182;
				short _v352;
				char _v356;
				char _v360;
				char _v364;
				int _t58;
				signed int _t61;
				intOrPtr _t70;
				signed short _t80;
				void* _t83;
				void* _t85;
				void* _t86;

				_t77 = __edi;
				_push(__edi);
				_v356 = 0;
				_v360 = 0;
				_v364 = 0;
				_v8 = __edx;
				_t80 = __eax;
				_push(_t83);
				_push(0x40a631);
				_push( *[fs:eax]);
				 *[fs:eax] = _t83 + 0xfffffe98;
				E00407A20(_v8);
				_t85 = _t80 -  *0x4b7a08; // 0x404
				if(_t85 >= 0) {
					_t86 = _t80 -  *0x4b7c08; // 0x7c68
					if(_t86 <= 0) {
						_t77 = 0x40;
						_v12 = 0;
						if(0x40 >= _v12) {
							do {
								_t61 = _t77 + _v12 >> 1;
								if(_t80 >=  *((intOrPtr*)(0x4b7a08 + _t61 * 8))) {
									__eflags = _t80 -  *((intOrPtr*)(0x4b7a08 + _t61 * 8));
									if(__eflags <= 0) {
										E0040A3EC( *((intOrPtr*)(0x4b7a0c + _t61 * 8)), _t61, _v8, _t77, _t80, __eflags);
									} else {
										_v12 = _t61 + 1;
										goto L8;
									}
								} else {
									_t77 = _t61 - 1;
									goto L8;
								}
								goto L9;
								L8:
							} while (_t77 >= _v12);
						}
					}
				}
				L9:
				if( *_v8 == 0 && IsValidLocale(_t80 & 0x0000ffff, 2) != 0) {
					_t58 = _t80 & 0x0000ffff;
					GetLocaleInfoW(_t58, 0x59,  &_v182, 0x55);
					GetLocaleInfoW(_t58, 0x5a,  &_v352, 0x55);
					E0040858C( &_v356, 0x55,  &_v182);
					_push(_v356);
					_push(0x40a64c);
					E0040858C( &_v360, 0x55,  &_v352);
					_push(_v360);
					_push(E0040A65C);
					E0040858C( &_v364, 0x55,  &_v182);
					_push(_v364);
					E004087C4(_v8, _t58, 5, _t77, _t80);
				}
				_pop(_t70);
				 *[fs:eax] = _t70;
				_push(E0040A638);
				return E00407A80( &_v364, 3);
			}

0x0040a4cc
0x0040a4d7
0x0040a4da
0x0040a4e0
0x0040a4e6
0x0040a4ec
0x0040a4ef
0x0040a4f3
0x0040a4f4
0x0040a4f9
0x0040a4fc
0x0040a502
0x0040a507
0x0040a50e
0x0040a510
0x0040a517
0x0040a519
0x0040a520
0x0040a526
0x0040a528
0x0040a52d
0x0040a537
0x0040a53e
0x0040a546
0x0040a558
0x0040a548
0x0040a549
0x00000000
0x0040a549
0x0040a539
0x0040a53b
0x00000000
0x0040a53b
0x00000000
0x0040a55f
0x0040a55f
0x0040a528
0x0040a526
0x0040a517
0x0040a564
0x0040a56a
0x0040a58e
0x0040a592
0x0040a5a3
0x0040a5b9
0x0040a5be
0x0040a5c4
0x0040a5da
0x0040a5df
0x0040a5e5
0x0040a5fb
0x0040a600
0x0040a60e
0x0040a60e
0x0040a615
0x0040a618
0x0040a61b
0x0040a630

APIs

IsValidLocale.KERNEL32(?,00000002,00000000,0040A631,?,004162BC,?,00000000), ref: 0040A576
GetLocaleInfoW.KERNEL32(00000000,00000059,?,00000055,?,00000002,00000000,0040A631,?,004162BC,?,00000000), ref: 0040A592
GetLocaleInfoW.KERNEL32(00000000,0000005A,?,00000055,00000000,00000059,?,00000055,?,00000002,00000000,0040A631,?,004162BC,?,00000000), ref: 0040A5A3

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Locale$Info$Valid
String ID:
API String ID: 1826331170-0
Opcode ID: 62325bdbcd9f8bf22caa424e6d98428fadf2f4ef7d6ad95b5286de9b97f55654
Instruction ID: 92a11a0233c3b219485afac9e49f2dea99407596d6f7a83949ef3a6145fdf69e
Opcode Fuzzy Hash: 62325bdbcd9f8bf22caa424e6d98428fadf2f4ef7d6ad95b5286de9b97f55654
Instruction Fuzzy Hash: 3831AE70A00308ABDF20DB64DD81BDEBBB9FB48701F5005BBA508B32D1D6395E90CE1A

Uniqueness

Uniqueness Score: -1.00%

Function 0041A4DC, Relevance: 1.5, APIs: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0041A4DC(WCHAR* _a4, intOrPtr* _a8, intOrPtr* _a12) {
				long _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				signed int _v28;
				WCHAR* _t25;
				int _t26;
				intOrPtr _t31;
				intOrPtr _t34;
				intOrPtr* _t37;
				intOrPtr* _t38;
				intOrPtr _t46;
				intOrPtr _t48;

				_t25 = _a4;
				if(_t25 == 0) {
					_t25 = 0;
				}
				_t26 = GetDiskFreeSpaceW(_t25,  &_v8,  &_v12,  &_v16,  &_v20);
				_v28 = _v8 * _v12;
				_v24 = 0;
				_t46 = _v24;
				_t31 = E004095A8(_v28, _t46, _v16, 0);
				_t37 = _a8;
				 *_t37 = _t31;
				 *((intOrPtr*)(_t37 + 4)) = _t46;
				_t48 = _v24;
				_t34 = E004095A8(_v28, _t48, _v20, 0);
				_t38 = _a12;
				 *_t38 = _t34;
				 *((intOrPtr*)(_t38 + 4)) = _t48;
				return _t26;
			}

0x0041a4e3
0x0041a4e8
0x0041a4ea
0x0041a4ea
0x0041a4fd
0x0041a50c
0x0041a50f
0x0041a51c
0x0041a51f
0x0041a524
0x0041a527
0x0041a529
0x0041a536
0x0041a539
0x0041a53e
0x0041a541
0x0041a543
0x0041a54c

APIs

GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?), ref: 0041A4FD

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: DiskFreeSpace
String ID:
API String ID: 1705453755-0
Opcode ID: 35fab30d3ed47bb79bc7b5801678cd6b626cb6661b26d0a6d4a2aa78d0844cce
Instruction ID: 14c90aad059d6341cd8fbca9d1c94cd423dd62e4f1f0ed92fc39ecac232c4210
Opcode Fuzzy Hash: 35fab30d3ed47bb79bc7b5801678cd6b626cb6661b26d0a6d4a2aa78d0844cce
Instruction Fuzzy Hash: 7711C0B5A01209AFDB04CF9ACD819EFB7F9EFC8304B14C569A505E7255E6319E018B94

Uniqueness

Uniqueness Score: -1.00%

Function 0041E034, Relevance: 1.5, APIs: 1, Instructions: 29
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0041E034(int __eax, void* __ecx, int __edx, intOrPtr _a4) {
				short _v516;
				void* __ebp;
				int _t5;
				intOrPtr _t10;
				void* _t18;

				_t18 = __ecx;
				_t10 = _a4;
				_t5 = GetLocaleInfoW(__eax, __edx,  &_v516, 0x100);
				_t19 = _t5;
				if(_t5 <= 0) {
					return E00407E00(_t10, _t18);
				}
				return E00407BA8(_t10, _t5 - 1,  &_v516, _t19);
			}

0x0041e03f
0x0041e041
0x0041e052
0x0041e057
0x0041e059
0x00000000
0x0041e071
0x00000000

APIs

GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 0041E052

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 0f3b5b51944b8265437ec234ed6355b3388449ec5eb2c41299c2196a7c7ac5eb
Instruction ID: c90943d4e22265a1f7ecf9aede9ac9faa011377f579ac525cbc4109061889d1c
Opcode Fuzzy Hash: 0f3b5b51944b8265437ec234ed6355b3388449ec5eb2c41299c2196a7c7ac5eb
Instruction Fuzzy Hash: C7E09235B0421427E314A55A9C86AE7725D9B48340F40457FBD05D7382EDB9AE8042E9

Uniqueness

Uniqueness Score: -1.00%

Function 0041E080, Relevance: 1.5, APIs: 1, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E0041E080(int __eax, signed int __ecx, int __edx) {
				short _v16;
				signed int _t5;
				signed int _t10;

				_push(__ecx);
				_t10 = __ecx;
				if(GetLocaleInfoW(__eax, __edx,  &_v16, 2) <= 0) {
					_t5 = _t10;
				} else {
					_t5 = _v16 & 0x0000ffff;
				}
				return _t5;
			}

0x0041e083
0x0041e084
0x0041e09a
0x0041e0a2
0x0041e09c
0x0041e09c
0x0041e09c
0x0041e0a8

APIs

GetLocaleInfoW.KERNEL32(?,0000000F,?,00000002,0000002C,?,?,?,0041E182,?,00000001,00000000,0041E391), ref: 0041E093

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 6e98fb17ae58b923e7290daa222ce31e1acd0a105ddc3e38ed97a81e7cf0de7a
Instruction ID: 961adf842b5e4829a7f1cb68f4be235500f18d0b61d537998bbd462cca006134
Opcode Fuzzy Hash: 6e98fb17ae58b923e7290daa222ce31e1acd0a105ddc3e38ed97a81e7cf0de7a
Instruction Fuzzy Hash: 45D05EBA31923476E214915B6E85DB75ADCCBC87A2F14483BBE4CC6241D2A4CC46A275

Uniqueness

Uniqueness Score: -1.00%

Function 004AF208, Relevance: 1.5, APIs: 1, Instructions: 21
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004AF208(signed int __eax) {
				short _v8;
				signed int _t6;

				_t6 = GetLocaleInfoW(__eax & 0x0000ffff, 0x20001004,  &_v8, 2);
				if(_t6 <= 0) {
					return _t6 | 0xffffffff;
				}
				return _v8;
			}

0x004af21e
0x004af225
0x00000000
0x004af22c
0x00000000

APIs

GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,00000000,?,?,004AF308), ref: 004AF21E

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 92e9ec5e0c1ad2b61d7a4466a2813954e2470c7216c96176328f959192496cdf
Instruction ID: 0ad10aeba8cdeeb79027c9b08919b3d5c84b3c7cdbd50086c15b0cf0fcf80743
Opcode Fuzzy Hash: 92e9ec5e0c1ad2b61d7a4466a2813954e2470c7216c96176328f959192496cdf
Instruction Fuzzy Hash: 03D05B755442087DF504C1EA6D82E76729C9705334F500A66F654C91C1D566EE005218

Uniqueness

Uniqueness Score: -1.00%

Function 0041C3D8, Relevance: 1.5, APIs: 1, Instructions: 6
timeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0041C3D8() {
				struct _SYSTEMTIME* _t2;

				GetLocalTime(_t2);
				return _t2->wYear & 0x0000ffff;
			}

0x0041c3dc
0x0041c3e8

APIs

GetLocalTime.KERNEL32 ref: 0041C3DC

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: LocalTime
String ID:
API String ID: 481472006-0
Opcode ID: 2bbd9f916a85fd19aaf3e135de3c6f6031220cebfdbc254b78c71648618a48a1
Instruction ID: 79eafb11b28f80ce797d6e9fe134e5764476c7cb5db39d72cf417c4d7be8b418
Opcode Fuzzy Hash: 2bbd9f916a85fd19aaf3e135de3c6f6031220cebfdbc254b78c71648618a48a1
Instruction Fuzzy Hash: DAA0122080582011D140331A0C0313530405900620FC40F55BCF8542D1E93D013440D7

Uniqueness

Uniqueness Score: -1.00%

Function 004255DC, Relevance: .5, Instructions: 545
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E004255DC(intOrPtr* __eax, intOrPtr __ecx, intOrPtr __edx, intOrPtr* _a4, intOrPtr _a8) {
				intOrPtr* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				char _v25;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				char _v64;
				char* _v68;
				void* _v72;
				char _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				signed int _v88;
				char _v89;
				char _v96;
				signed int _v100;
				signed int _v104;
				short* _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				char _v136;
				signed int _t370;
				void* _t375;
				signed int _t377;
				signed int _t381;
				signed int _t389;
				signed int _t395;
				signed int _t411;
				intOrPtr _t422;
				signed int _t426;
				signed int _t435;
				void* _t448;
				signed int _t458;
				char _t460;
				signed int _t474;
				char* _t503;
				signed int _t508;
				signed int _t616;
				signed int _t617;
				signed int _t618;
				signed int _t622;

				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_v20 =  *((intOrPtr*)(_v8 + 0x10));
				_v24 = 0;
				_v32 = (1 <<  *(_v8 + 8)) - 1;
				_v36 = (1 <<  *(_v8 + 4)) - 1;
				_v40 =  *_v8;
				_t617 =  *((intOrPtr*)(_v8 + 0x34));
				_t474 =  *(_v8 + 0x44);
				_v44 =  *((intOrPtr*)(_v8 + 0x38));
				_v48 =  *((intOrPtr*)(_v8 + 0x3c));
				_v52 =  *((intOrPtr*)(_v8 + 0x40));
				_v56 =  *((intOrPtr*)(_v8 + 0x48));
				_v60 =  *((intOrPtr*)(_v8 + 0x2c));
				_v64 =  *((intOrPtr*)(_v8 + 0x30));
				_v68 =  *((intOrPtr*)(_v8 + 0x1c));
				_v72 =  *((intOrPtr*)(_v8 + 0xc));
				_t616 =  *((intOrPtr*)(_v8 + 0x28));
				_v128 =  *((intOrPtr*)(_v8 + 0x20));
				_v124 =  *((intOrPtr*)(_v8 + 0x24));
				_v120 = _v12;
				_v136 =  *((intOrPtr*)(_v8 + 0x14));
				_v132 =  *((intOrPtr*)(_v8 + 0x18));
				 *_a4 = 0;
				if(_v56 == 0xffffffff) {
					return 0;
				}
				__eflags = _v72;
				if(_v72 == 0) {
					_v68 =  &_v76;
					_v72 = 1;
					_v76 =  *((intOrPtr*)(_v8 + 0x4c));
				}
				__eflags = _v56 - 0xfffffffe;
				if(_v56 != 0xfffffffe) {
					L12:
					_v108 = _v16 + _v24;
					while(1) {
						__eflags = _v56;
						if(_v56 == 0) {
							break;
						}
						__eflags = _v24 - _a8;
						if(_v24 < _a8) {
							_t458 = _t616 - _t617;
							__eflags = _t458 - _v72;
							if(_t458 >= _v72) {
								_t458 = _t458 + _v72;
								__eflags = _t458;
							}
							_t460 =  *((intOrPtr*)(_v68 + _t458));
							 *((char*)(_v68 + _t616)) = _t460;
							 *_v108 = _t460;
							_v24 = _v24 + 1;
							_v108 = _v108 + 1;
							_t616 = _t616 + 1;
							__eflags = _t616 - _v72;
							if(_t616 == _v72) {
								_t616 = 0;
								__eflags = 0;
							}
							_t116 =  &_v56;
							 *_t116 = _v56 - 1;
							__eflags =  *_t116;
							continue;
						}
						break;
					}
					__eflags = _t616;
					if(_t616 != 0) {
						_v25 =  *((intOrPtr*)(_v68 + _t616 - 1));
					} else {
						_v25 =  *((intOrPtr*)(_v68 + _v72 - 1));
					}
					__eflags = 0;
					_v116 = 0;
					_v112 = 0;
					while(1) {
						L24:
						_v108 = _v16 + _v24;
						__eflags = _v24 - _a8;
						if(_v24 >= _a8) {
							break;
						} else {
							goto L25;
						}
						while(1) {
							L25:
							_v88 = _v24 + _v60 & _v32;
							__eflags = _v116;
							if(_v116 != 0) {
								break;
							}
							__eflags = _v112;
							if(_v112 == 0) {
								_t370 = E00425334((_t474 << 4) + (_t474 << 4) + _v20 + _v88 + _v88,  &_v136);
								__eflags = _t370;
								if(_t370 != 0) {
									_t375 = E00425334(_t474 + _t474 + _v20 + 0x180,  &_v136);
									__eflags = _t375 != 1;
									if(_t375 != 1) {
										_v52 = _v48;
										_v48 = _v44;
										_v44 = _t617;
										__eflags = _t474 - 7;
										if(__eflags >= 0) {
											_t377 = 0xa;
										} else {
											_t377 = 7;
										}
										_t474 = _t377;
										_v56 = E004254E4(_v20 + 0x664, _v88,  &_v136, __eflags);
										_t503 =  &_v136;
										__eflags = _v56 - 4;
										if(_v56 >= 4) {
											_t381 = 3;
										} else {
											_t381 = _v56;
										}
										_v100 = E004253BC((_t381 << 6) + (_t381 << 6) + _v20 + 0x360, _t503, 6);
										__eflags = _v100 - 4;
										if(_v100 < 4) {
											_t618 = _v100;
										} else {
											_v104 = (_v100 >> 1) - 1;
											_t524 = _v104;
											_t622 = (_v100 & 0x00000001 | 0x00000002) << _v104;
											__eflags = _v100 - 0xe;
											if(_v100 >= 0xe) {
												_t395 = E004252D4( &_v136, _t524, _v104 + 0xfffffffc);
												_t618 = _t622 + (_t395 << 4) + E00425400(_v20 + 0x644,  &_v136, 4);
											} else {
												_t618 = _t622 + E00425400(_t622 + _t622 + _v20 + 0x560 - _v100 + _v100 + 0xfffffffe,  &_v136, _v104);
											}
										}
										_t617 = _t618 + 1;
										__eflags = _t617;
										if(_t617 != 0) {
											L82:
											_v56 = _v56 + 2;
											__eflags = _t617 - _v64;
											if(_t617 <= _v64) {
												__eflags = _v72 - _v64 - _v56;
												if(_v72 - _v64 <= _v56) {
													_v64 = _v72;
												} else {
													_v64 = _v64 + _v56;
												}
												while(1) {
													_t389 = _t616 - _t617;
													__eflags = _t389 - _v72;
													if(_t389 >= _v72) {
														_t389 = _t389 + _v72;
														__eflags = _t389;
													}
													_v25 =  *((intOrPtr*)(_v68 + _t389));
													 *((char*)(_v68 + _t616)) = _v25;
													_t616 = _t616 + 1;
													__eflags = _t616 - _v72;
													if(_t616 == _v72) {
														_t616 = 0;
														__eflags = 0;
													}
													_v56 = _v56 - 1;
													 *_v108 = _v25;
													_v24 = _v24 + 1;
													_v108 = _v108 + 1;
													__eflags = _v56;
													if(_v56 == 0) {
														break;
													}
													__eflags = _v24 - _a8;
													if(_v24 < _a8) {
														continue;
													}
													break;
												}
												L93:
												__eflags = _v24 - _a8;
												if(_v24 < _a8) {
													continue;
												}
												goto L94;
											}
											return 1;
										} else {
											_v56 = 0xffffffff;
											goto L94;
										}
									}
									_t411 = E00425334(_t474 + _t474 + _v20 + 0x198,  &_v136);
									__eflags = _t411;
									if(_t411 != 0) {
										__eflags = E00425334(_t474 + _t474 + _v20 + 0x1b0,  &_v136);
										if(__eflags != 0) {
											__eflags = E00425334(_t474 + _t474 + _v20 + 0x1c8,  &_v136);
											if(__eflags != 0) {
												_t422 = _v52;
												_v52 = _v48;
											} else {
												_t422 = _v48;
											}
											_v48 = _v44;
										} else {
											_t422 = _v44;
										}
										_v44 = _t617;
										_t617 = _t422;
										L65:
										_v56 = E004254E4(_v20 + 0xa68, _v88,  &_v136, __eflags);
										__eflags = _t474 - 7;
										if(_t474 >= 7) {
											_t426 = 0xb;
										} else {
											_t426 = 8;
										}
										_t474 = _t426;
										goto L82;
									}
									__eflags = E00425334((_t474 << 4) + (_t474 << 4) + _v20 + _v88 + _v88 + 0x1e0,  &_v136);
									if(__eflags != 0) {
										goto L65;
									}
									__eflags = _v64;
									if(_v64 != 0) {
										__eflags = _t474 - 7;
										if(_t474 >= 7) {
											_t508 = 0xb;
										} else {
											_t508 = 9;
										}
										_t474 = _t508;
										_t435 = _t616 - _t617;
										__eflags = _t435 - _v72;
										if(_t435 >= _v72) {
											_t435 = _t435 + _v72;
											__eflags = _t435;
										}
										_v25 =  *((intOrPtr*)(_v68 + _t435));
										 *((char*)(_v68 + _t616)) = _v25;
										_t616 = _t616 + 1;
										__eflags = _t616 - _v72;
										if(_t616 == _v72) {
											_t616 = 0;
											__eflags = 0;
										}
										 *_v108 = _v25;
										_v24 = _v24 + 1;
										__eflags = _v64 - _v72;
										if(_v64 < _v72) {
											_v64 = _v64 + 1;
										}
										goto L24;
									}
									return 1;
								}
								_t448 = (((_v24 + _v60 & _v36) << _v40) + (0 >> 8 - _v40) << 8) + (((_v24 + _v60 & _v36) << _v40) + (0 >> 8 - _v40) << 8) * 2 + (((_v24 + _v60 & _v36) << _v40) + (0 >> 8 - _v40) << 8) + (((_v24 + _v60 & _v36) << _v40) + (0 >> 8 - _v40) << 8) * 2 + _v20 + 0xe6c;
								__eflags = _t474 - 7;
								if(__eflags < 0) {
									_v25 = E00425444(_t448,  &_v136, __eflags);
								} else {
									_v96 = _t616 - _t617;
									__eflags = _v96 - _v72;
									if(__eflags >= 0) {
										_t161 =  &_v96;
										 *_t161 = _v96 + _v72;
										__eflags =  *_t161;
									}
									_v89 =  *((intOrPtr*)(_v68 + _v96));
									_v25 = E00425470(_t448, _v89,  &_v136, __eflags);
								}
								 *_v108 = _v25;
								_v24 = _v24 + 1;
								_v108 = _v108 + 1;
								__eflags = _v64 - _v72;
								if(_v64 < _v72) {
									_t180 =  &_v64;
									 *_t180 = _v64 + 1;
									__eflags =  *_t180;
								}
								 *((char*)(_v68 + _t616)) = _v25;
								_t616 = _t616 + 1;
								__eflags = _t616 - _v72;
								if(_t616 == _v72) {
									_t616 = 0;
									__eflags = 0;
								}
								__eflags = _t474 - 4;
								if(_t474 >= 4) {
									__eflags = _t474 - 0xa;
									if(_t474 >= 0xa) {
										_t474 = _t474 - 6;
									} else {
										_t474 = _t474 - 3;
									}
								} else {
									_t474 = 0;
								}
								goto L93;
							}
							return 1;
						}
						return _v116;
					}
					L94:
					 *((intOrPtr*)(_v8 + 0x20)) = _v128;
					 *((intOrPtr*)(_v8 + 0x24)) = _v124;
					 *((intOrPtr*)(_v8 + 0x28)) = _t616;
					 *((intOrPtr*)(_v8 + 0x2c)) = _v60 + _v24;
					 *((intOrPtr*)(_v8 + 0x30)) = _v64;
					 *((intOrPtr*)(_v8 + 0x34)) = _t617;
					 *((intOrPtr*)(_v8 + 0x38)) = _v44;
					 *((intOrPtr*)(_v8 + 0x3c)) = _v48;
					 *((intOrPtr*)(_v8 + 0x40)) = _v52;
					 *(_v8 + 0x44) = _t474;
					 *((intOrPtr*)(_v8 + 0x48)) = _v56;
					 *((char*)(_v8 + 0x4c)) = _v76;
					 *((intOrPtr*)(_v8 + 0x14)) = _v136;
					 *((intOrPtr*)(_v8 + 0x18)) = _v132;
					 *_a4 = _v24;
					__eflags = 0;
					return 0;
				}
				_v80 = (0x300 <<  *(_v8 + 4) + _v40) + 0x736;
				_v84 = 0;
				_v108 = _v20;
				__eflags = _v84 - _v80;
				if(_v84 >= _v80) {
					L7:
					_v52 = 1;
					_v48 = 1;
					_v44 = 1;
					_t617 = 1;
					_v60 = 0;
					_v64 = 0;
					_t474 = 0;
					_t616 = 0;
					 *((char*)(_v68 + _v72 - 1)) = 0;
					E00425294( &_v136);
					__eflags = _v116;
					if(_v116 != 0) {
						return _v116;
					}
					__eflags = _v112;
					if(_v112 == 0) {
						__eflags = 0;
						_v56 = 0;
						goto L12;
					} else {
						return 1;
					}
				} else {
					goto L6;
				}
				do {
					L6:
					 *_v108 = 0x400;
					_v84 = _v84 + 1;
					_v108 = _v108 + 2;
					__eflags = _v84 - _v80;
				} while (_v84 < _v80);
				goto L7;
			}

0x004255e8
0x004255eb
0x004255ee
0x004255f9
0x004255fc
0x0042560d
0x0042561e
0x00425626
0x0042562f
0x00425635
0x0042563b
0x00425644
0x0042564d
0x00425656
0x0042565f
0x00425668
0x00425671
0x0042567a
0x00425683
0x00425689
0x00425692
0x00425698
0x004256a1
0x004256af
0x004256b5
0x004256bb
0x00000000
0x004256bd
0x004256c4
0x004256c8
0x004256cd
0x004256d0
0x004256dd
0x004256dd
0x004256e0
0x004256e4
0x00425785
0x0042578e
0x004257c3
0x004257c3
0x004257c7
0x00000000
0x00000000
0x004257cc
0x004257cf
0x00425795
0x00425797
0x0042579a
0x0042579c
0x0042579c
0x0042579c
0x004257a9
0x004257aa
0x004257b0
0x004257b2
0x004257b5
0x004257b8
0x004257b9
0x004257bc
0x004257be
0x004257be
0x004257be
0x004257c0
0x004257c0
0x004257c0
0x00000000
0x004257c0
0x00000000
0x004257cf
0x004257d1
0x004257d3
0x004257eb
0x004257d5
0x004257df
0x004257df
0x004257f0
0x004257f2
0x004257f5
0x004257f8
0x004257f8
0x00425801
0x00425807
0x0042580a
0x00000000
0x00000000
0x00000000
0x00000000
0x00425810
0x00425810
0x00425819
0x0042581c
0x00425820
0x00000000
0x00000000
0x0042582a
0x0042582e
0x00425851
0x00425856
0x00425858
0x00425931
0x00425936
0x00425937
0x00425a77
0x00425a7d
0x00425a80
0x00425a83
0x00425a86
0x00425a8f
0x00425a88
0x00425a88
0x00425a88
0x00425a94
0x00425aac
0x00425aaf
0x00425ab5
0x00425ab9
0x00425ac0
0x00425abb
0x00425abb
0x00425abb
0x00425adc
0x00425adf
0x00425ae3
0x00425b5c
0x00425ae5
0x00425aeb
0x00425aee
0x00425afa
0x00425afc
0x00425b00
0x00425b36
0x00425b58
0x00425b02
0x00425b26
0x00425b26
0x00425b00
0x00425b5f
0x00425b5f
0x00425b60
0x00425b6b
0x00425b6b
0x00425b6f
0x00425b72
0x00425b84
0x00425b87
0x00425b94
0x00425b89
0x00425b8c
0x00425b8c
0x00425b97
0x00425b99
0x00425b9b
0x00425b9e
0x00425ba0
0x00425ba0
0x00425ba0
0x00425ba9
0x00425bb2
0x00425bb5
0x00425bb6
0x00425bb9
0x00425bbb
0x00425bbb
0x00425bbb
0x00425bbd
0x00425bc6
0x00425bc8
0x00425bcb
0x00425bce
0x00425bd2
0x00000000
0x00000000
0x00425bd7
0x00425bda
0x00000000
0x00000000
0x00000000
0x00425bda
0x00425bdc
0x00425bdf
0x00425be2
0x00000000
0x00000000
0x00000000
0x00425be2
0x00000000
0x00425b62
0x00425b62
0x00000000
0x00425b62
0x00425b60
0x0042594f
0x00425954
0x00425956
0x00425a06
0x00425a08
0x00425a26
0x00425a28
0x00425a2f
0x00425a35
0x00425a2a
0x00425a2a
0x00425a2a
0x00425a3b
0x00425a0a
0x00425a0a
0x00425a0a
0x00425a3e
0x00425a41
0x00425a43
0x00425a59
0x00425a5c
0x00425a5f
0x00425a68
0x00425a61
0x00425a61
0x00425a61
0x00425a6d
0x00000000
0x00425a6d
0x0042597d
0x0042597f
0x00000000
0x00000000
0x00425985
0x00425989
0x00425995
0x00425998
0x004259a1
0x0042599a
0x0042599a
0x0042599a
0x004259a6
0x004259aa
0x004259ac
0x004259af
0x004259b1
0x004259b1
0x004259b1
0x004259ba
0x004259c3
0x004259c6
0x004259c7
0x004259ca
0x004259cc
0x004259cc
0x004259cc
0x004259d4
0x004259d6
0x004259dc
0x004259df
0x004259e5
0x004259e5
0x00000000
0x004259df
0x00000000
0x0042598b
0x00425888
0x0042588d
0x00425890
0x004258d1
0x00425892
0x00425896
0x0042589c
0x0042589f
0x004258a4
0x004258a4
0x004258a4
0x004258a4
0x004258b0
0x004258c1
0x004258c1
0x004258da
0x004258dc
0x004258df
0x004258e5
0x004258e8
0x004258ea
0x004258ea
0x004258ea
0x004258ea
0x004258f3
0x004258f6
0x004258f7
0x004258fa
0x004258fc
0x004258fc
0x004258fc
0x004258fe
0x00425901
0x0042590a
0x0042590d
0x00425917
0x0042590f
0x0042590f
0x0042590f
0x00425903
0x00425903
0x00425903
0x00000000
0x00425901
0x00000000
0x00425830
0x00000000
0x00425822
0x00425be8
0x00425bee
0x00425bf7
0x00425bfd
0x00425c09
0x00425c12
0x00425c18
0x00425c21
0x00425c2a
0x00425c33
0x00425c39
0x00425c42
0x00425c4b
0x00425c57
0x00425c60
0x00425c69
0x00425c6b
0x00000000
0x00425c6b
0x00425701
0x00425704
0x0042570c
0x00425712
0x00425715
0x0042572e
0x00425735
0x00425738
0x0042573b
0x0042573e
0x00425740
0x00425745
0x00425748
0x00425750
0x00425752
0x0042575d
0x00425762
0x00425766
0x00000000
0x00425768
0x00425770
0x00425774
0x00425780
0x00425782
0x00000000
0x00425776
0x00000000
0x00425776
0x00000000
0x00000000
0x00000000
0x00425717
0x00425717
0x0042571a
0x0042571f
0x00425722
0x00425729
0x00425729
0x00000000

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cb438cf7f0ff76753a1d16800e3023f3e313fbbfbb21f985cf38b771b24bb28
Instruction ID: 61b87226b6134f121ca287378b5d435c32ef56f555bf4f4916e7d2b2d6d49e77
Opcode Fuzzy Hash: 7cb438cf7f0ff76753a1d16800e3023f3e313fbbfbb21f985cf38b771b24bb28
Instruction Fuzzy Hash: E932E274E00629DFCB14CF99D981AEDBBB2BF88314F64816AD815AB341D734AE42CF54

Uniqueness

Uniqueness Score: -1.00%

Function 004323D4, Relevance: .4, Instructions: 408
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E004323D4(signed int* __eax, intOrPtr __ecx, signed int __edx) {
				signed int* _v8;
				signed int* _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				char _v28;
				unsigned int* _t96;
				unsigned int* _t106;
				signed int* _t108;
				signed int _t109;

				_t109 = __edx;
				_v16 = __ecx;
				_v12 = __eax;
				_t106 =  &_v24;
				_t108 =  &_v28;
				_t96 =  &_v20;
				 *_t96 = __edx + 0xdeadbeef + _v16;
				 *_t106 =  *_t96;
				 *_t108 =  *_t96;
				_v8 = _v12;
				if((_v8 & 0x00000003) != 0) {
					if(__edx <= 0xc) {
						L20:
						if(_t109 > 0xc) {
							L23:
							 *_t108 =  *_t108 + ((_v8[2] & 0x000000ff) << 0x18);
							L24:
							 *_t108 =  *_t108 + ((_v8[2] & 0x000000ff) << 0x10);
							L25:
							 *_t108 =  *_t108 + ((_v8[2] & 0x000000ff) << 8);
							L26:
							 *_t108 =  *_t108 + (_v8[2] & 0x000000ff);
							L27:
							 *_t106 =  *_t106 + ((_v8[1] & 0x000000ff) << 0x18);
							L28:
							 *_t106 =  *_t106 + ((_v8[1] & 0x000000ff) << 0x10);
							L29:
							 *_t106 =  *_t106 + ((_v8[1] & 0x000000ff) << 8);
							L30:
							 *_t106 =  *_t106 + (_v8[1] & 0x000000ff);
							L31:
							 *_t96 =  *_t96 + ((_v8[0] & 0x000000ff) << 0x18);
							L32:
							 *_t96 =  *_t96 + ((_v8[0] & 0x000000ff) << 0x10);
							L33:
							 *_t96 =  *_t96 + ((_v8[0] & 0x000000ff) << 8);
							L34:
							 *_t96 =  *_t96 + ( *_v8 & 0x000000ff);
							L35:
							 *_t108 =  *_t108 ^  *_t106;
							 *_t108 =  *_t108 - ( *_t106 << 0x0000000e |  *_t106 >> 0x00000012);
							 *_t96 =  *_t96 ^  *_t108;
							 *_t96 =  *_t96 - ( *_t108 << 0x0000000b |  *_t108 >> 0x00000015);
							 *_t106 =  *_t106 ^  *_t96;
							 *_t106 =  *_t106 - ( *_t96 << 0x00000019 |  *_t96 >> 0x00000007);
							 *_t108 =  *_t108 ^  *_t106;
							 *_t108 =  *_t108 - ( *_t106 << 0x00000010 |  *_t106 >> 0x00000010);
							 *_t96 =  *_t96 ^  *_t108;
							 *_t96 =  *_t96 - ( *_t108 << 0x00000004 |  *_t108 >> 0x0000001c);
							 *_t106 =  *_t106 ^  *_t96;
							 *_t106 =  *_t106 - ( *_t96 << 0x0000000e |  *_t96 >> 0x00000012);
							 *_t108 =  *_t108 ^  *_t106;
							 *_t108 =  *_t108 - ( *_t106 << 0x00000018 |  *_t106 >> 0x00000008);
							return  *_t108;
						}
						switch( *((intOrPtr*)(_t109 * 4 +  &M00432741))) {
							case 0:
								return  *_t108;
							case 1:
								goto L34;
							case 2:
								goto L33;
							case 3:
								goto L32;
							case 4:
								goto L31;
							case 5:
								goto L30;
							case 6:
								goto L29;
							case 7:
								goto L28;
							case 8:
								goto L27;
							case 9:
								goto L26;
							case 0xa:
								goto L25;
							case 0xb:
								goto L24;
							case 0xc:
								goto L23;
						}
					} else {
						goto L19;
					}
					do {
						L19:
						 *_t96 =  *_t96 + ( *_v8 & 0x000000ff) + ((_v8[0] & 0x000000ff) << 8) + ((_v8[0] & 0x000000ff) << 0x10) + ((_v8[0] & 0x000000ff) << 0x18);
						 *_t106 =  *_t106 + (_v8[1] & 0x000000ff) + ((_v8[1] & 0x000000ff) << 8) + ((_v8[1] & 0x000000ff) << 0x10) + ((_v8[1] & 0x000000ff) << 0x18);
						 *_t108 =  *_t108 + (_v8[2] & 0x000000ff) + ((_v8[2] & 0x000000ff) << 8) + ((_v8[2] & 0x000000ff) << 0x10) + ((_v8[2] & 0x000000ff) << 0x18);
						 *_t96 =  *_t96 -  *_t108;
						 *_t96 =  *_t96 ^ ( *_t108 << 0x00000004 |  *_t108 >> 0x0000001c);
						 *_t108 =  *_t108 +  *_t106;
						 *_t106 =  *_t106 -  *_t96;
						 *_t106 =  *_t106 ^ ( *_t96 << 0x00000006 |  *_t96 >> 0x0000001a);
						 *_t96 =  *_t96 +  *_t108;
						 *_t108 =  *_t108 -  *_t106;
						 *_t108 =  *_t108 ^ ( *_t106 << 0x00000008 |  *_t106 >> 0x00000018);
						 *_t106 =  *_t106 +  *_t96;
						 *_t96 =  *_t96 -  *_t108;
						 *_t96 =  *_t96 ^ ( *_t108 << 0x00000010 |  *_t108 >> 0x00000010);
						 *_t108 =  *_t108 +  *_t106;
						 *_t106 =  *_t106 -  *_t96;
						 *_t106 =  *_t106 ^ ( *_t96 << 0x00000013 |  *_t96 >> 0x0000000d);
						 *_t96 =  *_t96 +  *_t108;
						 *_t108 =  *_t108 -  *_t106;
						 *_t108 =  *_t108 ^ ( *_t106 << 0x00000004 |  *_t106 >> 0x0000001c);
						 *_t106 =  *_t106 +  *_t96;
						_t109 = _t109 - 0xc;
						_v8 =  &(_v8[3]);
					} while (_t109 > 0xc);
					goto L20;
				}
				if(__edx <= 0xc) {
					L3:
					if(_t109 > 0xc) {
						goto L35;
					}
					switch( *((intOrPtr*)(_t109 * 4 +  &M004324D5))) {
						case 0:
							return  *_t108;
						case 1:
							_v8 =  *_v8;
							__edx =  *_v8 & 0x000000ff;
							 *__eax =  *__eax + ( *_v8 & 0x000000ff);
							goto L35;
						case 2:
							_v8 =  *_v8;
							__edx =  *_v8 & 0x0000ffff;
							 *__eax =  *__eax + ( *_v8 & 0x0000ffff);
							goto L35;
						case 3:
							_v8 =  *_v8;
							__edx =  *_v8 & 0x00ffffff;
							 *__eax =  *__eax + ( *_v8 & 0x00ffffff);
							goto L35;
						case 4:
							_v8 =  *_v8;
							 *__eax =  *__eax +  *_v8;
							goto L35;
						case 5:
							__edx = _v8;
							 *__eax =  *__eax +  *__edx;
							__edx =  *(__edx + 4);
							 *__ebx =  *__ebx + __edx;
							goto L35;
						case 6:
							__edx = _v8;
							 *__eax =  *__eax +  *__edx;
							__edx =  *(__edx + 4);
							 *__ebx =  *__ebx + __edx;
							goto L35;
						case 7:
							__edx = _v8;
							 *__eax =  *__eax +  *__edx;
							__edx =  *(__edx + 4);
							 *__ebx =  *__ebx + __edx;
							goto L35;
						case 8:
							__edx = _v8;
							 *__eax =  *__eax +  *__edx;
							 *__ebx =  *__ebx + __edx;
							goto L35;
						case 9:
							__edx = _v8;
							 *__eax =  *__eax +  *__edx;
							 *__ebx =  *__ebx +  *(__edx + 4);
							__edx =  *(__edx + 8);
							 *__ecx =  *__ecx + __edx;
							goto L35;
						case 0xa:
							__edx = _v8;
							 *__eax =  *__eax +  *__edx;
							 *__ebx =  *__ebx +  *(__edx + 4);
							__edx =  *(__edx + 8);
							 *__ecx =  *__ecx + __edx;
							goto L35;
						case 0xb:
							__edx = _v8;
							 *__eax =  *__eax +  *__edx;
							 *__ebx =  *__ebx +  *(__edx + 4);
							__edx =  *(__edx + 8);
							 *__ecx =  *__ecx + __edx;
							goto L35;
						case 0xc:
							__edx = _v8;
							 *__eax =  *__eax +  *__edx;
							 *__ebx =  *__ebx +  *(__edx + 4);
							 *__ecx =  *__ecx + __edx;
							goto L35;
					}
				} else {
					goto L2;
				}
				do {
					L2:
					 *_t96 =  *_t96 +  *_v8;
					 *_t106 =  *_t106 + _v8[1];
					 *_t108 =  *_t108 + _v8[2];
					 *_t96 =  *_t96 -  *_t108;
					 *_t96 =  *_t96 ^ ( *_t108 << 0x00000004 |  *_t108 >> 0x0000001c);
					 *_t108 =  *_t108 +  *_t106;
					 *_t106 =  *_t106 -  *_t96;
					 *_t106 =  *_t106 ^ ( *_t96 << 0x00000006 |  *_t96 >> 0x0000001a);
					 *_t96 =  *_t96 +  *_t108;
					 *_t108 =  *_t108 -  *_t106;
					 *_t108 =  *_t108 ^ ( *_t106 << 0x00000008 |  *_t106 >> 0x00000018);
					 *_t106 =  *_t106 +  *_t96;
					 *_t96 =  *_t96 -  *_t108;
					 *_t96 =  *_t96 ^ ( *_t108 << 0x00000010 |  *_t108 >> 0x00000010);
					 *_t108 =  *_t108 +  *_t106;
					 *_t106 =  *_t106 -  *_t96;
					 *_t106 =  *_t106 ^ ( *_t96 << 0x00000013 |  *_t96 >> 0x0000000d);
					 *_t96 =  *_t96 +  *_t108;
					 *_t108 =  *_t108 -  *_t106;
					 *_t108 =  *_t108 ^ ( *_t106 << 0x00000004 |  *_t106 >> 0x0000001c);
					 *_t106 =  *_t106 +  *_t96;
					_t109 = _t109 - 0xc;
					_v8 = _v8 + 0xc;
				} while (_t109 > 0xc);
				goto L3;
			}

0x004323d4
0x004323dd
0x004323e0
0x004323e3
0x004323e6
0x004323e9
0x004323f7
0x004323fb
0x004323ff
0x00432404
0x0043240b
0x00432615
0x00432735
0x00432738
0x0043277c
0x00432786
0x00432788
0x00432792
0x00432794
0x0043279e
0x004327a0
0x004327a7
0x004327a9
0x004327b3
0x004327b5
0x004327bf
0x004327c1
0x004327cb
0x004327cd
0x004327d4
0x004327d6
0x004327e0
0x004327e2
0x004327ec
0x004327ee
0x004327f8
0x004327fa
0x00432800
0x00432802
0x00432804
0x00432812
0x00432816
0x00432824
0x00432828
0x00432836
0x0043283a
0x00432848
0x0043284c
0x0043285a
0x0043285e
0x0043286c
0x00432870
0x0043287e
0x00000000
0x00432880
0x0043273a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0043261b
0x0043261b
0x00432645
0x00432672
0x0043269f
0x004326a3
0x004326b1
0x004326b5
0x004326b9
0x004326c7
0x004326cb
0x004326cf
0x004326dd
0x004326e1
0x004326e5
0x004326f3
0x004326f7
0x004326fb
0x00432709
0x0043270d
0x00432711
0x0043271f
0x00432723
0x00432725
0x00432728
0x0043272c
0x00000000
0x0043261b
0x00432414
0x004324c5
0x004324c8
0x00000000
0x00000000
0x004324ce
0x00000000
0x00000000
0x00000000
0x00432513
0x00432515
0x0043251b
0x00000000
0x00000000
0x00432525
0x00432527
0x0043252d
0x00000000
0x00000000
0x00432537
0x00432539
0x0043253f
0x00000000
0x00000000
0x00432549
0x0043254b
0x00000000
0x00000000
0x00432552
0x00432557
0x00432559
0x00432562
0x00000000
0x00000000
0x00432569
0x0043256e
0x00432570
0x00432579
0x00000000
0x00000000
0x00432580
0x00432585
0x00432587
0x00432590
0x00000000
0x00000000
0x00432597
0x0043259c
0x004325a1
0x00000000
0x00000000
0x004325a8
0x004325ad
0x004325b2
0x004325b4
0x004325bd
0x00000000
0x00000000
0x004325c4
0x004325c9
0x004325ce
0x004325d0
0x004325d9
0x00000000
0x00000000
0x004325e0
0x004325e5
0x004325ea
0x004325ec
0x004325f5
0x00000000
0x00000000
0x004325fc
0x00432601
0x00432606
0x0043260b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0043241a
0x0043241a
0x0043241f
0x00432427
0x0043242f
0x00432433
0x00432441
0x00432445
0x00432449
0x00432457
0x0043245b
0x0043245f
0x0043246d
0x00432471
0x00432475
0x00432483
0x00432487
0x0043248b
0x00432499
0x0043249d
0x004324a1
0x004324af
0x004324b3
0x004324b5
0x004324b8
0x004324bc
0x00000000

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d4600078648eeebfdf89967b26c8f8f14867e6d92848d2a583adcbc3ad528d9
Instruction ID: 0e0ac7791a3b593c82b9663b5278fddcb4f9a641ff81dc8c770fc104e70d0848
Opcode Fuzzy Hash: 2d4600078648eeebfdf89967b26c8f8f14867e6d92848d2a583adcbc3ad528d9
Instruction Fuzzy Hash: E402E072900235DFDB96CF69C140109B7B6FF8A32472A82D6D854AB229D3B0BE51DFD1

Uniqueness

Uniqueness Score: -1.00%

Function 0040E9C4, Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3027258f69a45e47f11e6ef411682183d8681a3ba960b00656adada6bea5bd6d
Instruction ID: d9bdd0ffc78bce1da46a164adb44ca0a352dc4e9e15995579375b7a7492e944c
Opcode Fuzzy Hash: 3027258f69a45e47f11e6ef411682183d8681a3ba960b00656adada6bea5bd6d
Instruction Fuzzy Hash: FB61A7456AE7C66FCB07C33008B81D6AF61AE9325478B53EFC8C58A493D10D281EE363

Uniqueness

Uniqueness Score: -1.00%

Function 00405AE0, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f1654813ed5821a00b8b7144780f614f73eea8c4dc557e3c0d17b55d1bda45a
Instruction ID: c1f34be03cf0569538104f0038f02cfb84df381903d0011f2ebedd3a3241928c
Opcode Fuzzy Hash: 1f1654813ed5821a00b8b7144780f614f73eea8c4dc557e3c0d17b55d1bda45a
Instruction Fuzzy Hash: 76C0E9B550D6066E975C8F1AB480815FBE5FAC8324364C22EA01C83644D73154518A64

Uniqueness

Uniqueness Score: -1.00%

Function 0042786C, Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0042786C() {
				struct HINSTANCE__* _v8;
				intOrPtr _t46;
				void* _t91;

				_v8 = GetModuleHandleW(L"oleaut32.dll");
				 *0x4c10ec = E00427840("VariantChangeTypeEx", E0042725C, _t91);
				 *0x4c10f0 = E00427840("VarNeg", E004272A4, _t91);
				 *0x4c10f4 = E00427840("VarNot", E004272A4, _t91);
				 *0x4c10f8 = E00427840("VarAdd", E004272B0, _t91);
				 *0x4c10fc = E00427840("VarSub", E004272B0, _t91);
				 *0x4c1100 = E00427840("VarMul", E004272B0, _t91);
				 *0x4c1104 = E00427840("VarDiv", E004272B0, _t91);
				 *0x4c1108 = E00427840("VarIdiv", E004272B0, _t91);
				 *0x4c110c = E00427840("VarMod", E004272B0, _t91);
				 *0x4c1110 = E00427840("VarAnd", E004272B0, _t91);
				 *0x4c1114 = E00427840("VarOr", E004272B0, _t91);
				 *0x4c1118 = E00427840("VarXor", E004272B0, _t91);
				 *0x4c111c = E00427840("VarCmp", E004272BC, _t91);
				 *0x4c1120 = E00427840("VarI4FromStr", E004272C8, _t91);
				 *0x4c1124 = E00427840("VarR4FromStr", E00427334, _t91);
				 *0x4c1128 = E00427840("VarR8FromStr", E004273A4, _t91);
				 *0x4c112c = E00427840("VarDateFromStr", E00427414, _t91);
				 *0x4c1130 = E00427840("VarCyFromStr", E00427484, _t91);
				 *0x4c1134 = E00427840("VarBoolFromStr", E004274F4, _t91);
				 *0x4c1138 = E00427840("VarBstrFromCy", E00427574, _t91);
				 *0x4c113c = E00427840("VarBstrFromDate", E0042761C, _t91);
				_t46 = E00427840("VarBstrFromBool", E004277AC, _t91);
				 *0x4c1140 = _t46;
				return _t46;
			}

0x0042787a
0x0042788e
0x004278a4
0x004278ba
0x004278d0
0x004278e6
0x004278fc
0x00427912
0x00427928
0x0042793e
0x00427954
0x0042796a
0x00427980
0x00427996
0x004279ac
0x004279c2
0x004279d8
0x004279ee
0x00427a04
0x00427a1a
0x00427a30
0x00427a46
0x00427a56
0x00427a5c
0x00427a63

APIs

GetModuleHandleW.KERNEL32(oleaut32.dll), ref: 00427875

Part of subcall function 00427840: GetProcAddress.KERNEL32(00000000), ref: 00427859

Strings

VarI4FromStr, xrefs: 004279A1
VarAdd, xrefs: 004278C5
VarIdiv, xrefs: 0042791D
VarBstrFromCy, xrefs: 00427A25
VarBstrFromBool, xrefs: 00427A51
VarDiv, xrefs: 00427907
VarAnd, xrefs: 00427949
VarOr, xrefs: 0042795F
VarNeg, xrefs: 00427899
VarNot, xrefs: 004278AF
VarBoolFromStr, xrefs: 00427A0F
VarXor, xrefs: 00427975
VarCmp, xrefs: 0042798B
VarSub, xrefs: 004278DB
VarR8FromStr, xrefs: 004279CD
VarMod, xrefs: 00427933
oleaut32.dll, xrefs: 00427870
VarDateFromStr, xrefs: 004279E3
VarR4FromStr, xrefs: 004279B7
VarCyFromStr, xrefs: 004279F9
VariantChangeTypeEx, xrefs: 00427883
VarBstrFromDate, xrefs: 00427A3B
VarMul, xrefs: 004278F1

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
API String ID: 1646373207-1918263038
Opcode ID: 5cf195724925289e6f2ad16803ad8370aec20d17f9d85d45225f6b1074e55d7c
Instruction ID: 96d943bac4208f5f805096c386a34d5aa5ef5e253b2f04d34a0c4787a29fadef
Opcode Fuzzy Hash: 5cf195724925289e6f2ad16803ad8370aec20d17f9d85d45225f6b1074e55d7c
Instruction Fuzzy Hash: 4141246074C2359A53047BAF780292B7AD8E6497243E0D0BFF5048B767DF7CA8818A7D

Uniqueness

Uniqueness Score: -1.00%

Function 0041E7CC, Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 194
threadCOMMON

Download Yara Rule

C-Code - Quality: 82%

			E0041E7CC(void* __eax, void* __ebx, signed int __edx, void* __edi, void* __esi, long long __fp0) {
				signed int _v8;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr* _t32;
				signed int _t53;
				signed int _t56;
				signed int _t71;
				signed int _t78;
				signed int* _t82;
				signed int _t85;
				void* _t93;
				signed int _t94;
				signed int _t95;
				signed int _t98;
				signed int _t99;
				void* _t105;
				intOrPtr _t106;
				signed int _t109;
				intOrPtr _t116;
				intOrPtr _t117;
				void* _t131;
				void* _t132;
				signed int _t134;
				void* _t136;
				void* _t137;
				void* _t139;
				void* _t140;
				intOrPtr _t141;
				void* _t142;
				long long _t161;

				_t161 = __fp0;
				_t126 = __edi;
				_t109 = __edx;
				_t139 = _t140;
				_t141 = _t140 + 0xfffffff0;
				_push(__edi);
				_v12 = 0;
				_v8 = __edx;
				_t93 = __eax;
				_push(_t139);
				_push(0x41ea61);
				_push( *[fs:eax]);
				 *[fs:eax] = _t141;
				_t32 =  *0x4ba590; // 0x4bb8f8
				_t144 =  *_t32;
				if( *_t32 == 0) {
					E0040554C(0x1a);
				}
				E00406688(E0040690C( *0x4be7e4, 0, _t126), _t109 | 0xffffffff, _t144);
				_push(_t139);
				_push(0x41ea44);
				_push( *[fs:edx]);
				 *[fs:edx] = _t141;
				 *0x4be7dc = 0;
				_push(0);
				E00409C00();
				_t142 = _t141 + 4;
				E0041E034(_t93, 0x41ea7c, 0x100b,  &_v12);
				_t127 = E0041A1C4(0x41ea7c, 1, _t144);
				if(_t127 + 0xfffffffd - 3 >= 0) {
					__eflags = _t127 - 0xffffffffffffffff;
					if(_t127 - 0xffffffffffffffff < 0) {
						 *0x4be7dc = 1;
						_push(1);
						E00409C00();
						_t142 = _t142 + 4;
						E00407E00( *0x4be7e0, L"B.C.");
						 *((intOrPtr*)( *0x4be7e0 + 4)) = 0;
						_t71 =  *0x4be7e0;
						 *((intOrPtr*)(_t71 + 8)) = 0xffc00000;
						 *((intOrPtr*)(_t71 + 0xc)) = 0xc1dfffff;
						E0041C1C4(1, 1, 1, __eflags, _t161);
						_v20 = E00405790();
						_v16 = 1;
						asm("fild qword [ebp-0x10]");
						 *((long long*)( *0x4be7e0 + 0x10)) = _t161;
						asm("wait");
						EnumCalendarInfoW(E0041E6A4, GetThreadLocale(), _t127, 4);
						_t78 =  *0x4be7e0;
						__eflags = _t78;
						if(_t78 != 0) {
							_t82 = _t78 - 4;
							__eflags = _t82;
							_t78 =  *_t82;
						}
						_t134 = _t78 - 1;
						__eflags = _t134;
						if(_t134 > 0) {
							_t98 = 1;
							do {
								 *((intOrPtr*)( *0x4be7e0 + 4 + (_t98 + _t98 * 2) * 8)) = 0xffffffff;
								_t98 = _t98 + 1;
								_t134 = _t134 - 1;
								__eflags = _t134;
							} while (_t134 != 0);
						}
						EnumCalendarInfoW(E0041E73C, GetThreadLocale(), _t127, 3);
					}
				} else {
					EnumCalendarInfoW(E0041E6A4, GetThreadLocale(), _t127, 4);
					_t85 =  *0x4be7e0;
					if(_t85 != 0) {
						_t85 =  *(_t85 - 4);
					}
					_t136 = _t85 - 1;
					if(_t136 >= 0) {
						_t137 = _t136 + 1;
						_t99 = 0;
						do {
							 *((intOrPtr*)( *0x4be7e0 + 4 + (_t99 + _t99 * 2) * 8)) = 0xffffffff;
							_t99 = _t99 + 1;
							_t137 = _t137 - 1;
						} while (_t137 != 0);
					}
					EnumCalendarInfoW(E0041E73C, GetThreadLocale(), _t127, 3);
				}
				_t94 =  *0x4be7e0;
				if(_t94 != 0) {
					_t94 =  *(_t94 - 4);
				}
				_push(_t94);
				E00409C00();
				_t53 =  *0x4be7e0;
				if(_t53 != 0) {
					_t53 =  *(_t53 - 4);
				}
				_t131 = _t53 - 1;
				if(_t131 >= 0) {
					_t132 = _t131 + 1;
					_t95 = 0;
					do {
						_t127 = _t95 + _t95 * 2;
						_t106 =  *0x416e18; // 0x416e1c
						E00408F5C( *((intOrPtr*)(_v8 + 0xbc)) + (_t95 + _t95 * 2) * 8, _t106,  *0x4be7e0 + (_t95 + _t95 * 2) * 8);
						_t95 = _t95 + 1;
						_t132 = _t132 - 1;
					} while (_t132 != 0);
				}
				_t116 =  *0x41e600; // 0x41e604
				E00409D24(0x4be7e0, _t116);
				_t56 =  *0x4be7e0;
				if(_t56 != 0) {
					_t56 =  *(_t56 - 4);
				}
				 *0x4be7dc = _t56;
				_pop(_t117);
				_pop(_t105);
				 *[fs:eax] = _t117;
				_push(0x41ea4b);
				return E00406868( *0x4be7e4, _t105, _t127);
			}

0x0041e7cc
0x0041e7cc
0x0041e7cc
0x0041e7cd
0x0041e7cf
0x0041e7d4
0x0041e7d7
0x0041e7da
0x0041e7dd
0x0041e7e1
0x0041e7e2
0x0041e7e7
0x0041e7ea
0x0041e7ed
0x0041e7f2
0x0041e7f5
0x0041e7f9
0x0041e7f9
0x0041e80b
0x0041e812
0x0041e813
0x0041e818
0x0041e81b
0x0041e820
0x0041e826
0x0041e837
0x0041e83c
0x0041e84f
0x0041e861
0x0041e86b
0x0041e8c8
0x0041e8cb
0x0041e8d6
0x0041e8dc
0x0041e8ed
0x0041e8f2
0x0041e8ff
0x0041e90b
0x0041e90e
0x0041e913
0x0041e91a
0x0041e92d
0x0041e937
0x0041e93a
0x0041e93d
0x0041e945
0x0041e948
0x0041e957
0x0041e95c
0x0041e961
0x0041e963
0x0041e965
0x0041e965
0x0041e968
0x0041e968
0x0041e96c
0x0041e96d
0x0041e96f
0x0041e971
0x0041e976
0x0041e97f
0x0041e987
0x0041e988
0x0041e988
0x0041e988
0x0041e976
0x0041e999
0x0041e999
0x0041e86d
0x0041e87b
0x0041e880
0x0041e887
0x0041e88c
0x0041e88c
0x0041e890
0x0041e893
0x0041e895
0x0041e896
0x0041e898
0x0041e8a1
0x0041e8a9
0x0041e8aa
0x0041e8aa
0x0041e898
0x0041e8bb
0x0041e8bb
0x0041e9a3
0x0041e9a7
0x0041e9ac
0x0041e9ac
0x0041e9ae
0x0041e9c2
0x0041e9ca
0x0041e9d1
0x0041e9d6
0x0041e9d6
0x0041e9da
0x0041e9dd
0x0041e9df
0x0041e9e0
0x0041e9e2
0x0041e9e2
0x0041e9fa
0x0041ea00
0x0041ea05
0x0041ea06
0x0041ea06
0x0041e9e2
0x0041ea0e
0x0041ea14
0x0041ea19
0x0041ea20
0x0041ea25
0x0041ea25
0x0041ea27
0x0041ea2e
0x0041ea30
0x0041ea31
0x0041ea34
0x0041ea43

APIs

GetThreadLocale.KERNEL32(00000000,00000004), ref: 0041E870
EnumCalendarInfoW.KERNEL32(0041E6A4,00000000,00000000,00000004), ref: 0041E87B
GetThreadLocale.KERNEL32(00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E8B0
EnumCalendarInfoW.KERNEL32(0041E73C,00000000,00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E8BB
GetThreadLocale.KERNEL32(00000000,00000004), ref: 0041E94C
EnumCalendarInfoW.KERNEL32(0041E6A4,00000000,00000000,00000004), ref: 0041E957
GetThreadLocale.KERNEL32(00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E98E
EnumCalendarInfoW.KERNEL32(0041E73C,00000000,00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E999

Strings

K, xrefs: 0041E827
K, xrefs: 0041E8DD
B.C., xrefs: 0041E8FA
ToA, xrefs: 0041E9BC
K, xrefs: 0041EA09

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CalendarEnumInfoLocaleThread
String ID: B.C.$ToA$K$K$K
API String ID: 683597275-1724967715
Opcode ID: 1136ce8ed02fb4c729f57db85bea68eee7c8be852006698a4ed06655204c70de
Instruction ID: 5f9a2d1895d99171d8daf0119b8bb3b5d98f795b9e196a74a36fcd0882631485
Opcode Fuzzy Hash: 1136ce8ed02fb4c729f57db85bea68eee7c8be852006698a4ed06655204c70de
Instruction Fuzzy Hash: 3061D7786002009FD710EF2BCC85AD677A9FB84354B518A7AFC019B3A6CB78DC41CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0040A250, Relevance: 21.0, APIs: 8, Strings: 4, Instructions: 28
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040A250() {
				signed int _t2;
				_Unknown_base(*)()* _t8;

				InitializeCriticalSection(0x4bdc10);
				 *0x4bdc28 = 0x7f;
				_t2 = GetVersion() & 0x000000ff;
				 *0x4bdc0c = _t2 - 6 >= 0;
				if( *0x4bdc0c != 0) {
					 *0x4bdc00 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetThreadPreferredUILanguages");
					 *0x4bdc04 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "SetThreadPreferredUILanguages");
					_t8 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetThreadUILanguage");
					 *0x4bdc08 = _t8;
					return _t8;
				}
				return _t2;
			}

0x0040a255
0x0040a25a
0x0040a268
0x0040a270
0x0040a27e
0x0040a295
0x0040a2af
0x0040a2c4
0x0040a2c9
0x00000000
0x0040a2c9
0x0040a2ce

APIs

InitializeCriticalSection.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A255
GetVersion.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A263
GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A28A
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A290
GetModuleHandleW.KERNEL32(kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2A4
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A2AA
GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadUILanguage,00000000,kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2BE
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A2C4

Strings

GetThreadUILanguage, xrefs: 0040A2B4
SetThreadPreferredUILanguages, xrefs: 0040A29A
kernel32.dll, xrefs: 0040A285, 0040A29F, 0040A2B9
GetThreadPreferredUILanguages, xrefs: 0040A280

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressHandleModuleProc$CriticalInitializeSectionVersion
String ID: GetThreadPreferredUILanguages$GetThreadUILanguage$SetThreadPreferredUILanguages$kernel32.dll
API String ID: 74573329-1403180336
Opcode ID: 58d327082e64ef42c945ef42cd8e374577ec01c28157982806072b66866d47a0
Instruction ID: d84369935ce7e940d286def53580bf621e493dc20acbcc0033f4522394103be5
Opcode Fuzzy Hash: 58d327082e64ef42c945ef42cd8e374577ec01c28157982806072b66866d47a0
Instruction Fuzzy Hash: F9F098A49853413DD6207F769D07B292D685A0170AF644AFFB410763D3EEFE4190E71E

Uniqueness

Uniqueness Score: -1.00%

Function 0041E0AC, Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 216
threadCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E0041E0AC(int __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				int _t55;
				void* _t121;
				void* _t128;
				void* _t151;
				void* _t152;
				intOrPtr _t172;
				intOrPtr _t204;
				signed short _t212;
				int _t214;
				intOrPtr _t216;
				intOrPtr _t217;
				void* _t224;

				_t224 = __fp0;
				_t211 = __edi;
				_t216 = _t217;
				_t152 = 7;
				do {
					_push(0);
					_push(0);
					_t152 = _t152 - 1;
				} while (_t152 != 0);
				_push(__edi);
				_t151 = __edx;
				_t214 = __eax;
				_push(_t216);
				_push(0x41e391);
				_push( *[fs:eax]);
				 *[fs:eax] = _t217;
				_t55 = IsValidLocale(__eax, 1);
				_t219 = _t55;
				if(_t55 == 0) {
					_t214 = GetThreadLocale();
				}
				_t172 =  *0x416f50; // 0x416f54
				E00409D24(_t151 + 0xbc, _t172);
				E0041E7CC(_t214, _t151, _t151, _t211, _t214, _t224);
				E0041E4A0(_t214, _t151, _t151, _t211, _t214);
				E0041E55C(_t214, _t151, _t151, _t211, _t214);
				E0041E034(_t214, 0, 0x14,  &_v20);
				E00407E00(_t151, _v20);
				E0041E034(_t214, 0x41e3ac, 0x1b,  &_v24);
				 *((char*)(_t151 + 4)) = E0041A1C4(0x41e3ac, 0, _t219);
				E0041E034(_t214, 0x41e3ac, 0x1c,  &_v28);
				 *((char*)(_t151 + 0xc6)) = E0041A1C4(0x41e3ac, 0, _t219);
				 *((short*)(_t151 + 0xc0)) = E0041E080(_t214, 0x2c, 0xf);
				 *((short*)(_t151 + 0xc2)) = E0041E080(_t214, 0x2e, 0xe);
				E0041E034(_t214, 0x41e3ac, 0x19,  &_v32);
				 *((char*)(_t151 + 5)) = E0041A1C4(0x41e3ac, 0, _t219);
				_t212 = E0041E080(_t214, 0x2f, 0x1d);
				 *(_t151 + 6) = _t212;
				_push(_t212);
				E0041EB18(_t214, _t151, L"m/d/yy", 0x1f, _t212, _t214, _t219,  &_v36);
				E00407E00(_t151 + 0xc, _v36);
				_push( *(_t151 + 6) & 0x0000ffff);
				E0041EB18(_t214, _t151, L"mmmm d, yyyy", 0x20, _t212, _t214, _t219,  &_v40);
				E00407E00(_t151 + 0x10, _v40);
				 *((short*)(_t151 + 8)) = E0041E080(_t214, 0x3a, 0x1e);
				E0041E034(_t214, 0x41e400, 0x28,  &_v44);
				E00407E00(_t151 + 0x14, _v44);
				E0041E034(_t214, 0x41e414, 0x29,  &_v48);
				E00407E00(_t151 + 0x18, _v48);
				E00407A20( &_v12);
				E00407A20( &_v16);
				E0041E034(_t214, 0x41e3ac, 0x25,  &_v52);
				_t121 = E0041A1C4(0x41e3ac, 0, _t219);
				_t220 = _t121;
				if(_t121 != 0) {
					E00407E48( &_v8, 0x41e438);
				} else {
					E00407E48( &_v8, 0x41e428);
				}
				E0041E034(_t214, 0x41e3ac, 0x23,  &_v56);
				_t128 = E0041A1C4(0x41e3ac, 0, _t220);
				_t221 = _t128;
				if(_t128 == 0) {
					E0041E034(_t214, 0x41e3ac, 0x1005,  &_v60);
					if(E0041A1C4(0x41e3ac, 0, _t221) != 0) {
						E00407E48( &_v12, L"AMPM ");
					} else {
						E00407E48( &_v16, L" AMPM");
					}
				}
				_push(_v12);
				_push(_v8);
				_push(":mm");
				_push(_v16);
				E004087C4(_t151 + 0x1c, _t151, 4, _t212, _t214);
				_push(_v12);
				_push(_v8);
				_push(L":mm:ss");
				_push(_v16);
				E004087C4(_t151 + 0x20, _t151, 4, _t212, _t214);
				 *((short*)(_t151 + 0xa)) = E0041E080(_t214, 0x2c, 0xc);
				 *((short*)(_t151 + 0xc4)) = 0x32;
				_pop(_t204);
				 *[fs:eax] = _t204;
				_push(0x41e398);
				return E00407A80( &_v60, 0xe);
			}

0x0041e0ac
0x0041e0ac
0x0041e0ad
0x0041e0af
0x0041e0b4
0x0041e0b4
0x0041e0b6
0x0041e0b8
0x0041e0b8
0x0041e0bd
0x0041e0be
0x0041e0c0
0x0041e0c4
0x0041e0c5
0x0041e0ca
0x0041e0cd
0x0041e0d3
0x0041e0d8
0x0041e0da
0x0041e0e1
0x0041e0e1
0x0041e0e9
0x0041e0ef
0x0041e0f8
0x0041e101
0x0041e10a
0x0041e11c
0x0041e126
0x0041e13b
0x0041e14a
0x0041e15d
0x0041e16c
0x0041e182
0x0041e199
0x0041e1b0
0x0041e1bf
0x0041e1d2
0x0041e1d4
0x0041e1d8
0x0041e1e9
0x0041e1f4
0x0041e1fd
0x0041e20e
0x0041e219
0x0041e22e
0x0041e242
0x0041e24d
0x0041e262
0x0041e26d
0x0041e275
0x0041e27d
0x0041e292
0x0041e29c
0x0041e2a1
0x0041e2a3
0x0041e2bc
0x0041e2a5
0x0041e2ad
0x0041e2ad
0x0041e2d1
0x0041e2db
0x0041e2e0
0x0041e2e2
0x0041e2f4
0x0041e305
0x0041e31e
0x0041e307
0x0041e30f
0x0041e30f
0x0041e305
0x0041e323
0x0041e326
0x0041e329
0x0041e32e
0x0041e339
0x0041e33e
0x0041e341
0x0041e344
0x0041e349
0x0041e354
0x0041e369
0x0041e36d
0x0041e378
0x0041e37b
0x0041e37e
0x0041e390

APIs

IsValidLocale.KERNEL32(?,00000001,00000000,0041E391,?,?,?,?,00000000,00000000), ref: 0041E0D3
GetThreadLocale.KERNEL32(?,00000001,00000000,0041E391,?,?,?,?,00000000,00000000), ref: 0041E0DC

Part of subcall function 0041E080: GetLocaleInfoW.KERNEL32(?,0000000F,?,00000002,0000002C,?,?,?,0041E182,?,00000001,00000000,0041E391), ref: 0041E093

Part of subcall function 0041E034: GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 0041E052

Strings

AMPM , xrefs: 0041E319
AMPM, xrefs: 0041E30A
ToA, xrefs: 0041E0E9
mmmm d, yyyy, xrefs: 0041E202
2, xrefs: 0041E36D
:mm:ss, xrefs: 0041E344
:mm, xrefs: 0041E329
m/d/yy, xrefs: 0041E1DD

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Locale$Info$ThreadValid
String ID: AMPM$2$:mm$:mm:ss$AMPM $ToA$m/d/yy$mmmm d, yyyy
API String ID: 233154393-2808312488
Opcode ID: 89dbd54baef797781c63ab5ee0a362cfcea0ac090ff54d53303b749289e312d8
Instruction ID: 756c878950b08f5201d8436663b045c7a1b9734561897f0b9d621fb0846820d7
Opcode Fuzzy Hash: 89dbd54baef797781c63ab5ee0a362cfcea0ac090ff54d53303b749289e312d8
Instruction Fuzzy Hash: 887134387011199BDB05EB67C841BDE76AADF88304F50807BF904AB246DB3DDD82879E

Uniqueness

Uniqueness Score: -1.00%

Function 0040A7E4, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E0040A7E4(signed short __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				char _v8;
				void* _t18;
				signed short _t28;
				intOrPtr _t35;
				intOrPtr* _t44;
				intOrPtr _t47;

				_t42 = __edi;
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t44 = __edx;
				_t28 = __eax;
				_push(_t47);
				_push(0x40a8e8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t47;
				EnterCriticalSection(0x4bdc10);
				if(_t28 !=  *0x4bdc28) {
					LeaveCriticalSection(0x4bdc10);
					E00407A20(_t44);
					if(IsValidLocale(_t28 & 0x0000ffff, 2) != 0) {
						if( *0x4bdc0c == 0) {
							_t18 = E0040A4CC(_t28, _t28, _t44, __edi, _t44);
							L00403738();
							if(_t28 != _t18) {
								if( *_t44 != 0) {
									_t18 = E004086E4(_t44, E0040A900);
								}
								L00403738();
								E0040A4CC(_t18, _t28,  &_v8, _t42, _t44);
								E004086E4(_t44, _v8);
							}
						} else {
							E0040A6C8(_t28, _t44);
						}
					}
					EnterCriticalSection(0x4bdc10);
					 *0x4bdc28 = _t28;
					E0040A34C(0x4bdc2a, E004084EC( *_t44), 0xaa);
					LeaveCriticalSection(0x4bdc10);
				} else {
					E0040858C(_t44, 0x55, 0x4bdc2a);
					LeaveCriticalSection(0x4bdc10);
				}
				_pop(_t35);
				 *[fs:eax] = _t35;
				_push(E0040A8EF);
				return E00407A20( &_v8);
			}

0x0040a7e4
0x0040a7e7
0x0040a7e9
0x0040a7ea
0x0040a7eb
0x0040a7ed
0x0040a7f1
0x0040a7f2
0x0040a7f7
0x0040a7fa
0x0040a802
0x0040a80e
0x0040a835
0x0040a83c
0x0040a84e
0x0040a857
0x0040a868
0x0040a86d
0x0040a875
0x0040a87a
0x0040a883
0x0040a883
0x0040a888
0x0040a890
0x0040a89a
0x0040a89a
0x0040a859
0x0040a85d
0x0040a85d
0x0040a857
0x0040a8a4
0x0040a8a9
0x0040a8c3
0x0040a8cd
0x0040a810
0x0040a81c
0x0040a826
0x0040a826
0x0040a8d4
0x0040a8d7
0x0040a8da
0x0040a8e7

APIs

EnterCriticalSection.KERNEL32(004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227,?,?,00000000,00000000,00000000), ref: 0040A802
LeaveCriticalSection.KERNEL32(004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227,?,?,00000000,00000000), ref: 0040A826
LeaveCriticalSection.KERNEL32(004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227,?,?,00000000,00000000), ref: 0040A835
IsValidLocale.KERNEL32(00000000,00000002,004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227), ref: 0040A847
EnterCriticalSection.KERNEL32(004BDC10,00000000,00000002,004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227), ref: 0040A8A4
LeaveCriticalSection.KERNEL32(004BDC10,004BDC10,00000000,00000002,004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227), ref: 0040A8CD

Strings

en-US,en,, xrefs: 0040A812, 0040A8B9

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$LocaleValid
String ID: en-US,en,
API String ID: 975949045-3579323720
Opcode ID: e3721d42ea745a9edd8ebaecb4ab5b2828546a05d0e92c0f55165f56426ca85b
Instruction ID: af4c48ae6f9d4b9345a2e7437780db60bfff4a38cfd5d6d0e3948ff18df55379
Opcode Fuzzy Hash: e3721d42ea745a9edd8ebaecb4ab5b2828546a05d0e92c0f55165f56426ca85b
Instruction Fuzzy Hash: 31218461B1031077DA11BB668C03B5E29A89B44705BA0887BB140B32D2EEBD8D52D66F

Uniqueness

Uniqueness Score: -1.00%

Function 0042301C, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 82
registryCOMMON

Download Yara Rule

C-Code - Quality: 61%

			E0042301C(void* __ebx, void* __esi, void* __eflags) {
				char _v8;
				void* _v12;
				char _v16;
				char _v20;
				intOrPtr* _t21;
				intOrPtr _t61;
				void* _t68;

				_push(__ebx);
				_v20 = 0;
				_v8 = 0;
				_push(_t68);
				_push(0x423116);
				_push( *[fs:eax]);
				 *[fs:eax] = _t68 + 0xfffffff0;
				_t21 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"GetUserDefaultUILanguage");
				if(_t21 == 0) {
					if(E0041FF2C() != 2) {
						if(E00422FF4(0, L"Control Panel\\Desktop\\ResourceLocale", 0x80000001,  &_v12, 1, 0) == 0) {
							E00422FE8();
							RegCloseKey(_v12);
						}
					} else {
						if(E00422FF4(0, L".DEFAULT\\Control Panel\\International", 0x80000003,  &_v12, 1, 0) == 0) {
							E00422FE8();
							RegCloseKey(_v12);
						}
					}
					E0040873C( &_v20, _v8, 0x42322c);
					E00405920(_v20,  &_v16);
					if(_v16 != 0) {
					}
				} else {
					 *_t21();
				}
				_pop(_t61);
				 *[fs:eax] = _t61;
				_push(E0042311D);
				E00407A20( &_v20);
				return E00407A20( &_v8);
			}

0x00423022
0x00423025
0x00423028
0x0042302d
0x0042302e
0x00423033
0x00423036
0x00423049
0x00423050
0x00423063
0x004230b8
0x004230c5
0x004230ce
0x004230ce
0x00423065
0x00423080
0x0042308d
0x00423096
0x00423096
0x00423080
0x004230de
0x004230e9
0x004230f4
0x004230f4
0x00423052
0x00423052
0x00423054
0x004230fa
0x004230fd
0x00423100
0x00423108
0x00423115

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,00423116), ref: 00423043

Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116), ref: 0040E1D2

RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,00423116), ref: 00423096

Strings

kernel32.dll, xrefs: 0042303E
GetUserDefaultUILanguage, xrefs: 00423039
Locale, xrefs: 00423085
.DEFAULT\Control Panel\International, xrefs: 0042306D
Control Panel\Desktop\ResourceLocale, xrefs: 004230A5

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressCloseHandleModuleProc
String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
API String ID: 4190037839-2401316094
Opcode ID: 0c53a133d6644a1b94ef3c959f72937b5652b11bdcaf1ce6cf384129006bdbe5
Instruction ID: 05790bdd6973bc135d390eb6e5b6569f0703c8ea8b4006eead18837270f0a894
Opcode Fuzzy Hash: 0c53a133d6644a1b94ef3c959f72937b5652b11bdcaf1ce6cf384129006bdbe5
Instruction Fuzzy Hash: 39217930B00228ABDB10EEB5DD42A9F73F4EB44345FA04477A500E3281DB7CAB41962D

Uniqueness

Uniqueness Score: -1.00%

Function 0040D218, Relevance: 13.8, APIs: 9, Instructions: 258
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E0040D218(void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				long _v8;
				signed int _v12;
				long _v16;
				void* _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				struct HINSTANCE__** _v48;
				CHAR* _v52;
				void _v56;
				long _v60;
				_Unknown_base(*)()* _v64;
				struct HINSTANCE__* _v68;
				CHAR* _v72;
				signed int _v76;
				CHAR* _v80;
				intOrPtr* _v84;
				void* _v88;
				void _v92;
				signed int _t104;
				signed int _t106;
				signed int _t108;
				long _t113;
				intOrPtr* _t119;
				void* _t124;
				void _t126;
				long _t128;
				struct HINSTANCE__* _t142;
				long _t166;
				signed int* _t190;
				_Unknown_base(*)()* _t191;
				void* _t194;
				intOrPtr _t196;

				_push(_a4);
				memcpy( &_v56, 0x4b7c40, 8 << 2);
				_pop(_t194);
				_v56 =  *0x4b7c40;
				_v52 = E0040D6C8( *0x004B7C44);
				_v48 = E0040D6D8( *0x004B7C48);
				_v44 = E0040D6E8( *0x004B7C4C);
				_v40 = E0040D6F8( *0x004B7C50);
				_v36 = E0040D6F8( *0x004B7C54);
				_v32 = E0040D6F8( *0x004B7C58);
				_v28 =  *0x004B7C5C;
				memcpy( &_v92, 0x4b7c60, 9 << 2);
				_t196 = _t194;
				_v88 = 0x4b7c60;
				_v84 = _a8;
				_v80 = _v52;
				if((_v56 & 0x00000001) == 0) {
					_t166 =  *0x4b7c84; // 0x0
					_v8 = _t166;
					_v8 =  &_v92;
					RaiseException(0xc06d0057, 0, 1,  &_v8);
					return 0;
				}
				_t104 = _a8 - _v44;
				_t142 =  *_v48;
				if(_t104 < 0) {
					_t104 = _t104 + 3;
				}
				_v12 = _t104 >> 2;
				_t106 = _v12;
				_t190 = (_t106 << 2) + _v40;
				_t108 = (_t106 & 0xffffff00 | (_t190[0] & 0x00000080) == 0x00000000) & 0x00000001;
				_v76 = _t108;
				if(_t108 == 0) {
					_v72 =  *_t190 & 0x0000ffff;
				} else {
					_v72 = E0040D708( *_t190) + 2;
				}
				_t191 = 0;
				if( *0x4be640 == 0) {
					L10:
					if(_t142 != 0) {
						L25:
						_v68 = _t142;
						if( *0x4be640 != 0) {
							_t191 =  *0x4be640(2,  &_v92);
						}
						if(_t191 != 0) {
							L36:
							if(_t191 == 0) {
								_v60 = GetLastError();
								if( *0x4be644 != 0) {
									_t191 =  *0x4be644(4,  &_v92);
								}
								if(_t191 == 0) {
									_t113 =  *0x4b7c8c; // 0x0
									_v24 = _t113;
									_v24 =  &_v92;
									RaiseException(0xc06d007f, 0, 1,  &_v24);
									_t191 = _v64;
								}
							}
							goto L41;
						} else {
							if( *((intOrPtr*)(_t196 + 0x14)) == 0 ||  *((intOrPtr*)(_t196 + 0x1c)) == 0) {
								L35:
								_t191 = GetProcAddress(_t142, _v72);
								goto L36;
							} else {
								_t119 =  *((intOrPtr*)(_t142 + 0x3c)) + _t142;
								if( *_t119 != 0x4550 ||  *((intOrPtr*)(_t119 + 8)) != _v28 || (( *(_t119 + 0x34) & 0xffffff00 |  *(_t119 + 0x34) == _t142) & 0x00000001) == 0) {
									goto L35;
								} else {
									_t191 =  *((intOrPtr*)(_v36 + _v12 * 4));
									if(_t191 == 0) {
										goto L35;
									}
									L41:
									 *_a8 = _t191;
									goto L42;
								}
							}
						}
					}
					if( *0x4be640 != 0) {
						_t142 =  *0x4be640(1,  &_v92);
					}
					if(_t142 == 0) {
						_t142 = LoadLibraryA(_v80);
					}
					if(_t142 != 0) {
						L20:
						if(_t142 == E0040CBA0(_v48, _t142)) {
							FreeLibrary(_t142);
						} else {
							if( *((intOrPtr*)(_t196 + 0x18)) != 0) {
								_t124 = LocalAlloc(0x40, 8);
								_v20 = _t124;
								if(_t124 != 0) {
									 *((intOrPtr*)(_v20 + 4)) = _t196;
									_t126 =  *0x4b7c3c; // 0x0
									 *_v20 = _t126;
									 *0x4b7c3c = _v20;
								}
							}
						}
						goto L25;
					} else {
						_v60 = GetLastError();
						if( *0x4be644 != 0) {
							_t142 =  *0x4be644(3,  &_v92);
						}
						if(_t142 != 0) {
							goto L20;
						} else {
							_t128 =  *0x4b7c88; // 0x0
							_v16 = _t128;
							_v16 =  &_v92;
							RaiseException(0xc06d007e, 0, 1,  &_v16);
							return _v64;
						}
					}
				} else {
					_t191 =  *0x4be640(0,  &_v92);
					if(_t191 == 0) {
						goto L10;
					} else {
						L42:
						if( *0x4be640 != 0) {
							_v60 = 0;
							_v68 = _t142;
							_v64 = _t191;
							 *0x4be640(5,  &_v92);
						}
						return _t191;
					}
				}
			}

0x0040d22c
0x0040d232
0x0040d234
0x0040d237
0x0040d244
0x0040d251
0x0040d25e
0x0040d26b
0x0040d278
0x0040d285
0x0040d28e
0x0040d29c
0x0040d29e
0x0040d29f
0x0040d2a5
0x0040d2ab
0x0040d2b2
0x0040d2b4
0x0040d2ba
0x0040d2c0
0x0040d2d0
0x00000000
0x0040d2d5
0x0040d2e2
0x0040d2e7
0x0040d2e9
0x0040d2eb
0x0040d2eb
0x0040d2f1
0x0040d2f4
0x0040d2fc
0x0040d306
0x0040d309
0x0040d30e
0x0040d329
0x0040d310
0x0040d31c
0x0040d31c
0x0040d32c
0x0040d335
0x0040d34e
0x0040d350
0x0040d412
0x0040d412
0x0040d41c
0x0040d42a
0x0040d42a
0x0040d42e
0x0040d47b
0x0040d47d
0x0040d484
0x0040d48e
0x0040d49c
0x0040d49c
0x0040d4a0
0x0040d4a2
0x0040d4a7
0x0040d4ad
0x0040d4bd
0x0040d4c2
0x0040d4c2
0x0040d4a0
0x00000000
0x0040d430
0x0040d434
0x0040d46f
0x0040d479
0x00000000
0x0040d43c
0x0040d43f
0x0040d447
0x00000000
0x0040d460
0x0040d466
0x0040d46b
0x00000000
0x00000000
0x0040d4c5
0x0040d4c8
0x00000000
0x0040d4c8
0x0040d447
0x0040d434
0x0040d42e
0x0040d35d
0x0040d36b
0x0040d36b
0x0040d36f
0x0040d37a
0x0040d37a
0x0040d37e
0x0040d3cb
0x0040d3d7
0x0040d40d
0x0040d3d9
0x0040d3dd
0x0040d3e3
0x0040d3e8
0x0040d3ed
0x0040d3f4
0x0040d3fa
0x0040d3ff
0x0040d404
0x0040d404
0x0040d3ed
0x0040d3dd
0x00000000
0x0040d380
0x0040d385
0x0040d38f
0x0040d39d
0x0040d39d
0x0040d3a1
0x00000000
0x0040d3a3
0x0040d3a3
0x0040d3a8
0x0040d3ae
0x0040d3be
0x00000000
0x0040d3c3
0x0040d3a1
0x0040d337
0x0040d343
0x0040d347
0x00000000
0x0040d349
0x0040d4ca
0x0040d4d1
0x0040d4d5
0x0040d4d8
0x0040d4db
0x0040d4e4
0x0040d4e4
0x00000000
0x0040d4ea
0x0040d347

APIs

RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0040D2D0

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 4fdbadfbff537c598349848257c7330453a14fb024132e1a583ffc8385a63ee1
Instruction ID: 6bdc8742f8c12d3c05e6aa795b4e0fa0c425ed74332de7fca684440f38d882f1
Opcode Fuzzy Hash: 4fdbadfbff537c598349848257c7330453a14fb024132e1a583ffc8385a63ee1
Instruction Fuzzy Hash: 7CA16F75D002089FDB14DFE9D881BAEB7B5BB88300F14423AE505B73C1DB78A949CB59

Uniqueness

Uniqueness Score: -1.00%

Function 004971A4, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 87
threadCOMMON

Download Yara Rule

C-Code - Quality: 81%

			E004971A4(void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v5;
				char _v12;
				char _v16;
				char _v20;
				void* _t23;
				char _t29;
				void* _t50;
				intOrPtr _t55;
				char _t57;
				intOrPtr _t59;
				void* _t64;
				void* _t66;
				void* _t68;
				void* _t69;
				intOrPtr _t70;

				_t64 = __edi;
				_t57 = __edx;
				_t50 = __ecx;
				_t68 = _t69;
				_t70 = _t69 + 0xfffffff0;
				_v20 = 0;
				if(__edx != 0) {
					_t70 = _t70 + 0xfffffff0;
					_t23 = E004062B0(_t23, _t68);
				}
				_t49 = _t50;
				_v5 = _t57;
				_t66 = _t23;
				_push(_t68);
				_push(0x49729d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t70;
				E00405CB8(0);
				_t3 = _t66 + 0x2c; // 0x266461
				 *(_t66 + 0xf) =  *_t3 & 0x000000ff ^ 0x00000001;
				if(_t50 == 0 ||  *(_t66 + 0x2c) != 0) {
					_t29 = 0;
				} else {
					_t29 = 1;
				}
				 *((char*)(_t66 + 0xd)) = _t29;
				if( *(_t66 + 0x2c) != 0) {
					 *((intOrPtr*)(_t66 + 8)) = GetCurrentThread();
					 *((intOrPtr*)(_t66 + 4)) = GetCurrentThreadId();
				} else {
					if(_a4 == 0) {
						_t12 = _t66 + 4; // 0x495540
						 *((intOrPtr*)(_t66 + 8)) = E004078E0(0, E004970B0, 0, _t12, 4, _t66);
					} else {
						_t9 = _t66 + 4; // 0x495540
						 *((intOrPtr*)(_t66 + 8)) = E004078E0(0, E004970B0, _a4, _t9, 0x10004, _t66);
					}
					if( *((intOrPtr*)(_t66 + 8)) == 0) {
						E0041DFB0(GetLastError(), _t49, 0, _t66);
						_t16 =  &_v20; // 0x496e7a
						_v16 =  *_t16;
						_v12 = 0x11;
						_t55 =  *0x4ba740; // 0x40ea6c
						E0041F35C(_t49, _t55, 1, _t64, _t66, 0,  &_v16);
						E0040711C();
					}
				}
				_pop(_t59);
				 *[fs:eax] = _t59;
				_push(0x4972a4);
				_t22 =  &_v20; // 0x496e7a
				return E00407A20(_t22);
			}

0x004971a4
0x004971a4
0x004971a4
0x004971a5
0x004971a7
0x004971ae
0x004971b3
0x004971b5
0x004971b8
0x004971b8
0x004971bd
0x004971bf
0x004971c2
0x004971c6
0x004971c7
0x004971cc
0x004971cf
0x004971d6
0x004971db
0x004971e1
0x004971e6
0x004971ee
0x004971f2
0x004971f2
0x004971f2
0x004971f4
0x004971fb
0x0049727c
0x00497284
0x004971fd
0x00497201
0x00497224
0x00497236
0x00497203
0x00497209
0x0049721c
0x0049721c
0x0049723d
0x00497249
0x0049724e
0x00497251
0x00497254
0x0049725e
0x0049726b
0x00497270
0x00497270
0x0049723d
0x00497289
0x0049728c
0x0049728f
0x00497294
0x0049729c

APIs

GetLastError.KERNEL32(00000000,0049729D,?,0049553C,00000000), ref: 0049723F

Part of subcall function 004078E0: CreateThread.KERNEL32 ref: 0040793A

GetCurrentThread.KERNEL32 ref: 00497277
GetCurrentThreadId.KERNEL32 ref: 0049727F

Strings

l@, xrefs: 0049725E
PtI, xrefs: 0049720C, 00497227
(@G, xrefs: 00497266
znI, xrefs: 00497294, 00497244, 0049724E

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Thread$Current$CreateErrorLast
String ID: (@G$PtI$l@$znI
API String ID: 3539746228-621852825
Opcode ID: a7e4a8aebe25124e8d0595e12a61be5ef0252cf7aeb6de1634f1522e85b4acf2
Instruction ID: a334f5ec06d329f573cfe1f9c66942b1aaa3fe6f3b899e982cac1d177ba8d10c
Opcode Fuzzy Hash: a7e4a8aebe25124e8d0595e12a61be5ef0252cf7aeb6de1634f1522e85b4acf2
Instruction Fuzzy Hash: AE31F4309287049EDB10EBB6884179B7FE4AF49304F04C87FE55597381DA3CA545CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 004047B0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51
fileCOMMON

Download Yara Rule

C-Code - Quality: 72%

			E004047B0(int __eax, void* __ecx, void* __edx) {
				long _v12;
				int _t4;
				long _t7;
				void* _t11;
				long _t12;
				void* _t13;
				long _t18;

				_t4 = __eax;
				_t24 = __edx;
				_t20 = __eax;
				if( *0x4bb058 == 0) {
					_push(0x2010);
					_push(__edx);
					_push(__eax);
					_push(0);
					L00403780();
				} else {
					_t7 = E00407EF0(__edx);
					WriteFile(GetStdHandle(0xfffffff4), _t24, _t7,  &_v12, 0);
					_t11 =  *0x4b7078; // 0x403920
					_t12 = E00407EF0(_t11);
					_t13 =  *0x4b7078; // 0x403920
					WriteFile(GetStdHandle(0xfffffff4), _t13, _t12,  &_v12, 0);
					_t18 = E00407EF0(_t20);
					_t4 = WriteFile(GetStdHandle(0xfffffff4), _t20, _t18,  &_v12, 0);
				}
				return _t4;
			}

0x004047b0
0x004047b3
0x004047b5
0x004047be
0x00404821
0x00404826
0x00404827
0x00404828
0x0040482a
0x004047c0
0x004047c9
0x004047d8
0x004047e4
0x004047e9
0x004047ef
0x004047fd
0x0040480b
0x0040481a
0x0040481a
0x00404832

APIs

GetStdHandle.KERNEL32(000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047D2
WriteFile.KERNEL32(00000000,000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047D8
GetStdHandle.KERNEL32(000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047F7
WriteFile.KERNEL32(00000000,000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047FD
GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000000,000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000,?), ref: 00404814
WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000000,000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000), ref: 0040481A

Strings

9@, xrefs: 004047E4, 004047EF

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileHandleWrite
String ID: 9@
API String ID: 3320372497-3209974744
Opcode ID: 5f8d133322f34133c732956f1222a9d0eafcb790ac979970e9ef56a2ae19cd1b
Instruction ID: 9b3b4e35e49a927b8991458b20a1a8ec0ccf5b925403b1971dfbe1b0899ab5f0
Opcode Fuzzy Hash: 5f8d133322f34133c732956f1222a9d0eafcb790ac979970e9ef56a2ae19cd1b
Instruction Fuzzy Hash: 2001AEE25492103DE110F7A69C85F57168C8B4472AF10467F7218F35D2C9395D44927E

Uniqueness

Uniqueness Score: -1.00%

Function 0041F0F4, Relevance: 12.1, APIs: 8, Instructions: 97
filewindowCOMMON

Download Yara Rule

C-Code - Quality: 62%

			E0041F0F4(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				char* _v8;
				long _v12;
				short _v140;
				short _v2188;
				void* _t15;
				char* _t17;
				intOrPtr _t19;
				intOrPtr _t30;
				long _t48;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t61;
				void* _t64;

				_push(__ebx);
				_push(__esi);
				_v8 = 0;
				_push(_t64);
				_push(0x41f219);
				_push( *[fs:ecx]);
				 *[fs:ecx] = _t64 + 0xfffff778;
				_t61 = E0041EEFC(_t15, __ebx,  &_v2188, __edx, __edi, __esi, 0x400);
				_t17 =  *0x4ba6c0; // 0x4bb058
				if( *_t17 == 0) {
					_t19 =  *0x4ba4f8; // 0x40e710
					_t11 = _t19 + 4; // 0xffed
					LoadStringW(E00409FF0( *0x4be634),  *_t11,  &_v140, 0x40);
					MessageBoxW(0,  &_v2188,  &_v140, 0x2010);
				} else {
					_t30 =  *0x4ba524; // 0x4bb340
					E00405564(E00405820(_t30));
					_t48 = WideCharToMultiByte(1, 0,  &_v2188, _t61, 0, 0, 0, 0);
					_push(_t48);
					E00409C00();
					WideCharToMultiByte(1, 0,  &_v2188, _t61, _v8, _t48, 0, 0);
					WriteFile(GetStdHandle(0xfffffff4), _v8, _t48,  &_v12, 0);
					WriteFile(GetStdHandle(0xfffffff4), 0x41f234, 2,  &_v12, 0);
				}
				_pop(_t56);
				 *[fs:eax] = _t56;
				_push(0x41f220);
				_t57 =  *0x41f0c4; // 0x41f0c8
				return E00409D24( &_v8, _t57);
			}

0x0041f0fd
0x0041f0fe
0x0041f101
0x0041f106
0x0041f107
0x0041f10c
0x0041f10f
0x0041f122
0x0041f124
0x0041f12c
0x0041f1ca
0x0041f1cf
0x0041f1de
0x0041f1f8
0x0041f132
0x0041f132
0x0041f13c
0x0041f15a
0x0041f15c
0x0041f16b
0x0041f188
0x0041f1a0
0x0041f1ba
0x0041f1ba
0x0041f1ff
0x0041f202
0x0041f205
0x0041f20d
0x0041f218

APIs

Part of subcall function 0041EEFC: VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041F0A8), ref: 0041EF2F
Part of subcall function 0041EEFC: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF53
Part of subcall function 0041EEFC: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF6E
Part of subcall function 0041EEFC: LoadStringW.USER32(00000000,0000FFEC,?,00000100), ref: 0041F009

WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,00000000,00000000,00000000,00000000,00000400,00000000,0041F219), ref: 0041F155
WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041F188
GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041F19A
WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041F1A0
GetStdHandle.KERNEL32(000000F4,0041F234,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?), ref: 0041F1B4
WriteFile.KERNEL32(00000000,000000F4,0041F234,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000), ref: 0041F1BA
LoadStringW.USER32(00000000,0000FFED,?,00000040), ref: 0041F1DE
MessageBoxW.USER32(00000000,?,?,00002010), ref: 0041F1F8

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: File$ByteCharHandleLoadModuleMultiNameStringWideWrite$MessageQueryVirtual
String ID:
API String ID: 135118572-0
Opcode ID: 3cdcb5557d7db432c5ec405d9028064b6f59d9e8a3e907aa72102c1fcc360919
Instruction ID: 441773961034998e17761d3334fa1b60ae8bad0ad03d42d5622a75f3c8f76c28
Opcode Fuzzy Hash: 3cdcb5557d7db432c5ec405d9028064b6f59d9e8a3e907aa72102c1fcc360919
Instruction Fuzzy Hash: 7D31CF75640204BFE714E796CC42FDA77ACEB08704F9044BABA04F71D2DA786E548B6D

Uniqueness

Uniqueness Score: -1.00%

Function 00404464, Relevance: 10.9, APIs: 7, Instructions: 406
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E00404464(signed int __eax, intOrPtr __edx, void* __edi) {
				signed int __ebx;
				void* __esi;
				signed int _t69;
				signed int _t78;
				signed int _t93;
				long _t94;
				void* _t100;
				signed int _t102;
				signed int _t109;
				signed int _t115;
				signed int _t123;
				signed int _t129;
				void* _t131;
				signed int _t140;
				unsigned int _t148;
				signed int _t150;
				long _t152;
				signed int _t156;
				intOrPtr _t161;
				signed int _t166;
				signed int _t170;
				unsigned int _t171;
				intOrPtr _t174;
				intOrPtr _t192;
				signed int _t195;
				signed int _t196;
				signed int _t197;
				void* _t205;
				unsigned int _t207;
				intOrPtr _t213;
				void* _t225;
				intOrPtr _t227;
				void* _t228;
				signed int _t230;
				void* _t232;
				signed int _t233;
				signed int _t234;
				signed int _t238;
				signed int _t241;
				void* _t243;
				intOrPtr* _t244;

				_t176 = __edx;
				_t66 = __eax;
				_t166 =  *(__eax - 4);
				_t217 = __eax;
				if((_t166 & 0x00000007) != 0) {
					__eflags = _t166 & 0x00000005;
					if((_t166 & 0x00000005) != 0) {
						_pop(_t217);
						_pop(_t145);
						__eflags = _t166 & 0x00000003;
						if((_t166 & 0x00000003) == 0) {
							_push(_t145);
							_push(__eax);
							_push(__edi);
							_push(_t225);
							_t244 = _t243 + 0xffffffe0;
							_t218 = __edx;
							_t202 = __eax;
							_t69 =  *(__eax - 4);
							_t148 = (0xfffffff0 & _t69) - 0x14;
							if(0xfffffff0 >= __edx) {
								__eflags = __edx - _t148 >> 1;
								if(__edx < _t148 >> 1) {
									_t150 = E00403EE8(__edx);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t218 - 0x40a2c;
										if(_t218 > 0x40a2c) {
											_t78 = _t202 - 0x10;
											__eflags = _t78;
											 *((intOrPtr*)(_t78 + 8)) = _t218;
										}
										E00403AA4(_t202, _t218, _t150);
										E0040426C(_t202, _t202, _t225);
									}
								} else {
									_t150 = __eax;
									 *((intOrPtr*)(__eax - 0x10 + 8)) = __edx;
								}
							} else {
								if(0xfffffff0 <= __edx) {
									_t227 = __edx;
								} else {
									_t227 = 0xbadb9d;
								}
								 *_t244 = _t202 - 0x10 + (_t69 & 0xfffffff0);
								VirtualQuery( *(_t244 + 8), _t244 + 8, 0x1c);
								if( *((intOrPtr*)(_t244 + 0x14)) != 0x10000) {
									L12:
									_t150 = E00403EE8(_t227);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t227 - 0x40a2c;
										if(_t227 > 0x40a2c) {
											_t93 = _t150 - 0x10;
											__eflags = _t93;
											 *((intOrPtr*)(_t93 + 8)) = _t218;
										}
										E00403A74(_t202,  *((intOrPtr*)(_t202 - 0x10 + 8)), _t150);
										E0040426C(_t202, _t202, _t227);
									}
								} else {
									 *(_t244 + 0x10) =  *(_t244 + 0x10) & 0xffff0000;
									_t94 =  *(_t244 + 0x10);
									if(_t218 - _t148 >= _t94) {
										goto L12;
									} else {
										_t152 = _t227 - _t148 + 0x00010000 - 0x00000001 & 0xffff0000;
										if(_t94 < _t152) {
											_t152 = _t94;
										}
										if(VirtualAlloc( *(_t244 + 0xc), _t152, 0x2000, 4) == 0 || VirtualAlloc( *(_t244 + 0xc), _t152, 0x1000, 4) == 0) {
											goto L12;
										} else {
											_t100 = _t202 - 0x10;
											 *((intOrPtr*)(_t100 + 8)) = _t218;
											 *(_t100 + 0xc) = _t152 +  *(_t100 + 0xc) | 0x00000008;
											_t150 = _t202;
										}
									}
								}
							}
							return _t150;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t170 = _t166 & 0xfffffff0;
						_push(__edi);
						_t205 = _t170 + __eax;
						_t171 = _t170 - 4;
						_t156 = _t166 & 0x0000000f;
						__eflags = __edx - _t171;
						_push(_t225);
						if(__edx > _t171) {
							_t102 =  *(_t205 - 4);
							__eflags = _t102 & 0x00000001;
							if((_t102 & 0x00000001) == 0) {
								L75:
								asm("adc edi, 0xffffffff");
								_t228 = ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176;
								_t207 = _t171;
								_t109 = E00403EE8(((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176);
								_t192 = _t176;
								__eflags = _t109;
								if(_t109 == 0) {
									goto L73;
								} else {
									__eflags = _t228 - 0x40a2c;
									if(_t228 > 0x40a2c) {
										 *((intOrPtr*)(_t109 - 8)) = _t192;
									}
									_t230 = _t109;
									E00403A74(_t217, _t207, _t109);
									E0040426C(_t217, _t207, _t230);
									return _t230;
								}
							} else {
								_t115 = _t102 & 0xfffffff0;
								_t232 = _t171 + _t115;
								__eflags = __edx - _t232;
								if(__edx > _t232) {
									goto L75;
								} else {
									__eflags =  *0x4bb059;
									if(__eflags == 0) {
										L66:
										__eflags = _t115 - 0xb30;
										if(_t115 >= 0xb30) {
											E00403AC0(_t205);
											_t176 = _t176;
											_t171 = _t171;
										}
										asm("adc edi, 0xffffffff");
										_t123 = (_t176 + ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + 0x000000d3 & 0xffffff00) + 0x30;
										_t195 = _t232 + 4 - _t123;
										__eflags = _t195;
										if(_t195 > 0) {
											 *(_t217 + _t232 - 4) = _t195;
											 *((intOrPtr*)(_t217 - 4 + _t123)) = _t195 + 3;
											_t233 = _t123;
											__eflags = _t195 - 0xb30;
											if(_t195 >= 0xb30) {
												__eflags = _t123 + _t217;
												E00403B00(_t123 + _t217, _t171, _t195);
											}
										} else {
											 *(_t217 + _t232) =  *(_t217 + _t232) & 0xfffffff7;
											_t233 = _t232 + 4;
										}
										_t234 = _t233 | _t156;
										__eflags = _t234;
										 *(_t217 - 4) = _t234;
										 *0x4bbae8 = 0;
										_t109 = _t217;
										L73:
										return _t109;
									} else {
										while(1) {
											asm("lock cmpxchg [0x4bbae8], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x4bb989;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t176 = _t176;
												_t171 = _t171;
												asm("lock cmpxchg [0x4bbae8], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t176 = _t176;
													_t171 = _t171;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t217 - 4);
										_t129 =  *(_t205 - 4);
										__eflags = _t129 & 0x00000001;
										if((_t129 & 0x00000001) == 0) {
											L74:
											 *0x4bbae8 = 0;
											goto L75;
										} else {
											_t115 = _t129 & 0xfffffff0;
											_t232 = _t171 + _t115;
											__eflags = _t176 - _t232;
											if(_t176 > _t232) {
												goto L74;
											} else {
												goto L66;
											}
										}
									}
								}
							}
						} else {
							__eflags = __edx + __edx - _t171;
							if(__edx + __edx < _t171) {
								__eflags = __edx - 0xb2c;
								if(__edx >= 0xb2c) {
									L41:
									_t32 = _t176 + 0xd3; // 0xbff
									_t238 = (_t32 & 0xffffff00) + 0x30;
									_t174 = _t171 + 4 - _t238;
									__eflags =  *0x4bb059;
									if(__eflags != 0) {
										while(1) {
											asm("lock cmpxchg [0x4bbae8], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x4bb989;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t174 = _t174;
												asm("lock cmpxchg [0x4bbae8], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t174 = _t174;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t217 - 4);
										__eflags = 0xf;
									}
									 *(_t217 - 4) = _t156 | _t238;
									_t161 = _t174;
									_t196 =  *(_t205 - 4);
									__eflags = _t196 & 0x00000001;
									if((_t196 & 0x00000001) != 0) {
										_t131 = _t205;
										_t197 = _t196 & 0xfffffff0;
										_t161 = _t161 + _t197;
										_t205 = _t205 + _t197;
										__eflags = _t197 - 0xb30;
										if(_t197 >= 0xb30) {
											E00403AC0(_t131);
										}
									} else {
										 *(_t205 - 4) = _t196 | 0x00000008;
									}
									 *((intOrPtr*)(_t205 - 8)) = _t161;
									 *((intOrPtr*)(_t217 + _t238 - 4)) = _t161 + 3;
									__eflags = _t161 - 0xb30;
									if(_t161 >= 0xb30) {
										E00403B00(_t217 + _t238, _t174, _t161);
									}
									 *0x4bbae8 = 0;
									return _t217;
								} else {
									__eflags = __edx - 0x2cc;
									if(__edx < 0x2cc) {
										_t213 = __edx;
										_t140 = E00403EE8(__edx);
										__eflags = _t140;
										if(_t140 != 0) {
											_t241 = _t140;
											E00403AA4(_t217, _t213, _t140);
											E0040426C(_t217, _t213, _t241);
											_t140 = _t241;
										}
										return _t140;
									} else {
										_t176 = 0xb2c;
										__eflags = _t171 - 0xb2c;
										if(_t171 <= 0xb2c) {
											goto L37;
										} else {
											goto L41;
										}
									}
								}
							} else {
								L37:
								return _t66;
							}
						}
					}
				} else {
					__ebx =  *__ecx;
					__ecx =  *(__ebx + 2) & 0x0000ffff;
					__ecx = ( *(__ebx + 2) & 0x0000ffff) - 4;
					__eflags = __ecx - __edx;
					if(__ecx < __edx) {
						__ecx = __ecx + __ecx + 0x20;
						_push(__edi);
						__edi = __edx;
						__eax = 0;
						__ecx = __ecx - __edx;
						asm("adc eax, 0xffffffff");
						__eax = 0 & __ecx;
						__eax = (0 & __ecx) + __edx;
						__eax = E00403EE8((0 & __ecx) + __edx);
						__eflags = __eax;
						if(__eax != 0) {
							__eflags = __edi - 0x40a2c;
							if(__edi > 0x40a2c) {
								 *(__eax - 8) = __edi;
							}
							 *(__ebx + 2) & 0x0000ffff = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__eflags = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__edx = __eax;
							__edi = __eax;
							 *((intOrPtr*)(__ebx + 0x1c))() = E0040426C(__esi, __edi, __ebp);
							__eax = __edi;
						}
						_pop(__edi);
						_pop(__esi);
						_pop(__ebx);
						return __eax;
					} else {
						__ebx = 0x40 + __edx * 4;
						__eflags = 0x40 + __edx * 4 - __ecx;
						if(0x40 + __edx * 4 < __ecx) {
							__ebx = __edx;
							__eax = __edx;
							__eax = E00403EE8(__edx);
							__eflags = __eax;
							if(__eax != 0) {
								__ecx = __ebx;
								__edx = __eax;
								__ebx = __eax;
								__esi = E0040426C(__esi, __edi, __ebp);
								__eax = __ebx;
							}
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						} else {
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}

0x00404464
0x00404464
0x00404464
0x0040446c
0x0040446e
0x004044fc
0x004044ff
0x0040476c
0x0040476d
0x0040476e
0x00404771
0x00403d9c
0x00403d9d
0x00403d9e
0x00403d9f
0x00403da0
0x00403da3
0x00403da5
0x00403dac
0x00403db5
0x00403dba
0x00403ea1
0x00403ea3
0x00403eb6
0x00403eb8
0x00403eba
0x00403ebc
0x00403ec2
0x00403ec6
0x00403ec6
0x00403ec9
0x00403ec9
0x00403ed2
0x00403ed9
0x00403ed9
0x00403ea5
0x00403ea5
0x00403eaa
0x00403eaa
0x00403dc0
0x00403dc9
0x00403dcf
0x00403dcb
0x00403dcb
0x00403dcb
0x00403ddb
0x00403dea
0x00403df7
0x00403e67
0x00403e6e
0x00403e70
0x00403e72
0x00403e74
0x00403e7a
0x00403e7e
0x00403e7e
0x00403e81
0x00403e81
0x00403e91
0x00403e98
0x00403e98
0x00403df9
0x00403df9
0x00403e05
0x00403e0b
0x00000000
0x00403e0d
0x00403e1e
0x00403e22
0x00403e24
0x00403e24
0x00403e3a
0x00000000
0x00403e52
0x00403e54
0x00403e57
0x00403e60
0x00403e63
0x00403e63
0x00403e3a
0x00403e0b
0x00403df7
0x00403ee7
0x00404777
0x00404777
0x00404779
0x00404779
0x00404505
0x00404507
0x0040450a
0x0040450b
0x0040450e
0x00404511
0x00404514
0x00404516
0x00404517
0x0040462c
0x0040462f
0x00404631
0x00404724
0x0040472f
0x00404736
0x00404738
0x0040473b
0x00404740
0x00404741
0x00404743
0x00000000
0x00404745
0x00404745
0x0040474b
0x0040474d
0x0040474d
0x00404750
0x00404758
0x0040475f
0x0040476a
0x0040476a
0x00404637
0x00404637
0x0040463a
0x0040463d
0x0040463f
0x00000000
0x00404645
0x00404645
0x0040464c
0x004046a9
0x004046a9
0x004046ae
0x004046b4
0x004046b9
0x004046ba
0x004046ba
0x004046c6
0x004046d7
0x004046dd
0x004046dd
0x004046df
0x004046ec
0x004046f3
0x004046f7
0x004046f9
0x004046ff
0x00404701
0x00404703
0x00404703
0x004046e1
0x004046e1
0x004046e5
0x004046e5
0x00404708
0x00404708
0x0040470a
0x0040470d
0x00404714
0x00404716
0x0040471a
0x0040464e
0x0040464e
0x00404653
0x0040465b
0x00000000
0x00000000
0x0040465d
0x0040465f
0x00404666
0x00000000
0x00404668
0x0040466c
0x00404671
0x00404672
0x00404678
0x00404680
0x00404686
0x0040468b
0x0040468c
0x00000000
0x0040468c
0x00404680
0x00000000
0x00404666
0x00404695
0x00404698
0x0040469b
0x0040469d
0x0040471d
0x0040471d
0x00000000
0x0040469f
0x0040469f
0x004046a2
0x004046a5
0x004046a7
0x00000000
0x00000000
0x00000000
0x00000000
0x004046a7
0x0040469d
0x0040464c
0x0040463f
0x0040451d
0x00404520
0x00404522
0x0040452c
0x00404532
0x00404549
0x00404549
0x00404555
0x0040455b
0x0040455d
0x00404564
0x00404566
0x0040456b
0x00404573
0x00000000
0x00000000
0x00404575
0x00404577
0x0040457e
0x00000000
0x00404580
0x00404583
0x00404588
0x0040458e
0x00404596
0x0040459b
0x004045a0
0x00000000
0x004045a0
0x00404596
0x00000000
0x0040457e
0x004045a9
0x004045a9
0x004045a9
0x004045ae
0x004045b1
0x004045b3
0x004045b6
0x004045b9
0x004045c4
0x004045c6
0x004045c9
0x004045cb
0x004045cd
0x004045d3
0x004045d5
0x004045d5
0x004045bb
0x004045be
0x004045be
0x004045da
0x004045e0
0x004045e4
0x004045ea
0x004045f1
0x004045f1
0x004045f6
0x00404603
0x00404534
0x00404534
0x0040453a
0x00404604
0x00404608
0x0040460d
0x0040460f
0x00404611
0x00404619
0x00404620
0x00404625
0x00404625
0x0040462b
0x00404540
0x00404540
0x00404545
0x00404547
0x00000000
0x00000000
0x00000000
0x00000000
0x00404547
0x0040453a
0x00404524
0x00404524
0x00404528
0x00404528
0x00404522
0x00404517
0x00404474
0x00404474
0x00404476
0x0040447a
0x0040447d
0x0040447f
0x004044b8
0x004044bc
0x004044bd
0x004044bf
0x004044c1
0x004044c3
0x004044c6
0x004044c8
0x004044ca
0x004044cf
0x004044d1
0x004044d3
0x004044d9
0x004044db
0x004044db
0x004044e2
0x004044e2
0x004044e5
0x004044e7
0x004044f0
0x004044f5
0x004044f5
0x004044f7
0x004044f8
0x004044f9
0x004044fa
0x00404481
0x00404481
0x00404488
0x0040448a
0x00404490
0x00404492
0x00404494
0x00404499
0x0040449b
0x0040449d
0x0040449f
0x004044a1
0x004044ac
0x004044b1
0x004044b1
0x004044b3
0x004044b4
0x004044b5
0x0040448c
0x0040448c
0x0040448d
0x0040448e
0x0040448e
0x0040448a
0x0040447f

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec1625ffc2fe51f8c31513aba64e24c59fd6eccf0fed4d7fd9cb209259156b9f
Instruction ID: a6f3f7862a5743fd60f07ae337b35688b7a953487e66f12862dc3ba09d14b1d9
Opcode Fuzzy Hash: ec1625ffc2fe51f8c31513aba64e24c59fd6eccf0fed4d7fd9cb209259156b9f
Instruction Fuzzy Hash: 8CC115A27106000BD714AE7DDD8476AB68A9BC5716F28827FF244EB3D6DB7CCD418388

Uniqueness

Uniqueness Score: -1.00%

Function 0041F7A0, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 131
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E0041F7A0(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				struct _MEMORY_BASIC_INFORMATION _v36;
				short _v558;
				char _v564;
				intOrPtr _v568;
				char _v572;
				char _v576;
				char _v580;
				intOrPtr _v584;
				char _v588;
				void* _v592;
				char _v596;
				char _v600;
				char _v604;
				char _v608;
				intOrPtr _v612;
				char _v616;
				char _v620;
				char _v624;
				void* _v628;
				char _v632;
				void* _t64;
				intOrPtr _t65;
				long _t76;
				intOrPtr _t82;
				intOrPtr _t103;
				intOrPtr _t107;
				intOrPtr _t110;
				intOrPtr _t112;
				intOrPtr _t115;
				intOrPtr _t127;
				void* _t136;
				intOrPtr _t138;
				void* _t141;
				void* _t143;

				_t136 = __edi;
				_t140 = _t141;
				_v632 = 0;
				_v596 = 0;
				_v604 = 0;
				_v600 = 0;
				_v8 = 0;
				_push(_t141);
				_push(0x41f9a6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t141 + 0xfffffd8c;
				_t64 =  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x14)) - 1;
				_t143 = _t64;
				if(_t143 < 0) {
					_t65 =  *0x4ba798; // 0x40e730
					E0040C9F0(_t65,  &_v8, _t140);
				} else {
					if(_t143 == 0) {
						_t107 =  *0x4ba670; // 0x40e738
						E0040C9F0(_t107,  &_v8, _t140);
					} else {
						if(_t64 == 7) {
							_t110 =  *0x4ba4d0; // 0x40e740
							E0040C9F0(_t110,  &_v8, _t140);
						} else {
							_t112 =  *0x4ba5c8; // 0x40e748
							E0040C9F0(_t112,  &_v8, _t140);
						}
					}
				}
				_t115 =  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x18));
				VirtualQuery( *( *((intOrPtr*)(_a4 - 4)) + 0xc),  &_v36, 0x1c);
				_t138 = _v36.State;
				if(_t138 == 0x1000 || _t138 == 0x10000) {
					_t76 = GetModuleFileNameW(_v36.AllocationBase,  &_v558, 0x105);
					_t147 = _t76;
					if(_t76 == 0) {
						goto L12;
					} else {
						_v592 =  *( *((intOrPtr*)(_a4 - 4)) + 0xc);
						_v588 = 5;
						E0040858C( &_v600, 0x105,  &_v558);
						E0041A418(_v600, _t115,  &_v596, _t136, _t138, _t147);
						_v584 = _v596;
						_v580 = 0x11;
						_v576 = _v8;
						_v572 = 0x11;
						_v568 = _t115;
						_v564 = 5;
						_push( &_v592);
						_t103 =  *0x4ba6e0; // 0x40e810
						E0040C9F0(_t103,  &_v604, _t140, 3);
						E0041F2A0(_t115, _v604, 1, _t136, _t138);
					}
				} else {
					L12:
					_v628 =  *( *((intOrPtr*)(_a4 - 4)) + 0xc);
					_v624 = 5;
					_v620 = _v8;
					_v616 = 0x11;
					_v612 = _t115;
					_v608 = 5;
					_push( &_v628);
					_t82 =  *0x4ba67c; // 0x40e6d8
					E0040C9F0(_t82,  &_v632, _t140, 2);
					E0041F2A0(_t115, _v632, 1, _t136, _t138);
				}
				_pop(_t127);
				 *[fs:eax] = _t127;
				_push(0x41f9ad);
				E00407A20( &_v632);
				E00407A80( &_v604, 3);
				return E00407A20( &_v8);
			}

0x0041f7a0
0x0041f7a1
0x0041f7ad
0x0041f7b3
0x0041f7b9
0x0041f7bf
0x0041f7c5
0x0041f7ca
0x0041f7cb
0x0041f7d0
0x0041f7d3
0x0041f7df
0x0041f7df
0x0041f7e2
0x0041f7f0
0x0041f7f5
0x0041f7e4
0x0041f7e4
0x0041f7ff
0x0041f804
0x0041f7e6
0x0041f7e9
0x0041f80e
0x0041f813
0x0041f7eb
0x0041f81d
0x0041f822
0x0041f822
0x0041f7e9
0x0041f7e4
0x0041f82d
0x0041f840
0x0041f845
0x0041f84e
0x0041f86c
0x0041f871
0x0041f873
0x00000000
0x0041f879
0x0041f882
0x0041f888
0x0041f8a0
0x0041f8b1
0x0041f8bc
0x0041f8c2
0x0041f8cc
0x0041f8d2
0x0041f8d9
0x0041f8df
0x0041f8ec
0x0041f8f5
0x0041f8fa
0x0041f90c
0x0041f911
0x0041f915
0x0041f915
0x0041f91e
0x0041f924
0x0041f92e
0x0041f934
0x0041f93b
0x0041f941
0x0041f94e
0x0041f957
0x0041f95c
0x0041f96e
0x0041f973
0x0041f977
0x0041f97a
0x0041f97d
0x0041f988
0x0041f998
0x0041f9a5

APIs

VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041F9A6), ref: 0041F840
GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,0000001C,00000000,0041F9A6), ref: 0041F86C

Part of subcall function 0040C9F0: LoadStringW.USER32(00000000,00010000,?,00001000), ref: 0040CA35

Strings

8@, xrefs: 0041F7FF
H@, xrefs: 0041F81D
0@, xrefs: 0041F7F0
@@, xrefs: 0041F80E

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileLoadModuleNameQueryStringVirtual
String ID: 0@$8@$@@$H@
API String ID: 902310565-4161625419
Opcode ID: e5cc989005bb72e091db962058e025b8f237f72c01cadb68ccbed73c9ec359ba
Instruction ID: bbc3c026f35d1d6bea3ad9012fddeafd4c483e803022796d8e8ef386e34d3195
Opcode Fuzzy Hash: e5cc989005bb72e091db962058e025b8f237f72c01cadb68ccbed73c9ec359ba
Instruction Fuzzy Hash: 69511874A04258DFCB10EF69CC89BCDB7F4AB48304F0042E6A808A7351D778AE85CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00406688, Relevance: 10.6, APIs: 7, Instructions: 130
threadCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E00406688(signed char* __eax, void* __edx, void* __eflags) {
				void* _t49;
				signed char _t56;
				intOrPtr _t57;
				signed char _t59;
				void* _t70;
				signed char* _t71;
				intOrPtr _t72;
				signed char* _t73;

				_t70 = __edx;
				_t71 = __eax;
				_t72 =  *((intOrPtr*)(__eax + 0x10));
				while(1) {
					L1:
					 *_t73 = E00406B30(_t71);
					if( *_t73 != 0 || _t70 == 0) {
						break;
					}
					_t73[1] = 0;
					if(_t72 <= 0) {
						while(1) {
							L17:
							_t56 =  *_t71;
							if(_t56 == 0) {
								goto L1;
							}
							asm("lock cmpxchg [esi], edx");
							if(_t56 != _t56) {
								continue;
							} else {
								goto L19;
							}
							do {
								L19:
								_t73[4] = GetTickCount();
								E0040688C(_t71);
								_t57 =  *0x4bb8f8; // 0x4b9284
								 *((intOrPtr*)(_t57 + 0x10))();
								 *_t73 = 0 == 0;
								if(_t70 != 0xffffffff) {
									_t73[8] = GetTickCount();
									if(_t70 <= _t73[8] - _t73[4]) {
										_t70 = 0;
									} else {
										_t70 = _t70 - _t73[8] - _t73[4];
									}
								}
								if( *_t73 == 0) {
									do {
										asm("lock cmpxchg [esi], edx");
									} while ( *_t71 !=  *_t71);
									_t73[1] = 1;
								} else {
									while(1) {
										_t59 =  *_t71;
										if((_t59 & 0x00000001) != 0) {
											goto L29;
										}
										asm("lock cmpxchg [esi], edx");
										if(_t59 != _t59) {
											continue;
										}
										_t73[1] = 1;
										goto L29;
									}
								}
								L29:
							} while (_t73[1] == 0);
							if( *_t73 != 0) {
								_t71[8] = GetCurrentThreadId();
								_t71[4] = 1;
							}
							goto L32;
						}
						continue;
					}
					_t73[4] = GetTickCount();
					_t73[0xc] = 0;
					if(_t72 <= 0) {
						L13:
						if(_t70 == 0xffffffff) {
							goto L17;
						}
						_t73[8] = GetTickCount();
						_t49 = _t73[8] - _t73[4];
						if(_t70 > _t49) {
							_t70 = _t70 - _t49;
							goto L17;
						}
						 *_t73 = 0;
						break;
					}
					L5:
					L5:
					if(_t70 == 0xffffffff || _t70 > GetTickCount() - _t73[4]) {
						goto L8;
					} else {
						 *_t73 = 0;
					}
					break;
					L8:
					if( *_t71 > 1) {
						goto L13;
					}
					if( *_t71 != 0) {
						L12:
						E00406368( &(_t73[0xc]));
						_t72 = _t72 - 1;
						if(_t72 > 0) {
							goto L5;
						}
						goto L13;
					}
					asm("lock cmpxchg [esi], edx");
					if(0 != 0) {
						goto L12;
					}
					_t71[8] = GetCurrentThreadId();
					_t71[4] = 1;
					 *_t73 = 1;
					break;
				}
				L32:
				return  *_t73 & 0x000000ff;
			}

0x0040668f
0x00406691
0x00406693
0x00406696
0x00406696
0x0040669d
0x004066a4
0x00000000
0x00000000
0x004066b2
0x004066b9
0x00406751
0x00406751
0x00406751
0x00406755
0x00000000
0x00000000
0x00406760
0x00406766
0x00000000
0x00000000
0x00000000
0x00000000
0x00406768
0x00406768
0x0040676d
0x00406773
0x0040677a
0x00406784
0x00406789
0x00406790
0x00406797
0x004067a5
0x004067b3
0x004067a7
0x004067af
0x004067af
0x004067a5
0x004067b9
0x004067db
0x004067e4
0x004067e8
0x004067ec
0x00000000
0x004067bb
0x004067bb
0x004067c0
0x00000000
0x00000000
0x004067cc
0x004067d2
0x00000000
0x00000000
0x004067d4
0x00000000
0x004067d4
0x004067bb
0x004067f1
0x004067f1
0x00406800
0x00406807
0x0040680a
0x0040680a
0x00000000
0x00406800
0x00000000
0x00406751
0x004066c4
0x004066ca
0x004066d0
0x0040672c
0x0040672f
0x00000000
0x00000000
0x00406736
0x0040673e
0x00406744
0x0040674f
0x00000000
0x0040674f
0x00406746
0x00000000
0x00406746
0x00000000
0x004066d2
0x004066d5
0x00000000
0x004066e4
0x004066e4
0x004066e4
0x00000000
0x004066ed
0x004066f0
0x00000000
0x00000000
0x004066f5
0x0040671e
0x00406722
0x00406727
0x0040672a
0x00000000
0x00000000
0x00000000
0x0040672a
0x004066fe
0x00406704
0x00000000
0x00000000
0x0040670b
0x0040670e
0x00406715
0x00000000
0x00406715
0x00406811
0x0040681c

APIs

Part of subcall function 00406B30: GetCurrentThreadId.KERNEL32 ref: 00406B33

GetTickCount.KERNEL32 ref: 004066BF
GetTickCount.KERNEL32 ref: 004066D7
GetCurrentThreadId.KERNEL32 ref: 00406706
GetTickCount.KERNEL32 ref: 00406731
GetTickCount.KERNEL32 ref: 00406768
GetTickCount.KERNEL32 ref: 00406792
GetCurrentThreadId.KERNEL32 ref: 00406802

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CountTick$CurrentThread
String ID:
API String ID: 3968769311-0
Opcode ID: d68569389b1874426944dbdaf855cb9de5dde29c2ee803ff208aff5c928e2b2c
Instruction ID: 4198438d609b3d92ee1caba3903e9c970ac06421e97b93dd9799f90313ce3de1
Opcode Fuzzy Hash: d68569389b1874426944dbdaf855cb9de5dde29c2ee803ff208aff5c928e2b2c
Instruction Fuzzy Hash: 664182712083419ED721AE3CC58431BBAD5AF80358F16C93ED4DA973C1EB7988958756

Uniqueness

Uniqueness Score: -1.00%

Function 00406424, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 36%

			E00406424(void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char* _t23;
				intOrPtr _t29;
				intOrPtr _t39;
				void* _t41;
				void* _t43;
				intOrPtr _t44;

				_t41 = _t43;
				_t44 = _t43 + 0xfffffff4;
				_v16 = 0;
				if(GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetLogicalProcessorInformation") == 0) {
					L10:
					_v8 = 0x40;
					goto L11;
				} else {
					_t23 =  &_v16;
					_push(_t23);
					_push(0);
					L00403808();
					if(_t23 != 0 || GetLastError() != 0x7a) {
						goto L10;
					} else {
						_v12 = E004053F0(_v16);
						_push(_t41);
						_push(E004064D2);
						_push( *[fs:edx]);
						 *[fs:edx] = _t44;
						_push( &_v16);
						_push(_v12);
						L00403808();
						_t29 = _v12;
						if(_v16 <= 0) {
							L8:
							_pop(_t39);
							 *[fs:eax] = _t39;
							_push(E004064D9);
							return E0040540C(_v12);
						} else {
							while( *((short*)(_t29 + 4)) != 2 ||  *((char*)(_t29 + 8)) != 1) {
								_t29 = _t29 + 0x18;
								_v16 = _v16 - 0x18;
								if(_v16 > 0) {
									continue;
								} else {
									goto L8;
								}
								goto L12;
							}
							_v8 =  *(_t29 + 0xa) & 0x0000ffff;
							E00407210();
							L11:
							return _v8;
						}
					}
				}
				L12:
			}

0x00406425
0x00406427
0x0040642c
0x00406446
0x004064d9
0x004064d9
0x00000000
0x0040644c
0x0040644c
0x0040644f
0x00406450
0x00406452
0x00406459
0x00000000
0x00406465
0x0040646d
0x00406472
0x00406473
0x00406478
0x0040647b
0x00406481
0x00406485
0x00406486
0x0040648b
0x00406492
0x004064bc
0x004064be
0x004064c1
0x004064c4
0x004064d1
0x00406494
0x00406494
0x004064af
0x004064b2
0x004064ba
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004064ba
0x004064a5
0x004064a8
0x004064e0
0x004064e6
0x004064e6
0x00406492
0x00406459
0x00000000

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 00406439
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040643F
GetLastError.KERNEL32(00000000,?,GetLogicalProcessorInformation), ref: 0040645B

Strings

kernel32.dll, xrefs: 00406434
@, xrefs: 004064D9
GetLogicalProcessorInformation, xrefs: 0040642F

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressErrorHandleLastModuleProc
String ID: @$GetLogicalProcessorInformation$kernel32.dll
API String ID: 4275029093-79381301
Opcode ID: 60cbd49ddd200d6d95d4e054eb85e0ada012a2fb0b751d352b1ba5f8ec496b5f
Instruction ID: 8f5f9a4eb212fab3c4852abc810e80ead921d34dcce11bc4c58bc7a6251dba94
Opcode Fuzzy Hash: 60cbd49ddd200d6d95d4e054eb85e0ada012a2fb0b751d352b1ba5f8ec496b5f
Instruction Fuzzy Hash: 52116371D00208BEDB20EFA5D84576EBBA8EB40705F1184BBF815F32C1D67D9A908B1D

Uniqueness

Uniqueness Score: -1.00%

Function 004076B8, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40
fileCOMMON

Download Yara Rule

C-Code - Quality: 43%

			E004076B8(void* __ecx) {
				long _v4;
				void* _t3;
				void* _t9;

				if( *0x4bb058 == 0) {
					if( *0x4b7032 == 0) {
						_push(0);
						_push("Error");
						_push("Runtime error     at 00000000");
						_push(0);
						L00403780();
					}
					return _t3;
				} else {
					if( *0x4bb344 == 0xd7b2 &&  *0x4bb34c > 0) {
						 *0x4bb35c();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1d,  &_v4, 0);
					_t9 = E00408240(0x40774c);
					return WriteFile(GetStdHandle(0xfffffff5), _t9, 2,  &_v4, 0);
				}
			}

0x004076c0
0x00407726
0x00407728
0x0040772a
0x0040772f
0x00407734
0x00407736
0x00407736
0x0040773c
0x004076c2
0x004076cb
0x004076db
0x004076db
0x004076f7
0x0040770a
0x0040771e
0x0040771e

APIs

GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?,0040555F), ref: 004076F1
WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?), ref: 004076F7
GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?), ref: 00407712
WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?), ref: 00407718

Strings

Runtime error at 00000000, xrefs: 004076EA, 0040772F
Error, xrefs: 0040772A

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileHandleWrite
String ID: Error$Runtime error at 00000000
API String ID: 3320372497-2970929446
Opcode ID: 06894f85802f1aca0c877f66b17294aabd6ee15dfccdef8be12070d3d0c4ead6
Instruction ID: db14fa18f2a627875cbdcf208ba1e0af1765c14dc112cf76e17f9611cef7a876
Opcode Fuzzy Hash: 06894f85802f1aca0c877f66b17294aabd6ee15dfccdef8be12070d3d0c4ead6
Instruction Fuzzy Hash: DFF0C2A1A8C24079FA2077A94C47F5A269C8740B16F108A3FF610B61D1C7FD6584937E

Uniqueness

Uniqueness Score: -1.00%

Function 00420524, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 20
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00420524(void* __ebx, void* __esi) {
				intOrPtr _t4;
				intOrPtr _t6;

				if(E0041FF68(6, 0) == 0) {
					_t4 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"NTDLL.DLL"), L"RtlCompareUnicodeString");
					 *0x4be914 = _t4;
					 *0x4be910 = E00420428;
					return _t4;
				} else {
					_t6 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"CompareStringOrdinal");
					 *0x4be910 = _t6;
					return _t6;
				}
			}

0x00420532
0x0042055f
0x00420564
0x00420569
0x00420573
0x00420534
0x00420544
0x00420549
0x0042054e
0x0042054e

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,CompareStringOrdinal,004B5A2E,00000000,004B5A41), ref: 0042053E

Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116), ref: 0040E1D2

GetModuleHandleW.KERNEL32(NTDLL.DLL,RtlCompareUnicodeString,004B5A2E,00000000,004B5A41), ref: 00420559

Strings

kernel32.dll, xrefs: 00420539
RtlCompareUnicodeString, xrefs: 0042054F
NTDLL.DLL, xrefs: 00420554
CompareStringOrdinal, xrefs: 00420534

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: HandleModule$AddressProc
String ID: CompareStringOrdinal$NTDLL.DLL$RtlCompareUnicodeString$kernel32.dll
API String ID: 1883125708-3870080525
Opcode ID: b7bf267469631706014ef5b6a976724c1e29590bd579973413919bb6c8384525
Instruction ID: 4ba185d4141586243d2650af69d43cb091b5da9faf927984522c9bbe9ad7037f
Opcode Fuzzy Hash: b7bf267469631706014ef5b6a976724c1e29590bd579973413919bb6c8384525
Instruction Fuzzy Hash: 04E08CF0B4232036E644FB672C0769929C51B85709BD04A3F7004BA1D7DBBE42659E2E

Uniqueness

Uniqueness Score: -1.00%

Function 00429314, Relevance: 9.1, APIs: 6, Instructions: 144
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E00429314(short* __eax, intOrPtr __ecx, signed short* __edx) {
				char _v260;
				char _v768;
				char _v772;
				short* _v776;
				intOrPtr _v780;
				char _v784;
				signed int _v788;
				signed short* _v792;
				char _v796;
				char _v800;
				intOrPtr* _v804;
				signed short* _v808;
				void* __ebp;
				signed char _t55;
				signed int _t64;
				void* _t72;
				intOrPtr* _t83;
				void* _t103;
				void* _t105;
				void* _t108;
				void* _t109;
				intOrPtr* _t118;
				void* _t122;
				intOrPtr _t123;
				char* _t124;
				void* _t125;

				_t110 = __ecx;
				_v780 = __ecx;
				_v808 = __edx;
				_v776 = __eax;
				if((_v808[0] & 0x00000020) == 0) {
					E00428FD4(0x80070057);
				}
				_t55 =  *_v808 & 0x0000ffff;
				if((_t55 & 0x00000fff) != 0xc) {
					_push(_v808);
					_push(_v776);
					L0042724C();
					return E00428FD4(_v776);
				} else {
					if((_t55 & 0x00000040) == 0) {
						_v792 = _v808[4];
					} else {
						_v792 =  *(_v808[4]);
					}
					_v788 =  *_v792 & 0x0000ffff;
					_t103 = _v788 - 1;
					if(_t103 < 0) {
						L9:
						_push( &_v772);
						_t64 = _v788;
						_push(_t64);
						_push(0xc);
						L00427820();
						_t123 = _t64;
						if(_t123 == 0) {
							E00428D2C(_t110);
						}
						E00429270(_v776);
						 *_v776 = 0x200c;
						 *((intOrPtr*)(_v776 + 8)) = _t123;
						_t105 = _v788 - 1;
						if(_t105 < 0) {
							L14:
							_t107 = _v788 - 1;
							if(E0042928C(_v788 - 1, _t125) != 0) {
								L00427838();
								E00428FD4(_v792);
								L00427838();
								E00428FD4( &_v260);
								_v780(_t123,  &_v260,  &_v800, _v792,  &_v260,  &_v796);
							}
							_t72 = E004292BC(_t107, _t125);
						} else {
							_t108 = _t105 + 1;
							_t83 =  &_v768;
							_t118 =  &_v260;
							do {
								 *_t118 =  *_t83;
								_t118 = _t118 + 4;
								_t83 = _t83 + 8;
								_t108 = _t108 - 1;
							} while (_t108 != 0);
							do {
								goto L14;
							} while (_t72 != 0);
							return _t72;
						}
					} else {
						_t109 = _t103 + 1;
						_t122 = 0;
						_t124 =  &_v772;
						do {
							_v804 = _t124;
							_push(_v804 + 4);
							_t23 = _t122 + 1; // 0x1
							_push(_v792);
							L00427828();
							E00428FD4(_v792);
							_push( &_v784);
							_t26 = _t122 + 1; // 0x1
							_push(_v792);
							L00427830();
							E00428FD4(_v792);
							 *_v804 = _v784 -  *((intOrPtr*)(_v804 + 4)) + 1;
							_t122 = _t122 + 1;
							_t124 = _t124 + 8;
							_t109 = _t109 - 1;
						} while (_t109 != 0);
						goto L9;
					}
				}
			}

0x00429314
0x00429320
0x00429326
0x0042932c
0x0042933c
0x00429343
0x00429343
0x0042934e
0x0042935c
0x004294e7
0x004294ee
0x004294ef
0x00000000
0x00429362
0x00429365
0x00429383
0x00429367
0x00429372
0x00429372
0x00429392
0x0042939e
0x004293a1
0x0042940e
0x00429414
0x00429415
0x0042941b
0x0042941c
0x0042941e
0x00429423
0x00429427
0x00429429
0x00429429
0x00429434
0x0042943f
0x0042944a
0x00429453
0x00429456
0x00429472
0x00429479
0x00429484
0x0042949b
0x004294a0
0x004294b4
0x004294b9
0x004294cc
0x004294cc
0x004294d5
0x00429458
0x00429458
0x00429459
0x0042945f
0x00429465
0x00429467
0x00429469
0x0042946c
0x0042946f
0x0042946f
0x00429472
0x00000000
0x00000000
0x00000000
0x00429472
0x004293a3
0x004293a3
0x004293a4
0x004293a6
0x004293ac
0x004293ae
0x004293bd
0x004293be
0x004293c8
0x004293c9
0x004293ce
0x004293d9
0x004293da
0x004293e4
0x004293e5
0x004293ea
0x00429405
0x00429407
0x00429408
0x0042940b
0x0042940b
0x00000000
0x004293ac
0x004293a1

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 004293C9
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 004293E5
SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 0042941E
SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0042949B
SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 004294B4
VariantCopy.OLEAUT32(?,?), ref: 004294EF

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ArraySafe$BoundIndex$CopyCreateVariant
String ID:
API String ID: 351091851-0
Opcode ID: 098dc979d013d57468a629589b458cb88fc05e19e5f0a5a7df6b54d31b1502c0
Instruction ID: 40907f15986e25785bf49cc45dc9858f4ae05cc6f5fe419918d11ca627fab012
Opcode Fuzzy Hash: 098dc979d013d57468a629589b458cb88fc05e19e5f0a5a7df6b54d31b1502c0
Instruction Fuzzy Hash: CD510C75A0522D9BCB66EB59D981ADAB3FCAF0C304F4041DAF508E7211DA34AF858F64

Uniqueness

Uniqueness Score: -1.00%

Function 004AFA2C, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 44
windowCOMMON

Download Yara Rule

C-Code - Quality: 34%

			E004AFA2C(void* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				void* _t24;
				intOrPtr _t28;
				void* _t31;
				void* _t32;
				intOrPtr _t35;

				_t32 = __esi;
				_t31 = __edi;
				_push(0);
				_push(0);
				_t24 = __eax;
				_push(_t35);
				_push(0x4afab6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t35;
				if(( *0x4c1d19 & 0x00000001) == 0) {
					E00407A20( &_v8);
				} else {
					E00407E48( &_v8, L"/ALLUSERS\r\nInstructs Setup to install in administrative install mode.\r\n/CURRENTUSER\r\nInstructs Setup to install in non administrative install mode.\r\n");
				}
				_push(L"The Setup program accepts optional command line parameters.\r\n\r\n/HELP, /?\r\nShows this information.\r\n/SP-\r\nDisables the This will install... Do you wish to continue? prompt at the beginning of Setup.\r\n/SILENT, /VERYSILENT\r\nInstructs Setup to be silent or very silent.\r\n/SUPPRESSMSGBOXES\r\nInstructs Setup to suppress message boxes.\r\n/LOG\r\nCauses Setup to create a log file in the user\'s TEMP directory.\r\n/LOG=\"filename\"\r\nSame as /LOG, except it allows you to specify a fixed path/filename to use for the log file.\r\n/NOCANCEL\r\nPrevents the user from cancelling during the installation process.\r\n/NORESTART\r\nPrevents Setup from restarting the system following a successful installation, or after a Preparing to Install failure that requests a restart.\r\n/RESTARTEXITCODE=exit code\r\nSpecifies a custom exit code that Setup is to return when the system needs to be restarted.\r\n/CLOSEAPPLICATIONS\r\nInstructs Setup to close applications using files that need to be updated.\r\n/NOCLOSEAPPLICATIONS\r\nPrevents Setup from closing applications using files that need to be updated.\r\n/FORCECLOSEAPPLICATIONS\r\nInstructs Setup to force close when closing applications.\r\n/FORCENOCLOSEAPPLICATIONS\r\nPrevents Setup from force closing when closing applications.\r\n/LOGCLOSEAPPLICATIONS\r\nInstructs Setup to create extra logging when closing applications for debugging purposes.\r\n/RESTARTAPPLICATIONS\r\nInstructs Setup to restart applications.\r\n/NORESTARTAPPLICATIONS\r\nPrevents Setup from restarting applications.\r\n/LOADINF=\"filename\"\r\nInstructs Setup to load the settings from the specified file after having checked the command line.\r\n/SAVEINF=\"filename\"\r\nInstructs Setup to save installation settings to the specified file.\r\n/LANG=language\r\nSpecifies the internal name of the language to use.\r\n/DIR=\"x:\\dirname\"\r\nOverrides the default directory name.\r\n/GROUP=\"folder name\"\r\nOverrides the default folder name.\r\n/NOICONS\r\nInstructs Setup to initially check the Don\'t create a Start Menu folder check box.\r\n/TYPE=type name\r\nOverrides the default setup type.\r\n/COMPONENTS=\"comma separated list of component names\"\r\nOverrides the default component settings.\r\n/TASKS=\"comma separated list of task names\"\r\nSpecifies a list of tasks that should be initially selected.\r\n/MERGETASKS=\"comma separated list of task names\"\r\nLike the /TASKS parameter, except the specified tasks will be merged with the set of tasks that would have otherwise been selected by default.\r\n/PASSWORD=password\r\nSpecifies the password to use.\r\n");
				_push(_v8);
				_push(_t24);
				_push(0x4b0f7c);
				_push(L"For more detailed information, please visit https://jrsoftware.org/ishelp/index.php?topic=setupcmdline");
				E004087C4( &_v12, _t24, 5, _t31, _t32);
				MessageBoxW(0, E004084EC(_v12), L"Setup", 0x10);
				_pop(_t28);
				 *[fs:eax] = _t28;
				_push(E004AFABD);
				return E00407A80( &_v12, 2);
			}

0x004afa2c
0x004afa2c
0x004afa2f
0x004afa31
0x004afa34
0x004afa38
0x004afa39
0x004afa3e
0x004afa41
0x004afa4b
0x004afa5f
0x004afa4d
0x004afa55
0x004afa55
0x004afa64
0x004afa69
0x004afa6c
0x004afa6d
0x004afa72
0x004afa7f
0x004afa96
0x004afa9d
0x004afaa0
0x004afaa3
0x004afab5

APIs

MessageBoxW.USER32(00000000,00000000,Setup,00000010), ref: 004AFA96

Strings

The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will in, xrefs: 004AFA64
For more detailed information, please visit https://jrsoftware.org/ishelp/index.php?topic=setupcmdline, xrefs: 004AFA72
Setup, xrefs: 004AFA86
/ALLUSERSInstructs Setup to install in administrative install mode./CURRENTUSERInstructs Setup to install in non administrat, xrefs: 004AFA50

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Message
String ID: /ALLUSERSInstructs Setup to install in administrative install mode./CURRENTUSERInstructs Setup to install in non administrat$For more detailed information, please visit https://jrsoftware.org/ishelp/index.php?topic=setupcmdline$Setup$The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will in
API String ID: 2030045667-3391638011
Opcode ID: 5fca6df1cc41c60226962d0d4d7f1ceda4c84f57996502a3869d04bad8e11af8
Instruction ID: d91db7adbe0e61d65693b83f686b77c7a2459b52af6881be4eb58bd45dae7278
Opcode Fuzzy Hash: 5fca6df1cc41c60226962d0d4d7f1ceda4c84f57996502a3869d04bad8e11af8
Instruction Fuzzy Hash: 5D018F30744308BAE310E691CC52F9E76ACD719B04FA0407BB904B26C2D6BC6E04842D

Uniqueness

Uniqueness Score: -1.00%

Function 0042F9B0, Relevance: 7.8, APIs: 5, Instructions: 335
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E0042F9B0(signed short* __eax, signed int __ecx, signed short* __edx, void* __edi, void* __fp0) {
				signed int _v8;
				signed char _v9;
				signed int _v12;
				signed int _v14;
				void* _v20;
				void* _v24;
				signed short* _v28;
				signed short* _v32;
				signed int _v48;
				void* __ebx;
				void* __ebp;
				signed int _t150;
				signed int _t272;
				intOrPtr _t328;
				intOrPtr _t331;
				intOrPtr _t339;
				intOrPtr _t347;
				intOrPtr _t355;
				void* _t360;
				void* _t362;
				intOrPtr _t363;

				_t367 = __fp0;
				_t358 = __edi;
				_t360 = _t362;
				_t363 = _t362 + 0xffffffd4;
				_v8 = __ecx;
				_v32 = __edx;
				_v28 = __eax;
				_v9 = 1;
				_t272 =  *_v28 & 0x0000ffff;
				if((_t272 & 0x00000fff) >= 0x10f) {
					_t150 =  *_v32 & 0x0000ffff;
					if(_t150 != 0) {
						if(_t150 != 1) {
							if(E00430858(_t272,  &_v20) != 0) {
								_push( &_v14);
								_t273 =  *_v20;
								if( *((intOrPtr*)( *_v20 + 8))() == 0) {
									_t275 =  *_v32 & 0x0000ffff;
									if(( *_v32 & 0xfff) >= 0x10f) {
										if(E00430858(_t275,  &_v24) != 0) {
											_push( &_v12);
											_t276 =  *_v24;
											if( *((intOrPtr*)( *_v24 + 4))() == 0) {
												E00428BE8(0xb);
												goto L41;
											} else {
												if(( *_v28 & 0x0000ffff) == _v12) {
													_t143 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
													_v9 =  *(0x4b93d2 + _v8 * 2 + _t143) & 0x000000ff;
													goto L41;
												} else {
													_push( &_v48);
													L0042723C();
													_push(_t360);
													_push(0x42fda8);
													_push( *[fs:eax]);
													 *[fs:eax] = _t363;
													_t289 = _v12 & 0x0000ffff;
													E0042999C( &_v48, _t276, _v12 & 0x0000ffff, _v28, __edi, __fp0);
													if((_v48 & 0x0000ffff) != _v12) {
														E00428AF0(_t289);
													}
													_t131 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
													_v9 =  *(0x4b93d2 + _v8 * 2 + _t131) & 0x000000ff;
													_pop(_t328);
													 *[fs:eax] = _t328;
													_push(0x42fddd);
													return E00429270( &_v48);
												}
											}
										} else {
											E00428BE8(0xb);
											goto L41;
										}
									} else {
										_push( &_v48);
										L0042723C();
										_push(_t360);
										_push(0x42fcef);
										_push( *[fs:eax]);
										 *[fs:eax] = _t363;
										_t294 =  *_v32 & 0x0000ffff;
										E0042999C( &_v48, _t275,  *_v32 & 0x0000ffff, _v28, __edi, __fp0);
										if(( *_v32 & 0x0000ffff) != _v48) {
											E00428AF0(_t294);
										}
										_v9 = E0042F7C8( &_v48, _v8, _v32, _t358, _t360, _t367);
										_pop(_t331);
										 *[fs:eax] = _t331;
										_push(0x42fddd);
										return E00429270( &_v48);
									}
								} else {
									if(( *_v32 & 0x0000ffff) == _v14) {
										_t95 = ( *((intOrPtr*)( *_v20 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t95) & 0x000000ff;
										goto L41;
									} else {
										_push( &_v48);
										L0042723C();
										_push(_t360);
										_push(0x42fc4a);
										_push( *[fs:eax]);
										 *[fs:eax] = _t363;
										_t299 = _v14 & 0x0000ffff;
										E0042999C( &_v48, _t273, _v14 & 0x0000ffff, _v32, __edi, __fp0);
										if((_v48 & 0x0000ffff) != _v14) {
											E00428AF0(_t299);
										}
										_t83 = ( *((intOrPtr*)( *_v20 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t83) & 0x000000ff;
										_pop(_t339);
										 *[fs:eax] = _t339;
										_push(0x42fddd);
										return E00429270( &_v48);
									}
								}
							} else {
								E00428BE8(__ecx);
								goto L41;
							}
						} else {
							_v9 = E0042F548(_v8, 2);
							goto L41;
						}
					} else {
						_v9 = E0042F534(0, 1);
						goto L41;
					}
				} else {
					if(_t272 != 0) {
						if(_t272 != 1) {
							if(E00430858( *_v32 & 0x0000ffff,  &_v24) != 0) {
								_push( &_v12);
								_t282 =  *_v24;
								if( *((intOrPtr*)( *_v24 + 4))() == 0) {
									_push( &_v48);
									L0042723C();
									_push(_t360);
									_push(0x42fb5b);
									_push( *[fs:eax]);
									 *[fs:eax] = _t363;
									_t306 =  *_v28 & 0x0000ffff;
									E0042999C( &_v48, _t282,  *_v28 & 0x0000ffff, _v32, __edi, __fp0);
									if((_v48 & 0xfff) !=  *_v28) {
										E00428AF0(_t306);
									}
									_v9 = E0042F7C8(_v28, _v8,  &_v48, _t358, _t360, _t367);
									_pop(_t347);
									 *[fs:eax] = _t347;
									_push(0x42fddd);
									return E00429270( &_v48);
								} else {
									if(( *_v28 & 0x0000ffff) == _v12) {
										_t44 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t44) & 0x000000ff;
										goto L41;
									} else {
										_push( &_v48);
										L0042723C();
										_push(_t360);
										_push(0x42fac4);
										_push( *[fs:eax]);
										 *[fs:eax] = _t363;
										_t311 = _v12 & 0x0000ffff;
										E0042999C( &_v48, _t282, _v12 & 0x0000ffff, _v28, __edi, __fp0);
										if((_v48 & 0xfff) != _v12) {
											E00428AF0(_t311);
										}
										_t32 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t32) & 0x000000ff;
										_pop(_t355);
										 *[fs:eax] = _t355;
										_push(0x42fddd);
										return E00429270( &_v48);
									}
								}
							} else {
								E00428BE8(__ecx);
								goto L41;
							}
						} else {
							_v9 = E0042F548(_v8, 0);
							goto L41;
						}
					} else {
						_v9 = E0042F534(1, 0);
						L41:
						return _v9 & 0x000000ff;
					}
				}
			}

0x0042f9b0
0x0042f9b0
0x0042f9b1
0x0042f9b3
0x0042f9b7
0x0042f9ba
0x0042f9bd
0x0042f9c0
0x0042f9c7
0x0042f9d4
0x0042fb65
0x0042fb6b
0x0042fb82
0x0042fba4
0x0042fbb3
0x0042fbbf
0x0042fbc6
0x0042fc80
0x0042fc8d
0x0042fd02
0x0042fd11
0x0042fd1d
0x0042fd24
0x0042fdd8
0x00000000
0x0042fd2a
0x0042fd34
0x0042fdce
0x0042fdd3
0x00000000
0x0042fd36
0x0042fd39
0x0042fd3a
0x0042fd41
0x0042fd42
0x0042fd47
0x0042fd4a
0x0042fd4d
0x0042fd57
0x0042fd64
0x0042fd66
0x0042fd66
0x0042fd8a
0x0042fd8f
0x0042fd94
0x0042fd97
0x0042fd9a
0x0042fda7
0x0042fda7
0x0042fd34
0x0042fd04
0x0042fd04
0x00000000
0x0042fd04
0x0042fc8f
0x0042fc92
0x0042fc93
0x0042fc9a
0x0042fc9b
0x0042fca0
0x0042fca3
0x0042fca9
0x0042fcb2
0x0042fcc1
0x0042fcc3
0x0042fcc3
0x0042fcd6
0x0042fcdb
0x0042fcde
0x0042fce1
0x0042fcee
0x0042fcee
0x0042fbcc
0x0042fbd6
0x0042fc70
0x0042fc75
0x00000000
0x0042fbd8
0x0042fbdb
0x0042fbdc
0x0042fbe3
0x0042fbe4
0x0042fbe9
0x0042fbec
0x0042fbef
0x0042fbf9
0x0042fc06
0x0042fc08
0x0042fc08
0x0042fc2c
0x0042fc31
0x0042fc36
0x0042fc39
0x0042fc3c
0x0042fc49
0x0042fc49
0x0042fbd6
0x0042fba6
0x0042fba6
0x00000000
0x0042fba6
0x0042fb84
0x0042fb90
0x00000000
0x0042fb90
0x0042fb6d
0x0042fb76
0x00000000
0x0042fb76
0x0042f9da
0x0042f9dd
0x0042f9f4
0x0042fa1a
0x0042fa29
0x0042fa35
0x0042fa3c
0x0042fafa
0x0042fafb
0x0042fb02
0x0042fb03
0x0042fb08
0x0042fb0b
0x0042fb11
0x0042fb1a
0x0042fb2d
0x0042fb2f
0x0042fb2f
0x0042fb42
0x0042fb47
0x0042fb4a
0x0042fb4d
0x0042fb5a
0x0042fa42
0x0042fa4c
0x0042faea
0x0042faef
0x00000000
0x0042fa4e
0x0042fa51
0x0042fa52
0x0042fa59
0x0042fa5a
0x0042fa5f
0x0042fa62
0x0042fa65
0x0042fa6f
0x0042fa80
0x0042fa82
0x0042fa82
0x0042faa6
0x0042faab
0x0042fab0
0x0042fab3
0x0042fab6
0x0042fac3
0x0042fac3
0x0042fa4c
0x0042fa1c
0x0042fa1c
0x00000000
0x0042fa1c
0x0042f9f6
0x0042fa02
0x00000000
0x0042fa02
0x0042f9df
0x0042f9e8
0x0042fddd
0x0042fde5
0x0042fde5
0x0042f9dd

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 513e5c88327bb7306b2ed8f9e2f39c2943af69bef8aea9c68306217106a7b0a1
Instruction ID: 336ab3be91245dbcb88afa50d39c96b555b7b4dd4c7b37a8d21c905a6355ac7c
Opcode Fuzzy Hash: 513e5c88327bb7306b2ed8f9e2f39c2943af69bef8aea9c68306217106a7b0a1
Instruction Fuzzy Hash: ACD16E75B00119DFCF00DFA5D4918FEB7B5EF49300BD084BBE801A7251D638A94ADB69

Uniqueness

Uniqueness Score: -1.00%

Function 0041C790, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77
threadCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E0041C790(void* __eax, void* __ebx, intOrPtr* __edx, void* __esi, intOrPtr _a4) {
				char _v8;
				short _v18;
				short _v22;
				struct _SYSTEMTIME _v24;
				short _v536;
				short* _t32;
				intOrPtr* _t47;
				intOrPtr _t56;
				void* _t61;
				intOrPtr _t63;
				void* _t67;

				_v8 = 0;
				_t47 = __edx;
				_t61 = __eax;
				_push(_t67);
				_push(0x41c873);
				_push( *[fs:eax]);
				 *[fs:eax] = _t67 + 0xfffffdec;
				E00407A20(__edx);
				_v24 =  *(_a4 - 2) & 0x0000ffff;
				_v22 =  *(_a4 - 4) & 0x0000ffff;
				_v18 =  *(_a4 - 6) & 0x0000ffff;
				if(_t61 > 2) {
					E00407E48( &_v8, L"yyyy");
				} else {
					E00407E48( &_v8, 0x41c88c);
				}
				_t32 = E004084EC(_v8);
				if(GetDateFormatW(GetThreadLocale(), 4,  &_v24, _t32,  &_v536, 0x200) != 0) {
					E0040858C(_t47, 0x100,  &_v536);
					if(_t61 == 1 &&  *((short*)( *_t47)) == 0x30) {
						_t63 =  *_t47;
						if(_t63 != 0) {
							_t63 =  *((intOrPtr*)(_t63 - 4));
						}
						E004088AC( *_t47, _t63 - 1, 2, _t47);
					}
				}
				_pop(_t56);
				 *[fs:eax] = _t56;
				_push(0x41c87a);
				return E00407A20( &_v8);
			}

0x0041c79d
0x0041c7a0
0x0041c7a2
0x0041c7a6
0x0041c7a7
0x0041c7ac
0x0041c7af
0x0041c7b4
0x0041c7c0
0x0041c7cb
0x0041c7d6
0x0041c7dd
0x0041c7f6
0x0041c7df
0x0041c7e7
0x0041c7e7
0x0041c80a
0x0041c823
0x0041c832
0x0041c838
0x0041c842
0x0041c846
0x0041c84b
0x0041c84b
0x0041c858
0x0041c858
0x0041c838
0x0041c85f
0x0041c862
0x0041c865
0x0041c872

APIs

GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000200,00000000,0041C873), ref: 0041C816
GetDateFormatW.KERNEL32(00000000,00000004,?,00000000,?,00000200,00000000,0041C873), ref: 0041C81C

Strings

yyyy, xrefs: 0041C7F1
, xrefs: 0041C7E2

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: DateFormatLocaleThread
String ID: $yyyy
API String ID: 3303714858-404527807
Opcode ID: 9b84cafd13c5b3a76178dd7a5deb0e6d63fe676c73d736d950a9ec0585647aa0
Instruction ID: d4c72dfe3e93bc103dd676e1b73ac12d517b544291048ec360f079cc1ca068dc
Opcode Fuzzy Hash: 9b84cafd13c5b3a76178dd7a5deb0e6d63fe676c73d736d950a9ec0585647aa0
Instruction Fuzzy Hash: 9A215335A442189BDB11EF95CDC1AAEB3B8EF08701F5144BBFC45E7281D7789E4087AA

Uniqueness

Uniqueness Score: -1.00%

Function 0041EEFC, Relevance: 6.1, APIs: 4, Instructions: 113
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E0041EEFC(intOrPtr* __eax, void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v534;
				short _v1056;
				short _v1568;
				struct _MEMORY_BASIC_INFORMATION _v1596;
				char _v1600;
				intOrPtr _v1604;
				char _v1608;
				intOrPtr _v1612;
				char _v1616;
				intOrPtr _v1620;
				char _v1624;
				char* _v1628;
				char _v1632;
				char _v1636;
				char _v1640;
				intOrPtr _t55;
				signed int _t76;
				void* _t82;
				intOrPtr _t83;
				intOrPtr _t95;
				intOrPtr _t98;
				intOrPtr _t100;
				intOrPtr* _t102;
				void* _t105;

				_v1640 = 0;
				_v8 = __ecx;
				_t82 = __edx;
				_t102 = __eax;
				_push(_t105);
				_push(0x41f0a8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t105 + 0xfffff99c;
				VirtualQuery(__edx,  &_v1596, 0x1c);
				if(_v1596.State != 0x1000 || GetModuleFileNameW(_v1596.AllocationBase,  &_v1056, 0x105) == 0) {
					GetModuleFileNameW( *0x4be634,  &_v1056, 0x105);
					_v12 = E0041EEF0(_t82);
				} else {
					_v12 = _t82 - _v1596.AllocationBase;
				}
				E0041A57C( &_v534, 0x104, E00420608() + 2);
				_t83 = 0x41f0bc;
				_t100 = 0x41f0bc;
				_t95 =  *0x414db8; // 0x414e10
				if(E00405F30(_t102, _t95) != 0) {
					_t83 = E004084EC( *((intOrPtr*)(_t102 + 4)));
					_t76 = E00407F04(_t83);
					if(_t76 != 0 &&  *((short*)(_t83 + _t76 * 2 - 2)) != 0x2e) {
						_t100 = 0x41f0c0;
					}
				}
				_t55 =  *0x4ba774; // 0x40e708
				_t18 = _t55 + 4; // 0xffec
				LoadStringW(E00409FF0( *0x4be634),  *_t18,  &_v1568, 0x100);
				E00405BE8( *_t102,  &_v1640);
				_v1636 = _v1640;
				_v1632 = 0x11;
				_v1628 =  &_v534;
				_v1624 = 0xa;
				_v1620 = _v12;
				_v1616 = 5;
				_v1612 = _t83;
				_v1608 = 0xa;
				_v1604 = _t100;
				_v1600 = 0xa;
				E0041A814(4,  &_v1636);
				E00407F04(_v8);
				_pop(_t98);
				 *[fs:eax] = _t98;
				_push(0x41f0af);
				return E00407A20( &_v1640);
			}

0x0041ef0a
0x0041ef10
0x0041ef13
0x0041ef15
0x0041ef19
0x0041ef1a
0x0041ef1f
0x0041ef22
0x0041ef2f
0x0041ef3e
0x0041ef6e
0x0041ef7a
0x0041ef7f
0x0041ef85
0x0041ef85
0x0041efa7
0x0041efac
0x0041efb1
0x0041efb8
0x0041efc5
0x0041efcf
0x0041efd3
0x0041efda
0x0041efe4
0x0041efe4
0x0041efda
0x0041eff5
0x0041effa
0x0041f009
0x0041f016
0x0041f021
0x0041f027
0x0041f034
0x0041f03a
0x0041f044
0x0041f04a
0x0041f051
0x0041f057
0x0041f05e
0x0041f064
0x0041f080
0x0041f088
0x0041f091
0x0041f094
0x0041f097
0x0041f0a7

APIs

VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041F0A8), ref: 0041EF2F
GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF53
GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF6E
LoadStringW.USER32(00000000,0000FFEC,?,00000100), ref: 0041F009

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileModuleName$LoadQueryStringVirtual
String ID:
API String ID: 3990497365-0
Opcode ID: 9931a9cf3aed00deb4ee3acfb7e435b06dd993296f2c2e9735afe951396f5714
Instruction ID: 1578eb45e464442e6080653f6025888c356fcaddc808aab3f6789ba0ce71ce89
Opcode Fuzzy Hash: 9931a9cf3aed00deb4ee3acfb7e435b06dd993296f2c2e9735afe951396f5714
Instruction Fuzzy Hash: 3E412374A002589FDB20DF59CC81BCAB7F9AB58304F4044FAE508E7242D7799E95CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0040A6C8, Relevance: 6.1, APIs: 4, Instructions: 95
threadCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E0040A6C8(signed short __eax, void* __edx) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				signed int _v20;
				short _v22;
				short _v24;
				char _v26;
				char _v32;
				void* __ebp;
				void* _t39;
				void* _t55;
				void* _t59;
				short* _t62;
				signed short _t66;
				void* _t67;
				void* _t68;
				signed short _t79;
				void* _t81;

				_t81 = __edx;
				_t66 = __eax;
				_v16 = 0;
				if(__eax !=  *0x4bdc08()) {
					_v16 = E0040A684( &_v8);
					_t79 = _t66;
					_v20 = 3;
					_t62 =  &_v26;
					do {
						 *_t62 =  *(0xf + "0123456789ABCDEF") & 0x000000ff;
						_t79 = (_t79 & 0x0000ffff) >> 4;
						_v20 = _v20 - 1;
						_t62 = _t62 - 2;
					} while (_v20 != 0xffffffff);
					_v24 = 0;
					_v22 = 0;
					 *0x4bdc04(4,  &_v32,  &_v20);
				}
				_t39 = E0040A684( &_v12);
				_t67 = _t39;
				if(_t67 != 0) {
					_t55 = _v12 - 2;
					if(_t55 >= 0) {
						_t59 = _t55 + 1;
						_v20 = 0;
						do {
							if( *((short*)(_t67 + _v20 * 2)) == 0) {
								 *((short*)(_t67 + _v20 * 2)) = 0x2c;
							}
							_v20 = _v20 + 1;
							_t59 = _t59 - 1;
						} while (_t59 != 0);
					}
					E00408550(_t81, _t67);
					_t39 = E0040540C(_t67);
				}
				if(_v16 != 0) {
					 *0x4bdc04(0, 0,  &_v20);
					_t68 = E0040A684( &_v12);
					if(_v8 != _v12 || E0040A660(_v16, _v12, _t68) != 0) {
						 *0x4bdc04(8, _v16,  &_v20);
					}
					E0040540C(_t68);
					return E0040540C(_v16);
				}
				return _t39;
			}

0x0040a6d0
0x0040a6d2
0x0040a6d6
0x0040a6e2
0x0040a6ec
0x0040a6ef
0x0040a6f1
0x0040a6f8
0x0040a6fb
0x0040a70c
0x0040a712
0x0040a715
0x0040a718
0x0040a71b
0x0040a721
0x0040a727
0x0040a737
0x0040a737
0x0040a740
0x0040a745
0x0040a749
0x0040a74e
0x0040a753
0x0040a755
0x0040a756
0x0040a75d
0x0040a765
0x0040a76a
0x0040a76a
0x0040a770
0x0040a773
0x0040a773
0x0040a75d
0x0040a77a
0x0040a781
0x0040a781
0x0040a78a
0x0040a794
0x0040a7a2
0x0040a7aa
0x0040a7c7
0x0040a7c7
0x0040a7cf
0x00000000
0x0040a7d7
0x0040a7e1

APIs

GetThreadUILanguage.KERNEL32(?,00000000), ref: 0040A6D9
SetThreadPreferredUILanguages.KERNEL32(00000004,?,?), ref: 0040A737
SetThreadPreferredUILanguages.KERNEL32(00000000,00000000,?), ref: 0040A794
SetThreadPreferredUILanguages.KERNEL32(00000008,?,?), ref: 0040A7C7

Part of subcall function 0040A684: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,00000000,?,?,0040A745), ref: 0040A69B
Part of subcall function 0040A684: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,?,0040A745), ref: 0040A6B8

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Thread$LanguagesPreferred$Language
String ID:
API String ID: 2255706666-0
Opcode ID: 4c514f641868e752fd40307e4922e2f5a84495159d338bc2b006041d37f1dfb0
Instruction ID: 64ac70e7ec2a8712ea9b0e83aabe60772fb1db60419ab041f5eb1837937ee239
Opcode Fuzzy Hash: 4c514f641868e752fd40307e4922e2f5a84495159d338bc2b006041d37f1dfb0
Instruction Fuzzy Hash: 97317070E0021A9BDB10DFA9C884AAFB7B8EF04304F00867AE555E7291EB789E05CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00420BD8, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00420BD8() {
				void* __ebx;
				struct HINSTANCE__* _t1;
				void* _t4;

				_t1 = GetModuleHandleW(L"kernel32.dll");
				_t3 = _t1;
				if(_t1 != 0) {
					_t1 = E0040E1A8(_t3, _t4, _t3, L"GetDiskFreeSpaceExW");
					 *0x4b7e30 = _t1;
				}
				if( *0x4b7e30 == 0) {
					 *0x4b7e30 = E0041A4DC;
					return E0041A4DC;
				}
				return _t1;
			}

0x00420bde
0x00420be3
0x00420be7
0x00420bef
0x00420bf4
0x00420bf4
0x00420c00
0x00420c07
0x00000000
0x00420c07
0x00420c0d

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,?,00420CB4,00000000,00420CCC,?,?,00420C69), ref: 00420BDE

Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116), ref: 0040E1D2

Strings

GetDiskFreeSpaceExW, xrefs: 00420BE9
kernel32.dll, xrefs: 00420BD9

Memory Dump Source

Source File: 00000000.00000002.259851284.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.259846201.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.259998663.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260018035.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.260029488.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.260036435.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetDiskFreeSpaceExW$kernel32.dll
API String ID: 1646373207-1127948838
Opcode ID: f76785e0005e833dd4a9f921d8d2e36157eed1af70da7a881872f52b203e86d0
Instruction ID: d69f2d486575a746b5ffe9d6a82661523d0842203aaa5c8b8dd0cb43f1f92830
Opcode Fuzzy Hash: f76785e0005e833dd4a9f921d8d2e36157eed1af70da7a881872f52b203e86d0
Instruction Fuzzy Hash: 31D05EB03143165FE7056BB2ACC561636C6AB86304B900B7BA5046A243CBFDDC50434C

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: Mario Deluxe InstaII.tmp PID: 2540 Parent PID: 5728 Mario Deluxe InstaII.tmpCOMMON

Execution Graph

Execution Coverage:	8.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.8%
Total number of Nodes:	1312
Total number of Limit Nodes:	119

Executed Functions

Function 005B1248, Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 181
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 43%

			E005B1248(long __eax) {
				signed char _v5;
				void* _v12;
				char _v16;
				void* _v20;
				long _v24;
				void* _v28;
				struct _SID_IDENTIFIER_AUTHORITY* _v32;
				void* __ebx;
				void* __esi;
				void* __ebp;
				void* _t89;
				long _t97;
				signed int _t100;
				intOrPtr _t105;
				intOrPtr _t106;
				void* _t107;
				void* _t110;
				void* _t111;
				void* _t113;
				void* _t115;
				intOrPtr _t116;

				_t113 = _t115;
				_t116 = _t115 + 0xffffffe4;
				_push(_t107);
				_t97 = __eax;
				if(E0042719C() == 2) {
					_v5 = 0;
					_v32 = 0x661808;
					if(AllocateAndInitializeSid(_v32, 2, 0x20, _t97, 0, 0, 0, 0, 0, 0,  &_v12) == 0) {
						goto L26;
					} else {
						_push(_t113);
						_push(0x5b1433);
						_push( *[fs:eax]);
						 *[fs:eax] = _t116;
						_t99 = 0;
						if((GetVersion() & 0x000000ff) >= 5) {
							_t99 = E00411E58(0, _t107, GetModuleHandleW(L"advapi32.dll"), L"CheckTokenMembership");
						}
						if(_t99 == 0) {
							_v28 = 0;
							if(OpenThreadToken(GetCurrentThread(), 8, 0xffffffff,  &_v20) != 0) {
								L13:
								_push(_t113);
								_push(0x5b1415);
								_push( *[fs:eax]);
								 *[fs:eax] = _t116;
								_v24 = 0;
								if(GetTokenInformation(_v20, 2, 0, 0,  &_v24) != 0 || GetLastError() == 0x7a) {
									_v28 = E00405490(_v24);
									if(GetTokenInformation(_v20, 2, _v28, _v24,  &_v24) != 0) {
										_t110 =  *_v28 - 1;
										if(_t110 >= 0) {
											_t111 = _t110 + 1;
											_t100 = 0;
											while(EqualSid(_v12,  *(_v28 + 4 + _t100 * 8)) == 0 || ( *(_v28 + 8 + _t100 * 8) & 0x00000014) != 4) {
												_t100 = _t100 + 1;
												_t111 = _t111 - 1;
												if(_t111 != 0) {
													continue;
												}
												goto L24;
											}
											_v5 = 1;
										}
										L24:
										_pop(_t105);
										 *[fs:eax] = _t105;
										_push(E005B141C);
										E004054AC(_v28);
										return CloseHandle(_v20);
									} else {
										E00407F08();
										E00407F08();
										goto L26;
									}
								} else {
									E00407F08();
									E00407F08();
									goto L26;
								}
							} else {
								if(GetLastError() == 0x3f0) {
									if(OpenProcessToken(GetCurrentProcess(), 8,  &_v20) != 0) {
										goto L13;
									} else {
										E00407F08();
										goto L26;
									}
								} else {
									E00407F08();
									goto L26;
								}
							}
						} else {
							_t89 =  *_t99(0, _v12,  &_v16); // executed
							if(_t89 != 0) {
								asm("sbb eax, eax");
								_v5 = _t89 + 1;
							}
							_pop(_t106);
							 *[fs:eax] = _t106;
							_push(E005B143A);
							return FreeSid(_v12);
						}
					}
				} else {
					_v5 = 1;
					L26:
					return _v5 & 0x000000ff;
				}
			}

0x005b1249
0x005b124b
0x005b124f
0x005b1250
0x005b125a
0x005b1265
0x005b126e
0x005b1291
0x00000000
0x005b1297
0x005b1299
0x005b129a
0x005b129f
0x005b12a2
0x005b12a5
0x005b12b5
0x005b12cc
0x005b12cc
0x005b12d0
0x005b12f7
0x005b130f
0x005b1346
0x005b1348
0x005b1349
0x005b134e
0x005b1351
0x005b1356
0x005b136e
0x005b1391
0x005b13ad
0x005b13c0
0x005b13c3
0x005b13c5
0x005b13c6
0x005b13c8
0x005b13f2
0x005b13f3
0x005b13f4
0x00000000
0x00000000
0x00000000
0x005b13f4
0x005b13ec
0x005b13ec
0x005b13f6
0x005b13f8
0x005b13fb
0x005b13fe
0x005b1406
0x005b1414
0x005b13af
0x005b13af
0x005b13b4
0x00000000
0x005b13b4
0x005b137a
0x005b137a
0x005b137f
0x00000000
0x005b137f
0x005b1311
0x005b131b
0x005b133a
0x00000000
0x005b133c
0x005b133c
0x00000000
0x005b133c
0x005b131d
0x005b131d
0x00000000
0x005b131d
0x005b131b
0x005b12d2
0x005b12dc
0x005b12e0
0x005b12ea
0x005b12ed
0x005b12ed
0x005b141e
0x005b1421
0x005b1424
0x005b1432
0x005b1432
0x005b12d0
0x005b125c
0x005b125c
0x005b143a
0x005b1443
0x005b1443

APIs

AllocateAndInitializeSid.ADVAPI32(00000005,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005B128A
GetVersion.KERNEL32(00000000,005B1433,?,00000005,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005B12A7
GetModuleHandleW.KERNEL32(advapi32.dll,CheckTokenMembership,00000000,005B1433,?,00000005,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005B12C1
CheckTokenMembership.KERNELBASE(00000000,00000000,?,00000000,005B1433,?,00000005,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005B12DC
FreeSid.ADVAPI32(00000000,005B143A,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005B142D

Strings

CheckTokenMembership, xrefs: 005B12B7
advapi32.dll, xrefs: 005B12BC

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AllocateCheckFreeHandleInitializeMembershipModuleTokenVersion
String ID: CheckTokenMembership$advapi32.dll
API String ID: 2691416632-1888249752
Opcode ID: caf764e2da06b17aa48177a09f481e9c58a0e10cae27e26a6245af0c4e6fec8a
Instruction ID: ac35d0f59487471c61e1a1342d4049f29feb693cc75a8e69d60280a94490ce98
Opcode Fuzzy Hash: caf764e2da06b17aa48177a09f481e9c58a0e10cae27e26a6245af0c4e6fec8a
Instruction Fuzzy Hash: 7C519671A44705AADF51DBE58C62BFF7BE8FF05344F90082AFA00E7191E638E9408769

Uniqueness

Uniqueness Score: -1.00%

Function 0040C9BC, Relevance: 3.1, APIs: 2, Instructions: 63
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E0040C9BC(char __eax, void* __ebx, intOrPtr* __edx, void* __eflags) {
				char _v8;
				short _v12;
				void* _v16;
				char _v20;
				char _v24;
				void* _t29;
				void* _t40;
				intOrPtr* _t44;
				intOrPtr _t55;
				void* _t61;

				_push(__ebx);
				_v24 = 0;
				_v20 = 0;
				_t44 = __edx;
				_v8 = __eax;
				E004087FC(_v8);
				_push(_t61);
				_push(0x40ca7c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t61 + 0xffffffec;
				_t21 =  &_v16;
				L004037D0();
				GetLocaleInfoW( &_v16 & 0x0000ffff, 3, _t21, 4);
				E00409868( &_v20, 4,  &_v16);
				E00409A18(_t44, _v20, _v8);
				_t29 = E0040C86C( *_t44, _t44); // executed
				if(_t29 == 0) {
					_v12 = 0;
					E00409868( &_v24, 4,  &_v16);
					E00409A18(_t44, _v24, _v8);
					_t40 = E0040C86C( *_t44, _t44); // executed
					if(_t40 == 0) {
						E00408718(_t44);
					}
				}
				_pop(_t55);
				 *[fs:eax] = _t55;
				_push(E0040CA83);
				E00408778( &_v24, 2);
				return E00408718( &_v8);
			}

0x0040c9c2
0x0040c9c5
0x0040c9c8
0x0040c9cb
0x0040c9cd
0x0040c9d3
0x0040c9da
0x0040c9db
0x0040c9e0
0x0040c9e3
0x0040c9e8
0x0040c9ee
0x0040c9f7
0x0040ca07
0x0040ca14
0x0040ca1b
0x0040ca22
0x0040ca24
0x0040ca35
0x0040ca42
0x0040ca49
0x0040ca50
0x0040ca54
0x0040ca54
0x0040ca50
0x0040ca5b
0x0040ca5e
0x0040ca61
0x0040ca6e
0x0040ca7b

APIs

GetUserDefaultUILanguage.KERNEL32(00000003,?,00000004,00000000,0040CA7C,?,?), ref: 0040C9EE
GetLocaleInfoW.KERNEL32(?,00000003,?,00000004,00000000,0040CA7C,?,?), ref: 0040C9F7

Part of subcall function 0040C86C: FindFirstFileW.KERNEL32(00000000,?,00000000,0040C8CA,?,?), ref: 0040C89F
Part of subcall function 0040C86C: FindClose.KERNEL32(00000000,00000000,?,00000000,0040C8CA,?,?), ref: 0040C8AF

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
String ID:
API String ID: 3216391948-0
Opcode ID: 96ac4368ac1f8059d763fbb6ef7cbef18ddb094d32de435bf556fd91bafbcc4e
Instruction ID: dd154ea817c974e97ef7d73b686066fe5e2276528df8cc7754812583d82bc4d2
Opcode Fuzzy Hash: 96ac4368ac1f8059d763fbb6ef7cbef18ddb094d32de435bf556fd91bafbcc4e
Instruction Fuzzy Hash: F8116370B00109DBDB00FBA6D982AAEB7B8EF45704F50457FA504B76D2DB385E058B59

Uniqueness

Uniqueness Score: -1.00%

Function 005F790C, Relevance: 3.0, APIs: 2, Instructions: 45
fileCOMMON

Download Yara Rule

C-Code - Quality: 60%

			E005F790C(void* __eax, struct _WIN32_FIND_DATAW* __ecx, void* __edx, void* __eflags) {
				void* _v8;
				char _v16;
				long _v20;
				void* _t13;
				intOrPtr _t27;
				void* _t35;
				void* _t37;
				intOrPtr _t38;

				_t35 = _t37;
				_t38 = _t37 + 0xfffffff0;
				if(E005F75D0(__eax,  &_v16) != 0) {
					_push(_t35);
					_push(0x5f796f);
					_push( *[fs:eax]);
					 *[fs:eax] = _t38;
					_t13 = FindFirstFileW(E004097C8(__edx), __ecx); // executed
					_v8 = _t13;
					_v20 = GetLastError();
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(E005F7976);
					return E005F760C( &_v16);
				} else {
					_v8 = 0xffffffff;
					return _v8;
				}
			}

0x005f790d
0x005f790f
0x005f7927
0x005f7934
0x005f7935
0x005f793a
0x005f793d
0x005f7949
0x005f794e
0x005f7956
0x005f795b
0x005f795e
0x005f7961
0x005f796e
0x005f7929
0x005f7929
0x005f7988
0x005f7988

APIs

FindFirstFileW.KERNEL32(00000000,?,00000000,005F796F,?,?,?,00000000), ref: 005F7949
GetLastError.KERNEL32(00000000,?,00000000,005F796F,?,?,?,00000000), ref: 005F7951

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ErrorFileFindFirstLast
String ID:
API String ID: 873889042-0
Opcode ID: b3f748189c6c3eea9a84f7d00f9a4e6dbb7ed05ff3942fc6396fdd90bfebc77f
Instruction ID: 50e57a932d83825190cb753bbf467059f05725fc9180b22a9fbe66609a988f23
Opcode Fuzzy Hash: b3f748189c6c3eea9a84f7d00f9a4e6dbb7ed05ff3942fc6396fdd90bfebc77f
Instruction Fuzzy Hash: 78F0F931A0820CAB8B10DF699C014EEBBACFB8972075046B6F914D3691EA784E018595

Uniqueness

Uniqueness Score: -1.00%

Function 0040C86C, Relevance: 3.0, APIs: 2, Instructions: 33
fileCOMMON

Download Yara Rule

C-Code - Quality: 46%

			E0040C86C(char __eax, signed int __ebx) {
				char _v8;
				struct _WIN32_FIND_DATAW _v600;
				void* _t15;
				intOrPtr _t24;
				void* _t27;

				_push(__ebx);
				_v8 = __eax;
				E004087FC(_v8);
				_push(_t27);
				_push(0x40c8ca);
				_push( *[fs:eax]);
				 *[fs:eax] = _t27 + 0xfffffdac;
				_t15 = FindFirstFileW(E004097C8(_v8),  &_v600); // executed
				if((__ebx & 0xffffff00 | _t15 != 0xffffffff) != 0) {
					FindClose(_t15);
				}
				_pop(_t24);
				 *[fs:eax] = _t24;
				_push(E0040C8D1);
				return E00408718( &_v8);
			}

0x0040c875
0x0040c876
0x0040c87c
0x0040c883
0x0040c884
0x0040c889
0x0040c88c
0x0040c89f
0x0040c8ac
0x0040c8af
0x0040c8af
0x0040c8b6
0x0040c8b9
0x0040c8bc
0x0040c8c9

APIs

FindFirstFileW.KERNEL32(00000000,?,00000000,0040C8CA,?,?), ref: 0040C89F
FindClose.KERNEL32(00000000,00000000,?,00000000,0040C8CA,?,?), ref: 0040C8AF

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 498573c6ee533ad477a1b1b959f497f51bb931f6dee575229f438675175f7686
Instruction ID: a79f3244e1dae306cfdd43c11d9e05b1965ff1ec8325b00f92b99aced98e3e72
Opcode Fuzzy Hash: 498573c6ee533ad477a1b1b959f497f51bb931f6dee575229f438675175f7686
Instruction Fuzzy Hash: D8F0B472550608EED710FB79CD9298DBBECEB4431576005B6F400F32D2EA385F00551C

Uniqueness

Uniqueness Score: -1.00%

Function 0040C490, Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 78%

			E0040C490(char __eax, void* __ebx, void* __ecx, void* __edx) {
				char _v8;
				char* _v12;
				void* _v16;
				int _v20;
				short _v542;
				long _t51;
				long _t85;
				long _t87;
				long _t89;
				long _t91;
				long _t93;
				void* _t97;
				intOrPtr _t106;
				intOrPtr _t108;
				void* _t112;
				void* _t113;
				intOrPtr _t114;

				_t112 = _t113;
				_t114 = _t113 + 0xfffffde4;
				_t97 = __edx;
				_v8 = __eax;
				E004087FC(_v8);
				_push(_t112);
				_push(0x40c6b5);
				_push( *[fs:eax]);
				 *[fs:eax] = _t114;
				if(_v8 != 0) {
					E0040BCC4( &_v542, E004097C8(_v8), 0x105);
				} else {
					GetModuleFileNameW(0,  &_v542, 0x105);
				}
				if(_v542 == 0) {
					L18:
					_pop(_t106);
					 *[fs:eax] = _t106;
					_push(E0040C6BC);
					return E00408718( &_v8);
				} else {
					_v12 = 0;
					_t51 = RegOpenKeyExW(0x80000001, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
					if(_t51 == 0) {
						L10:
						_push(_t112);
						_push(0x40c698);
						_push( *[fs:eax]);
						 *[fs:eax] = _t114;
						E0040C2A0( &_v542, 0x105);
						if(RegQueryValueExW(_v16,  &_v542, 0, 0, 0,  &_v20) != 0) {
							if(RegQueryValueExW(_v16, E0040C7A8, 0, 0, 0,  &_v20) == 0) {
								_v12 = E00405490(_v20);
								RegQueryValueExW(_v16, E0040C7A8, 0, 0, _v12,  &_v20);
								E0040982C(_t97, _v12);
							}
						} else {
							_v12 = E00405490(_v20);
							RegQueryValueExW(_v16,  &_v542, 0, 0, _v12,  &_v20);
							E0040982C(_t97, _v12);
						}
						_pop(_t108);
						 *[fs:eax] = _t108;
						_push(E0040C69F);
						if(_v12 != 0) {
							E004054AC(_v12);
						}
						return RegCloseKey(_v16);
					} else {
						_t85 = RegOpenKeyExW(0x80000002, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
						if(_t85 == 0) {
							goto L10;
						} else {
							_t87 = RegOpenKeyExW(0x80000001, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
							if(_t87 == 0) {
								goto L10;
							} else {
								_t89 = RegOpenKeyExW(0x80000002, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
								if(_t89 == 0) {
									goto L10;
								} else {
									_t91 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Locales", 0, 0xf0019,  &_v16); // executed
									if(_t91 == 0) {
										goto L10;
									} else {
										_t93 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v16); // executed
										if(_t93 != 0) {
											goto L18;
										} else {
											goto L10;
										}
									}
								}
							}
						}
					}
				}
			}

0x0040c491
0x0040c493
0x0040c49a
0x0040c49c
0x0040c4a2
0x0040c4a9
0x0040c4aa
0x0040c4af
0x0040c4b2
0x0040c4b9
0x0040c4e5
0x0040c4bb
0x0040c4c9
0x0040c4c9
0x0040c4f2
0x0040c69f
0x0040c6a1
0x0040c6a4
0x0040c6a7
0x0040c6b4
0x0040c4f8
0x0040c4fa
0x0040c512
0x0040c519
0x0040c5b9
0x0040c5bb
0x0040c5bc
0x0040c5c1
0x0040c5c4
0x0040c5d2
0x0040c5f3
0x0040c642
0x0040c64c
0x0040c664
0x0040c66e
0x0040c66e
0x0040c5f5
0x0040c5fd
0x0040c617
0x0040c621
0x0040c621
0x0040c675
0x0040c678
0x0040c67b
0x0040c684
0x0040c689
0x0040c689
0x0040c697
0x0040c51f
0x0040c534
0x0040c53b
0x00000000
0x0040c53d
0x0040c552
0x0040c559
0x00000000
0x0040c55b
0x0040c570
0x0040c577
0x00000000
0x0040c579
0x0040c58e
0x0040c595
0x00000000
0x0040c597
0x0040c5ac
0x0040c5b3
0x00000000
0x00000000
0x00000000
0x00000000
0x0040c5b3
0x0040c595
0x0040c577
0x0040c559
0x0040c53b
0x0040c519

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040C6B5,?,?), ref: 0040C4C9
RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040C6B5,?,?), ref: 0040C512
RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040C6B5,?,?), ref: 0040C534
RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000), ref: 0040C552
RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001), ref: 0040C570
RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002), ref: 0040C58E
RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 0040C5AC
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,0040C698,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040C6B5), ref: 0040C5EC
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,?,00000000,0040C698,?,80000001), ref: 0040C617
RegCloseKey.ADVAPI32(?,0040C69F,00000000,00000000,?,?,?,00000000,00000000,00000000,?,00000000,0040C698,?,80000001,Software\Embarcadero\Locales), ref: 0040C692

Strings

Software\Embarcadero\Locales, xrefs: 0040C508, 0040C52A
Software\Borland\Delphi\Locales, xrefs: 0040C5A2
Software\Borland\Locales, xrefs: 0040C584
Software\CodeGear\Locales, xrefs: 0040C548, 0040C566

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Open$QueryValue$CloseFileModuleName
String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
API String ID: 2701450724-3496071916
Opcode ID: b5d18a502e8c07bd71cea66c196f2a1797ae1cbf9c47a77388d3d1dac3f07631
Instruction ID: b87a276e91c0abd92e6ddb5251d81d319347be4625686c9aa575414df8f97b10
Opcode Fuzzy Hash: b5d18a502e8c07bd71cea66c196f2a1797ae1cbf9c47a77388d3d1dac3f07631
Instruction Fuzzy Hash: B251F575A50208FEDB20EB95CC82FAE77ECDB08704F5045BBB604F62C1D6789A449B5D

Uniqueness

Uniqueness Score: -1.00%

Function 00643E0C, Relevance: 26.5, APIs: 6, Strings: 9, Instructions: 223
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 65%

			E00643E0C(void* __ebx, void* __edx, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				void* _t54;
				intOrPtr _t65;
				intOrPtr _t73;
				unsigned int _t77;
				void* _t80;
				char _t82;
				char _t84;
				intOrPtr _t89;
				intOrPtr _t94;
				intOrPtr _t99;
				intOrPtr _t112;
				intOrPtr _t118;
				void* _t129;
				intOrPtr _t158;
				intOrPtr _t163;
				intOrPtr _t165;
				intOrPtr _t167;
				intOrPtr _t174;
				intOrPtr _t182;
				intOrPtr _t183;

				_t128 = __ebx;
				_t182 = _t183;
				_t129 = 7;
				do {
					_push(0);
					_push(0);
					_t129 = _t129 - 1;
					_t184 = _t129;
				} while (_t129 != 0);
				_push(_t182);
				_push(0x644156);
				_push( *[fs:eax]);
				 *[fs:eax] = _t183;
				E005B0998( &_v12);
				E00408AF8(0x66a440, _v12);
				E005B09C4( &_v16);
				E00408AF8(0x66a444, _v16);
				E005B09F0( &_v20, __esi, _t182, _t184);
				E00408AF8(0x66a448, _v20);
				E005B0A98( *0x66a6e9 & 0x000000ff, __ebx,  &_v24, __esi);
				E00408AF8(0x66a44c, _v24);
				_t54 = E0042719C();
				_t185 = _t54 - 2;
				if(_t54 != 2) {
					E00408718(0x66a450);
				} else {
					E005B02C4(L"SystemDrive", _t129,  &_v28, _t185);
					E00408AF8(0x66a450, _v28);
				}
				if( *0x66a450 == 0) {
					_t118 =  *0x66a440; // 0x0
					E005AF9E8(_t118,  &_v32);
					E00408AF8(0x66a450, _v32);
					_t187 =  *0x66a450;
					if( *0x66a450 == 0) {
						E00408AF8(0x66a450, 0x644194);
					}
				}
				E00643CA0(1, L"ProgramFilesDir", _t187); // executed
				E00408AF8(0x66a454, _v36);
				_t188 =  *0x66a454;
				if( *0x66a454 == 0) {
					_t174 =  *0x66a450; // 0x0
					E00409A18(0x66a454, L"\\Program Files", _t174);
				}
				E00643CA0(1, L"CommonFilesDir", _t188); // executed
				E00408AF8(0x66a458, _v40);
				if( *0x66a458 == 0) {
					_t112 =  *0x66a454; // 0x0
					E005AF4EC(_t112,  &_v44);
					E00409A18(0x66a458, L"Common Files", _v44);
				}
				_t190 =  *0x66a6e9;
				if( *0x66a6e9 != 0) {
					E00643CA0(2, L"ProgramFilesDir", _t190); // executed
					E00408AF8(0x66a45c, _v48);
					_t191 =  *0x66a45c;
					if( *0x66a45c == 0) {
						E005F8384(L"Failed to get path of 64-bit Program Files directory", _t128);
					}
					E00643CA0(2, L"CommonFilesDir", _t191); // executed
					E00408AF8(0x66a460, _v52);
					if( *0x66a460 == 0) {
						E005F8384(L"Failed to get path of 64-bit Common Files directory", _t128);
					}
				}
				if( *0x66a7b8 == 0) {
					L25:
					__eflags =  *0x66a6e8;
					if( *0x66a6e8 == 0) {
						_t65 =  *0x66a440; // 0x0
						E005AF4EC(_t65,  &_v60);
						E00409A18(0x66a470, L"COMMAND.COM", _v60); // executed
					} else {
						_t73 =  *0x66a444; // 0x0
						E005AF4EC(_t73,  &_v56);
						E00409A18(0x66a470, L"cmd.exe", _v56);
					}
					E00643D50(); // executed
					__eflags = 0;
					_pop(_t158);
					 *[fs:eax] = _t158;
					_push(E0064415D);
					return E00408778( &_v60, 0xd);
				} else {
					_t77 =  *0x66a6fc; // 0xa0042ee
					if(_t77 >> 0x10 < 0x600) {
						goto L25;
					} else {
						_t80 =  *0x66a7b8( &E0066213C, 0x8000, 0,  &_v8); // executed
						if(_t80 != 0) {
							_t82 =  *0x66a7b8(0x66214c, 0x8000, 0,  &_v8); // executed
							__eflags = _t82;
							if(_t82 != 0) {
								_t84 =  *0x66a7b8(0x66215c, 0x8000, 0,  &_v8); // executed
								__eflags = _t84;
								if(_t84 != 0) {
									goto L25;
								} else {
									_push(_t182);
									_push(0x6440e6);
									_push( *[fs:eax]);
									 *[fs:eax] = _t183;
									E0040AC08();
									__eflags = 0;
									_pop(_t163);
									 *[fs:eax] = _t163;
									_push(E006440ED);
									_t89 = _v8;
									_push(_t89);
									L00437600();
									return _t89;
								}
							} else {
								_push(_t182);
								_push(0x644093);
								_push( *[fs:eax]);
								 *[fs:eax] = _t183;
								E0040AC08();
								__eflags = 0;
								_pop(_t165);
								 *[fs:eax] = _t165;
								_push(E0064409A);
								_t94 = _v8;
								_push(_t94);
								L00437600();
								return _t94;
							}
						} else {
							_push(_t182);
							_push(0x644040);
							_push( *[fs:eax]);
							 *[fs:eax] = _t183;
							E0040AC08();
							_pop(_t167);
							 *[fs:eax] = _t167;
							_push(E00644047);
							_t99 = _v8;
							_push(_t99);
							L00437600();
							return _t99;
						}
					}
				}
			}

0x00643e0c
0x00643e0d
0x00643e0f
0x00643e14
0x00643e14
0x00643e16
0x00643e18
0x00643e18
0x00643e18
0x00643e1d
0x00643e1e
0x00643e23
0x00643e26
0x00643e2c
0x00643e39
0x00643e41
0x00643e4e
0x00643e56
0x00643e63
0x00643e72
0x00643e7f
0x00643e84
0x00643e89
0x00643e8c
0x00643eaf
0x00643e8e
0x00643e96
0x00643ea3
0x00643ea3
0x00643ebb
0x00643ec0
0x00643ec5
0x00643ed2
0x00643ed7
0x00643ede
0x00643eea
0x00643eea
0x00643ede
0x00643ef9
0x00643f06
0x00643f0b
0x00643f12
0x00643f1e
0x00643f24
0x00643f24
0x00643f33
0x00643f40
0x00643f4c
0x00643f51
0x00643f56
0x00643f68
0x00643f68
0x00643f6d
0x00643f74
0x00643f80
0x00643f8d
0x00643f92
0x00643f99
0x00643fa0
0x00643fa0
0x00643faf
0x00643fbc
0x00643fc8
0x00643fcf
0x00643fcf
0x00643fc8
0x00643fdb
0x006440ed
0x006440ed
0x006440f4
0x0064411a
0x0064411f
0x00644131
0x006440f6
0x006440f9
0x006440fe
0x00644110
0x00644110
0x00644136
0x0064413b
0x0064413d
0x00644140
0x00644143
0x00644155
0x00643fe1
0x00643fe1
0x00643fee
0x00000000
0x00643ff4
0x00644004
0x0064400c
0x00644057
0x0064405d
0x0064405f
0x006440aa
0x006440b0
0x006440b2
0x00000000
0x006440b4
0x006440b6
0x006440b7
0x006440bc
0x006440bf
0x006440ca
0x006440cf
0x006440d1
0x006440d4
0x006440d7
0x006440dc
0x006440df
0x006440e0
0x006440e5
0x006440e5
0x00644061
0x00644063
0x00644064
0x00644069
0x0064406c
0x00644077
0x0064407c
0x0064407e
0x00644081
0x00644084
0x00644089
0x0064408c
0x0064408d
0x00644092
0x00644092
0x0064400e
0x00644010
0x00644011
0x00644016
0x00644019
0x00644024
0x0064402b
0x0064402e
0x00644031
0x00644036
0x00644039
0x0064403a
0x0064403f
0x0064403f
0x0064400c
0x00643fee

APIs

SHGetKnownFolderPath.SHELL32(0066213C,00008000,00000000,?,00000000,00644156,?,00000000,00000000,?,0064F4D6,00000006,?,00000000,0064FAA0), ref: 00644004
CoTaskMemFree.OLE32(?,00644047,?,00000000,00000000,?,0064F4D6,00000006,?,00000000,0064FAA0,?,00000000,0064FB5F), ref: 0064403A
SHGetKnownFolderPath.SHELL32(0066214C,00008000,00000000,?,?,00000000,00000000,?,0064F4D6,00000006,?,00000000,0064FAA0,?,00000000,0064FB5F), ref: 00644057
CoTaskMemFree.OLE32(?,0064409A,?,00000000,00000000,?,0064F4D6,00000006,?,00000000,0064FAA0,?,00000000,0064FB5F), ref: 0064408D

Strings

\Program Files, xrefs: 00643F19
SystemDrive, xrefs: 00643E91
ProgramFilesDir, xrefs: 00643EF2, 00643F79
cmd.exe, xrefs: 0064410B
Failed to get path of 64-bit Common Files directory, xrefs: 00643FCA
CommonFilesDir, xrefs: 00643F2C, 00643FA8
COMMAND.COM, xrefs: 0064412C
Common Files, xrefs: 00643F63
Failed to get path of 64-bit Program Files directory, xrefs: 00643F9B

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FolderFreeKnownPathTask
String ID: COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
API String ID: 969438705-544719455
Opcode ID: 3f67b0ab585c592a5fd1e5f8816e794bfdf475008f58b854505cf096dff99742
Instruction ID: dd5fc3daa821dda1b6518f9a5080d1dcac5ab9c80f6433aa49f69c11db3ec318
Opcode Fuzzy Hash: 3f67b0ab585c592a5fd1e5f8816e794bfdf475008f58b854505cf096dff99742
Instruction Fuzzy Hash: 7A8167346002459BDB10EFE4DC46BAE7BA7EB84704F60542AE400B7792CEB8AD55CF66

Uniqueness

Uniqueness Score: -1.00%

Function 0040ECE0, Relevance: 13.8, APIs: 9, Instructions: 258
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 67%

			E0040ECE0(void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				long _v8;
				signed int _v12;
				long _v16;
				void* _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				struct HINSTANCE__** _v48;
				CHAR* _v52;
				void _v56;
				long _v60;
				_Unknown_base(*)()* _v64;
				struct HINSTANCE__* _v68;
				CHAR* _v72;
				signed int _v76;
				CHAR* _v80;
				intOrPtr* _v84;
				void* _v88;
				void _v92;
				signed int _t104;
				signed int _t106;
				signed int _t108;
				long _t113;
				intOrPtr* _t119;
				void* _t124;
				void _t126;
				long _t128;
				struct HINSTANCE__* _t133;
				struct HINSTANCE__* _t142;
				long _t166;
				signed int* _t190;
				_Unknown_base(*)()* _t191;
				void* _t194;
				intOrPtr _t196;

				_push(_a4);
				memcpy( &_v56, 0x65dc48, 8 << 2);
				_pop(_t194);
				_v56 =  *0x65dc48;
				_v52 = E0040F190( *0x0065DC4C);
				_v48 = E0040F1A0( *0x0065DC50);
				_v44 = E0040F1B0( *0x0065DC54);
				_v40 = E0040F1C0( *0x0065DC58);
				_v36 = E0040F1C0( *0x0065DC5C);
				_v32 = E0040F1C0( *0x0065DC60);
				_v28 =  *0x0065DC64;
				memcpy( &_v92, 0x65dc68, 9 << 2);
				_t196 = _t194;
				_v88 = 0x65dc68;
				_v84 = _a8;
				_v80 = _v52;
				if((_v56 & 0x00000001) == 0) {
					_t166 =  *0x65dc8c; // 0x0
					_v8 = _t166;
					_v8 =  &_v92;
					RaiseException(0xc06d0057, 0, 1,  &_v8);
					return 0;
				}
				_t104 = _a8 - _v44;
				_t142 =  *_v48;
				if(_t104 < 0) {
					_t104 = _t104 + 3;
				}
				_v12 = _t104 >> 2;
				_t106 = _v12;
				_t190 = (_t106 << 2) + _v40;
				_t108 = (_t106 & 0xffffff00 | (_t190[0] & 0x00000080) == 0x00000000) & 0x00000001;
				_v76 = _t108;
				if(_t108 == 0) {
					_v72 =  *_t190 & 0x0000ffff;
				} else {
					_v72 = E0040F1D0( *_t190) + 2;
				}
				_t191 = 0;
				if( *0x666640 == 0) {
					L10:
					if(_t142 != 0) {
						L25:
						_v68 = _t142;
						if( *0x666640 != 0) {
							_t191 =  *0x666640(2,  &_v92);
						}
						if(_t191 != 0) {
							L36:
							if(_t191 == 0) {
								_v60 = GetLastError();
								if( *0x666644 != 0) {
									_t191 =  *0x666644(4,  &_v92);
								}
								if(_t191 == 0) {
									_t113 =  *0x65dc94; // 0x0
									_v24 = _t113;
									_v24 =  &_v92;
									RaiseException(0xc06d007f, 0, 1,  &_v24);
									_t191 = _v64;
								}
							}
							goto L41;
						} else {
							if( *((intOrPtr*)(_t196 + 0x14)) == 0 ||  *((intOrPtr*)(_t196 + 0x1c)) == 0) {
								L35:
								_t191 = GetProcAddress(_t142, _v72);
								goto L36;
							} else {
								_t119 =  *((intOrPtr*)(_t142 + 0x3c)) + _t142;
								if( *_t119 != 0x4550 ||  *((intOrPtr*)(_t119 + 8)) != _v28 || (( *(_t119 + 0x34) & 0xffffff00 |  *(_t119 + 0x34) == _t142) & 0x00000001) == 0) {
									goto L35;
								} else {
									_t191 =  *((intOrPtr*)(_v36 + _v12 * 4));
									if(_t191 == 0) {
										goto L35;
									}
									L41:
									 *_a8 = _t191;
									goto L42;
								}
							}
						}
					}
					if( *0x666640 != 0) {
						_t142 =  *0x666640(1,  &_v92);
					}
					if(_t142 == 0) {
						_t133 = LoadLibraryA(_v80); // executed
						_t142 = _t133;
					}
					if(_t142 != 0) {
						L20:
						if(_t142 == E0040E668(_v48, _t142)) {
							FreeLibrary(_t142);
						} else {
							if( *((intOrPtr*)(_t196 + 0x18)) != 0) {
								_t124 = LocalAlloc(0x40, 8);
								_v20 = _t124;
								if(_t124 != 0) {
									 *((intOrPtr*)(_v20 + 4)) = _t196;
									_t126 =  *0x65dc44; // 0x0
									 *_v20 = _t126;
									 *0x65dc44 = _v20;
								}
							}
						}
						goto L25;
					} else {
						_v60 = GetLastError();
						if( *0x666644 != 0) {
							_t142 =  *0x666644(3,  &_v92);
						}
						if(_t142 != 0) {
							goto L20;
						} else {
							_t128 =  *0x65dc90; // 0x0
							_v16 = _t128;
							_v16 =  &_v92;
							RaiseException(0xc06d007e, 0, 1,  &_v16);
							return _v64;
						}
					}
				} else {
					_t191 =  *0x666640(0,  &_v92);
					if(_t191 == 0) {
						goto L10;
					} else {
						L42:
						if( *0x666640 != 0) {
							_v60 = 0;
							_v68 = _t142;
							_v64 = _t191;
							 *0x666640(5,  &_v92);
						}
						return _t191;
					}
				}
			}

0x0040ecf4
0x0040ecfa
0x0040ecfc
0x0040ecff
0x0040ed0c
0x0040ed19
0x0040ed26
0x0040ed33
0x0040ed40
0x0040ed4d
0x0040ed56
0x0040ed64
0x0040ed66
0x0040ed67
0x0040ed6d
0x0040ed73
0x0040ed7a
0x0040ed7c
0x0040ed82
0x0040ed88
0x0040ed98
0x00000000
0x0040ed9d
0x0040edaa
0x0040edaf
0x0040edb1
0x0040edb3
0x0040edb3
0x0040edb9
0x0040edbc
0x0040edc4
0x0040edce
0x0040edd1
0x0040edd6
0x0040edf1
0x0040edd8
0x0040ede4
0x0040ede4
0x0040edf4
0x0040edfd
0x0040ee16
0x0040ee18
0x0040eeda
0x0040eeda
0x0040eee4
0x0040eef2
0x0040eef2
0x0040eef6
0x0040ef43
0x0040ef45
0x0040ef4c
0x0040ef56
0x0040ef64
0x0040ef64
0x0040ef68
0x0040ef6a
0x0040ef6f
0x0040ef75
0x0040ef85
0x0040ef8a
0x0040ef8a
0x0040ef68
0x00000000
0x0040eef8
0x0040eefc
0x0040ef37
0x0040ef41
0x00000000
0x0040ef04
0x0040ef07
0x0040ef0f
0x00000000
0x0040ef28
0x0040ef2e
0x0040ef33
0x00000000
0x00000000
0x0040ef8d
0x0040ef90
0x00000000
0x0040ef90
0x0040ef0f
0x0040eefc
0x0040eef6
0x0040ee25
0x0040ee33
0x0040ee33
0x0040ee37
0x0040ee3d
0x0040ee42
0x0040ee42
0x0040ee46
0x0040ee93
0x0040ee9f
0x0040eed5
0x0040eea1
0x0040eea5
0x0040eeab
0x0040eeb0
0x0040eeb5
0x0040eebc
0x0040eec2
0x0040eec7
0x0040eecc
0x0040eecc
0x0040eeb5
0x0040eea5
0x00000000
0x0040ee48
0x0040ee4d
0x0040ee57
0x0040ee65
0x0040ee65
0x0040ee69
0x00000000
0x0040ee6b
0x0040ee6b
0x0040ee70
0x0040ee76
0x0040ee86
0x00000000
0x0040ee8b
0x0040ee69
0x0040edff
0x0040ee0b
0x0040ee0f
0x00000000
0x0040ee11
0x0040ef92
0x0040ef99
0x0040ef9d
0x0040efa0
0x0040efa3
0x0040efac
0x0040efac
0x00000000
0x0040efb2
0x0040ee0f

APIs

RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0040ED98

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 0131bb6f4bf6ac21f78f47823529200e1901dc9922ec713df894e1c5e605832a
Instruction ID: cd001386452772e2c75b779800f34ee5931b09e5688723dba0fed7fba417085c
Opcode Fuzzy Hash: 0131bb6f4bf6ac21f78f47823529200e1901dc9922ec713df894e1c5e605832a
Instruction Fuzzy Hash: 69A17F75900209EFDB24DFA5D880BAEB7B5BF58300F10893AE505B73C0D7B8A945CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0064449C, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 102
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 77%

			E0064449C(long __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char* _t40;
				intOrPtr _t41;
				int _t47;
				intOrPtr _t77;
				void* _t80;
				intOrPtr _t81;
				intOrPtr _t94;
				intOrPtr _t107;
				intOrPtr _t108;

				_t105 = __esi;
				_t104 = __edi;
				_t79 = __ebx;
				_t107 = _t108;
				_t80 = 6;
				do {
					_push(0);
					_push(0);
					_t80 = _t80 - 1;
				} while (_t80 != 0);
				_push(_t80);
				_push(__ebx);
				_push(_t107);
				_push(0x6445ee);
				_push( *[fs:eax]);
				 *[fs:eax] = _t108;
				E005F8B78( &_v20, __ebx, __edx, __edi, __esi); // executed
				E00408AF8(0x66a43c, _v20);
				_t81 =  *0x66a43c; // 0x0
				E00409A18( &_v24, _t81, L"Created temporary directory: ");
				E006013D8(_v24, _t79, __edi, __esi);
				_t40 =  *0x66288c; // 0x66a288
				if( *_t40 != 0) {
					_t77 =  *0x66a43c; // 0x0
					E00600AE4(_t77);
				}
				_t41 =  *0x66a43c; // 0x0
				E005AF4EC(_t41,  &_v28);
				E00409A18( &_v8, L"_isetup", _v28);
				_t47 = CreateDirectoryW(E004097C8(_v8), 0); // executed
				if(_t47 == 0) {
					_t79 = GetLastError();
					E005B8018(0x3b,  &_v48, _v8);
					_v44 = _v48;
					E00420678( &_v52, _t61, 0);
					_v40 = _v52;
					E005B1AE4(_t79,  &_v56);
					_v36 = _v56;
					E005B7FE8(0x70, 2,  &_v44,  &_v32);
					E0042648C(_v32, 1);
					E00407E14();
				}
				E0061A564( &_v12);
				_t113 = _v12;
				if(_v12 != 0) {
					E00409A18( &_v16, L"\\_setup64.tmp", _v8);
					E00644444(_v12, _t79, _v16, _t104, _t105, _t113); // executed
					E0061A5BC(_v16);
				}
				_pop(_t94);
				 *[fs:eax] = _t94;
				_push(E006445F5);
				E00408778( &_v56, 3);
				return E00408778( &_v32, 7);
			}

0x0064449c
0x0064449c
0x0064449c
0x0064449d
0x0064449f
0x006444a4
0x006444a4
0x006444a6
0x006444a8
0x006444a8
0x006444ab
0x006444ac
0x006444af
0x006444b0
0x006444b5
0x006444b8
0x006444be
0x006444cb
0x006444d3
0x006444de
0x006444e6
0x006444eb
0x006444f3
0x006444f5
0x006444fa
0x006444fa
0x00644502
0x00644507
0x00644517
0x00644527
0x0064452e
0x00644535
0x00644543
0x0064454b
0x00644557
0x0064455f
0x00644567
0x0064456f
0x0064457c
0x0064458b
0x00644590
0x00644590
0x00644598
0x0064459d
0x006445a1
0x006445ae
0x006445b9
0x006445c1
0x006445c1
0x006445c8
0x006445cb
0x006445ce
0x006445db
0x006445ed

APIs

CreateDirectoryW.KERNEL32(00000000,00000000,00000000,006445EE,?,?,00000005,00000000,00000000,?,00650C25,00000000,00650DD8,?,00000000,00650E3C), ref: 00644527
GetLastError.KERNEL32(00000000,00000000,00000000,006445EE,?,?,00000005,00000000,00000000,?,00650C25,00000000,00650DD8,?,00000000,00650E3C), ref: 00644530

Strings

\_setup64.tmp, xrefs: 006445A6
_isetup, xrefs: 00644512
Created temporary directory: , xrefs: 006444D9

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID: Created temporary directory: $\_setup64.tmp$_isetup
API String ID: 1375471231-2952887711
Opcode ID: a8f62ce5eb039f3907bc514e1fdee8d6fbfa388192a52336e32ad5df10fdc3b8
Instruction ID: 8551b8634482954e3fd0c2332de757f57d69561d22e1e83ac04cf94fc86de4b6
Opcode Fuzzy Hash: a8f62ce5eb039f3907bc514e1fdee8d6fbfa388192a52336e32ad5df10fdc3b8
Instruction Fuzzy Hash: 29411074A001099BDB04EFA5D886ADEB7B7EF89304F50417AF400B7392DE74AE05CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0065C4A4, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 62%

			_entry_() {
				intOrPtr* _t10;
				signed int _t13;
				intOrPtr _t19;
				intOrPtr* _t20;
				intOrPtr* _t25;
				intOrPtr* _t28;
				intOrPtr* _t32;
				intOrPtr _t33;
				intOrPtr* _t58;
				void* _t62;
				intOrPtr* _t73;
				intOrPtr _t76;
				intOrPtr _t78;
				intOrPtr _t80;
				intOrPtr _t81;
				intOrPtr _t82;
				void* _t83;
				void* _t85;
				intOrPtr* _t87;
				intOrPtr _t88;
				void* _t89;
				intOrPtr _t91;
				void* _t92;

				E0040EC94(0x651408);
				_t10 =  *0x662788; // 0x66978c
				_t13 = GetWindowLongW( *( *_t10 + 0x188), 0xffffffec);
				_t73 =  *0x662788; // 0x66978c
				SetWindowLongW( *( *_t73 + 0x188), 0xffffffec, _t13 & 0xffffff7f); // executed
				_push(_t87);
				_push(0x65c528);
				_push( *[fs:eax]);
				 *[fs:eax] = _t88;
				SetErrorMode(1); // executed
				E00651170(_t89);
				_t19 =  *0x651030; // 0x651088
				_t20 =  *0x662788; // 0x66978c
				E005A2F2C( *_t20, E006510C8, _t19);
				E006511E0(_t62, _t83, _t85, _t89, _t92);
				_pop(_t76);
				 *[fs:eax] = _t76;
				_t25 =  *0x662788; // 0x66978c
				E005A2A3C( *_t25, L"Setup", _t89);
				_t28 =  *0x662788; // 0x66978c
				ShowWindow( *( *_t28 + 0x188), 5);
				_t32 =  *0x662788; // 0x66978c
				_t33 =  *_t32;
				_t78 =  *0x63eb6c; // 0x63ebc4
				 *((intOrPtr*)(_t33 + 0x10c)) = _t78;
				 *((intOrPtr*)(_t33 + 0x108)) = 0x64b418;
				_push(_t87);
				_push(0x65c5d1);
				_push( *[fs:eax]);
				 *[fs:eax] = _t88;
				E005A3008(); // executed
				L00648490(_t62, _t83, _t85, _t92);
				L005A3020( *((intOrPtr*)( *0x662788)), _t62,  *0x6623c4,  *0x63eb6c, _t83, _t85);
				L0064B5E8(_t89, _t92);
				_pop(_t80);
				 *[fs:eax] = _t80;
				_push(_t87);
				_push(0x65c654);
				_push( *[fs:eax]);
				 *[fs:eax] = _t88;
				L005A317C( *((intOrPtr*)( *0x662788)), _t62, _t83, _t85);
				_pop(_t81);
				 *[fs:eax] = _t81;
				_push(_t87);
				_push(0x65c68b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t88;
				L0064A534( *0x6625b8 & 0xffffff00 |  *( *0x6625b8) == 0x00000000, _t62, _t83, _t85,  *( *0x6625b8));
				_pop(_t82);
				 *[fs:eax] = _t82;
				_t58 = E00408578( *( *0x6625b8));
				E00408448();
				 *_t58 =  *_t58 + _t58;
				asm("invalid");
				asm("invalid");
				 *_t87 =  *_t87 + 4 +  *4 + 0x53000000;
				_t91 =  *_t87;
				if (_t91 == 0) goto L5;
				if (_t91 != 0) goto L6;
				if (_t91 < 0) goto 0x65c6c6;
			}

0x0065c4b2
0x0065c4b7
0x0065c4c7
0x0065c4cc
0x0065c4e3
0x0065c4ea
0x0065c4eb
0x0065c4f0
0x0065c4f3
0x0065c4f8
0x0065c4fd
0x0065c502
0x0065c50d
0x0065c514
0x0065c519
0x0065c520
0x0065c523
0x0065c541
0x0065c54d
0x0065c554
0x0065c562
0x0065c567
0x0065c56c
0x0065c56e
0x0065c574
0x0065c57a
0x0065c586
0x0065c587
0x0065c58c
0x0065c58f
0x0065c599
0x0065c59e
0x0065c5b6
0x0065c5c2
0x0065c5c9
0x0065c5cc
0x0065c632
0x0065c633
0x0065c638
0x0065c63b
0x0065c645
0x0065c64c
0x0065c64f
0x0065c665
0x0065c666
0x0065c66b
0x0065c66e
0x0065c67c
0x0065c683
0x0065c686
0x0065c6a1
0x0065c6a9
0x0065c6ae
0x0065c6b4
0x0065c6b6
0x0065c6bd
0x0065c6bd
0x0065c6c0
0x0065c6c2
0x0065c6c4

APIs

Part of subcall function 0040EC94: GetModuleHandleW.KERNEL32(00000000,?,0065C4B7), ref: 0040ECA0

GetWindowLongW.USER32(?,000000EC), ref: 0065C4C7
SetWindowLongW.USER32 ref: 0065C4E3
SetErrorMode.KERNEL32(00000001,00000000,0065C528,?,?,000000EC,00000000), ref: 0065C4F8

Part of subcall function 00651170: GetModuleHandleW.KERNEL32(user32.dll,DisableProcessWindowsGhosting,0065C502,00000001,00000000,0065C528,?,?,000000EC,00000000), ref: 0065117A

Part of subcall function 005A2F2C: SendMessageW.USER32(?,0000B020,00000000,?), ref: 005A2F51

Part of subcall function 005A2A3C: SetWindowTextW.USER32(?,00000000), ref: 005A2A6D

ShowWindow.USER32(?,00000005,00000000,0065C528,?,?,000000EC,00000000), ref: 0065C562

Strings

Setup, xrefs: 0065C548

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Window$HandleLongModule$ErrorMessageModeSendShowText
String ID: Setup
API String ID: 1533765661-3839654196
Opcode ID: 0a881a7110e0c17008ab3f16e54b6baf2bcead1a214855e9bc656ce4e175787d
Instruction ID: 1b4fd68c5f12b7e95b75c71ee5b84b9948103f9578c114e64c2b51bfeab17fc8
Opcode Fuzzy Hash: 0a881a7110e0c17008ab3f16e54b6baf2bcead1a214855e9bc656ce4e175787d
Instruction Fuzzy Hash: 63218134204B02AFC300EF69DC96D567BEAFB4B360B1155B5F900CB7B1DAB4A850CB64

Uniqueness

Uniqueness Score: -1.00%

Function 00408448, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 86%

			E00408448() {
				void* _t20;
				void* _t23;
				intOrPtr _t31;
				intOrPtr* _t33;
				void* _t46;
				struct HINSTANCE__* _t49;
				void* _t56;

				if( *0x65d004 != 0) {
					E00408328();
					E004083B0(_t46);
					 *0x65d004 = 0;
				}
				if( *0x665bd0 != 0 && GetCurrentThreadId() ==  *0x665bf8) {
					E00408080(0x665bcc);
					E00408384(0x665bcc);
				}
				if( *0x00665BC4 != 0 ||  *0x663058 == 0) {
					L8:
					if( *((char*)(0x665bc4)) == 2 &&  *0x65d000 == 0) {
						 *0x00665BA8 = 0;
					}
					if( *((char*)(0x665bc4)) != 0) {
						L14:
						E004080A8(); // executed
						if( *((char*)(0x665bc4)) <= 1 ||  *0x65d000 != 0) {
							_t15 =  *0x00665BAC;
							if( *0x00665BAC != 0) {
								E0040CD84(_t15);
								_t31 =  *((intOrPtr*)(0x665bac));
								_t8 = _t31 + 0x10; // 0x400000
								_t49 =  *_t8;
								_t9 = _t31 + 4; // 0x400000
								if(_t49 !=  *_t9 && _t49 != 0) {
									FreeLibrary(_t49);
								}
							}
						}
						E00408080(0x665b9c);
						if( *((char*)(0x665bc4)) == 1) {
							 *0x00665BC0();
						}
						if( *((char*)(0x665bc4)) != 0) {
							E00408384(0x665b9c);
						}
						if( *0x665b9c == 0) {
							if( *0x663038 != 0) {
								 *0x663038();
							}
							ExitProcess( *0x65d000); // executed
						}
						memcpy(0x665b9c,  *0x665b9c, 0xc << 2);
						_t56 = _t56 + 0xc;
						0x65d000 = 0x65d000;
						0x665b9c = 0x665b9c;
						goto L8;
					} else {
						_t20 = E00405554();
						_t44 = _t20;
						if(_t20 == 0) {
							goto L14;
						} else {
							goto L13;
						}
						do {
							L13:
							E004069C8(_t44);
							_t23 = E00405554();
							_t44 = _t23;
						} while (_t23 != 0);
						goto L14;
					}
				} else {
					do {
						_t33 =  *0x663058; // 0x0
						 *0x663058 = 0;
						 *_t33();
					} while ( *0x663058 != 0);
					L8:
					while(1) {
					}
				}
			}

0x0040845c
0x0040845e
0x00408463
0x0040846a
0x0040846a
0x00408476
0x0040848a
0x00408494
0x00408494
0x0040849d
0x004084c1
0x004084c5
0x004084ce
0x004084ce
0x004084d5
0x004084f4
0x004084f4
0x004084fd
0x00408504
0x00408509
0x0040850b
0x00408510
0x00408513
0x00408513
0x00408516
0x00408519
0x00408520
0x00408520
0x00408519
0x00408509
0x00408527
0x00408530
0x00408532
0x00408532
0x00408539
0x0040853d
0x0040853d
0x00408545
0x0040854e
0x00408550
0x00408550
0x00408559
0x00408559
0x0040856b
0x0040856b
0x0040856d
0x0040856e
0x00000000
0x004084d7
0x004084d7
0x004084dc
0x004084e0
0x00000000
0x00000000
0x00000000
0x00000000
0x004084e2
0x004084e2
0x004084e4
0x004084e9
0x004084ee
0x004084f0
0x00000000
0x004084e2
0x004084a8
0x004084a8
0x004084a8
0x004084b1
0x004084b6
0x004084b8
0x00000000
0x004084c1
0x00000000
0x004084c1

APIs

GetCurrentThreadId.KERNEL32 ref: 00408478
FreeLibrary.KERNEL32(00400000,?,?,?,00408582,0040559F,004055E6,?,?,004055FF,?,?,?,?,004AEA4A,00000000), ref: 00408520
ExitProcess.KERNEL32(00000000,?,?,?,00408582,0040559F,004055E6,?,?,004055FF,?,?,?,?,004AEA4A,00000000), ref: 00408559

Part of subcall function 004083B0: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00408468,?,?,?,00408582,0040559F,004055E6,?,?,004055FF), ref: 004083E9
Part of subcall function 004083B0: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00408468,?,?,?,00408582,0040559F,004055E6,?,?), ref: 004083EF
Part of subcall function 004083B0: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00408468,?,?,?), ref: 0040840A
Part of subcall function 004083B0: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00408468,?,?), ref: 00408410

Strings

MZP, xrefs: 0040851F

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
String ID: MZP
API String ID: 3490077880-2889622443
Opcode ID: 02671067a9e4faa4c4ef0c48325b36d3f6a391be7f9f103029c652284dc7f453
Instruction ID: 6e86effb89f8e009d7e757b13ee86b104eb8c965ec58696a4da047f41ff73a4b
Opcode Fuzzy Hash: 02671067a9e4faa4c4ef0c48325b36d3f6a391be7f9f103029c652284dc7f453
Instruction Fuzzy Hash: 5D315C70600792ABDB70AB6A8A8571B7AE55B14324F14053FE4C5A23D2EFBCD8C8C71D

Uniqueness

Uniqueness Score: -1.00%

Function 00408440, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 86%

			E00408440() {
				intOrPtr* _t14;
				void* _t23;
				void* _t26;
				intOrPtr _t34;
				intOrPtr* _t36;
				void* _t50;
				struct HINSTANCE__* _t53;
				void* _t62;

				 *((intOrPtr*)(_t14 +  *_t14)) =  *((intOrPtr*)(_t14 +  *_t14)) + _t14 +  *_t14;
				if( *0x65d004 != 0) {
					E00408328();
					E004083B0(_t50);
					 *0x65d004 = 0;
				}
				if( *0x665bd0 != 0 && GetCurrentThreadId() ==  *0x665bf8) {
					E00408080(0x665bcc);
					E00408384(0x665bcc);
				}
				if( *0x00665BC4 != 0 ||  *0x663058 == 0) {
					L9:
					if( *((char*)(0x665bc4)) == 2 &&  *0x65d000 == 0) {
						 *0x00665BA8 = 0;
					}
					if( *((char*)(0x665bc4)) != 0) {
						L15:
						E004080A8(); // executed
						if( *((char*)(0x665bc4)) <= 1 ||  *0x65d000 != 0) {
							_t18 =  *0x00665BAC;
							if( *0x00665BAC != 0) {
								E0040CD84(_t18);
								_t34 =  *((intOrPtr*)(0x665bac));
								_t8 = _t34 + 0x10; // 0x400000
								_t53 =  *_t8;
								_t9 = _t34 + 4; // 0x400000
								if(_t53 !=  *_t9 && _t53 != 0) {
									FreeLibrary(_t53);
								}
							}
						}
						E00408080(0x665b9c);
						if( *((char*)(0x665bc4)) == 1) {
							 *0x00665BC0();
						}
						if( *((char*)(0x665bc4)) != 0) {
							E00408384(0x665b9c);
						}
						if( *0x665b9c == 0) {
							if( *0x663038 != 0) {
								 *0x663038();
							}
							ExitProcess( *0x65d000); // executed
						}
						memcpy(0x665b9c,  *0x665b9c, 0xc << 2);
						_t62 = _t62 + 0xc;
						0x65d000 = 0x65d000;
						0x665b9c = 0x665b9c;
						goto L9;
					} else {
						_t23 = E00405554();
						_t48 = _t23;
						if(_t23 == 0) {
							goto L15;
						} else {
							goto L14;
						}
						do {
							L14:
							E004069C8(_t48);
							_t26 = E00405554();
							_t48 = _t26;
						} while (_t26 != 0);
						goto L15;
					}
				} else {
					do {
						_t36 =  *0x663058; // 0x0
						 *0x663058 = 0;
						 *_t36();
					} while ( *0x663058 != 0);
					L9:
					while(1) {
					}
				}
			}

0x00408442
0x0040845c
0x0040845e
0x00408463
0x0040846a
0x0040846a
0x00408476
0x0040848a
0x00408494
0x00408494
0x0040849d
0x004084c1
0x004084c5
0x004084ce
0x004084ce
0x004084d5
0x004084f4
0x004084f4
0x004084fd
0x00408504
0x00408509
0x0040850b
0x00408510
0x00408513
0x00408513
0x00408516
0x00408519
0x00408520
0x00408520
0x00408519
0x00408509
0x00408527
0x00408530
0x00408532
0x00408532
0x00408539
0x0040853d
0x0040853d
0x00408545
0x0040854e
0x00408550
0x00408550
0x00408559
0x00408559
0x0040856b
0x0040856b
0x0040856d
0x0040856e
0x00000000
0x004084d7
0x004084d7
0x004084dc
0x004084e0
0x00000000
0x00000000
0x00000000
0x00000000
0x004084e2
0x004084e2
0x004084e4
0x004084e9
0x004084ee
0x004084f0
0x00000000
0x004084e2
0x004084a8
0x004084a8
0x004084a8
0x004084b1
0x004084b6
0x004084b8
0x00000000
0x004084c1
0x00000000
0x004084c1

APIs

GetCurrentThreadId.KERNEL32 ref: 00408478
FreeLibrary.KERNEL32(00400000,?,?,?,00408582,0040559F,004055E6,?,?,004055FF,?,?,?,?,004AEA4A,00000000), ref: 00408520
ExitProcess.KERNEL32(00000000,?,?,?,00408582,0040559F,004055E6,?,?,004055FF,?,?,?,?,004AEA4A,00000000), ref: 00408559

Part of subcall function 004083B0: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00408468,?,?,?,00408582,0040559F,004055E6,?,?,004055FF), ref: 004083E9
Part of subcall function 004083B0: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00408468,?,?,?,00408582,0040559F,004055E6,?,?), ref: 004083EF
Part of subcall function 004083B0: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00408468,?,?,?), ref: 0040840A
Part of subcall function 004083B0: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00408468,?,?), ref: 00408410

Strings

MZP, xrefs: 0040851F

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
String ID: MZP
API String ID: 3490077880-2889622443
Opcode ID: f1eea532717a8785bf2e22aca56b31da26381d8a405adf2d926d8f734a6a04ee
Instruction ID: f0391e6f4677a750c512b2e25c7f44e6615565bb60577621205c5c942f882474
Opcode Fuzzy Hash: f1eea532717a8785bf2e22aca56b31da26381d8a405adf2d926d8f734a6a04ee
Instruction Fuzzy Hash: D9316970600792AADB71AB7A8A853177BE55B14314F14083FE4C5A62D2EFBCD8C8CB1D

Uniqueness

Uniqueness Score: -1.00%

Function 00407A7E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 63%

			E00407A7E(void* __ebx, void* __edi, void* __esi, void* __ebp, struct _EXCEPTION_POINTERS _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				struct _EXCEPTION_RECORD* _t22;
				intOrPtr* _t25;
				long _t28;
				long _t30;
				long _t31;
				long _t32;
				void* _t33;
				void* _t38;
				long _t41;
				intOrPtr* _t43;
				intOrPtr _t44;
				void* _t45;
				void* _t47;
				void* _t48;
				intOrPtr _t50;

				_t48 = __ebp;
				_t47 = __esi;
				_t45 = __edi;
				_t33 = __ebx;
				_t22 = _a4.ExceptionRecord;
				if((_t22->ExceptionFlags & 0x00000006) == 0) {
					_t41 = _t22->ExceptionInformation[1];
					_t38 = _t22->ExceptionInformation;
					if(_t22->ExceptionCode == 0xeedfade) {
						L11:
						if( *0x65d031 <= 1 ||  *0x65d030 > 0) {
							goto L14;
						}
						_t28 = UnhandledExceptionFilter( &_a4);
						_t38 = _t38;
						_t41 = _t41;
						_t22 = _t22;
						if(_t28 != 0) {
							goto L14;
						}
					} else {
						asm("cld");
						E004068AC(_t22);
						_t43 =  *0x663018; // 0x0
						if(_t43 != 0) {
							_t30 =  *_t43();
							if(_t30 != 0) {
								_t44 = _a12;
								if(_a4.ExceptionRecord->ExceptionCode == 0xeefface) {
									L10:
									_t41 = _t30;
									_t22 = _a4.ExceptionRecord;
									_t38 = _t22->ExceptionAddress;
									goto L11;
								} else {
									_t30 = E00407998(_t30, _t44, __edi);
									if( *0x65d031 <= 0 ||  *0x65d030 > 0) {
										goto L10;
									} else {
										_t31 = UnhandledExceptionFilter( &_a4);
										_t32 = _t30;
										if(_t31 != 0) {
											_t41 = _t32;
											_t22 = _a4.ExceptionRecord;
											_t38 = _t22->ExceptionAddress;
											L14:
											_t22->ExceptionFlags = _t22->ExceptionFlags | 0x00000002;
											 *0x663020(_a8, "true", _t22, 0, _t38, _t41, _t22,  *[fs:ebx], _t48, _t45, _t47, _t33); // executed
											_t46 = _v8;
											_t25 = E0040E728();
											_push( *_t25);
											 *_t25 = _t50;
											 *((intOrPtr*)(_v8 + 4)) = E00407B84;
											E004079E8(_t25,  *((intOrPtr*)(_t46 + 4)) + 5, _t47);
											goto __ebx;
										}
									}
								}
							}
						}
					}
				}
				return 1;
			}

0x00407a7e
0x00407a7e
0x00407a7e
0x00407a7e
0x00407a80
0x00407a8b
0x00407a97
0x00407a9a
0x00407a9d
0x00407b0d
0x00407b14
0x00000000
0x00000000
0x00407b27
0x00407b2f
0x00407b30
0x00407b31
0x00407b32
0x00000000
0x00000000
0x00407a9f
0x00407a9f
0x00407aa0
0x00407aa5
0x00407aad
0x00407ab3
0x00407ab7
0x00407abd
0x00407acb
0x00407b04
0x00407b04
0x00407b06
0x00407b0a
0x00000000
0x00407acd
0x00407acd
0x00407ad9
0x00000000
0x00407ae4
0x00407aea
0x00407af2
0x00407af3
0x00407af9
0x00407afb
0x00407aff
0x00407b34
0x00407b34
0x00407b52
0x00407b58
0x00407b5c
0x00407b61
0x00407b67
0x00407b73
0x00407b7d
0x00407b82
0x00407b82
0x00407af3
0x00407ad9
0x00407acb
0x00407ab7
0x00407aad
0x00407a9d
0x00407ba9

APIs

UnhandledExceptionFilter.KERNEL32(00000006,00000000), ref: 00407AEA
UnhandledExceptionFilter.KERNEL32(?,?,?,Function_00007A80), ref: 00407B27
RtlUnwind.KERNEL32(?,?,Function_00007A80,00000000,?,?,Function_00007A80,?), ref: 00407B52

Strings

X7@, xrefs: 00407B52

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ExceptionFilterUnhandled$Unwind
String ID: X7@
API String ID: 1141220122-2067089342
Opcode ID: 4e76f160dc5569c9dc08984e290b1fe17e6ce4038eb59abc96a588822c57b00f
Instruction ID: b43bc4563ed2c5b4d44d4e312f14e91904ee98f66dbd2fd5bccfcfafe145c76a
Opcode Fuzzy Hash: 4e76f160dc5569c9dc08984e290b1fe17e6ce4038eb59abc96a588822c57b00f
Instruction Fuzzy Hash: B53141B0A08340AFE720EB15C985F27B7F9EB84718F1585AEE504972D1C778FC85C666

Uniqueness

Uniqueness Score: -1.00%

Function 004733A4, Relevance: 6.1, APIs: 4, Instructions: 59
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 92%

			E004733A4(intOrPtr _a4, short _a6, intOrPtr _a8) {
				struct _WNDCLASSW _v44;
				WCHAR* _t8;
				int _t10;
				void* _t11;
				struct HWND__* _t15;
				long _t17;
				WCHAR* _t20;
				struct HWND__* _t22;
				WCHAR* _t24;

				 *0x65f698 =  *0x666634;
				_t8 =  *0x65f6ac; // 0x473388
				_t10 = GetClassInfoW( *0x666634, _t8,  &_v44);
				asm("sbb eax, eax");
				_t11 = _t10 + 1;
				if(_t11 == 0 || L00412548 != _v44.lpfnWndProc) {
					if(_t11 != 0) {
						_t20 =  *0x65f6ac; // 0x473388
						UnregisterClassW(_t20,  *0x666634);
					}
					RegisterClassW(0x65f688);
				}
				_t24 =  *0x65f6ac; // 0x473388
				_t15 = E00412B68(0x80, _t24, 0,  *0x666634, 0, 0, 0, 0, 0, 0, 0x80000000); // executed
				_t22 = _t15;
				if(_a6 != 0) {
					_t17 = E00473208(_a4, _a8); // executed
					SetWindowLongW(_t22, 0xfffffffc, _t17);
				}
				return _t22;
			}

0x004733b0
0x004733b9
0x004733c5
0x004733cd
0x004733cf
0x004733d2
0x004733e0
0x004733e8
0x004733ee
0x004733ee
0x004733f8
0x004733f8
0x0047341b
0x00473426
0x0047342b
0x00473432
0x0047343a
0x00473443
0x00473443
0x0047344e

APIs

GetClassInfoW.USER32 ref: 004733C5
UnregisterClassW.USER32 ref: 004733EE
RegisterClassW.USER32 ref: 004733F8
SetWindowLongW.USER32 ref: 00473443

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Class$InfoLongRegisterUnregisterWindow
String ID:
API String ID: 4025006896-0
Opcode ID: 3a98c25768141e93f869b4bb84f70d06fa2252b0bc0cfd8c1a4d08ad4f5d40a1
Instruction ID: a8c172639951b3e6cb5da7468db87f3e5ba31e7f9e45713803e63bcfa106701e
Opcode Fuzzy Hash: 3a98c25768141e93f869b4bb84f70d06fa2252b0bc0cfd8c1a4d08ad4f5d40a1
Instruction Fuzzy Hash: 100188717001046BCB10FF68ED81FDB739AE718306F109226F908E73A1DABADD558759

Uniqueness

Uniqueness Score: -1.00%

Function 00644688, Relevance: 6.0, APIs: 4, Instructions: 34
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 86%

			E00644688(signed char __eax, void* __ecx, void* __edx, void* __eflags) {
				long _t7;
				void* _t9;
				void* _t14;
				void* _t15;
				signed char* _t16;

				_t17 = __eflags;
				_push(__ecx);
				_t14 = __ecx;
				_t15 = __edx;
				 *_t16 = __eax;
				while(1) {
					E005F77B4( *_t16 & 0x000000ff, _t15, _t17); // executed
					asm("sbb ebx, ebx");
					_t9 = _t9 + 1;
					if(_t9 != 0 || GetLastError() == 2 || GetLastError() == 3) {
						break;
					}
					_t7 = GetTickCount();
					_t17 = _t7 - _t14 - 0x7d0;
					if(_t7 - _t14 < 0x7d0) {
						Sleep(0x32);
						continue;
					}
					break;
				}
				return _t9;
			}

0x00644688
0x0064468b
0x0064468c
0x0064468e
0x00644690
0x00644693
0x00644699
0x006446a1
0x006446a3
0x006446a6
0x00000000
0x00000000
0x006446bc
0x006446c3
0x006446c8
0x006446cc
0x00000000
0x006446cc
0x00000000
0x006446c8
0x006446d9

APIs

GetLastError.KERNEL32 ref: 006446A8
GetLastError.KERNEL32 ref: 006446B2
GetTickCount.KERNEL32 ref: 006446BC
Sleep.KERNEL32(00000032), ref: 006446CC

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ErrorLast$CountSleepTick
String ID:
API String ID: 2227064392-0
Opcode ID: a0a6db6fb6c6cb808161394e6ac965a24c290f5475904e4fc10a443a6f1609f9
Instruction ID: 8c410b6b5025aaf122e9bdc0c1ce3c8724fef5309a0de07dabf959826b4bab6c
Opcode Fuzzy Hash: a0a6db6fb6c6cb808161394e6ac965a24c290f5475904e4fc10a443a6f1609f9
Instruction Fuzzy Hash: 40E0E57230C2410EA32032AE18866BE594BDA97394F35097BF180C1216CD088C968136

Uniqueness

Uniqueness Score: -1.00%

Function 00645F94, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 148
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00645F94(long __eax, void* __ecx, void* __fp0) {
				void* __ebx;
				void* __ebp;
				long _t23;
				intOrPtr _t24;
				intOrPtr _t28;
				intOrPtr _t43;
				intOrPtr _t48;
				intOrPtr _t53;
				intOrPtr _t58;
				intOrPtr* _t63;
				struct HWND__* _t66;
				int _t67;
				intOrPtr _t68;
				void* _t71;
				void* _t73;
				void* _t87;
				void* _t88;
				void* _t89;
				intOrPtr _t90;
				void* _t92;
				intOrPtr _t94;
				intOrPtr _t96;
				intOrPtr _t97;
				intOrPtr _t98;
				intOrPtr _t103;
				intOrPtr _t106;
				intOrPtr _t108;
				intOrPtr _t110;
				void* _t116;
				void* _t118;
				void* _t119;
				long _t120;
				void* _t121;
				void* _t137;

				_t137 = __fp0;
				_t89 = __ecx;
				_t23 = __eax;
				_t120 = __eax;
				_t121 = _t120 -  *0x662080; // 0x0
				if(_t121 == 0) {
					L28:
					return _t23;
				}
				_t24 =  *0x66a604; // 0x0
				_t87 = E0045FD1C(_t24, __eax);
				_t1 = _t87 + 0x18; // 0x18
				_t92 = E00408CCC(_t1);
				_t28 =  *((intOrPtr*)(_t87 + 0x18));
				if(_t28 != 0) {
					_t28 =  *((intOrPtr*)(_t28 - 4));
				}
				E005B810C(_t92, _t89, _t28);
				 *0x662080 = _t120;
				_t94 =  *0x5b5744; // 0x5b5748
				E0040A2F8(0x66a5c4, _t94);
				_t90 =  *0x5b5744; // 0x5b5748
				E0040A5C4(0x66a5c4, _t90, _t87, _t137);
				if( *0x66a5ec == 0x411 &&  *0x66a6fc < 0x5010000 && E005B14F4(L"MS PGothic", _t87) != 0) {
					E00408AF8(0x66a5d4, L"MS PGothic");
					 *0x66a5f8 = 0xc;
				}
				if( *((intOrPtr*)(_t87 + 0x1c)) == 0) {
					_t96 =  *0x66a50d; // 0x0
					E00408B94(0x66a650, _t96);
				} else {
					E00408B94(0x66a650,  *((intOrPtr*)(_t87 + 0x1c)));
				}
				if( *((intOrPtr*)(_t87 + 0x20)) == 0) {
					_t97 =  *0x66a511; // 0x0
					E00408B94(0x66a654, _t97);
				} else {
					E00408B94(0x66a654,  *((intOrPtr*)(_t87 + 0x20)));
				}
				_t129 =  *((intOrPtr*)(_t87 + 0x24));
				if( *((intOrPtr*)(_t87 + 0x24)) == 0) {
					_t98 =  *0x66a515; // 0x0
					E00408B94(0x66a658, _t98);
				} else {
					E00408B94(0x66a658,  *((intOrPtr*)(_t87 + 0x24)));
				}
				E005B25AC( *0x66a600 & 0x000000ff);
				_t43 =  *0x66279c; // 0x669c04
				_t10 = _t43 + 0x1a4; // 0x0
				E005B2520(0, _t90, E004097C8( *_t10), _t129);
				_t48 =  *0x66279c; // 0x669c04
				_t11 = _t48 + 0xac; // 0x0
				E005B2520(1, _t90, E004097C8( *_t11), _t129);
				_t53 =  *0x66279c; // 0x669c04
				_t12 = _t53 + 0x140; // 0x0
				E005B2520(2, _t90, E004097C8( *_t12), _t129);
				_t58 =  *0x66279c; // 0x669c04
				_t13 = _t58 + 0x140; // 0x0
				E005B2520(3, _t90, E004097C8( *_t13), _t129);
				_t103 =  *0x66279c; // 0x669c04
				_t14 = _t103 + 0x2b4; // 0x0
				_t63 =  *0x662788; // 0x66978c
				E005A2A3C( *_t63,  *_t14, _t129);
				_t23 =  *0x66a610; // 0x0
				_t118 =  *((intOrPtr*)(_t23 + 8)) - 1;
				if(_t118 < 0) {
					L26:
					if( *0x66a3b4 == 0) {
						goto L28;
					}
					_t66 =  *0x66a3b8; // 0xe021e
					_t67 = SendNotifyMessageW(_t66, 0x496, 0x2711, _t120); // executed
					return _t67;
				} else {
					_t119 = _t118 + 1;
					_t116 = 0;
					do {
						_t68 =  *0x66a610; // 0x0
						_t88 = E0045FD1C(_t68, _t116);
						_t71 = ( *(_t88 + 0x25) & 0x000000ff) - 1;
						if(_t71 == 0) {
							_t17 = _t88 + 4; // 0x4
							_t106 =  *0x66279c; // 0x669c04
							_t18 = _t106 + 0x184; // 0x0
							_t23 = E00408AF8(_t17,  *_t18);
						} else {
							_t73 = _t71 - 1;
							if(_t73 == 0) {
								_t19 = _t88 + 4; // 0x4
								_t108 =  *0x66279c; // 0x669c04
								_t20 = _t108 + 0x90; // 0x0
								_t23 = E00408AF8(_t19,  *_t20);
							} else {
								_t23 = _t73 - 1;
								if(_t23 == 0) {
									_t21 = _t88 + 4; // 0x4
									_t110 =  *0x66279c; // 0x669c04
									_t22 = _t110 + 0xb4; // 0x0
									_t23 = E00408AF8(_t21,  *_t22);
								}
							}
						}
						_t116 = _t116 + 1;
						_t119 = _t119 - 1;
					} while (_t119 != 0);
					goto L26;
				}
			}

0x00645f94
0x00645f94
0x00645f94
0x00645f98
0x00645f9a
0x00645fa0
0x006461c5
0x006461c5
0x006461c5
0x00645fa8
0x00645fb2
0x00645fb4
0x00645fbc
0x00645fbe
0x00645fc3
0x00645fc8
0x00645fc8
0x00645fcb
0x00645fd0
0x00645fdb
0x00645fe1
0x00645fed
0x00645ff3
0x00646002
0x00646028
0x0064602d
0x0064602d
0x0064603b
0x00646051
0x00646057
0x0064603d
0x00646045
0x00646045
0x00646060
0x00646076
0x0064607c
0x00646062
0x0064606a
0x0064606a
0x00646081
0x00646085
0x0064609b
0x006460a1
0x00646087
0x0064608f
0x0064608f
0x006460ad
0x006460b2
0x006460b7
0x006460c6
0x006460cb
0x006460d0
0x006460df
0x006460e4
0x006460e9
0x006460f8
0x006460fd
0x00646102
0x00646111
0x00646116
0x0064611c
0x00646122
0x00646129
0x0064612e
0x00646136
0x00646139
0x006461a2
0x006461a9
0x00000000
0x00000000
0x006461b6
0x006461bc
0x00000000
0x0064613b
0x0064613b
0x0064613c
0x0064613e
0x00646140
0x0064614a
0x00646150
0x00646152
0x0064615e
0x00646161
0x00646167
0x0064616d
0x00646154
0x00646154
0x00646156
0x00646174
0x00646177
0x0064617d
0x00646183
0x00646158
0x00646158
0x0064615a
0x0064618a
0x0064618d
0x00646193
0x00646199
0x00646199
0x0064615a
0x00646156
0x0064619e
0x0064619f
0x0064619f
0x00000000
0x0064613e

APIs

SendNotifyMessageW.USER32(000E021E,00000496,00002711,-00000001), ref: 006461BC

Strings

HW[, xrefs: 00645FDB, 00645FED
MS PGothic, xrefs: 00646010, 00646023

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: MessageNotifySend
String ID: HW[$MS PGothic
API String ID: 3556456075-2635353643
Opcode ID: 6569f918759810ff159e9626a79e57a434efe2b7fe9aed179051a19a7b0df978
Instruction ID: bceb75bb431b8eb4c574679ca4a5eb6d1cf06a39740a1e3265182ded441c346e
Opcode Fuzzy Hash: 6569f918759810ff159e9626a79e57a434efe2b7fe9aed179051a19a7b0df978
Instruction Fuzzy Hash: EC5140703102018BCB10EF69D985E967BA3FB55304B14517AF845AF3A7CA78EC46CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 005F8B78, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 73%

			E005F8B78(void* __eax, long __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char* _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				int _t30;
				intOrPtr _t63;
				void* _t71;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t76;

				_t71 = __edi;
				_t54 = __ebx;
				_t75 = _t76;
				_t55 = 4;
				do {
					_push(0);
					_push(0);
					_t55 = _t55 - 1;
				} while (_t55 != 0);
				_push(_t55);
				_push(__ebx);
				_t73 = __eax;
				_t78 = 0;
				_push(_t75);
				_push(0x5f8c6d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				while(1) {
					E005B0B4C( &_v12, _t54, _t55, _t78); // executed
					_t55 = L".tmp";
					E005F88E0(0, _t54, L".tmp", _v12, _t71, _t73,  &_v8); // executed
					_t30 = CreateDirectoryW(E004097C8(_v8), 0); // executed
					if(_t30 != 0) {
						break;
					}
					_t54 = GetLastError();
					_t78 = _t54 - 0xb7;
					if(_t54 != 0xb7) {
						E005B8018(0x3b,  &_v32, _v8);
						_v28 = _v32;
						E00420678( &_v36, _t54, 0);
						_v24 = _v36;
						E005B1AE4(_t54,  &_v40);
						_v20 = _v40;
						E005B7FE8(0x70, 2,  &_v28,  &_v16);
						_t55 = _v16;
						E0042648C(_v16, 1);
						E00407E14();
					}
				}
				E00408AF8(_t73, _v8);
				__eflags = 0;
				_pop(_t63);
				 *[fs:eax] = _t63;
				_push(E005F8C74);
				E00408778( &_v40, 3);
				return E00408778( &_v16, 3);
			}

0x005f8b78
0x005f8b78
0x005f8b79
0x005f8b7b
0x005f8b80
0x005f8b80
0x005f8b82
0x005f8b84
0x005f8b84
0x005f8b87
0x005f8b88
0x005f8b8a
0x005f8b8c
0x005f8b8e
0x005f8b8f
0x005f8b94
0x005f8b97
0x005f8b9a
0x005f8ba1
0x005f8ba9
0x005f8bb0
0x005f8bc0
0x005f8bc7
0x00000000
0x00000000
0x005f8bce
0x005f8bd0
0x005f8bd6
0x005f8be4
0x005f8bec
0x005f8bf8
0x005f8c00
0x005f8c08
0x005f8c10
0x005f8c1d
0x005f8c22
0x005f8c2c
0x005f8c31
0x005f8c31
0x005f8bd6
0x005f8c40
0x005f8c45
0x005f8c47
0x005f8c4a
0x005f8c4d
0x005f8c5a
0x005f8c6c

APIs

CreateDirectoryW.KERNEL32(00000000,00000000,?,00000000,005F8C6D,?,0066978C,?,00000003,00000000,00000000,?,006444C3,00000000,006445EE), ref: 005F8BC0
GetLastError.KERNEL32(00000000,00000000,?,00000000,005F8C6D,?,0066978C,?,00000003,00000000,00000000,?,006444C3,00000000,006445EE), ref: 005F8BC9

Strings

.tmp, xrefs: 005F8BA9

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID: .tmp
API String ID: 1375471231-2986845003
Opcode ID: f2504cd30e026442fb477013a8e1e6dbd68c83c0c5899df1be1b5a9539e1f3cf
Instruction ID: c4b9951d0c9cc56d7ffc3af5a52d4afc2fe12c17b36d5983631b7f23f90a8f37
Opcode Fuzzy Hash: f2504cd30e026442fb477013a8e1e6dbd68c83c0c5899df1be1b5a9539e1f3cf
Instruction Fuzzy Hash: 32214675A0010D9FDB00EBA4C956AFEB7F9FB88304F50457AF900B7381DA386E058AA4

Uniqueness

Uniqueness Score: -1.00%

Function 00412B68, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00412B68(long __eax, WCHAR* __edx, void* _a4, struct HINSTANCE__* _a8, struct HMENU__* _a12, struct HWND__* _a16, int _a20, int _a24, int _a28, int _a32, char _a36) {
				WCHAR* _v8;
				void* _t13;
				struct HWND__* _t24;
				WCHAR* _t29;
				long _t32;

				_v8 = _t29;
				_t32 = __eax;
				_t13 = E00405988();
				_t10 =  &_a36; // 0x5b2942
				_t24 = CreateWindowExW(_t32, __edx, _v8,  *_t10, _a32, _a28, _a24, _a20, _a16, _a12, _a8, _a4); // executed
				E00405978(_t13);
				return _t24;
			}

0x00412b6f
0x00412b74
0x00412b76
0x00412b9d
0x00412ba7
0x00412bb0
0x00412bbc

APIs

CreateWindowExW.USER32 ref: 00412BA7

Strings

B)[, xrefs: 00412B9D, 00412BA0
TWindowDisabler-Window, xrefs: 00412BA5

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CreateWindow
String ID: B)[$TWindowDisabler-Window
API String ID: 716092398-1377837600
Opcode ID: 684ecf370dcf3c6758cf9d82a20f104a3e22c221ceaad4062406452089a2450d
Instruction ID: d28f3a87fa927ce1738d04863a1b4a791b24e040aa09da8391ad3ec004184475
Opcode Fuzzy Hash: 684ecf370dcf3c6758cf9d82a20f104a3e22c221ceaad4062406452089a2450d
Instruction Fuzzy Hash: 74F074B2604118AF8B40DE9DDC81EDB77ECEB4D264B05412ABA08E3201D634ED118BA4

Uniqueness

Uniqueness Score: -1.00%

Function 00643D50, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00643D50() {
				void* _v8;
				void* __ecx;
				void* _t9;
				long _t15;
				void* _t16;

				if( *0x66a6e9 == 0) {
					_t16 = 0;
				} else {
					_t16 = 2;
				}
				_t9 = E005B0F7C(_t16,  *((intOrPtr*)(0x662134 + ( *0x66a6e8 & 0x000000ff) * 4)), 0x80000002,  &_v8, 1, 0); // executed
				if(_t9 == 0) {
					E005B0EA4();
					E005B0EA4();
					_t15 = RegCloseKey(_v8); // executed
					return _t15;
				}
				return _t9;
			}

0x00643d5c
0x00643d62
0x00643d5e
0x00643d5e
0x00643d5e
0x00643d81
0x00643d88
0x00643d97
0x00643da9
0x00643db2
0x00000000
0x00643db2
0x00643dba

APIs

RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,0064413B,00000000,00644156,?,00000000,00000000,?,0064F4D6,00000006), ref: 00643DB2

Strings

RegisteredOrganization, xrefs: 00643DA1
RegisteredOwner, xrefs: 00643D8F

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Close
String ID: RegisteredOrganization$RegisteredOwner
API String ID: 3535843008-1113070880
Opcode ID: 2786a185a25595a1aeca52d01dc6f61f5d17cd564db703023959afac2b480d49
Instruction ID: 79ba88330415bd06f82effed11eda8edd571365fffeee20c77ff8264b35cb024
Opcode Fuzzy Hash: 2786a185a25595a1aeca52d01dc6f61f5d17cd564db703023959afac2b480d49
Instruction Fuzzy Hash: E9F0B470B04194AFDB10DAD4DD46BAA7BAFEF85344F241029E2409B391D6B0EF40CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00405374, Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 63
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405374() {
				intOrPtr _t13;
				intOrPtr* _t14;
				int _t18;
				intOrPtr* _t23;
				void* _t25;
				void* _t26;
				void* _t28;
				void* _t31;

				_t28 =  *0x00663AE0;
				while(_t28 != 0x663adc) {
					_t2 = _t28 + 4; // 0x663adc
					VirtualFree(_t28, 0, 0x8000); // executed
					_t28 =  *_t2;
				}
				_t25 = 0x37;
				_t13 = 0x65d080;
				do {
					 *((intOrPtr*)(_t13 + 0xc)) = _t13;
					 *((intOrPtr*)(_t13 + 8)) = _t13;
					 *((intOrPtr*)(_t13 + 0x10)) = 1;
					 *((intOrPtr*)(_t13 + 0x14)) = 0;
					_t13 = _t13 + 0x20;
					_t25 = _t25 - 1;
				} while (_t25 != 0);
				 *0x663adc = 0x663adc;
				 *0x00663AE0 = 0x663adc;
				_t26 = 0x400;
				_t23 = 0x663b7c;
				do {
					_t14 = _t23;
					 *_t14 = _t14;
					 *((intOrPtr*)(_t14 + 4)) = _t14;
					_t23 = _t23 + 8;
					_t26 = _t26 - 1;
				} while (_t26 != 0);
				 *0x663af8 = 0;
				E00405CE4(0x663afc, 0x80);
				_t18 = 0;
				 *0x663af4 = 0;
				_t31 =  *0x00665B84;
				while(_t31 != 0x665b80) {
					_t10 = _t31 + 4; // 0x665b80
					_t18 = VirtualFree(_t31, 0, 0x8000);
					_t31 =  *_t10;
				}
				 *0x665b80 = 0x665b80;
				 *0x00665B84 = 0x665b80;
				return _t18;
			}

0x00405382
0x00405399
0x00405387
0x00405392
0x00405397
0x00405397
0x0040539d
0x004053a2
0x004053a7
0x004053a9
0x004053ae
0x004053b1
0x004053ba
0x004053bd
0x004053c0
0x004053c0
0x004053c3
0x004053c5
0x004053c8
0x004053cd
0x004053d2
0x004053d2
0x004053d4
0x004053d6
0x004053d9
0x004053dc
0x004053dc
0x004053e1
0x004053f2
0x004053f7
0x004053f9
0x004053fe
0x00405415
0x00405403
0x0040540e
0x00405413
0x00405413
0x00405419
0x0040541b
0x00405422

APIs

VirtualFree.KERNEL32(00663ADC,00000000,00008000), ref: 00405392
VirtualFree.KERNEL32(00665B80,00000000,00008000), ref: 0040540E

Strings

|;f, xrefs: 004053CD

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FreeVirtual
String ID: |;f
API String ID: 1263568516-986276723
Opcode ID: 2f49026e22a3410e84f3526cc3fbf00b76a443a529ef58e61ac53e28292f92b9
Instruction ID: 47975ddb8eda08e018230ec84088432ab4ddf4f807198cbfa881148a052407d9
Opcode Fuzzy Hash: 2f49026e22a3410e84f3526cc3fbf00b76a443a529ef58e61ac53e28292f92b9
Instruction Fuzzy Hash: 4411BFB1A016108FC7649F199841B27BAE5FB88310F2180BEE549EF781D6B8ED01CB98

Uniqueness

Uniqueness Score: -1.00%

Function 006446DC, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E006446DC(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char* _t12;
				long _t13;
				void* _t15;
				void* _t22;
				intOrPtr _t26;
				intOrPtr _t28;
				intOrPtr _t29;
				void* _t31;
				void* _t32;
				intOrPtr _t35;

				_t32 = __esi;
				_t31 = __edi;
				_t22 = __ebx;
				_push(0);
				_push(_t35);
				_push(0x64476e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t35;
				E0061A5D0(0);
				E0061A5BC(0);
				if( *0x66a43c != 0) {
					_t12 =  *0x66288c; // 0x66a288
					if( *_t12 != 0) {
						E00600AE4(0);
					}
					_t13 = GetTickCount();
					_t29 =  *0x66a43c; // 0x0
					_t15 = E005F930C(0, _t22, 1, _t29, _t13, E00644688, 0, 0, 1, 1); // executed
					if(_t15 == 0) {
						_t26 =  *0x66a43c; // 0x0
						E00409A18( &_v8, _t26, L"Failed to remove temporary directory: ");
						E006013D8(_v8, _t22, _t31, _t32);
					}
				}
				_pop(_t28);
				 *[fs:eax] = _t28;
				_push(E00644775);
				return E00408718( &_v8);
			}

0x006446dc
0x006446dc
0x006446dc
0x006446df
0x006446e3
0x006446e4
0x006446e9
0x006446ec
0x006446f1
0x006446f8
0x00644704
0x00644706
0x0064470e
0x00644712
0x00644712
0x00644724
0x0064472c
0x00644734
0x0064473b
0x00644740
0x0064474b
0x00644753
0x00644753
0x0064473b
0x0064475a
0x0064475d
0x00644760
0x0064476d

APIs

GetTickCount.KERNEL32 ref: 00644724

Strings

Failed to remove temporary directory: , xrefs: 00644746

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CountTick
String ID: Failed to remove temporary directory:
API String ID: 536389180-3544197614
Opcode ID: c1f8763b646212fd25b8cad68d77ca704de2569f6e8be7be6c2d1d446545bd44
Instruction ID: d9f47d5ba67a5f01c3fca25054c9aa07d9d98d3360af7564bb060ce3f0874f20
Opcode Fuzzy Hash: c1f8763b646212fd25b8cad68d77ca704de2569f6e8be7be6c2d1d446545bd44
Instruction Fuzzy Hash: 2701DF303447446BEB14ABB19C07B9A33DB9B46700FA24869F400A76D2EFF8AC05CA15

Uniqueness

Uniqueness Score: -1.00%

Function 00643CA0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00643CA0(void* __eax, void* __edx, void* __eflags) {
				void* _v8;
				void* __ecx;
				void* _t7;
				void* _t17;
				void* _t24;

				_t24 = _t17;
				_t7 = E005B0F7C(__eax, L"Software\\Microsoft\\Windows\\CurrentVersion", 0x80000002,  &_v8, 1, 0); // executed
				if(_t7 != 0) {
					return E00408718(_t24);
				}
				if(E005B0EA4() == 0) {
					E00408718(_t24);
				}
				return RegCloseKey(_v8);
			}

0x00643ca7
0x00643cc1
0x00643cc8
0x00000000
0x00643cee
0x00643cd8
0x00643cdc
0x00643cdc
0x00000000

APIs

Part of subcall function 005B0F7C: RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,005B1656,?,00000000,?,005B15F6,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,005B1656), ref: 005B0F98

RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,0064FAA0,?,00643EFE,00000000,00644156,?,00000000,00000000), ref: 00643CE5

Strings

Software\Microsoft\Windows\CurrentVersion, xrefs: 00643CB7

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CloseOpen
String ID: Software\Microsoft\Windows\CurrentVersion
API String ID: 47109696-1019749484
Opcode ID: 0b8e53c68d067b49932b46a295b5298e5a5fbee3ba06b1f47ce52fd1a860c142
Instruction ID: 2782ff1157ac4c1589de920fb4c815738e6b442a0c16b29a1e3897c7fae7e005
Opcode Fuzzy Hash: 0b8e53c68d067b49932b46a295b5298e5a5fbee3ba06b1f47ce52fd1a860c142
Instruction Fuzzy Hash: B5F0823174422467DB10A19E9D83BAEA3DEABC4754F20003EFA04E7382DAB5DE0142E9

Uniqueness

Uniqueness Score: -1.00%

Function 005B0F7C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E005B0F7C(void* __eax, short* __ecx, void* __edx, void** _a4, int _a8, int _a12) {
				long _t7;
				short* _t8;
				void* _t9;
				int _t10;

				_t9 = __edx;
				_t8 = __ecx;
				_t10 = _a8;
				if(__eax == 2) {
					_t10 = _t10 | 0x00000100;
				}
				_t7 = RegOpenKeyExW(_t9, _t8, _a12, _t10, _a4); // executed
				return _t7;
			}

0x005b0f7c
0x005b0f7c
0x005b0f80
0x005b0f85
0x005b0f87
0x005b0f87
0x005b0f98
0x005b0f9f

APIs

RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,005B1656,?,00000000,?,005B15F6,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,005B1656), ref: 005B0F98

Strings

Control Panel\Desktop\ResourceLocale, xrefs: 005B0F96

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Open
String ID: Control Panel\Desktop\ResourceLocale
API String ID: 71445658-1109908249
Opcode ID: 8e45cddd5eaf4e9fcac8fcd11ec299293ed56ec77490a60aaed08fbfd1658423
Instruction ID: c6ae395982e42c135134aa8393406e36e3a1c74eea84da0c30e3e3c10a6d6ce8
Opcode Fuzzy Hash: 8e45cddd5eaf4e9fcac8fcd11ec299293ed56ec77490a60aaed08fbfd1658423
Instruction Fuzzy Hash: F8D0C97295022CBB9B109E89DC42EFB779DEB19360F40801AFE0497100D2B4FD9197F4

Uniqueness

Uniqueness Score: -1.00%

Function 005F930C, Relevance: 3.2, APIs: 2, Instructions: 192
fileCOMMON

Download Yara Rule

C-Code - Quality: 63%

			E005F930C(signed int __eax, void* __ebx, char __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int _a16, signed int _a20, char _a24) {
				char _v8;
				char _v12;
				char _v16;
				signed int _v17;
				intOrPtr _v24;
				char _v25;
				signed int _v26;
				void* _v32;
				struct _WIN32_FIND_DATAW _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				signed char _t106;
				signed char _t108;
				void* _t114;
				int _t122;
				signed int _t127;
				signed char _t135;
				signed char _t139;
				void* _t155;
				signed int _t158;
				intOrPtr _t177;
				intOrPtr _t187;
				void* _t201;
				void* _t202;
				intOrPtr _t203;

				_t159 = __ecx;
				_t201 = _t202;
				_t203 = _t202 + 0xfffffd84;
				_push(__ebx);
				_v640 = 0;
				_v636 = 0;
				_v632 = 0;
				_v628 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v25 = __ecx;
				_v24 = __edx;
				_v17 = __eax;
				_push(_t201);
				_push(0x5f95aa);
				_push( *[fs:eax]);
				 *[fs:eax] = _t203;
				_v26 = 1;
				if(_a24 == 0) {
					L26:
					__eflags = _a16 & 0x000000ff ^ 0x00000001 | _v26;
					if((_a16 & 0x000000ff ^ 0x00000001 | _v26) != 0) {
						__eflags = _v25;
						if(_v25 != 0) {
							__eflags = _a12;
							if(__eflags == 0) {
								_t106 = L005F7CC0(_v17 & 0x000000ff, _v24, __eflags); // executed
								__eflags = _t106;
								if(_t106 == 0) {
									_v26 = 0;
								}
							} else {
								_t108 = _a12();
								__eflags = _t108;
								if(_t108 == 0) {
									_v26 = 0;
								}
							}
						}
					}
					__eflags = 0;
					_pop(_t177);
					 *[fs:eax] = _t177;
					_push(E005F95B1);
					E00408778( &_v640, 4);
					return E00408778( &_v16, 3);
				} else {
					_t205 = _v25;
					if(_v25 == 0) {
						L3:
						_t207 = _v25;
						if(_v25 == 0) {
							E005AFA70(_v24, _t159,  &_v8);
							E00408B40( &_v12, _v24);
						} else {
							E005AF4EC(_v24,  &_v8);
							E00409A18( &_v12, 0x5f95c8, _v8);
						}
						_t114 = E005F790C(_v17 & 0x000000ff,  &_v624, _v12, _t207); // executed
						_v32 = _t114;
						if(_v32 == 0xffffffff) {
							goto L26;
						} else {
							_push(_t201);
							_push(0x5f9536);
							_push( *[fs:eax]);
							 *[fs:eax] = _t203;
							do {
								E00409868( &_v16, 0x104,  &(_v624.cFileName));
								E00409BB0(_v16, 0x5f95d8);
								if(0 != 0) {
									_t127 = E00409BB0(_v16, 0x5f95e8);
									if(0 != 0) {
										_t158 = _v624.dwFileAttributes;
										if((_t158 & 0x00000001) != 0 && (_t127 & 0xffffff00 | (_t158 & 0x00000010) == 0x00000000 | _a20) != 0) {
											E00409A18( &_v628, _v16, _v8);
											E005F7D38(_v17 & 0x000000ff, _t158 & 0xfffffffe, _v628, _t158 & 0xfffffffe);
										}
										if((_v624.dwFileAttributes & 0x00000010) != 0) {
											__eflags = _a20;
											if(_a20 != 0) {
												E00409A18( &_v640, _v16, _v8);
												_t135 = E005F930C(_v17 & 0x000000ff, _t158, 1, _v640, _a4, _a8, _a12, _a16 & 0x000000ff, 1, 1); // executed
												__eflags = _t135;
												if(_t135 == 0) {
													_v26 = 0;
												}
											}
										} else {
											if(_a8 == 0) {
												E00409A18( &_v636, _v16, _v8);
												_t139 = E005F77B4(_v17 & 0x000000ff, _v636, __eflags);
												__eflags = _t139;
												if(_t139 == 0) {
													_v26 = 0;
												}
											} else {
												E00409A18( &_v632, _v16, _v8);
												if(_a8() == 0) {
													_v26 = 0;
												}
											}
										}
									}
								}
								if(_a16 == 0 || _v26 != 0) {
									goto L24;
								}
								break;
								L24:
								_t122 = FindNextFileW(_v32,  &_v624); // executed
							} while (_t122 != 0);
							_pop(_t187);
							 *[fs:eax] = _t187;
							_push(E005F953D);
							return FindClose(_v32);
						}
					} else {
						_t155 = E005F7AD0(_v17 & 0x000000ff, _v24, _t205); // executed
						if(_t155 == 0) {
							goto L26;
						} else {
							goto L3;
						}
					}
				}
			}

0x005f930c
0x005f930d
0x005f930f
0x005f9315
0x005f9318
0x005f931e
0x005f9324
0x005f932a
0x005f9330
0x005f9333
0x005f9336
0x005f9339
0x005f933c
0x005f933f
0x005f9344
0x005f9345
0x005f934a
0x005f934d
0x005f9350
0x005f9358
0x005f953d
0x005f9543
0x005f9546
0x005f9548
0x005f954c
0x005f954e
0x005f9552
0x005f9572
0x005f9577
0x005f9579
0x005f957b
0x005f957b
0x005f9554
0x005f955e
0x005f9561
0x005f9563
0x005f9565
0x005f9565
0x005f9563
0x005f9552
0x005f954c
0x005f957f
0x005f9581
0x005f9584
0x005f9587
0x005f9597
0x005f95a9
0x005f935e
0x005f935e
0x005f9362
0x005f9378
0x005f9378
0x005f937c
0x005f93a1
0x005f93ac
0x005f937e
0x005f9384
0x005f9394
0x005f9394
0x005f93be
0x005f93c3
0x005f93ca
0x00000000
0x005f93d0
0x005f93d2
0x005f93d3
0x005f93d8
0x005f93db
0x005f93de
0x005f93ec
0x005f93f9
0x005f93fe
0x005f940c
0x005f9411
0x005f9417
0x005f9420
0x005f9439
0x005f944d
0x005f944d
0x005f9459
0x005f94b6
0x005f94ba
0x005f94dd
0x005f94ee
0x005f94f3
0x005f94f5
0x005f94f7
0x005f94f7
0x005f94f5
0x005f945b
0x005f945f
0x005f9498
0x005f94a7
0x005f94ac
0x005f94ae
0x005f94b0
0x005f94b0
0x005f9461
0x005f946d
0x005f9484
0x005f9486
0x005f9486
0x005f9484
0x005f945f
0x005f9459
0x005f9411
0x005f94ff
0x00000000
0x00000000
0x00000000
0x005f9507
0x005f9512
0x005f9517
0x005f9521
0x005f9524
0x005f9527
0x005f9535
0x005f9535
0x005f9364
0x005f936b
0x005f9372
0x00000000
0x00000000
0x00000000
0x00000000
0x005f9372
0x005f9362

APIs

FindNextFileW.KERNEL32(000000FF,?,00000000,005F9536,?,00000000,005F95AA,?,?,?,0061FE20,00000031,0061E5F0,0061E5E4,00000000,00000000), ref: 005F9512
FindClose.KERNEL32(000000FF,005F953D,005F9536,?,00000000,005F95AA,?,?,?,0061FE20,00000031,0061E5F0,0061E5E4,00000000,00000000,00000000), ref: 005F9530

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Find$CloseFileNext
String ID:
API String ID: 2066263336-0
Opcode ID: 5521b821e9baa55c58242e7ab28edef4c28b6b30c11b969e2d2da4f70afc1d16
Instruction ID: b226120839ff83db2331d28bbf910a1c80b854ab828fef796ef0585f9ffb1392
Opcode Fuzzy Hash: 5521b821e9baa55c58242e7ab28edef4c28b6b30c11b969e2d2da4f70afc1d16
Instruction Fuzzy Hash: 27818C3090868D9ADF21DFA5C889BFEBFB5BF45304F1441AAE98863291C7389F45CB51

Uniqueness

Uniqueness Score: -1.00%

Function 005B0D5C, Relevance: 3.1, APIs: 2, Instructions: 112
registryCOMMON

Download Yara Rule

C-Code - Quality: 90%

			E005B0D5C(void* __eax, void* __ebx, intOrPtr __ecx, short* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				short* _v12;
				intOrPtr _v16;
				int _v20;
				int _v24;
				long _t46;
				signed int _t58;
				char _t66;
				intOrPtr _t82;
				void* _t87;
				signed int _t93;
				void* _t96;

				_v8 = 0;
				_v16 = __ecx;
				_v12 = __edx;
				_t87 = __eax;
				_push(_t96);
				_push(0x5b0e92);
				_push( *[fs:eax]);
				 *[fs:eax] = _t96 + 0xffffffec;
				while(1) {
					_v24 = 0;
					_t46 = RegQueryValueExW(_t87, _v12, 0,  &_v20, 0,  &_v24); // executed
					if(_t46 != 0 || _v20 != _a8 && _v20 != _a4) {
						break;
					}
					if(_v24 != 0) {
						__eflags = _v24 - 0x70000000;
						if(__eflags >= 0) {
							E00426480();
						}
						_t80 = _v24 + 1 >> 1;
						E004088A0( &_v8, _v24 + 1 >> 1, 0, __eflags);
						_t58 = RegQueryValueExW(_t87, _v12, 0,  &_v20, E00408CC4( &_v8),  &_v24); // executed
						__eflags = _t58 - 0xea;
						if(_t58 == 0xea) {
							continue;
						} else {
							__eflags = _t58;
							if(_t58 != 0) {
								break;
							}
							__eflags = _v20 - _a8;
							if(_v20 == _a8) {
								L12:
								_t93 = _v24 >> 1;
								while(1) {
									__eflags = _t93;
									if(_t93 == 0) {
										break;
									}
									_t66 = _v8;
									__eflags =  *((short*)(_t66 + _t93 * 2 - 2));
									if( *((short*)(_t66 + _t93 * 2 - 2)) == 0) {
										_t93 = _t93 - 1;
										__eflags = _t93;
										continue;
									}
									break;
								}
								__eflags = _v20 - 7;
								if(_v20 == 7) {
									__eflags = _t93;
									if(_t93 != 0) {
										_t93 = _t93 + 1;
										__eflags = _t93;
									}
								}
								E00409940( &_v8, _t80, _t93);
								__eflags = _v20 - 7;
								if(_v20 == 7) {
									__eflags = _t93;
									if(_t93 != 0) {
										(E00408CC4( &_v8))[_t93 * 2 - 2] = 0;
									}
								}
								E00408AF8(_v16, _v8);
								break;
							}
							__eflags = _v20 - _a4;
							if(_v20 != _a4) {
								break;
							}
							goto L12;
						}
					} else {
						E00408718(_v16);
						break;
					}
				}
				_pop(_t82);
				 *[fs:eax] = _t82;
				_push(E005B0E99);
				return E00408718( &_v8);
			}

0x005b0d67
0x005b0d6a
0x005b0d6d
0x005b0d70
0x005b0d74
0x005b0d75
0x005b0d7a
0x005b0d7d
0x005b0d82
0x005b0d84
0x005b0d98
0x005b0d9f
0x00000000
0x00000000
0x005b0dbd
0x005b0dce
0x005b0dd5
0x005b0dd7
0x005b0dd7
0x005b0de5
0x005b0de9
0x005b0e06
0x005b0e0b
0x005b0e10
0x00000000
0x005b0e16
0x005b0e16
0x005b0e18
0x00000000
0x00000000
0x005b0e1d
0x005b0e20
0x005b0e2a
0x005b0e2d
0x005b0e32
0x005b0e32
0x005b0e34
0x00000000
0x00000000
0x005b0e36
0x005b0e39
0x005b0e3f
0x005b0e31
0x005b0e31
0x00000000
0x005b0e31
0x00000000
0x005b0e3f
0x005b0e41
0x005b0e45
0x005b0e47
0x005b0e49
0x005b0e4b
0x005b0e4b
0x005b0e4b
0x005b0e49
0x005b0e51
0x005b0e56
0x005b0e5a
0x005b0e5c
0x005b0e5e
0x005b0e68
0x005b0e68
0x005b0e5e
0x005b0e75
0x00000000
0x005b0e7a
0x005b0e25
0x005b0e28
0x00000000
0x00000000
0x00000000
0x005b0e28
0x005b0dbf
0x005b0dc2
0x00000000
0x005b0dc7
0x005b0dbd
0x005b0e7e
0x005b0e81
0x005b0e84
0x005b0e91

APIs

RegQueryValueExW.ADVAPI32(00000001,?,00000000,00000000,00000000,?,00000000,005B0E92,?,006461EC,00000000,00000000), ref: 005B0D98
RegQueryValueExW.ADVAPI32(00000001,?,00000000,00000000,00000000,70000000,00000001,?,00000000,00000000,00000000,?,00000000,005B0E92,?,006461EC), ref: 005B0E06

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: be55126a91f5067768ada60093709f07f97c443bebacea84b61bf639bcb8d9ca
Instruction ID: 8b499dc45803ab0b693ba207155f3561d4b4051b175370f48f13a2dc50e2c077
Opcode Fuzzy Hash: be55126a91f5067768ada60093709f07f97c443bebacea84b61bf639bcb8d9ca
Instruction Fuzzy Hash: EF412531A00218AFDB10DB95C981AEFBBBCBB04740F50986AE800A72D1DB34FE448B95

Uniqueness

Uniqueness Score: -1.00%

Function 0040EFC0, Relevance: 3.1, APIs: 2, Instructions: 106
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040EFC0(intOrPtr _a4) {
				intOrPtr _v8;
				void* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _v24;
				struct HINSTANCE__* _v28;
				intOrPtr _v32;
				intOrPtr _t28;
				void* _t46;
				void* _t47;
				intOrPtr _t70;
				void* _t71;

				_t70 = _a4;
				_v8 = 0;
				if(_t70 == 0) {
					_t28 = 0;
				} else {
					_t28 = E0040F1E0(_t70);
				}
				_v16 = _t28;
				_t47 =  *0x65dc44; // 0x0
				while(_t47 != 0) {
					_t66 = E0040F190( *((intOrPtr*)( *((intOrPtr*)(_t47 + 4)) + 4)));
					_v20 = E0040F1E0(_t31);
					_v12 =  *_t47;
					if(_t70 == 0) {
						L7:
						if(_t47 != 0 &&  *((intOrPtr*)( *((intOrPtr*)(_t47 + 4)) + 0x18)) != 0) {
							_v24 = E0040F1A0( *((intOrPtr*)( *((intOrPtr*)(_t47 + 4)) + 8)));
							_v28 =  *_v24;
							_v32 = E0040F1C0( *((intOrPtr*)( *((intOrPtr*)(_t47 + 4)) + 0x18)));
							E0040F23C(_t38, _v32, E0040F224(E0040F1B0( *((intOrPtr*)( *((intOrPtr*)(_t47 + 4)) + 0xc)))) << 2);
							_t71 = _t71 + 0xc;
							FreeLibrary(_v28); // executed
							 *_v24 = 0;
							if(_t47 != 0) {
								E0040F264(_t47);
								LocalFree(_t47);
							}
							_v8 = 1;
						}
						if(_t70 == 0) {
							goto L13;
						}
					} else {
						if(_v20 != _v16) {
							goto L13;
						} else {
							_t46 = E0040F1F4(_t70, _t66, _v20);
							_t71 = _t71 + 0xc;
							if(_t46 != 0) {
								goto L13;
							} else {
								goto L7;
							}
						}
					}
					goto L14;
					L13:
					_t47 = _v12;
				}
				L14:
				return _v8;
			}

0x0040efcb
0x0040efce
0x0040efd3
0x0040efde
0x0040efd5
0x0040efd6
0x0040efdb
0x0040efe0
0x0040efe3
0x0040efeb
0x0040effe
0x0040f007
0x0040f00e
0x0040f011
0x0040f035
0x0040f037
0x0040f04f
0x0040f057
0x0040f064
0x0040f083
0x0040f088
0x0040f08f
0x0040f099
0x0040f09d
0x0040f0a0
0x0040f0a9
0x0040f0a9
0x0040f0ae
0x0040f0ae
0x0040f0b7
0x00000000
0x00000000
0x0040f013
0x0040f019
0x00000000
0x0040f01f
0x0040f025
0x0040f02a
0x0040f02f
0x00000000
0x00000000
0x00000000
0x00000000
0x0040f02f
0x0040f019
0x00000000
0x0040f0b9
0x0040f0b9
0x0040f0bc
0x0040f0c4
0x0040f0cd

APIs

FreeLibrary.KERNEL32(00000000), ref: 0040F08F
LocalFree.KERNEL32(00000000,00000000), ref: 0040F0A9

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Free$LibraryLocal
String ID:
API String ID: 3007483513-0
Opcode ID: b388b8b0a9b6f19766fd9a842e5314b84a84e55c3c33a131ae293015b5df70b0
Instruction ID: 8bcbce5c4659f25f6d225afeeffb977ef94451fee4990f573fd5f1ff634c84de
Opcode Fuzzy Hash: b388b8b0a9b6f19766fd9a842e5314b84a84e55c3c33a131ae293015b5df70b0
Instruction Fuzzy Hash: A131A1729002059BDB24DFA6D88197FB7B9AF88310B14447EF904BB781DB39DD058B98

Uniqueness

Uniqueness Score: -1.00%

Function 0040CA88, Relevance: 3.1, APIs: 2, Instructions: 93
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E0040CA88(intOrPtr __eax, void* __ebx, signed int __ecx, signed int __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _t41;
				signed short _t43;
				signed short _t46;
				signed int _t60;
				intOrPtr _t68;
				void* _t79;
				signed int* _t81;
				intOrPtr _t84;

				_t79 = __edi;
				_t61 = __ecx;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t81 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E004087FC(_v8);
				E004087FC(_v12);
				_push(_t84);
				_push(0x40cb9f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t84;
				E00408718(__ecx);
				if(_v12 == 0) {
					L14:
					_pop(_t68);
					 *[fs:eax] = _t68;
					_push(E0040CBA6);
					return E00408778( &_v28, 6);
				}
				E00408B40( &_v20, _v12);
				_t41 = _v12;
				if(_t41 != 0) {
					_t41 =  *(_t41 - 4);
				}
				_t60 = _t41;
				if(_t60 < 1) {
					L7:
					_t43 = E0040C7AC(_v8, _t60, _t61,  &_v16, _t81); // executed
					if(_v16 == 0) {
						L004037D0();
						E0040C15C(_t43, _t60,  &_v24, _t79, _t81);
						_t46 = E0040C8D8(_v20, _t60, _t81, _v24, _t79, _t81); // executed
						__eflags =  *_t81;
						if( *_t81 == 0) {
							__eflags =  *0x665c10;
							if( *0x665c10 == 0) {
								L004037D8();
								E0040C15C(_t46, _t60,  &_v28, _t79, _t81);
								E0040C8D8(_v20, _t60, _t81, _v28, _t79, _t81);
							}
						}
						__eflags =  *_t81;
						if(__eflags == 0) {
							E0040C9BC(_v20, _t60, _t81, __eflags); // executed
						}
					} else {
						E0040C8D8(_v20, _t60, _t81, _v16, _t79, _t81);
					}
					goto L14;
				}
				while( *((short*)(_v12 + _t60 * 2 - 2)) != 0x2e) {
					_t60 = _t60 - 1;
					__eflags = _t60;
					if(_t60 != 0) {
						continue;
					}
					goto L7;
				}
				_t61 = _t60;
				E00409BE8(_v12, _t60, 1,  &_v20);
				goto L7;
			}

0x0040ca88
0x0040ca88
0x0040ca8b
0x0040ca8d
0x0040ca8f
0x0040ca91
0x0040ca93
0x0040ca95
0x0040ca97
0x0040ca98
0x0040ca99
0x0040ca9b
0x0040ca9e
0x0040caa4
0x0040caac
0x0040cab3
0x0040cab4
0x0040cab9
0x0040cabc
0x0040cac1
0x0040caca
0x0040cb84
0x0040cb86
0x0040cb89
0x0040cb8c
0x0040cb9e
0x0040cb9e
0x0040cad6
0x0040cadb
0x0040cae0
0x0040cae5
0x0040cae5
0x0040cae7
0x0040caec
0x0040cb13
0x0040cb19
0x0040cb22
0x0040cb33
0x0040cb3b
0x0040cb48
0x0040cb4d
0x0040cb50
0x0040cb52
0x0040cb59
0x0040cb5b
0x0040cb63
0x0040cb70
0x0040cb70
0x0040cb59
0x0040cb75
0x0040cb78
0x0040cb7f
0x0040cb7f
0x0040cb24
0x0040cb2c
0x0040cb2c
0x00000000
0x0040cb22
0x0040caee
0x0040cb0e
0x0040cb0f
0x0040cb11
0x00000000
0x00000000
0x00000000
0x0040cb11
0x0040cafd
0x0040cb07
0x00000000

APIs

GetUserDefaultUILanguage.KERNEL32(00000000,0040CB9F,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040CC26,00000000,?,00000105), ref: 0040CB33
GetSystemDefaultUILanguage.KERNEL32(00000000,0040CB9F,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040CC26,00000000,?,00000105), ref: 0040CB5B

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: DefaultLanguage$SystemUser
String ID:
API String ID: 384301227-0
Opcode ID: b1d8d621b1b31d223182697a12bed5934155b402256a8e6947e8ae9249535c11
Instruction ID: 44e41ead65ef66f727125de80912159cd7281fcfb7f7393cce7e535fa76c4ae3
Opcode Fuzzy Hash: b1d8d621b1b31d223182697a12bed5934155b402256a8e6947e8ae9249535c11
Instruction Fuzzy Hash: D4312E70A10209DBDB10EB99D8C2AAEB7B5EB44304F50467BE400B72D5DB78AD45CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0040CBAC, Relevance: 3.1, APIs: 2, Instructions: 55
libraryCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E0040CBAC(void* __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				short _v530;
				char _v536;
				char _v540;
				void* _t44;
				intOrPtr _t45;
				void* _t49;
				void* _t52;

				_v536 = 0;
				_v540 = 0;
				_v8 = 0;
				_t49 = __eax;
				_push(_t52);
				_push(0x40cc66);
				_push( *[fs:eax]);
				 *[fs:eax] = _t52 + 0xfffffde8;
				GetModuleFileNameW(0,  &_v530, 0x105);
				E0040982C( &_v536, _t49);
				_push(_v536);
				E00409868( &_v540, 0x105,  &_v530);
				_pop(_t44); // executed
				E0040CA88(_v540, 0,  &_v8, _t44, __edi, _t49); // executed
				if(_v8 != 0) {
					LoadLibraryExW(E004097C8(_v8), 0, 2);
				}
				_pop(_t45);
				 *[fs:eax] = _t45;
				_push(E0040CC6D);
				E00408778( &_v540, 2);
				return E00408718( &_v8);
			}

0x0040cbb9
0x0040cbbf
0x0040cbc5
0x0040cbc8
0x0040cbcc
0x0040cbcd
0x0040cbd2
0x0040cbd5
0x0040cbe8
0x0040cbf5
0x0040cc00
0x0040cc12
0x0040cc20
0x0040cc21
0x0040cc2a
0x0040cc39
0x0040cc3e
0x0040cc42
0x0040cc45
0x0040cc48
0x0040cc58
0x0040cc65

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040CC66,?,?,00000000), ref: 0040CBE8
LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040CC66,?,?,00000000), ref: 0040CC39

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileLibraryLoadModuleName
String ID:
API String ID: 1159719554-0
Opcode ID: 089bc28a3ca392ed798634060d4a5e392bbcb1de5cf37c510dee9014eee92843
Instruction ID: c1507673094f8c5292584a269d2518184869565b67f53896f9c973a0a4d881f3
Opcode Fuzzy Hash: 089bc28a3ca392ed798634060d4a5e392bbcb1de5cf37c510dee9014eee92843
Instruction Fuzzy Hash: 8411BF70A4420CABEB10EF60CD86BDD73B8DB04704F5041BAB408B32C1DA385F80CA99

Uniqueness

Uniqueness Score: -1.00%

Function 005F77B4, Relevance: 3.0, APIs: 2, Instructions: 42
fileCOMMON

Download Yara Rule

C-Code - Quality: 60%

			E005F77B4(void* __eax, void* __edx, void* __eflags) {
				int _v8;
				char _v16;
				long _v20;
				int _t13;
				intOrPtr _t27;
				void* _t32;
				void* _t34;
				intOrPtr _t35;

				_t32 = _t34;
				_t35 = _t34 + 0xfffffff0;
				if(E005F75D0(__eax,  &_v16) != 0) {
					_push(_t32);
					_push(0x5f7811);
					_push( *[fs:eax]);
					 *[fs:eax] = _t35;
					_t13 = DeleteFileW(E004097C8(__edx)); // executed
					_v8 = _t13;
					_v20 = GetLastError();
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(E005F7818);
					return E005F760C( &_v16);
				} else {
					_v8 = 0;
					return _v8;
				}
			}

0x005f77b5
0x005f77b7
0x005f77cc
0x005f77d7
0x005f77d8
0x005f77dd
0x005f77e0
0x005f77eb
0x005f77f0
0x005f77f8
0x005f77fd
0x005f7800
0x005f7803
0x005f7810
0x005f77ce
0x005f77d0
0x005f7829
0x005f7829

APIs

DeleteFileW.KERNEL32(00000000,00000000,005F7811,?,?,?), ref: 005F77EB
GetLastError.KERNEL32(00000000,00000000,005F7811,?,?,?), ref: 005F77F3

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: DeleteErrorFileLast
String ID:
API String ID: 2018770650-0
Opcode ID: c8c68a47ac1cc9758916c78186d8e619acd25e892ea76895270dfd285e9e0383
Instruction ID: c5be9d5dccd5f71d54e1763bc96635363cbeeca49a9f4cacc6bced8bb80aa182
Opcode Fuzzy Hash: c8c68a47ac1cc9758916c78186d8e619acd25e892ea76895270dfd285e9e0383
Instruction Fuzzy Hash: FFF0C871E1830C9B9B01DFB4AC464FDBFE8FB4D750B5049B6E904D3641E6785E108694

Uniqueness

Uniqueness Score: -1.00%

Function 00428614, Relevance: 3.0, APIs: 2, Instructions: 33
libraryCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E00428614(void* __eax, void* __ebx, int __edx) {
				struct HINSTANCE__* _v12;
				int _v16;
				int _t4;
				struct HINSTANCE__* _t9;
				void* _t12;
				intOrPtr _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;

				_t18 = _t19;
				_t20 = _t19 + 0xfffffff4;
				_t12 = __eax;
				_t4 = SetErrorMode(__edx); // executed
				_v16 = _t4;
				_push(_t18);
				_push(0x428686);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				asm("fnstcw word [ebp-0x2]");
				_push(_t18);
				_push(0x428668);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				_t9 = LoadLibraryW(E004097C8(_t12)); // executed
				_v12 = _t9;
				_pop(_t16);
				 *[fs:eax] = _t16;
				_push(E0042866F);
				asm("fclex");
				asm("fldcw word [ebp-0x2]");
				return 0;
			}

0x00428615
0x00428617
0x0042861b
0x0042861e
0x00428623
0x00428628
0x00428629
0x0042862e
0x00428631
0x00428634
0x00428639
0x0042863a
0x0042863f
0x00428642
0x0042864d
0x00428652
0x00428657
0x0042865a
0x0042865d
0x00428662
0x00428664
0x00428667

APIs

SetErrorMode.KERNEL32(00008000,00000000), ref: 0042861E
LoadLibraryW.KERNEL32(00000000,00000000,00428668,?,00000000,00428686,?,00008000,00000000), ref: 0042864D

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ErrorLibraryLoadMode
String ID:
API String ID: 2987862817-0
Opcode ID: d5e3b1d848a9296e9e07c393bbab03cbbc33cf9e190c5fe95c91843cea6414ea
Instruction ID: 872fb0b1150bba30eaf2acd4e0c3a99a1078ee24a947000b27c0355be161ab5f
Opcode Fuzzy Hash: d5e3b1d848a9296e9e07c393bbab03cbbc33cf9e190c5fe95c91843cea6414ea
Instruction Fuzzy Hash: 81F02770A14744BFDB119F768C6286FBBECE70DB0079348BAF900E2A91EA3C4810C568

Uniqueness

Uniqueness Score: -1.00%

Function 005A2A3C, Relevance: 3.0, APIs: 2, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E005A2A3C(void* __eax, void* __edx, void* __eflags) {
				void* _t9;
				void* _t17;
				void* _t22;
				void* _t23;

				_t23 = __eflags;
				_t22 = __edx;
				_t17 = __eax;
				_t9 = E00409BB0( *((intOrPtr*)(__eax + 0xa4)), __edx);
				if(_t23 == 0) {
					return _t9;
				}
				if( *((char*)(_t17 + 0xc4)) != 0) {
					if( *((char*)(_t17 + 0xeb)) == 0) {
						SetWindowTextW( *(_t17 + 0x188), E004097C8(__edx));
					} else {
						SetWindowTextW( *(_t17 + 0x188), 0);
					}
				}
				_t6 = _t17 + 0xa4; // 0xa4
				return E00408AF8(_t6, _t22);
			}

0x005a2a3c
0x005a2a3f
0x005a2a41
0x005a2a4b
0x005a2a50
0x005a2a98
0x005a2a98
0x005a2a59
0x005a2a62
0x005a2a83
0x005a2a64
0x005a2a6d
0x005a2a6d
0x005a2a62
0x005a2a88
0x00000000

APIs

SetWindowTextW.USER32(?,00000000), ref: 005A2A6D
SetWindowTextW.USER32(?,00000000), ref: 005A2A83

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: 1574334cd58d1bfae140eb156388138ee46e6791cb536a634b083309ccc41a14
Instruction ID: 87b7bbc30c9c3120509c80ca470917ad52f31383b02a1aa8b2240bb91b79e5b8
Opcode Fuzzy Hash: 1574334cd58d1bfae140eb156388138ee46e6791cb536a634b083309ccc41a14
Instruction Fuzzy Hash: A3F082657001041ADB21AA5D8886BEE2A986F86754F0800BAFD049F287CFB84D418365

Uniqueness

Uniqueness Score: -1.00%

Function 00644047, Relevance: 3.0, APIs: 2, Instructions: 26
COMMON

Download Yara Rule

C-Code - Quality: 35%

			E00644047() {
				void* _t13;
				void* _t15;
				intOrPtr _t16;
				intOrPtr _t24;
				intOrPtr _t32;
				intOrPtr _t37;
				intOrPtr _t48;
				intOrPtr _t53;
				intOrPtr _t55;
				void* _t56;
				intOrPtr _t57;

				_t13 =  *0x66a7b8(0x66214c, 0x8000, 0, _t56 - 4); // executed
				if(_t13 != 0) {
					_t15 =  *0x66a7b8(0x66215c, 0x8000, 0, _t56 - 4); // executed
					if(_t15 != 0) {
						if( *0x66a6e8 == 0) {
							_t16 =  *0x66a440; // 0x0
							E005AF4EC(_t16, _t56 - 0x38);
							E00409A18(0x66a470, L"COMMAND.COM",  *((intOrPtr*)(_t56 - 0x38))); // executed
						} else {
							_t24 =  *0x66a444; // 0x0
							E005AF4EC(_t24, _t56 - 0x34);
							E00409A18(0x66a470, L"cmd.exe",  *((intOrPtr*)(_t56 - 0x34)));
						}
						E00643D50(); // executed
						_pop(_t48);
						 *[fs:eax] = _t48;
						_push(E0064415D);
						return E00408778(_t56 - 0x38, 0xd);
					} else {
						_push(_t56);
						_push(0x6440e6);
						_push( *[fs:eax]);
						 *[fs:eax] = _t57;
						E0040AC08();
						_pop(_t53);
						 *[fs:eax] = _t53;
						_push(E006440ED);
						_t32 =  *((intOrPtr*)(_t56 - 4));
						_push(_t32);
						L00437600();
						return _t32;
					}
				} else {
					_push(_t56);
					_push(0x644093);
					_push( *[fs:eax]);
					 *[fs:eax] = _t57;
					E0040AC08();
					_pop(_t55);
					 *[fs:eax] = _t55;
					_push(E0064409A);
					_t37 =  *((intOrPtr*)(_t56 - 4));
					_push(_t37);
					L00437600();
					return _t37;
				}
			}

0x00644057
0x0064405f
0x006440aa
0x006440b2
0x006440f4
0x0064411a
0x0064411f
0x00644131
0x006440f6
0x006440f9
0x006440fe
0x00644110
0x00644110
0x00644136
0x0064413d
0x00644140
0x00644143
0x00644155
0x006440b4
0x006440b6
0x006440b7
0x006440bc
0x006440bf
0x006440ca
0x006440d1
0x006440d4
0x006440d7
0x006440dc
0x006440df
0x006440e0
0x006440e5
0x006440e5
0x00644061
0x00644063
0x00644064
0x00644069
0x0064406c
0x00644077
0x0064407e
0x00644081
0x00644084
0x00644089
0x0064408c
0x0064408d
0x00644092
0x00644092

APIs

SHGetKnownFolderPath.SHELL32(0066214C,00008000,00000000,?,?,00000000,00000000,?,0064F4D6,00000006,?,00000000,0064FAA0,?,00000000,0064FB5F), ref: 00644057
CoTaskMemFree.OLE32(?,0064409A,?,00000000,00000000,?,0064F4D6,00000006,?,00000000,0064FAA0,?,00000000,0064FB5F), ref: 0064408D
SHGetKnownFolderPath.SHELL32(0066215C,00008000,00000000,?,?,00000000,00000000,?,0064F4D6,00000006,?,00000000,0064FAA0,?,00000000,0064FB5F), ref: 006440AA
CoTaskMemFree.OLE32(?,006440ED,?,00000000,00000000,?,0064F4D6,00000006,?,00000000,0064FAA0,?,00000000,0064FB5F), ref: 006440E0

Strings

\Program Files, xrefs: 00643F19
SystemDrive, xrefs: 00643E91
ProgramFilesDir, xrefs: 00643EF2, 00643F79
cmd.exe, xrefs: 0064410B
Failed to get path of 64-bit Common Files directory, xrefs: 00643FCA
CommonFilesDir, xrefs: 00643F2C, 00643FA8
COMMAND.COM, xrefs: 0064412C
Common Files, xrefs: 00643F63
Failed to get path of 64-bit Program Files directory, xrefs: 00643F9B

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FolderFreeKnownPathTask
String ID: COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
API String ID: 969438705-544719455
Opcode ID: 25d9b380559f1f38f9f2d8d7c5cc22fe36494e6ff8dae2da686b66cc1940367b
Instruction ID: 9243fc3d6630985526c81990e9de4204d1be3f140262dacf04050a6f5f87b274
Opcode Fuzzy Hash: 25d9b380559f1f38f9f2d8d7c5cc22fe36494e6ff8dae2da686b66cc1940367b
Instruction Fuzzy Hash: 84E09274308744EFE7118FA1DC23F1977A9E749F00F624471F600E2590DA759D109E14

Uniqueness

Uniqueness Score: -1.00%

Function 0064409A, Relevance: 3.0, APIs: 2, Instructions: 26
COMMON

Download Yara Rule

C-Code - Quality: 47%

			E0064409A() {
				void* _t10;
				intOrPtr _t11;
				intOrPtr _t19;
				intOrPtr _t27;
				intOrPtr _t36;
				intOrPtr _t41;
				void* _t42;
				intOrPtr _t43;

				_t10 =  *0x66a7b8(0x66215c, 0x8000, 0, _t42 - 4); // executed
				if(_t10 != 0) {
					if( *0x66a6e8 == 0) {
						_t11 =  *0x66a440; // 0x0
						E005AF4EC(_t11, _t42 - 0x38);
						E00409A18(0x66a470, L"COMMAND.COM",  *((intOrPtr*)(_t42 - 0x38))); // executed
					} else {
						_t19 =  *0x66a444; // 0x0
						E005AF4EC(_t19, _t42 - 0x34);
						E00409A18(0x66a470, L"cmd.exe",  *((intOrPtr*)(_t42 - 0x34)));
					}
					E00643D50(); // executed
					_pop(_t36);
					 *[fs:eax] = _t36;
					_push(E0064415D);
					return E00408778(_t42 - 0x38, 0xd);
				} else {
					_push(_t42);
					_push(0x6440e6);
					_push( *[fs:eax]);
					 *[fs:eax] = _t43;
					E0040AC08();
					_pop(_t41);
					 *[fs:eax] = _t41;
					_push(E006440ED);
					_t27 =  *((intOrPtr*)(_t42 - 4));
					_push(_t27);
					L00437600();
					return _t27;
				}
			}

0x006440aa
0x006440b2
0x006440f4
0x0064411a
0x0064411f
0x00644131
0x006440f6
0x006440f9
0x006440fe
0x00644110
0x00644110
0x00644136
0x0064413d
0x00644140
0x00644143
0x00644155
0x006440b4
0x006440b6
0x006440b7
0x006440bc
0x006440bf
0x006440ca
0x006440d1
0x006440d4
0x006440d7
0x006440dc
0x006440df
0x006440e0
0x006440e5
0x006440e5

APIs

SHGetKnownFolderPath.SHELL32(0066215C,00008000,00000000,?,?,00000000,00000000,?,0064F4D6,00000006,?,00000000,0064FAA0,?,00000000,0064FB5F), ref: 006440AA
CoTaskMemFree.OLE32(?,006440ED,?,00000000,00000000,?,0064F4D6,00000006,?,00000000,0064FAA0,?,00000000,0064FB5F), ref: 006440E0

Strings

\Program Files, xrefs: 00643F19
SystemDrive, xrefs: 00643E91
ProgramFilesDir, xrefs: 00643EF2, 00643F79
cmd.exe, xrefs: 0064410B
Failed to get path of 64-bit Common Files directory, xrefs: 00643FCA
CommonFilesDir, xrefs: 00643F2C, 00643FA8
COMMAND.COM, xrefs: 0064412C
Common Files, xrefs: 00643F63
Failed to get path of 64-bit Program Files directory, xrefs: 00643F9B

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FolderFreeKnownPathTask
String ID: COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
API String ID: 969438705-544719455
Opcode ID: 31e0886dd73c8cfe132df01fe102c2b578e0d0f3867217097e3641b1246f3788
Instruction ID: d6bfc1399b7bb61b74e35531a27f988a42c1a2fdb79135f8c02700809b70046a
Opcode Fuzzy Hash: 31e0886dd73c8cfe132df01fe102c2b578e0d0f3867217097e3641b1246f3788
Instruction Fuzzy Hash: CEE09278308704AFEB218FA19C63F1977A9EB49F04F728461F600E2680DA74AD209A14

Uniqueness

Uniqueness Score: -1.00%

Function 00473458, Relevance: 3.0, APIs: 2, Instructions: 16
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00473458(struct HWND__* __eax) {
				int _t3;
				struct HWND__* _t7;

				_t7 = __eax;
				_t6 = GetWindowLongW(__eax, 0xfffffffc);
				_t3 = DestroyWindow(_t7); // executed
				if(_t2 != L00412548) {
					return E004732A0(_t6);
				}
				return _t3;
			}

0x0047345a
0x00473464
0x00473467
0x00473472
0x00000000
0x00473476
0x0047347d

APIs

GetWindowLongW.USER32(00000000,000000FC), ref: 0047345F
DestroyWindow.USER32(00000000,00000000,000000FC,?,?,00600846,00650597), ref: 00473467

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Window$DestroyLong
String ID:
API String ID: 2871862000-0
Opcode ID: a6238ebc7994bc13366865bb33a2b8ab27504cbdcee5dfa3b2ed5f021b8132b6
Instruction ID: 00e4ae948fb2d4b6653c5e19d822994a32df827985aa3b1afb281595f43e4878
Opcode Fuzzy Hash: a6238ebc7994bc13366865bb33a2b8ab27504cbdcee5dfa3b2ed5f021b8132b6
Instruction Fuzzy Hash: 23C08CA121293036162139793DC28FF048C8C023BA360837BF810D62A3EB8C0EA112AE

Uniqueness

Uniqueness Score: -1.00%

Function 004080A8, Relevance: 1.5, APIs: 1, Instructions: 38COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(00000000,004080F6,?,0065D000,00665B9C,?,?,004084F9,?,?,?,00408582,0040559F,004055E6,?,?), ref: 004080E6

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: a3059cc467ec2211beae097a713497780643c3ca1421ce62e0c863619417ac9a
Instruction ID: b26063bff8ae7ed81ccab5a0a26e839ba4117e5e68488349c669fb000dc31ff6
Opcode Fuzzy Hash: a3059cc467ec2211beae097a713497780643c3ca1421ce62e0c863619417ac9a
Instruction Fuzzy Hash: 23F02431200B11DFE3314F0AAE91A13BB9CFF48760B52803FE884A7690CEB4AC04C964

Uniqueness

Uniqueness Score: -1.00%

Function 00420D48, Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,C0000000,00000004,00000000,00000004,00000080,00000000,?,?,0043F138,00464985,00000000,00464A70,?,?,0043F138), ref: 00420D91

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 2146cffba5c050a79a3375ae03716156730b6db278a03eb02ce047625cf6ac4b
Instruction ID: 801b47ba0d209624affc9bed320ebd6e8138c8edeae5bbff7701f7febfcea096
Opcode Fuzzy Hash: 2146cffba5c050a79a3375ae03716156730b6db278a03eb02ce047625cf6ac4b
Instruction Fuzzy Hash: 23E048F3B505246AF3206ADDDC81F97514D87417B6F450236FB54DB3D1C155DC0142E8

Uniqueness

Uniqueness Score: -1.00%

Function 005B1AE4, Relevance: 1.5, APIs: 1, Instructions: 28
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E005B1AE4(long __eax, void* __edx) {
				short _v2052;
				signed int _t7;
				void* _t10;
				signed int _t16;
				void* _t17;

				_t10 = __edx;
				_t7 = FormatMessageW(0x3200, 0, __eax, 0,  &_v2052, 0x400, 0); // executed
				while(_t7 > 0) {
					_t16 =  *(_t17 + _t7 * 2 - 2) & 0x0000ffff;
					if(_t16 <= 0x20) {
						L1:
						_t7 = _t7 - 1;
						__eflags = _t7;
						continue;
					} else {
						_t20 = _t16 - 0x2e;
						if(_t16 == 0x2e) {
							goto L1;
						}
					}
					break;
				}
				return E004088A0(_t10, _t7, _t17, _t20);
			}

0x005b1aeb
0x005b1b03
0x005b1b0b
0x005b1b0f
0x005b1b18
0x005b1b0a
0x005b1b0a
0x005b1b0a
0x00000000
0x005b1b1a
0x005b1b1a
0x005b1b1e
0x00000000
0x00000000
0x005b1b1e
0x00000000
0x005b1b18
0x005b1b31

APIs

FormatMessageW.KERNEL32(00003200,00000000,00000000,00000000,?,00000400,00000000,00000000,005B69BE,00000000,005B6A0F,?,005B6BF0), ref: 005B1B03

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: bbaf13cda56ce00c4f2125be2689388c496ffd2514c9a4bebf3d94c09a388430
Instruction ID: aec9d87e5393e3c20403a78f56c0afe3d46cdc417172289312e19da5ec9f40b7
Opcode Fuzzy Hash: bbaf13cda56ce00c4f2125be2689388c496ffd2514c9a4bebf3d94c09a388430
Instruction Fuzzy Hash: 3AE0207175470111F37425241C63BF6140AB7C0B01FE08839B6408D2D5FAADBC55C39E

Uniqueness

Uniqueness Score: -1.00%

Function 005AFD70, Relevance: 1.5, APIs: 1, Instructions: 27
COMMON

Download Yara Rule

C-Code - Quality: 31%

			E005AFD70(void* __eax, void* __ebx, void* __ecx, void* __eflags) {
				char _v8;
				intOrPtr _t21;
				intOrPtr _t24;

				_push(0);
				_push(_t24);
				_push(0x5afdb6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t24;
				E005AFCC4(__eax, __ecx,  &_v8, __eflags);
				GetFileAttributesW(E004097C8(_v8)); // executed
				_pop(_t21);
				 *[fs:eax] = _t21;
				_push(E005AFDBD);
				return E00408718( &_v8);
			}

0x005afd73
0x005afd7a
0x005afd7b
0x005afd80
0x005afd83
0x005afd8b
0x005afd99
0x005afda2
0x005afda5
0x005afda8
0x005afdb5

APIs

GetFileAttributesW.KERNEL32(00000000,00000000,005AFDB6,?,00000000,00000000,?,005AFE06,00000000,005F78D1,00000000,005F78F2,?,00000000,00000000,00000000), ref: 005AFD99

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: a05fdeb84840b2ec6e2864b26afae9859b699676754e840ed3cc2ed0138f2d79
Instruction ID: 19bc2fc9c6b48b42c57bedb25a3b0d15a1e8ddeffd1e5c4d9d3c2fbfd1eaf25a
Opcode Fuzzy Hash: a05fdeb84840b2ec6e2864b26afae9859b699676754e840ed3cc2ed0138f2d79
Instruction Fuzzy Hash: B1E09232304304ABD711EFA6DC5398DBBECE78A704B9148B6F900E3692D6786E008614

Uniqueness

Uniqueness Score: -1.00%

Function 0040B920, Relevance: 1.5, APIs: 1, Instructions: 26
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040B920(void* __eax) {
				short _v532;
				void* __ebx;
				void* __esi;
				intOrPtr _t14;
				void* _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t16 = __eax;
				_t22 =  *((intOrPtr*)(__eax + 0x10));
				if( *((intOrPtr*)(__eax + 0x10)) == 0) {
					GetModuleFileNameW( *(__eax + 4),  &_v532, 0x20a);
					_t14 = E0040CBAC(_t21, _t16, _t18, _t19, _t22); // executed
					_t20 = _t14;
					 *((intOrPtr*)(_t16 + 0x10)) = _t20;
					if(_t20 == 0) {
						 *((intOrPtr*)(_t16 + 0x10)) =  *((intOrPtr*)(_t16 + 4));
					}
				}
				return  *((intOrPtr*)(_t16 + 0x10));
			}

0x0040b928
0x0040b92a
0x0040b92e
0x0040b93e
0x0040b947
0x0040b94c
0x0040b94e
0x0040b953
0x0040b958
0x0040b958
0x0040b953
0x0040b966

APIs

GetModuleFileNameW.KERNEL32(?,?,0000020A), ref: 0040B93E

Part of subcall function 0040CBAC: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040CC66,?,?,00000000), ref: 0040CBE8
Part of subcall function 0040CBAC: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040CC66,?,?,00000000), ref: 0040CC39

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileModuleName$LibraryLoad
String ID:
API String ID: 4113206344-0
Opcode ID: 92830e843a0290b8fb819179a769738ed0c8430f51dc52ce8e13e1d58c902946
Instruction ID: b028abd3538c11208bb69536d004979ed80801884fb39c7b18fc8ecc13332f26
Opcode Fuzzy Hash: 92830e843a0290b8fb819179a769738ed0c8430f51dc52ce8e13e1d58c902946
Instruction Fuzzy Hash: DDE0EDB1A403109BCB10DF58C8C5A473BE8AB08754F044A66ED68DF386D375DD1087D5

Uniqueness

Uniqueness Score: -1.00%

Function 005AFE0C, Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E005AFE0C(void* __eax) {
				signed char _t7;

				_t7 = GetFileAttributesW(E004097C8(__eax)); // executed
				if(_t7 == 0xffffffff || (_t7 & 0x00000010) == 0 || (_t7 & 0x00000004) != 0) {
					return 0;
				} else {
					return 1;
				}
			}

0x005afe17
0x005afe1f
0x005afe2d
0x005afe2e
0x005afe31
0x005afe31

APIs

GetFileAttributesW.KERNEL32(00000000,?,005F7B05,00000000,005F7B1E,?,?,00000000), ref: 005AFE17

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 9b419029094296405285125023dced8ce083283a444f27990477ee8072d0411e
Instruction ID: 52782b71e7904e43b9c2d0fc7a7f70dcffcb99dae2f09c68c5f019cb472e82bd
Opcode Fuzzy Hash: 9b419029094296405285125023dced8ce083283a444f27990477ee8072d0411e
Instruction Fuzzy Hash: 15D012A162120106EED455FD18C539D058C1B56725B242B36F664D21F3F23998635115

Uniqueness

Uniqueness Score: -1.00%

Function 0042866F, Relevance: 1.5, APIs: 1, Instructions: 10
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E0042866F() {
				int _t4;
				intOrPtr _t7;
				void* _t8;

				_pop(_t7);
				 *[fs:eax] = _t7;
				_push(E0042868D);
				_t4 = SetErrorMode( *(_t8 - 0xc)); // executed
				return _t4;
			}

0x00428671
0x00428674
0x00428677
0x00428680
0x00428685

APIs

SetErrorMode.KERNEL32(?,0042868D), ref: 00428680

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: ba97efd986a46e1cc0f21bbbcad3d5e9a0f9c455d214339663f347bdb12e3e8c
Instruction ID: 696cc173350d5948746636284ada699740c3da0e40302307c28099bcb0f56c81
Opcode Fuzzy Hash: ba97efd986a46e1cc0f21bbbcad3d5e9a0f9c455d214339663f347bdb12e3e8c
Instruction Fuzzy Hash: 77B09B7670C2145EAF05DBA5791155C67D4D7C87107E1446BF114C3540D97C54148528

Uniqueness

Uniqueness Score: -1.00%

Function 006449EC, Relevance: 1.5, APIs: 1, Instructions: 10
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E006449EC() {
				struct HINSTANCE__* _t2;

				 *0x66a7b4 = 0;
				if( *0x66a7b0 != 0) {
					_t2 =  *0x66a7b0; // 0x0
					FreeLibrary(_t2); // executed
					 *0x66a7b0 = 0;
					return 0;
				}
				return 0;
			}

0x006449ee
0x006449fa
0x006449fc
0x00644a02
0x00644a09
0x00000000
0x00644a09
0x00644a0e

APIs

FreeLibrary.KERNEL32(00000000,00650648,00000000,00650657,?,?,?,?,?,0065113B), ref: 00644A02

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: b82fb868e2629ae6d483b6bb66222b5444ca5aad11b3bf1d59ad43fdb4eda30f
Instruction ID: f826450fd0464b3b12388892905eeac1fbc4789c1e5dbabc5088b99e7809f093
Opcode Fuzzy Hash: b82fb868e2629ae6d483b6bb66222b5444ca5aad11b3bf1d59ad43fdb4eda30f
Instruction Fuzzy Hash: 8AC002F85152908ED750DFB9AE297513AF6F748305F042A29E104E2264E7B89481DF06

Uniqueness

Uniqueness Score: -1.00%

Function 0040E56C, Relevance: 1.5, APIs: 1, Instructions: 6
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040E56C() {
				intOrPtr _v16;
				struct _SYSTEM_INFO* _t3;

				GetSystemInfo(_t3); // executed
				return _v16;
			}

0x0040e570
0x0040e57c

APIs

GetSystemInfo.KERNEL32 ref: 0040E570

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 899fa9c962831e78d20aa585cacba709b3b6a16b28d6df11c32fd39be051b51c
Instruction ID: 47ab257af6e364695ea890f9b43c82e37ccfc4e8ddd737aab863078b62403aa0
Opcode Fuzzy Hash: 899fa9c962831e78d20aa585cacba709b3b6a16b28d6df11c32fd39be051b51c
Instruction Fuzzy Hash: 0DA012108084001AC404BB194C4340F39C45941514FC40264745CB56C2E61A866403DB

Uniqueness

Uniqueness Score: -1.00%

Function 00473208, Relevance: 1.3, APIs: 1, Instructions: 52
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00473208(intOrPtr _a4, intOrPtr _a8) {
				void* __ebx;
				void* _t14;
				void _t15;
				void* _t24;
				intOrPtr _t25;
				char* _t26;
				void* _t35;

				if( *0x668ff4 == 0) {
					_t14 = VirtualAlloc(0, 0x1000, 0x1000, 0x40); // executed
					_t35 = _t14;
					_t15 =  *0x668ff0; // 0x0
					 *_t35 = _t15;
					_t1 = _t35 + 4; // 0x4
					E004056D0(0x65f684, _t24, 2, _t1);
					_t2 = _t35 + 5; // 0x5
					 *((intOrPtr*)(_t35 + 6)) = E00473200(_t2, 0x4731e0);
					_t4 = _t35 + 0xa; // 0xa
					_t26 = _t4;
					do {
						 *_t26 = 0xe8;
						_t5 = _t35 + 4; // 0x4
						 *((intOrPtr*)(_t26 + 1)) = E00473200(_t26, _t5);
						 *((intOrPtr*)(_t26 + 5)) =  *0x668ff4;
						 *0x668ff4 = _t26;
						_t26 = _t26 + 0xd;
					} while (_t26 - _t35 < 0xffc);
					 *0x668ff0 = _t35;
				}
				_t25 =  *0x668ff4;
				 *0x668ff4 =  *((intOrPtr*)(_t25 + 5));
				 *((intOrPtr*)(_t25 + 5)) = _a4;
				 *((intOrPtr*)(_t25 + 9)) = _a8;
				return  *0x668ff4;
			}

0x00473216
0x00473226
0x0047322b
0x0047322d
0x00473232
0x00473234
0x00473241
0x0047324b
0x00473253
0x00473256
0x00473256
0x00473259
0x00473259
0x0047325c
0x00473266
0x0047326b
0x0047326e
0x00473270
0x00473277
0x0047327e
0x0047327e
0x00473286
0x0047328b
0x00473290
0x00473296
0x0047329d

APIs

VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,0066A29C,00000000,00000000,?,0047343F,00000000,00000B06,00000000,?,00000000,00000000,00000000), ref: 00473226

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 7ad627d080a8b61de6596cce7f39c0339b44cb1329ec818201bfafad18795cc1
Instruction ID: 582b7ed549c4519ab5a6e3f22a78895f2327a1349a2f33f73794dbf81f8df034
Opcode Fuzzy Hash: 7ad627d080a8b61de6596cce7f39c0339b44cb1329ec818201bfafad18795cc1
Instruction Fuzzy Hash: 1B114C742403059FD710DF29C881B82FBE5EB98391F10C57AE9589B386D7B4E9048BA5

Uniqueness

Uniqueness Score: -1.00%

Function 00403C6C, Relevance: 1.3, APIs: 1, Instructions: 41
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403C6C(signed int __eax) {
				void* _t4;
				intOrPtr _t7;
				signed int _t8;
				void** _t10;
				void* _t12;
				void* _t14;

				_t8 = __eax;
				E00403C00(__eax);
				_t4 = VirtualAlloc(0, 0x13fff0, 0x1000, 4); // executed
				if(_t4 == 0) {
					 *0x663af4 = 0;
					return 0;
				} else {
					_t10 =  *0x663ae0; // 0x663adc
					_t14 = _t4;
					 *_t14 = 0x663adc;
					 *0x663ae0 = _t4;
					 *(_t14 + 4) = _t10;
					 *_t10 = _t4;
					_t12 = _t14 + 0x13fff0;
					 *((intOrPtr*)(_t12 - 4)) = 2;
					 *0x663af4 = 0x13ffe0 - _t8;
					_t7 = _t12 - _t8;
					 *0x663af0 = _t7;
					 *(_t7 - 4) = _t8 | 0x00000002;
					return _t7;
				}
			}

0x00403c6e
0x00403c70
0x00403c83
0x00403c8a
0x00403cdc
0x00403ce5
0x00403c8c
0x00403c8c
0x00403c92
0x00403c94
0x00403c9a
0x00403c9f
0x00403ca2
0x00403ca6
0x00403cb1
0x00403cbe
0x00403cc6
0x00403cc8
0x00403cd5
0x00403cd9
0x00403cd9

APIs

VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,000001A3,00404283,000000FF,00404828,00000000,0040D55F,00000000,0040DA6D,00000000,0040DD2F,00000000), ref: 00403C83

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: d39b22df79555fe4438253863038b616525278bed3867586134d7713ba648576
Instruction ID: f9c7199d2a20b3d4535cb586bdcc75df61911083c239a6e183f6db4c37c8fba7
Opcode Fuzzy Hash: d39b22df79555fe4438253863038b616525278bed3867586134d7713ba648576
Instruction Fuzzy Hash: EBF0A9F2B003214FE714DFB89E41702BBEAE748355F11427EE989EB798D7B09901A784

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0061A76C, Relevance: 40.4, APIs: 11, Strings: 12, Instructions: 187
pipeprocessfileCOMMON

Download Yara Rule

C-Code - Quality: 82%

			E0061A76C(void* __eax, void* __ebx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				char _v12;
				char _v16;
				void* _v20;
				void* _v24;
				long _v28;
				struct _STARTUPINFOW _v96;
				struct _PROCESS_INFORMATION _v112;
				char _v116;
				long _v120;
				char _v124;
				long _v128;
				char _v132;
				intOrPtr _v136;
				char _v140;
				intOrPtr _v144;
				char _v148;
				char _v152;
				char _v156;
				char _v160;
				char _v164;
				void* _v168;
				char _v172;
				char _v176;
				char _v180;
				char _v184;
				char* _t62;
				WCHAR* _t91;
				WCHAR* _t97;
				intOrPtr _t98;
				void* _t127;
				intOrPtr _t139;
				struct _FILETIME* _t141;
				void* _t145;
				void* _t146;
				intOrPtr _t147;

				_t145 = _t146;
				_t147 = _t146 + 0xffffff4c;
				_v156 = 0;
				_v160 = 0;
				_v16 = 0;
				_t127 = __eax;
				_t141 =  &_v12;
				_push(_t145);
				_push(0x61aa67);
				_push( *[fs:eax]);
				 *[fs:eax] = _t147;
				E006013D8(L"Starting 64-bit helper process.", __eax, _t141, 0x66a320);
				_t62 =  *0x662348; // 0x66a6e9
				if( *_t62 == 0) {
					E005F8384(L"Cannot utilize 64-bit features on this version of Windows", _t127);
				}
				if( *0x66a31c == 0) {
					E005F8384(L"64-bit helper EXE wasn\'t extracted", _t127);
				}
				while(1) {
					 *0x66a320 =  *0x66a320 + 1;
					 *((intOrPtr*)(_t127 + 0x14)) = GetTickCount();
					if(QueryPerformanceCounter(_t141) == 0) {
						GetSystemTimeAsFileTime(_t141);
					}
					_v152 = GetCurrentProcessId();
					_v148 = 0;
					_v144 =  *0x66a320;
					_v140 = 0;
					_v136 =  *((intOrPtr*)(_t127 + 0x14));
					_v132 = 0;
					_v128 = _t141->dwHighDateTime;
					_v124 = 0;
					_v120 = _t141->dwLowDateTime;
					_v116 = 0;
					E00421A6C(L"\\\\.\\pipe\\InnoSetup64BitHelper-%.8x-%.8x-%.8x-%.8x%.8x", 4,  &_v152,  &_v16);
					_v20 = CreateNamedPipeW(E004097C8(_v16), 0x40080003, 6, 1, 0x2000, 0x2000, 0, 0);
					if(_v20 != 0xffffffff) {
						break;
					}
					if(GetLastError() != 0xe7) {
						E005F84D8(L"CreateNamedPipe");
					}
				}
				_push(_t145);
				_push(0x61aa23);
				_push( *[fs:eax]);
				 *[fs:eax] = _t147;
				_v24 = CreateFileW(E004097C8(_v16), 0xc0000000, 0, 0x661f70, 3, 0, 0);
				if(_v24 == 0xffffffff) {
					E005F84D8(L"CreateFile");
				}
				_push(_t145);
				_push(0x61aa12);
				_push( *[fs:eax]);
				 *[fs:eax] = _t147;
				_v28 = 2;
				if(SetNamedPipeHandleState(_v24,  &_v28, 0, 0) == 0) {
					E005F84D8(L"SetNamedPipeHandleState");
				}
				E00405CE4( &_v96, 0x44);
				_v96.cb = 0x44;
				E005B09C4( &_v156);
				_t91 = E004097C8(_v156);
				_v176 = 0x69;
				_v172 = 0;
				_v168 = _v24;
				_v164 = 0;
				E00421A6C(L"helper %d 0x%x", 1,  &_v176,  &_v160);
				_t97 = E004097C8(_v160);
				_t98 =  *0x66a31c; // 0x0
				if(CreateProcessW(E004097C8(_t98), _t97, 0, 0, 0xffffffff, 0xc000000, 0, _t91,  &_v96,  &_v112) == 0) {
					E005F84D8(L"CreateProcess");
				}
				 *((char*)(_t127 + 4)) = 1;
				 *((char*)(_t127 + 5)) = 0;
				 *(_t127 + 8) = _v112.hProcess;
				 *((intOrPtr*)(_t127 + 0x10)) = _v112.dwProcessId;
				 *((intOrPtr*)(_t127 + 0xc)) = _v20;
				_v20 = 0;
				CloseHandle(_v112.hThread);
				_v184 =  *((intOrPtr*)(_t127 + 0x10));
				_v180 = 0;
				E0060165C(L"Helper process PID: %u", _t127, 0,  &_v184, _t141, 0x66a320);
				_pop(_t139);
				 *[fs:eax] = _t139;
				_push(E0061AA19);
				return CloseHandle(_v24);
			}

0x0061a76d
0x0061a76f
0x0061a77a
0x0061a780
0x0061a786
0x0061a789
0x0061a790
0x0061a795
0x0061a796
0x0061a79b
0x0061a79e
0x0061a7a6
0x0061a7ab
0x0061a7b3
0x0061a7ba
0x0061a7ba
0x0061a7c6
0x0061a7cd
0x0061a7cd
0x0061a7d2
0x0061a7d2
0x0061a7d9
0x0061a7e4
0x0061a7e7
0x0061a7e7
0x0061a7f5
0x0061a7fb
0x0061a804
0x0061a80a
0x0061a814
0x0061a81a
0x0061a821
0x0061a824
0x0061a82a
0x0061a82d
0x0061a841
0x0061a86b
0x0061a872
0x00000000
0x00000000
0x0061a87e
0x0061a889
0x0061a889
0x0061a87e
0x0061a895
0x0061a896
0x0061a89b
0x0061a89e
0x0061a8c1
0x0061a8c8
0x0061a8cf
0x0061a8cf
0x0061a8d6
0x0061a8d7
0x0061a8dc
0x0061a8df
0x0061a8e2
0x0061a8fc
0x0061a903
0x0061a903
0x0061a912
0x0061a917
0x0061a92c
0x0061a937
0x0061a951
0x0061a95b
0x0061a965
0x0061a96b
0x0061a982
0x0061a98d
0x0061a993
0x0061a9a5
0x0061a9ac
0x0061a9ac
0x0061a9b1
0x0061a9b5
0x0061a9bc
0x0061a9c2
0x0061a9c8
0x0061a9cd
0x0061a9d4
0x0061a9dc
0x0061a9e2
0x0061a9f6
0x0061a9fd
0x0061aa00
0x0061aa03
0x0061aa11

APIs

GetTickCount.KERNEL32 ref: 0061A7D4
QueryPerformanceCounter.KERNEL32(00000000,00000000,0061AA67,?,?,00000000,00000000,?,0061B466,?,00000000,00000000), ref: 0061A7DD
GetSystemTimeAsFileTime.KERNEL32(00000000,00000000,00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 0061A7E7
GetCurrentProcessId.KERNEL32(?,00000000,00000000,0061AA67,?,?,00000000,00000000,?,0061B466,?,00000000,00000000), ref: 0061A7F0
CreateNamedPipeW.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 0061A866
GetLastError.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 0061A874
CreateFileW.KERNEL32(00000000,C0000000,00000000,00661F70,00000003,00000000,00000000,00000000,0061AA23,?,00000000,40080003,00000006,00000001,00002000,00002000), ref: 0061A8BC
SetNamedPipeHandleState.KERNEL32(000000FF,00000002,00000000,00000000,00000000,0061AA12,?,00000000,C0000000,00000000,00661F70,00000003,00000000,00000000,00000000,0061AA23), ref: 0061A8F5

Part of subcall function 005B09C4: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005B09D7

CreateProcessW.KERNEL32 ref: 0061A99E
CloseHandle.KERNEL32(?,00000000,00000000,?,00000000,00000000,000000FF,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000), ref: 0061A9D4
CloseHandle.KERNEL32(000000FF,0061AA19,?,00000000,00000000,000000FF,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 0061AA0C

Part of subcall function 005F84D8: GetLastError.KERNEL32(00000000,005F91EE,00000005,00000000,005F9216,?,?,0066978C,?,00000000,00000000,00000000,?,00650A7F,00000000,00650A9A), ref: 005F84DB

Strings

\\.\pipe\InnoSetup64BitHelper-%.8x-%.8x-%.8x-%.8x%.8x, xrefs: 0061A83C
D, xrefs: 0061A917
CreateFile, xrefs: 0061A8CA
helper %d 0x%x, xrefs: 0061A97D
Cannot utilize 64-bit features on this version of Windows, xrefs: 0061A7B5
i, xrefs: 0061A951
64-bit helper EXE wasn't extracted, xrefs: 0061A7C8
SetNamedPipeHandleState, xrefs: 0061A8FE
Starting 64-bit helper process., xrefs: 0061A7A1
Helper process PID: %u, xrefs: 0061A9F1
CreateNamedPipe, xrefs: 0061A884
CreateProcess, xrefs: 0061A9A7

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CreateHandle$CloseErrorFileLastNamedPipeProcessSystemTime$CountCounterCurrentDirectoryPerformanceQueryStateTick
String ID: 64-bit helper EXE wasn't extracted$Cannot utilize 64-bit features on this version of Windows$CreateFile$CreateNamedPipe$CreateProcess$D$Helper process PID: %u$SetNamedPipeHandleState$Starting 64-bit helper process.$\\.\pipe\InnoSetup64BitHelper-%.8x-%.8x-%.8x-%.8x%.8x$helper %d 0x%x$i
API String ID: 770386003-3271284199
Opcode ID: 73577d1e683e6f522f1f8cd3d633bacdca8338b8327ae8eb0163b0f6a9d259c5
Instruction ID: 3503b57a197a75d7cee75c72a57885d42cb6c05f4df10585553db908d6458071
Opcode Fuzzy Hash: 73577d1e683e6f522f1f8cd3d633bacdca8338b8327ae8eb0163b0f6a9d259c5
Instruction Fuzzy Hash: 94713270A003499FEB10DFA9CC45BEEBBF5AB05704F1445A9F508EB392D7749980CB66

Uniqueness

Uniqueness Score: -1.00%

Function 0063DDA4, Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 93
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E0063DDA4(void* __eax, void* __ebx, DWORD* __ecx, void* __edx, void* __esi, void* __eflags, void* __fp0) {
				char _v8;
				char _v12;
				DWORD* _v16;
				struct _SHELLEXECUTEINFOW _v76;
				long _t41;
				intOrPtr _t69;
				void* _t71;
				void* _t73;
				void* _t74;
				intOrPtr _t75;

				_t73 = _t74;
				_t75 = _t74 + 0xffffffb8;
				_v8 = 0;
				_v12 = 0;
				_v16 = __ecx;
				_t71 = __edx;
				_t60 = __eax;
				_push(_t73);
				_push(0x63def3);
				 *[fs:eax] = _t75;
				E0063DBC0(__eax,  &_v8,  *[fs:eax]);
				E0063DCD0( &_v12, _t60, _t71);
				E00405CE4( &_v76, 0x3c);
				_v76.cbSize = 0x3c;
				_v76.fMask = 0x800540;
				_v76.lpVerb = L"runas";
				_v76.lpFile = E004097C8(_v8);
				_v76.lpParameters = E004097C8(_t71);
				_v76.lpDirectory = E004097C8(_v12);
				_v76.nShow = 1;
				if(ShellExecuteExW( &_v76) == 0) {
					if(GetLastError() == 0x4c7) {
						E00426460();
					}
					E005F84D8(L"ShellExecuteEx");
				}
				if(_v76.hProcess == 0) {
					E005F8384(L"ShellExecuteEx returned hProcess=0", _t60);
				}
				_push(_t73);
				_push(0x63ded1);
				_push( *[fs:edx]);
				 *[fs:edx] = _t75;
				do {
					E0063D8CC();
					_t41 = MsgWaitForMultipleObjects(1,  &(_v76.hProcess), 0, 0xffffffff, 0x4ff);
				} while (_t41 == 1);
				if(_t41 == 0xffffffff) {
					E005F84D8(L"MsgWaitForMultipleObjects");
				}
				E0063D8CC();
				if(GetExitCodeProcess(_v76.hProcess, _v16) == 0) {
					E005F84D8(L"GetExitCodeProcess");
				}
				_pop(_t69);
				 *[fs:eax] = _t69;
				_push(E0063DED8);
				return CloseHandle(_v76.hProcess);
			}

0x0063dda5
0x0063dda7
0x0063ddae
0x0063ddb1
0x0063ddb4
0x0063ddb7
0x0063ddb9
0x0063ddbd
0x0063ddbe
0x0063ddc6
0x0063ddce
0x0063ddd6
0x0063dde5
0x0063ddea
0x0063ddf1
0x0063ddfd
0x0063de08
0x0063de12
0x0063de1d
0x0063de20
0x0063de32
0x0063de3e
0x0063de40
0x0063de40
0x0063de4a
0x0063de4a
0x0063de53
0x0063de5a
0x0063de5a
0x0063de61
0x0063de62
0x0063de67
0x0063de6a
0x0063de6d
0x0063de6d
0x0063de81
0x0063de86
0x0063de8e
0x0063de95
0x0063de95
0x0063de9a
0x0063deae
0x0063deb5
0x0063deb5
0x0063debc
0x0063debf
0x0063dec2
0x0063ded0

APIs

Part of subcall function 0063DBC0: GetModuleHandleW.KERNEL32(kernel32.dll,GetFinalPathNameByHandleW), ref: 0063DBEC
Part of subcall function 0063DBC0: GetFileAttributesW.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleW), ref: 0063DC05
Part of subcall function 0063DBC0: CreateFileW.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleW), ref: 0063DC2F
Part of subcall function 0063DBC0: CloseHandle.KERNEL32(00000000), ref: 0063DC4D

Part of subcall function 0063DCD0: GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,0063DD61,?,00000097,00000000,?,0063DDDB,00000000,0063DEF3,?,?,00000001), ref: 0063DCFF

ShellExecuteExW.SHELL32(0000003C), ref: 0063DE2B
GetLastError.KERNEL32(0000003C,00000000,0063DEF3,?,?,00000001), ref: 0063DE34
MsgWaitForMultipleObjects.USER32 ref: 0063DE81
GetExitCodeProcess.KERNEL32 ref: 0063DEA7
CloseHandle.KERNEL32(00000000,0063DED8,00000000,00000000,000000FF,000004FF,00000000,0063DED1,?,0000003C,00000000,0063DEF3,?,?,00000001), ref: 0063DECB

Strings

ShellExecuteEx returned hProcess=0, xrefs: 0063DE55
<, xrefs: 0063DDEA
runas, xrefs: 0063DDF8
MsgWaitForMultipleObjects, xrefs: 0063DE90
GetExitCodeProcess, xrefs: 0063DEB0
ShellExecuteEx, xrefs: 0063DE45

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Handle$CloseFile$AttributesCodeCreateCurrentDirectoryErrorExecuteExitLastModuleMultipleObjectsProcessShellWait
String ID: <$GetExitCodeProcess$MsgWaitForMultipleObjects$ShellExecuteEx$ShellExecuteEx returned hProcess=0$runas
API String ID: 254331816-221126205
Opcode ID: 3182ca36d358ceb3cfef32632a8f657de9972ff209af2b475b5fcdfdee7f36cf
Instruction ID: 19f62c8c6b26142c15b7ccd5ce8ac2d9ded865074aa3ecb0be12b35c3f976091
Opcode Fuzzy Hash: 3182ca36d358ceb3cfef32632a8f657de9972ff209af2b475b5fcdfdee7f36cf
Instruction Fuzzy Hash: 69317671E002099FDB10EFA9E8826EDBAB9FF44704F50057DF514E7391DB7499408B95

Uniqueness

Uniqueness Score: -1.00%

Function 0040C2A0, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140
stringlibraryfileCOMMON

Download Yara Rule

C-Code - Quality: 78%

			E0040C2A0(short* __eax, intOrPtr __edx) {
				short* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v20;
				struct _WIN32_FIND_DATAW _v612;
				short _v1134;
				signed int _t50;
				signed int _t51;
				void* _t55;
				signed int _t88;
				signed int _t89;
				intOrPtr* _t90;
				signed int _t101;
				signed int _t102;
				short* _t112;
				struct HINSTANCE__* _t113;
				short* _t115;
				short* _t116;
				void* _t117;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_t113 = GetModuleHandleW(L"kernel32.dll");
				if(_t113 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_t115 = _v8 + 4;
						goto L10;
					} else {
						if( *((short*)(_v8 + 2)) == 0x5c) {
							_t116 = E0040C27C(_v8 + 4);
							if( *_t116 != 0) {
								_t14 = _t116 + 2; // 0x2
								_t115 = E0040C27C(_t14);
								if( *_t115 != 0) {
									L10:
									_t88 = _t115 - _v8;
									_t89 = _t88 >> 1;
									if(_t88 < 0) {
										asm("adc ebx, 0x0");
									}
									_t43 = _t89 + 1;
									if(_t89 + 1 <= 0x105) {
										E0040BCC4( &_v1134, _v8, _t43);
										while( *_t115 != 0) {
											_t112 = E0040C27C(_t115 + 2);
											_t50 = _t112 - _t115;
											_t51 = _t50 >> 1;
											if(_t50 < 0) {
												asm("adc eax, 0x0");
											}
											if(_t51 + _t89 + 1 <= 0x105) {
												_t55 =  &_v1134 + _t89 + _t89;
												_t101 = _t112 - _t115;
												_t102 = _t101 >> 1;
												if(_t101 < 0) {
													asm("adc edx, 0x0");
												}
												E0040BCC4(_t55, _t115, _t102 + 1);
												_v20 = FindFirstFileW( &_v1134,  &_v612);
												if(_v20 != 0xffffffff) {
													FindClose(_v20);
													if(lstrlenW( &(_v612.cFileName)) + _t89 + 1 + 1 <= 0x105) {
														 *((short*)(_t117 + _t89 * 2 - 0x46a)) = 0x5c;
														E0040BCC4( &_v1134 + _t89 + _t89 + 2,  &(_v612.cFileName), 0x105 - _t89 - 1);
														_t89 = _t89 + lstrlenW( &(_v612.cFileName)) + 1;
														_t115 = _t112;
														continue;
													}
												}
											}
											goto L24;
										}
										E0040BCC4(_v8,  &_v1134, _v12);
									}
								}
							}
						}
					}
				} else {
					_t90 = GetProcAddress(_t113, "GetLongPathNameW");
					if(_t90 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v1134);
						_push(_v8);
						if( *_t90() == 0) {
							goto L4;
						} else {
							E0040BCC4(_v8,  &_v1134, _v12);
						}
					}
				}
				L24:
				return _v16;
			}

0x0040c2ac
0x0040c2af
0x0040c2b5
0x0040c2c2
0x0040c2c6
0x0040c305
0x0040c30c
0x0040c34c
0x00000000
0x0040c30e
0x0040c316
0x0040c327
0x0040c32d
0x0040c333
0x0040c33b
0x0040c341
0x0040c34f
0x0040c351
0x0040c354
0x0040c356
0x0040c358
0x0040c358
0x0040c35b
0x0040c363
0x0040c374
0x0040c43b
0x0040c386
0x0040c38a
0x0040c38c
0x0040c38e
0x0040c390
0x0040c390
0x0040c39b
0x0040c3ab
0x0040c3af
0x0040c3b1
0x0040c3b3
0x0040c3b5
0x0040c3b5
0x0040c3bb
0x0040c3d3
0x0040c3da
0x0040c3e0
0x0040c3fc
0x0040c3fe
0x0040c425
0x0040c437
0x0040c439
0x00000000
0x0040c439
0x0040c3fc
0x0040c3da
0x00000000
0x0040c39b
0x0040c451
0x0040c451
0x0040c363
0x0040c341
0x0040c32d
0x0040c316
0x0040c2c8
0x0040c2d3
0x0040c2d7
0x00000000
0x0040c2d9
0x0040c2d9
0x0040c2e4
0x0040c2e8
0x0040c2ed
0x00000000
0x0040c2ef
0x0040c2fb
0x0040c2fb
0x0040c2ed
0x0040c2d7
0x0040c456
0x0040c45f

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,0041ACE8,?,?), ref: 0040C2BD
GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 0040C2CE
FindFirstFileW.KERNEL32(?,?,kernel32.dll,0041ACE8,?,?), ref: 0040C3CE
FindClose.KERNEL32(?,?,?,kernel32.dll,0041ACE8,?,?), ref: 0040C3E0
lstrlenW.KERNEL32(?,?,?,?,kernel32.dll,0041ACE8,?,?), ref: 0040C3EC
lstrlenW.KERNEL32(?,?,?,?,?,kernel32.dll,0041ACE8,?,?), ref: 0040C431

Strings

GetLongPathNameW, xrefs: 0040C2C8
kernel32.dll, xrefs: 0040C2B8
\, xrefs: 0040C3FE

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Findlstrlen$AddressCloseFileFirstHandleModuleProc
String ID: GetLongPathNameW$\$kernel32.dll
API String ID: 1930782624-3908791685
Opcode ID: c34afadf3db2e7f96e5d8f57f2f71db68a35707ef3791a46efc30f5c96551beb
Instruction ID: 129811935084e97536274d2d3cc39016278ad45ca87abc2192b8d5c1b695ba56
Opcode Fuzzy Hash: c34afadf3db2e7f96e5d8f57f2f71db68a35707ef3791a46efc30f5c96551beb
Instruction Fuzzy Hash: 8841A471E00518DBCB10EBA4C8C5ADE73B5AF44310F5586BAD504F73C1E778AE458A8D

Uniqueness

Uniqueness Score: -1.00%

Function 0063E56C, Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 159
windowCOMMON

Download Yara Rule

C-Code - Quality: 83%

			E0063E56C(intOrPtr __eax, intOrPtr __ecx, intOrPtr __edx, void* __fp0, intOrPtr _a4, void* _a8, char _a12, intOrPtr _a16, intOrPtr* _a24, char _a28, intOrPtr* _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44) {
				signed int _v5;
				intOrPtr _v12;
				struct HWND__* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				char _v120;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t66;
				intOrPtr* _t70;
				signed int _t73;
				signed int _t74;
				intOrPtr* _t75;
				signed int _t78;
				signed int _t79;
				intOrPtr _t100;
				intOrPtr _t116;
				void* _t119;
				char _t120;
				intOrPtr* _t121;
				intOrPtr _t131;
				intOrPtr _t136;
				intOrPtr _t139;
				intOrPtr* _t141;
				void* _t143;
				void* _t145;
				intOrPtr _t146;
				intOrPtr _t157;

				_t143 = _t145;
				_t146 = _t145 + 0xffffff8c;
				_t139 = __ecx;
				_t116 = __edx;
				_t136 = __eax;
				if( *0x66a39c == 0) {
					_v5 = 0;
					return _v5 & 0x000000ff;
				} else {
					E00405CE4( &_v120, 0x60);
					_v120 = 0x60;
					if(_a12 != 0) {
						_v108 = _v108 | 0x00002000;
					}
					_v112 =  *0x666634;
					_t66 =  *0x662788; // 0x66978c
					if(IsIconic( *( *_t66 + 0x188)) == 0) {
						_t70 =  *0x662788; // 0x66978c
						_t73 = GetWindowLongW( *( *_t70 + 0x188), 0xfffffff0);
						__eflags = _t73 & 0x10000000;
						_t12 = (_t73 & 0x10000000) == 0;
						__eflags = _t12;
						_t74 = _t73 & 0xffffff00 | _t12;
					} else {
						_t74 = 1;
					}
					if(_t74 == 0) {
						_t75 =  *0x662788; // 0x66978c
						_t78 = GetWindowLongW( *( *_t75 + 0x188), 0xffffffec);
						__eflags = _t78 & 0x00000080;
						_t17 = (_t78 & 0x00000080) != 0;
						__eflags = _t17;
						_t79 = _t78 & 0xffffff00 | _t17;
					} else {
						_t79 = 1;
					}
					if(_t79 == 0) {
						_v116 = _t136;
					} else {
						_v116 = 0;
					}
					_v104 = _a36;
					_v100 = _a44;
					_v96 = _a40;
					_v92 = _t116;
					_v88 = _t139;
					if(_a16 != 0) {
						_v36 = 0x63e544;
						_v32 = _a16;
					}
					_v12 = 0;
					_push(_t143);
					_push(0x63e74d);
					_push( *[fs:edx]);
					 *[fs:edx] = _t146;
					_t33 =  &_a28; // 0x63e544
					_t119 =  *_t33 + 1;
					if(_t119 != 0) {
						_t100 =  *0x532878; // 0x5328d0
						_v12 = E00461AB0(0, 1, _t136, _t100);
						_v108 = _v108 | 0x00000010;
						_t119 = _t119 - 1;
						if(_t119 >= 0) {
							_t120 = _t119 + 1;
							_t157 = _t120;
							_v24 = _t120;
							_t121 = _a32;
							_t141 = _a24;
							do {
								_t136 = E00536234(_v12);
								E00535EF4(_t136,  *_t121, _t157);
								 *((intOrPtr*)(_t136 + 0x18)) =  *_t141;
								_t141 = _t141 + 4;
								_t121 = _t121 + 4;
								_t42 =  &_v24;
								 *_t42 = _v24 - 1;
							} while ( *_t42 != 0);
						}
						_v80 = E00536240(_v12);
						_v84 =  *((intOrPtr*)( *((intOrPtr*)(_v12 + 8)) + 8));
					}
					E005B25C8();
					_v16 = GetActiveWindow();
					_v20 = E00596338(0, _t119, _t136, _t139);
					 *[fs:eax] = _t146;
					_v5 =  *0x66a39c( &_v120, _a4, 0, 0,  *[fs:eax], 0x63e730, _t143) == 0;
					_pop(_t131);
					 *[fs:eax] = _t131;
					_push(E0063E737);
					E005963F8(_v20);
					SetActiveWindow(_v16);
					return E005B25C8();
				}
			}

0x0063e56d
0x0063e56f
0x0063e575
0x0063e577
0x0063e579
0x0063e582
0x0063e754
0x0063e762
0x0063e588
0x0063e592
0x0063e597
0x0063e5a2
0x0063e5a4
0x0063e5a4
0x0063e5b0
0x0063e5b3
0x0063e5c8
0x0063e5ce
0x0063e5de
0x0063e5e3
0x0063e5e8
0x0063e5e8
0x0063e5e8
0x0063e5ca
0x0063e5ca
0x0063e5ca
0x0063e5ed
0x0063e5f3
0x0063e603
0x0063e608
0x0063e60a
0x0063e60a
0x0063e60a
0x0063e5ef
0x0063e5ef
0x0063e5ef
0x0063e60f
0x0063e618
0x0063e611
0x0063e613
0x0063e613
0x0063e61e
0x0063e624
0x0063e62a
0x0063e62d
0x0063e630
0x0063e637
0x0063e639
0x0063e643
0x0063e643
0x0063e648
0x0063e64d
0x0063e64e
0x0063e653
0x0063e656
0x0063e659
0x0063e65c
0x0063e65f
0x0063e661
0x0063e675
0x0063e678
0x0063e67c
0x0063e67f
0x0063e681
0x0063e681
0x0063e682
0x0063e685
0x0063e688
0x0063e68b
0x0063e693
0x0063e699
0x0063e6a0
0x0063e6a3
0x0063e6a6
0x0063e6a9
0x0063e6a9
0x0063e6a9
0x0063e68b
0x0063e6b6
0x0063e6c2
0x0063e6c2
0x0063e6ca
0x0063e6d4
0x0063e6de
0x0063e6ec
0x0063e703
0x0063e709
0x0063e70c
0x0063e70f
0x0063e717
0x0063e720
0x0063e72f
0x0063e72f

APIs

IsIconic.USER32 ref: 0063E5C1
GetWindowLongW.USER32(?,000000F0), ref: 0063E5DE
GetWindowLongW.USER32(?,000000EC), ref: 0063E603

Part of subcall function 005963F8: IsWindow.USER32(?), ref: 00596406
Part of subcall function 005963F8: EnableWindow.USER32(?,000000FF), ref: 00596415

GetActiveWindow.USER32 ref: 0063E6CF
SetActiveWindow.USER32(00000005,0063E737,0063E74D,?,?,000000EC,?,000000F0,?,00000000,?,00000000), ref: 0063E720

Strings

Dc, xrefs: 0063E659
D.S, xrefs: 0063E66B
`, xrefs: 0063E597

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Window$ActiveLong$EnableIconic
String ID: D.S$Dc$`
API String ID: 4222481217-3061054917
Opcode ID: 647a49ac38bbe830b9f458639b6e9092c467c69841c83a9432c5487fc389d8de
Instruction ID: a68385297073a1787c46507cafb47a44eecf45f015a0fdb6403bc58eaa920278
Opcode Fuzzy Hash: 647a49ac38bbe830b9f458639b6e9092c467c69841c83a9432c5487fc389d8de
Instruction Fuzzy Hash: 64518C74A00249AFDB00DFA9C885ADEBBF6FB09314F154169F804EB391D776A941CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 005FA9A8, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 42
shutdownCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E005FA9A8() {
				int _v4;
				struct _TOKEN_PRIVILEGES _v16;
				void* _v20;
				int _t7;

				if(E0042719C() != 2) {
					L5:
					_t7 = ExitWindowsEx(2, 0);
					asm("sbb eax, eax");
					return _t7 + 1;
				}
				if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v20) != 0) {
					LookupPrivilegeValueW(0, L"SeShutdownPrivilege",  &(_v16.Privileges));
					_v16.PrivilegeCount = 1;
					_v4 = 2;
					AdjustTokenPrivileges(_v20, 0,  &_v16, 0, 0, 0);
					if(GetLastError() == 0) {
						goto L5;
					}
					return 0;
				}
				return 0;
			}

0x005fa9b3
0x005faa10
0x005faa14
0x005faa1c
0x00000000
0x005faa1e
0x005fa9c5
0x005fa9d7
0x005fa9dc
0x005fa9e4
0x005fa9fe
0x005faa0a
0x00000000
0x00000000
0x00000000
0x005faa0c
0x00000000

APIs

GetCurrentProcess.KERNEL32(00000028), ref: 005FA9B8
OpenProcessToken.ADVAPI32(00000000,00000028), ref: 005FA9BE
LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 005FA9D7
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 005FA9FE
GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 005FAA03
ExitWindowsEx.USER32(00000002,00000000), ref: 005FAA14

Strings

SeShutdownPrivilege, xrefs: 005FA9D0

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
String ID: SeShutdownPrivilege
API String ID: 107509674-3733053543
Opcode ID: 17ef2b7d338e9f04b74b1a0214f29ece79d93dc810ce037da43e6333ae61f084
Instruction ID: 775351c24a523f7ca86ab9856cb2a99195e947980098857579868bc878f92e5d
Opcode Fuzzy Hash: 17ef2b7d338e9f04b74b1a0214f29ece79d93dc810ce037da43e6333ae61f084
Instruction Fuzzy Hash: D9F062B068430675E610E6718E07FBE2588AB40B48F900C1AF789E50D2E7ADD4588677

Uniqueness

Uniqueness Score: -1.00%

Function 00650754, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89
fileCOMMON

Download Yara Rule

C-Code - Quality: 63%

			E00650754(void* __eax, void* __ebx, void* __esi, void* __eflags) {
				char _v8;
				void* _v12;
				struct _WIN32_FIND_DATAW _v604;
				char _v608;
				char _v612;
				void* _t59;
				intOrPtr _t70;
				intOrPtr _t73;
				signed int _t77;
				void* _t80;
				void* _t81;
				intOrPtr _t82;

				_t80 = _t81;
				_t82 = _t81 + 0xfffffda0;
				_v612 = 0;
				_v608 = 0;
				_v8 = 0;
				_t59 = __eax;
				_push(_t80);
				_push(0x650891);
				_push( *[fs:eax]);
				 *[fs:eax] = _t82;
				E00409A18( &_v608, L"isRS-???.tmp", __eax);
				_v12 = FindFirstFileW(E004097C8(_v608),  &_v604);
				if(_v12 == 0xffffffff) {
					_pop(_t70);
					 *[fs:eax] = _t70;
					_push(E00650898);
					E00408778( &_v612, 2);
					return E00408718( &_v8);
				} else {
					_push(_t80);
					_push(0x650864);
					_push( *[fs:eax]);
					 *[fs:eax] = _t82;
					do {
						if(E00421714( &(_v604.cFileName), 5, L"isRS-") == 0 && (_v604.dwFileAttributes & 0x00000010) == 0) {
							E00409868( &_v612, 0x104,  &(_v604.cFileName));
							E00409A18( &_v8, _v612, _t59);
							_t77 = _v604.dwFileAttributes;
							if((_t77 & 0x00000001) != 0) {
								SetFileAttributesW(E004097C8(_v8), _t77 & 0xfffffffe);
							}
							E00420F94(_v8);
						}
					} while (FindNextFileW(_v12,  &_v604) != 0);
					_pop(_t73);
					 *[fs:eax] = _t73;
					_push(E0065086B);
					return FindClose(_v12);
				}
			}

0x00650755
0x00650757
0x00650761
0x00650767
0x0065076d
0x00650770
0x00650774
0x00650775
0x0065077a
0x0065077d
0x00650794
0x006507aa
0x006507b1
0x0065086d
0x00650870
0x00650873
0x00650883
0x00650890
0x006507b7
0x006507b9
0x006507ba
0x006507bf
0x006507c2
0x006507c5
0x006507dc
0x006507f8
0x00650808
0x0065080d
0x00650819
0x00650828
0x00650828
0x00650830
0x00650830
0x00650845
0x0065084f
0x00650852
0x00650855
0x00650863
0x00650863

APIs

FindFirstFileW.KERNEL32(00000000,?,00000000,00650891,?,0066978C,?,?,00650A46,00000000,00650A9A,?,00000000,00000000,00000000), ref: 006507A5
SetFileAttributesW.KERNEL32(00000000,00000010), ref: 00650828
FindNextFileW.KERNEL32(000000FF,?,00000000,00650864,?,00000000,?,00000000,00650891,?,0066978C,?,?,00650A46,00000000,00650A9A), ref: 00650840
FindClose.KERNEL32(000000FF,0065086B,00650864,?,00000000,?,00000000,00650891,?,0066978C,?,?,00650A46,00000000,00650A9A), ref: 0065085E

Strings

isRS-, xrefs: 006507C5
isRS-???.tmp, xrefs: 0065078D

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileFind$AttributesCloseFirstNext
String ID: isRS-$isRS-???.tmp
API String ID: 134685335-3422211394
Opcode ID: e7cbc46bb2b39b13b31ad88e1740c3bef9282ba233ec115bcb884063da2065a0
Instruction ID: 7e40c14d5cf5c67ddc04c5ae91bd146497d11b7686551e4e99c720dcad4bb53e
Opcode Fuzzy Hash: e7cbc46bb2b39b13b31ad88e1740c3bef9282ba233ec115bcb884063da2065a0
Instruction Fuzzy Hash: 4F319471A0061C9FEF10EB65CC45ADEB7F9EB88305F5145FAE804B3291EA389E84CE54

Uniqueness

Uniqueness Score: -1.00%

Function 005B261C, Relevance: 9.1, APIs: 6, Instructions: 98
windowCOMMON

Download Yara Rule

C-Code - Quality: 65%

			E005B261C(WCHAR* __eax, void* __ebx, signed int __ecx, WCHAR* __edx, void* __edi, void* __esi) {
				signed int _v8;
				int _v12;
				struct HWND__* _v16;
				intOrPtr _v20;
				intOrPtr* _t28;
				intOrPtr* _t32;
				signed int _t36;
				intOrPtr* _t37;
				signed int _t41;
				intOrPtr* _t43;
				WCHAR* _t62;
				intOrPtr _t73;
				intOrPtr _t75;
				void* _t76;
				WCHAR* _t78;
				void* _t80;
				void* _t81;
				intOrPtr _t82;

				_t76 = __edi;
				_t80 = _t81;
				_t82 = _t81 + 0xfffffff0;
				_push(__ebx);
				_push(__esi);
				_v8 = __ecx;
				_t78 = __edx;
				_t62 = __eax;
				if( *0x6697f0 != 0) {
					_v8 = _v8 | 0x00180000;
				}
				E005B25C8();
				_push(_t80);
				_push(0x5b2742);
				_push( *[fs:edx]);
				 *[fs:edx] = _t82;
				_t28 =  *0x662788; // 0x66978c
				if(IsIconic( *( *_t28 + 0x188)) == 0) {
					_t32 =  *0x662788; // 0x66978c
					_t36 = GetWindowLongW( *( *_t32 + 0x188), 0xfffffff0) & 0xffffff00 | (_t35 & 0x10000000) == 0x00000000;
				} else {
					_t36 = 1;
				}
				if(_t36 == 0) {
					_t37 =  *0x662788; // 0x66978c
					_t41 = GetWindowLongW( *( *_t37 + 0x188), 0xffffffec) & 0xffffff00 | (_t40 & 0x00000080) != 0x00000000;
				} else {
					_t41 = 1;
				}
				if(_t41 == 0) {
					_t43 =  *0x662788; // 0x66978c
					_v12 = L005A33B8( *_t43, _t62, _t78, _t62, _t76, _t78, _v8);
					_pop(_t73);
					 *[fs:eax] = _t73;
					_push(E005B2749);
					return E005B25C8();
				} else {
					_v16 = GetActiveWindow();
					_v20 = E00596338(0, _t62, _t76, _t78);
					_push(_t80);
					_push(0x5b2705);
					_push( *[fs:eax]);
					 *[fs:eax] = _t82;
					_v12 = MessageBoxW(0, _t62, _t78, _v8 | 0x00002000);
					_pop(_t75);
					 *[fs:eax] = _t75;
					_push(E005B270C);
					E005963F8(_v20);
					return SetActiveWindow(_v16);
				}
			}

0x005b261c
0x005b261d
0x005b261f
0x005b2622
0x005b2623
0x005b2624
0x005b2627
0x005b2629
0x005b2632
0x005b2634
0x005b2634
0x005b2640
0x005b2647
0x005b2648
0x005b264d
0x005b2650
0x005b2653
0x005b2668
0x005b266e
0x005b2688
0x005b266a
0x005b266a
0x005b266a
0x005b268d
0x005b2693
0x005b26aa
0x005b268f
0x005b268f
0x005b268f
0x005b26af
0x005b2717
0x005b2727
0x005b272c
0x005b272f
0x005b2732
0x005b2741
0x005b26b1
0x005b26b6
0x005b26c0
0x005b26c5
0x005b26c6
0x005b26cb
0x005b26ce
0x005b26e3
0x005b26e8
0x005b26eb
0x005b26ee
0x005b26f6
0x005b2704
0x005b2704

APIs

IsIconic.USER32 ref: 005B2661
GetWindowLongW.USER32(?,000000F0), ref: 005B267E
GetWindowLongW.USER32(?,000000EC), ref: 005B26A3
GetActiveWindow.USER32 ref: 005B26B1
MessageBoxW.USER32(00000000,00000000,?,-0000002D), ref: 005B26DE
SetActiveWindow.USER32(00000000,005B270C,?,000000EC,?,000000F0,?,00000000,005B2742,?,?,00000000), ref: 005B26FF

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Window$ActiveLong$IconicMessage
String ID:
API String ID: 1633107849-0
Opcode ID: 358b33491ddebdf2595299d0a193073ac980c33294565c75b2cc6163bf35f257
Instruction ID: 0959946ea7ea2d423f2b07d1ac2efebd9c7287cb6bf5dae26c143587a2194954
Opcode Fuzzy Hash: 358b33491ddebdf2595299d0a193073ac980c33294565c75b2cc6163bf35f257
Instruction Fuzzy Hash: 89318B34A04605AFDB00EFA9DD86EDE7BE9FB49350F5045A5F410E73A1DA78AD00DB24

Uniqueness

Uniqueness Score: -1.00%

Function 0060F338, Relevance: 3.1, APIs: 2, Instructions: 52
comCOMMON

Download Yara Rule

C-Code - Quality: 48%

			E0060F338(void* __ebx) {
				void* _v8;
				intOrPtr _t20;
				intOrPtr _t21;
				intOrPtr* _t22;
				intOrPtr* _t25;
				intOrPtr _t34;
				intOrPtr _t38;

				_push(0);
				_push(_t38);
				_push(0x60f3ce);
				_push( *[fs:eax]);
				 *[fs:eax] = _t38;
				if( *0x66a300 != 0) {
					L6:
					_pop(_t34);
					 *[fs:eax] = _t34;
					_push(E0060F3D5);
					return E0040CDF4( &_v8);
				}
				if(GetVersion() >= 0x601) {
					_push(E0040CDF4( &_v8));
					_t20 =  *0x662a50; // 0x661b30
					_push(_t20);
					_push(1);
					_push(0);
					_t21 =  *0x6623e0; // 0x661b20
					_push(_t21);
					L004375D8();
					if(_t21 == 0) {
						_t22 = _v8;
						_push(_t22);
						if( *((intOrPtr*)( *_t22 + 0xc))() == 0) {
							_t25 = _v8;
							 *((intOrPtr*)( *_t25 + 4))(_t25);
							E0040CE0C(0x66a304, _v8);
						}
					}
				}
				 *0x66a300 = 1;
				goto L6;
			}

0x0060f33b
0x0060f340
0x0060f341
0x0060f346
0x0060f349
0x0060f353
0x0060f3ae
0x0060f3ba
0x0060f3bd
0x0060f3c0
0x0060f3cd
0x0060f3cd
0x0060f360
0x0060f36a
0x0060f36b
0x0060f370
0x0060f371
0x0060f373
0x0060f375
0x0060f37a
0x0060f37b
0x0060f382
0x0060f384
0x0060f387
0x0060f38f
0x0060f391
0x0060f397
0x0060f3a2
0x0060f3a2
0x0060f38f
0x0060f382
0x0060f3a7
0x00000000

APIs

GetVersion.KERNEL32(00000000,0060F3CE,?,00000000,00000000,?,0060F3E4,?,00613037), ref: 0060F355
CoCreateInstance.OLE32(00661B20,00000000,00000001,00661B30,00000000,00000000,0060F3CE,?,00000000,00000000,?,0060F3E4,?,00613037), ref: 0060F37B

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CreateInstanceVersion
String ID:
API String ID: 1462612201-0
Opcode ID: 915a6b0ac97e8e16cdc72a5202d3f44836b0f3c2f746441be719ef5f10ff571c
Instruction ID: e6de0220a551c525d3073600045ea431ae85d93fb4f84d3b2f3a07f0fd70666f
Opcode Fuzzy Hash: 915a6b0ac97e8e16cdc72a5202d3f44836b0f3c2f746441be719ef5f10ff571c
Instruction Fuzzy Hash: 1311C430244204EFDB28DBA5CC85F5AB7EAEB05314F514079F000E7AA1C7B4DD00CB95

Uniqueness

Uniqueness Score: -1.00%

Function 005B20A4, Relevance: 3.0, APIs: 2, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E005B20A4(void* __eax) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				void* _t18;
				intOrPtr _t19;

				_t18 = __eax;
				InitializeSecurityDescriptor( &_v36, 1);
				SetSecurityDescriptorDacl( &_v36, 0xffffffff, 0, 0);
				_v16 = 0xc;
				_v12 = _t19;
				_v8 = 0;
				return E00411CC8( &_v16, 0, E004097C8(_t18));
			}

0x005b20a8
0x005b20b1
0x005b20c1
0x005b20c6
0x005b20d0
0x005b20d6
0x005b20f2

APIs

InitializeSecurityDescriptor.ADVAPI32(00000001,00000001), ref: 005B20B1
SetSecurityDescriptorDacl.ADVAPI32(00000000,000000FF,00000000,00000000,00000001,00000001), ref: 005B20C1

Part of subcall function 00411CC8: CreateMutexW.KERNEL32(?,00000001,00000000,?,00650B47,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00650E6B,?,?,00000000), ref: 00411CDE

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: DescriptorSecurity$CreateDaclInitializeMutex
String ID:
API String ID: 3525989157-0
Opcode ID: ff48993b6e4043f5247f8fefcb4c20378d2c2d348f1b5db04715e24433e2873e
Instruction ID: 030b3d5056c1a35ec4f738022bc459d844e504157d5d076cb1adade252ba7484
Opcode Fuzzy Hash: ff48993b6e4043f5247f8fefcb4c20378d2c2d348f1b5db04715e24433e2873e
Instruction Fuzzy Hash: 6DE065B16443016FE700DF758C82F8B72DC9B44724F10492EB664D72D1F678D948879A

Uniqueness

Uniqueness Score: -1.00%

Function 00650AA8, Relevance: 21.3, APIs: 6, Strings: 6, Instructions: 260
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E00650AA8(char __ebx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				void* _v16;
				char _v20;
				char _v21;
				signed int _v22;
				void* _v28;
				intOrPtr _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v60;
				void* _t62;
				signed int _t110;
				intOrPtr _t129;
				signed int _t130;
				char _t134;
				char _t139;
				char _t142;
				char* _t149;
				intOrPtr* _t158;
				void* _t159;
				intOrPtr _t181;
				intOrPtr _t189;
				intOrPtr _t190;
				intOrPtr _t192;
				intOrPtr _t196;
				intOrPtr _t199;
				intOrPtr* _t204;
				intOrPtr _t206;
				intOrPtr _t207;
				void* _t216;

				_t216 = __fp0;
				_t202 = __edi;
				_t157 = __ebx;
				_t206 = _t207;
				_t159 = 7;
				do {
					_push(0);
					_push(0);
					_t159 = _t159 - 1;
				} while (_t159 != 0);
				_push(__ebx);
				_push(__edi);
				_t204 =  *0x662788; // 0x66978c
				_push(_t206);
				_push(0x650e6b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t207;
				E005B0518(1, __ebx,  &_v36, __edi, _t204);
				_t62 = E0041F9B4(_v36, _t159, L"/REG");
				_t209 = _t62;
				if(_t62 != 0) {
					E005B0518(1, __ebx,  &_v40, __edi, _t204);
					__eflags = E0041F9B4(_v40, _t159, L"/REGU");
					if(__eflags != 0) {
						__eflags = 0;
						_pop(_t181);
						 *[fs:eax] = _t181;
						_push(E00650E72);
						E00408778( &_v60, 7);
						return E00408778( &_v20, 4);
					} else {
						_v21 = 0;
						goto L6;
					}
				} else {
					_v21 = 1;
					L6:
					E005A2A3C( *_t204, L"Setup", _t209);
					ShowWindow( *( *_t204 + 0x188), 5);
					E00647310();
					_v28 = E00411CC8(0, 0, L"Inno-Setup-RegSvr-Mutex");
					ShowWindow( *( *_t204 + 0x188), 0);
					if(_v28 != 0) {
						do {
							E005A2EF0( *_t204);
						} while (MsgWaitForMultipleObjects(1,  &_v28, 0, 0xffffffff, 0x4ff) == 1);
					}
					ShowWindow( *( *_t204 + 0x188), 5);
					_push(_t206);
					_push(0x650e3c);
					_push( *[fs:eax]);
					 *[fs:eax] = _t207;
					E005B0518(0, _t157,  &_v44, _t202, _t204);
					E005AF5D8(_v44, _t157,  &_v8, L".msg", _t202, _t204);
					E005B0518(0, _t157,  &_v48, _t202, _t204);
					E005AF5D8(_v48, _t157,  &_v12, L".lst", _t202, _t204);
					if(E005AFDC4(_v12) == 0) {
						E00420F94(_v12);
						E00420F94(_v8);
						_push(_t206);
						_push( *[fs:eax]);
						 *[fs:eax] = _t207;
						E00650A08(_t157,  &_v12, _t202, _t204, __eflags);
						_pop(_t189);
						 *[fs:eax] = _t189;
						_t190 = 0x650e0c;
						 *[fs:eax] = _t190;
						_push(E00650E43);
						__eflags = _v28;
						if(_v28 != 0) {
							ReleaseMutex(_v28);
							return CloseHandle(_v28);
						}
						return 0;
					} else {
						E005B81C4(_v8, _t157, 1, 0, _t202, _t204);
						_t110 =  *0x6626a4; // 0x669fd0
						E005B25AC(_t110 & 0xffffff00 | ( *(_t110 + 0x4c) & 0x00000001) != 0x00000000);
						_t192 =  *0x66279c; // 0x669c04
						_t26 = _t192 + 0x2b4; // 0x0
						E005A2A3C( *_t204,  *_t26,  *(_t110 + 0x4c) & 0x00000001);
						_push(_t206);
						_push(0x650dd8);
						_push( *[fs:eax]);
						 *[fs:eax] = _t207;
						E0064449C(_t157,  *_t26, _t202, _t204);
						_v32 = E005B6AC8(1, 1, 0, 2);
						_push(_t206);
						_push(0x650dbe);
						_push( *[fs:eax]);
						 *[fs:eax] = _t207;
						while(E005B6D68(_v32) == 0) {
							E005B6D78(_v32, _t157,  &_v16, _t202, _t204, __eflags);
							_t157 = _v16;
							__eflags = _t157;
							if(_t157 != 0) {
								_t158 = _t157 - 4;
								__eflags = _t158;
								_t157 =  *_t158;
							}
							__eflags = _t157 - 4;
							if(__eflags > 0) {
								__eflags =  *_v16 - 0x5b;
								if(__eflags == 0) {
									__eflags =  *((short*)(_v16 + 6)) - 0x5d;
									if(__eflags == 0) {
										E00409BE8(_v16, 0x7fffffff, 5,  &_v20);
										_t129 = _v16;
										__eflags =  *((short*)(_t129 + 4)) - 0x71;
										if( *((short*)(_t129 + 4)) == 0x71) {
											L19:
											_t130 = 1;
										} else {
											__eflags = _v21;
											if(_v21 == 0) {
												L18:
												_t130 = 0;
											} else {
												_t149 =  *0x6625a8; // 0x66a6eb
												__eflags =  *_t149;
												if( *_t149 == 0) {
													goto L19;
												} else {
													goto L18;
												}
											}
										}
										_v22 = _t130;
										_push(_t206);
										_push(0x650d35);
										_push( *[fs:eax]);
										 *[fs:eax] = _t207;
										_t134 = ( *(_v16 + 2) & 0x0000ffff) - 0x53;
										__eflags = _t134;
										if(_t134 == 0) {
											_push(_v22 & 0x000000ff);
											E00619E90(0, _t157, _v20, 1, _t202, _t204, _t216);
										} else {
											_t139 = _t134 - 1;
											__eflags = _t139;
											if(_t139 == 0) {
												__eflags = 0;
												E0061A608(0, _t157, _v20, _t204, 0, _t216);
											} else {
												_t142 = _t139 - 0x1f;
												__eflags = _t142;
												if(_t142 == 0) {
													_push(_v22 & 0x000000ff);
													E00619E90(0, _t157, _v20, 0, _t202, _t204, _t216);
												} else {
													__eflags = _t142 - 1;
													if(__eflags == 0) {
														E00619624(_v20, _t157, _t204);
													}
												}
											}
										}
										_pop(_t199);
										 *[fs:eax] = _t199;
									}
								}
							}
						}
						_pop(_t196);
						 *[fs:eax] = _t196;
						_push(E00650DC5);
						return E004069C8(_v32);
					}
				}
			}

0x00650aa8
0x00650aa8
0x00650aa8
0x00650aa9
0x00650aab
0x00650ab0
0x00650ab0
0x00650ab2
0x00650ab4
0x00650ab4
0x00650ab7
0x00650ab9
0x00650aba
0x00650ac2
0x00650ac3
0x00650ac8
0x00650acb
0x00650ad6
0x00650ae3
0x00650ae8
0x00650aea
0x00650afa
0x00650b0c
0x00650b0e
0x00650e43
0x00650e45
0x00650e48
0x00650e4b
0x00650e58
0x00650e6a
0x00650b14
0x00650b14
0x00000000
0x00650b14
0x00650aec
0x00650aec
0x00650b18
0x00650b1f
0x00650b2f
0x00650b34
0x00650b47
0x00650b55
0x00650b5e
0x00650b60
0x00650b62
0x00650b7b
0x00650b60
0x00650b8b
0x00650b92
0x00650b93
0x00650b98
0x00650b9b
0x00650ba3
0x00650bb3
0x00650bbd
0x00650bcd
0x00650bdc
0x00650de2
0x00650dea
0x00650df1
0x00650df7
0x00650dfa
0x00650dfd
0x00650e04
0x00650e07
0x00650e18
0x00650e1b
0x00650e1e
0x00650e23
0x00650e27
0x00650e2d
0x00000000
0x00650e36
0x00650e3b
0x00650be2
0x00650be9
0x00650bee
0x00650bfa
0x00650bff
0x00650c05
0x00650c0d
0x00650c14
0x00650c15
0x00650c1a
0x00650c1d
0x00650c20
0x00650c3a
0x00650c3f
0x00650c40
0x00650c45
0x00650c48
0x00650d98
0x00650c56
0x00650c5b
0x00650c5e
0x00650c60
0x00650c62
0x00650c62
0x00650c65
0x00650c65
0x00650c67
0x00650c6a
0x00650c73
0x00650c77
0x00650c80
0x00650c85
0x00650c9c
0x00650ca1
0x00650ca4
0x00650ca9
0x00650cbf
0x00650cbf
0x00650cab
0x00650cab
0x00650caf
0x00650cbb
0x00650cbb
0x00650cb1
0x00650cb1
0x00650cb6
0x00650cb9
0x00000000
0x00000000
0x00000000
0x00000000
0x00650cb9
0x00650caf
0x00650cc1
0x00650cc6
0x00650cc7
0x00650ccc
0x00650ccf
0x00650cd9
0x00650cd9
0x00650cdd
0x00650d08
0x00650d10
0x00650cdf
0x00650cdf
0x00650cdf
0x00650ce2
0x00650d24
0x00650d26
0x00650ce4
0x00650ce4
0x00650ce4
0x00650ce8
0x00650cf5
0x00650cfd
0x00650cea
0x00650cea
0x00650ced
0x00650d1a
0x00650d1a
0x00650ced
0x00650ce8
0x00650ce2
0x00650d2d
0x00650d30
0x00650d30
0x00650c85
0x00650c77
0x00650c6a
0x00650daa
0x00650dad
0x00650db0
0x00650dbd
0x00650dbd
0x00650bdc

APIs

ShowWindow.USER32(?,00000005,00000000,00650E6B,?,?,00000000,?,00000000,00000000,?,0065134E,00000000,00651358,?,00000000), ref: 00650B2F
ShowWindow.USER32(?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00650E6B,?,?,00000000,?,00000000,00000000), ref: 00650B55
MsgWaitForMultipleObjects.USER32 ref: 00650B76
ShowWindow.USER32(?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00650E6B,?,?,00000000,?,00000000), ref: 00650B8B

Part of subcall function 005B0518: GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,005B05AD,?,?,?,00000001,?,005FB63E,00000000,005FB6A9), ref: 005B054D

Strings

Inno-Setup-RegSvr-Mutex, xrefs: 00650B39
Setup, xrefs: 00650B1A
/REGU, xrefs: 00650B02
.msg, xrefs: 00650BAE
/REG, xrefs: 00650ADE
.lst, xrefs: 00650BC8

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ShowWindow$FileModuleMultipleNameObjectsWait
String ID: .lst$.msg$/REG$/REGU$Inno-Setup-RegSvr-Mutex$Setup
API String ID: 66301061-3672972446
Opcode ID: bcc6a560ccbf495ca4c5d766dd5d4e20d8879402277056c0d3cfa4baeee52db1
Instruction ID: 454a7f8a8ebd9c9c0472cbc412e74aa99abd709555709b689d3e6ddf3cb357b8
Opcode Fuzzy Hash: bcc6a560ccbf495ca4c5d766dd5d4e20d8879402277056c0d3cfa4baeee52db1
Instruction Fuzzy Hash: 9491E430A042099FEB10EBA4C856BEEBBF6EF49301F614864FD00A7791DA75ED49CB54

Uniqueness

Uniqueness Score: -1.00%

Function 0061C0B4, Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 162
registryCOMMON

Download Yara Rule

C-Code - Quality: 84%

			E0061C0B4(signed int __eax, void* __ebx, signed int __edx, void* __edi, void* __esi) {
				signed int _v5;
				char _v8;
				void* _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				void* __ecx;
				void* _t79;
				signed int _t83;
				signed char _t125;
				intOrPtr _t127;
				intOrPtr _t156;
				signed int _t170;
				intOrPtr _t178;
				intOrPtr _t180;
				intOrPtr _t181;

				_t180 = _t181;
				_t127 = 4;
				do {
					_push(0);
					_push(0);
					_t127 = _t127 - 1;
				} while (_t127 != 0);
				_t1 =  &_v8;
				_t128 =  *_t1;
				 *_t1 = _t127;
				_t178 =  *_t1;
				_v5 = __edx;
				_t125 = __eax;
				_push(_t180);
				_push(0x61c2bd);
				_push( *[fs:eax]);
				 *[fs:eax] = _t181;
				if( *((intOrPtr*)(0x66a334 + ((__eax & 0x000000ff) + (__eax & 0x000000ff)) * 8 + (_v5 & 0x000000ff) * 4)) != 0) {
					L18:
					E00408AF8(_t178,  *((intOrPtr*)(0x66a334 + ((_t125 & 0x000000ff) + (_t125 & 0x000000ff)) * 8 + (_v5 & 0x000000ff) * 4)));
					_pop(_t156);
					 *[fs:eax] = _t156;
					_push(E0061C2C4);
					return E00408778( &_v32, 5);
				}
				E0061BF60(__eax, _t128,  &_v16, _t180);
				if((_v5 & 0x000000ff) + 0xfe - 2 >= 0 || E005B0F7C(_t125, L"SOFTWARE\\Microsoft\\.NETFramework\\Policy\\v4.0", 0x80000002,  &_v12, 1, 0) != 0) {
					_t79 = (_v5 & 0x000000ff) - 1;
					if(_t79 == 0 || _t79 == 2) {
						if(E005B0F7C(_t125, L"SOFTWARE\\Microsoft\\.NETFramework\\Policy\\v2.0", 0x80000002,  &_v12, 1, 0) != 0) {
							goto L10;
						} else {
							_t174 = _t125 & 0x0000007f;
							E005AF4EC( *((intOrPtr*)(0x66a328 + (_t125 & 0x0000007f) * 4)),  &_v24);
							E00409A18(0x66a334 + (_t174 + _t174) * 8 + (_v5 & 0x000000ff) * 4, L"v2.0.50727", _v24);
							RegCloseKey(_v12);
							goto L14;
						}
					} else {
						L10:
						_t83 = _v5 & 0x000000ff;
						if(_t83 == 0 || _t83 == 3) {
							if(E005B0F7C(_t125, L"SOFTWARE\\Microsoft\\.NETFramework\\Policy\\v1.1", 0x80000002,  &_v12, 1, 0) == 0) {
								_t172 = _t125 & 0x0000007f;
								E005AF4EC( *((intOrPtr*)(0x66a328 + (_t125 & 0x0000007f) * 4)),  &_v28);
								E00409A18(0x66a334 + (_t172 + _t172) * 8 + (_v5 & 0x000000ff) * 4, L"v1.1.4322", _v28);
								RegCloseKey(_v12);
							}
						}
						goto L14;
					}
				} else {
					_t176 = _t125 & 0x0000007f;
					E005AF4EC( *((intOrPtr*)(0x66a328 + (_t125 & 0x0000007f) * 4)),  &_v20);
					E00409A18(0x66a334 + (_t176 + _t176) * 8 + (_v5 & 0x000000ff) * 4, L"v4.0.30319", _v20);
					RegCloseKey(_v12);
					L14:
					_t170 = _v5 & 0x000000ff;
					if( *((intOrPtr*)(0x66a334 + ((_t125 & 0x000000ff) + (_t125 & 0x000000ff)) * 8 + _t170 * 4)) == 0) {
						if(_v5 == 3) {
							E005F8384(L".NET Framework not found", _t125);
						} else {
							_v40 =  *((intOrPtr*)(0x661f7c + _t170 * 4));
							_v36 = 0x11;
							E00421A6C(L".NET Framework version %s not found", 0,  &_v40,  &_v32);
							E005F8384(_v32, _t125);
						}
					}
					goto L18;
				}
			}

0x0061c0b5
0x0061c0b8
0x0061c0bd
0x0061c0bd
0x0061c0bf
0x0061c0c1
0x0061c0c1
0x0061c0c4
0x0061c0c4
0x0061c0c4
0x0061c0ca
0x0061c0cc
0x0061c0cf
0x0061c0d3
0x0061c0d4
0x0061c0d9
0x0061c0dc
0x0061c0f3
0x0061c288
0x0061c29d
0x0061c2a4
0x0061c2a7
0x0061c2aa
0x0061c2bc
0x0061c2bc
0x0061c0fe
0x0061c10b
0x0061c16f
0x0061c171
0x0061c192
0x00000000
0x0061c194
0x0061c199
0x0061c1a3
0x0061c1c2
0x0061c1cb
0x00000000
0x0061c1cb
0x0061c1d2
0x0061c1d2
0x0061c1d2
0x0061c1d8
0x0061c1f9
0x0061c200
0x0061c20a
0x0061c229
0x0061c232
0x0061c232
0x0061c1f9
0x00000000
0x0061c1d8
0x0061c12a
0x0061c12f
0x0061c139
0x0061c158
0x0061c161
0x0061c237
0x0061c237
0x0061c24b
0x0061c251
0x0061c283
0x0061c253
0x0061c25e
0x0061c261
0x0061c26f
0x0061c277
0x0061c277
0x0061c251
0x00000000
0x0061c24b

APIs

RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,0061C2BD,?,0061BDB8,?,00000000,00000000,00000000,?,?,0061C528,00000000), ref: 0061C161
RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,0061C2BD,?,0061BDB8,?,00000000,00000000,00000000,?,?,0061C528,00000000), ref: 0061C1CB
RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,00000001,00000000,00000000,0061C2BD,?,0061BDB8,?,00000000,00000000,00000000,?), ref: 0061C232

Strings

v1.1.4322, xrefs: 0061C224
SOFTWARE\Microsoft\.NETFramework\Policy\v4.0, xrefs: 0061C117
v4.0.30319, xrefs: 0061C153
.NET Framework version %s not found, xrefs: 0061C26A
v2.0.50727, xrefs: 0061C1BD
.NET Framework not found, xrefs: 0061C27E
SOFTWARE\Microsoft\.NETFramework\Policy\v1.1, xrefs: 0061C1E8
SOFTWARE\Microsoft\.NETFramework\Policy\v2.0, xrefs: 0061C181

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Close
String ID: .NET Framework not found$.NET Framework version %s not found$SOFTWARE\Microsoft\.NETFramework\Policy\v1.1$SOFTWARE\Microsoft\.NETFramework\Policy\v2.0$SOFTWARE\Microsoft\.NETFramework\Policy\v4.0$v1.1.4322$v2.0.50727$v4.0.30319
API String ID: 3535843008-446240816
Opcode ID: 5c4be7783c3720835ae8a4fb173b92cd471531e86fa9727864e10207872c20d9
Instruction ID: 0171de0e739aa57d07984b086b7acf152b7eafe005c9af5d244d511209c37314
Opcode Fuzzy Hash: 5c4be7783c3720835ae8a4fb173b92cd471531e86fa9727864e10207872c20d9
Instruction Fuzzy Hash: 0C5104316841956FCF04DBE4C861BFD7BB7EB89310F18006AE540E7382D679AE45DB61

Uniqueness

Uniqueness Score: -1.00%

Function 0061AD2C, Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 70
sleepsynchronizationCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0061AD2C(intOrPtr __eax, void* __edx) {
				long _v12;
				long _v16;
				void* __ebx;
				void* __esi;
				void* _t44;
				void* _t50;
				intOrPtr _t51;
				DWORD* _t52;

				_t19 = __eax;
				_t52 =  &_v12;
				_t44 = __edx;
				_t51 = __eax;
				if( *((char*)(__eax + 4)) == 0) {
					L11:
					return _t19;
				}
				 *((char*)(__eax + 5)) = 1;
				_v16 =  *((intOrPtr*)(__eax + 0x10));
				_v12 = 0;
				E0060165C(L"Stopping 64-bit helper process. (PID: %u)", __edx, 0,  &_v16, _t50, __eax);
				CloseHandle( *(_t51 + 0xc));
				 *(_t51 + 0xc) = 0;
				while(WaitForSingleObject( *(_t51 + 8), 0x2710) == 0x102) {
					E006013D8(L"Helper isn\'t responding; killing it.", _t44, _t50, _t51);
					TerminateProcess( *(_t51 + 8), 1);
				}
				if(GetExitCodeProcess( *(_t51 + 8), _t52) == 0) {
					E006013D8(L"Helper process exited, but failed to get exit code.", _t44, _t50, _t51);
				} else {
					if( *_t52 != 0) {
						_v16 =  *_t52;
						_v12 = 0;
						E0060165C(L"Helper process exited with failure code: 0x%x", _t44, 0,  &_v16, _t50, _t51);
					} else {
						E006013D8(L"Helper process exited.", _t44, _t50, _t51);
					}
				}
				CloseHandle( *(_t51 + 8));
				 *(_t51 + 8) = 0;
				_t19 = 0;
				 *((intOrPtr*)(_t51 + 0x10)) = 0;
				 *((char*)(_t51 + 4)) = 0;
				if(_t44 == 0) {
					goto L11;
				} else {
					Sleep(0xfa);
					return 0;
				}
			}

0x0061ad2c
0x0061ad2e
0x0061ad31
0x0061ad33
0x0061ad39
0x0061ae0b
0x0061ae0b
0x0061ae0b
0x0061ad3f
0x0061ad46
0x0061ad4a
0x0061ad5a
0x0061ad63
0x0061ad6a
0x0061ad84
0x0061ad74
0x0061ad7f
0x0061ad7f
0x0061ada5
0x0061addc
0x0061ada7
0x0061adab
0x0061adbc
0x0061adc0
0x0061add0
0x0061adad
0x0061adb2
0x0061adb2
0x0061adab
0x0061ade5
0x0061adec
0x0061adef
0x0061adf1
0x0061adf4
0x0061adfa
0x00000000
0x0061adfc
0x0061ae01
0x00000000
0x0061ae01

APIs

CloseHandle.KERNEL32(?), ref: 0061AD63
TerminateProcess.KERNEL32(?,00000001,?,00002710,?), ref: 0061AD7F
WaitForSingleObject.KERNEL32(?,00002710,?), ref: 0061AD8D
GetExitCodeProcess.KERNEL32 ref: 0061AD9E
CloseHandle.KERNEL32(?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 0061ADE5
Sleep.KERNEL32(000000FA,?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 0061AE01

Strings

Helper isn't responding; killing it., xrefs: 0061AD6F
Helper process exited with failure code: 0x%x, xrefs: 0061ADCB
Helper process exited, but failed to get exit code., xrefs: 0061ADD7
Helper process exited., xrefs: 0061ADAD
Stopping 64-bit helper process. (PID: %u), xrefs: 0061AD55

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CloseHandleProcess$CodeExitObjectSingleSleepTerminateWait
String ID: Helper isn't responding; killing it.$Helper process exited with failure code: 0x%x$Helper process exited, but failed to get exit code.$Helper process exited.$Stopping 64-bit helper process. (PID: %u)
API String ID: 3355656108-1243109208
Opcode ID: a0df7089676fef574dfab75a9158cf6e29ba5fd190999d10e24cbc68d5aad16f
Instruction ID: 798cb82454b907f4610273c7cefa33f3cc1412bd95dfbe18a7574247b18f10f4
Opcode Fuzzy Hash: a0df7089676fef574dfab75a9158cf6e29ba5fd190999d10e24cbc68d5aad16f
Instruction Fuzzy Hash: EF21AF706457409AC720EBB9D5417CBBAD69F19300F088D2DF19ACB692D7B4E8C09753

Uniqueness

Uniqueness Score: -1.00%

Function 0064ED7C, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 145
fileCOMMON

Download Yara Rule

C-Code - Quality: 67%

			E0064ED7C(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				char _v8;
				struct HWND__* _v12;
				void* _v16;
				char _v20;
				char _v24;
				char _v28;
				struct HWND__* _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				WCHAR* _t41;
				intOrPtr _t42;
				int _t44;
				intOrPtr* _t54;
				void* _t68;
				intOrPtr _t80;
				intOrPtr _t102;
				intOrPtr _t104;
				void* _t108;
				void* _t109;
				intOrPtr _t110;
				void* _t118;

				_t118 = __fp0;
				_t106 = __esi;
				_t105 = __edi;
				_t88 = __ecx;
				_t87 = __ebx;
				_t108 = _t109;
				_t110 = _t109 + 0xffffffd4;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v24 = 0;
				_v48 = 0;
				_v44 = 0;
				_v20 = 0;
				_v8 = 0;
				_push(_t108);
				_push(0x64ef6a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t110;
				E005B0B4C( &_v20, __ebx, __ecx, __eflags);
				if(E005F89FC(_v20, __ebx,  &_v8, __edi, __esi) == 0) {
					_push(_t108);
					_push( *[fs:eax]);
					 *[fs:eax] = _t110;
					E005F8EF4(0, _t87, _v8, __edi, __esi);
					_pop(_t104);
					_t88 = 0x64eddf;
					 *[fs:eax] = _t104;
				}
				_t41 = E004097C8(_v8);
				_t42 =  *0x66a7dc; // 0x0
				_t44 = CopyFileW(E004097C8(_t42), _t41, 0);
				_t113 = _t44;
				if(_t44 == 0) {
					_t80 =  *0x66279c; // 0x669c04
					_t11 = _t80 + 0x1c4; // 0x0
					E0064E2B8( *_t11, _t87, _t88, _t106, _t113);
				}
				SetFileAttributesW(E004097C8(_v8), 0x80);
				_v12 = E00412B68(0, L"STATIC", 0,  *0x666634, 0, 0, 0, 0, 0, 0, 0);
				 *0x66a808 = SetWindowLongW(_v12, 0xfffffffc, E0064E478);
				_push(_t108);
				_push(0x64ef33);
				_push( *[fs:eax]);
				 *[fs:eax] = _t110;
				_t54 =  *0x662788; // 0x66978c
				SetWindowPos( *( *_t54 + 0x188), 0, 0, 0, 0, 0, 0x97);
				E005B0518(0, _t87,  &_v44, _t105, _t106);
				_v40 = _v44;
				_v36 = 0x11;
				_v32 = _v12;
				_v28 = 0;
				E00421A6C(L"/SECONDPHASE=\"%s\" /FIRSTPHASEWND=$%x ", 1,  &_v40,  &_v24);
				_push( &_v24);
				E005B03F8( &_v48, _t87, _t106, 0);
				_pop(_t68);
				E004099C0(_t68, _v48);
				_v16 = E0064E360(_v8, _t87, _v24, _t105, _t106, _t118);
				do {
				} while (E0064E43C() == 0 && MsgWaitForMultipleObjects(1,  &_v16, 0, 0xffffffff, 0x4ff) == 1);
				CloseHandle(_v16);
				_pop(_t102);
				 *[fs:eax] = _t102;
				_push(E0064EF3A);
				return DestroyWindow(_v12);
			}

0x0064ed7c
0x0064ed7c
0x0064ed7c
0x0064ed7c
0x0064ed7c
0x0064ed7d
0x0064ed7f
0x0064ed82
0x0064ed83
0x0064ed84
0x0064ed87
0x0064ed8a
0x0064ed8d
0x0064ed90
0x0064ed93
0x0064ed98
0x0064ed99
0x0064ed9e
0x0064eda1
0x0064eda7
0x0064edb9
0x0064edbd
0x0064edc3
0x0064edc6
0x0064edd0
0x0064edd7
0x0064edd9
0x0064edda
0x0064edda
0x0064edee
0x0064edf4
0x0064edff
0x0064ee04
0x0064ee06
0x0064ee08
0x0064ee0d
0x0064ee13
0x0064ee13
0x0064ee26
0x0064ee52
0x0064ee65
0x0064ee6c
0x0064ee6d
0x0064ee72
0x0064ee75
0x0064ee87
0x0064ee95
0x0064eea3
0x0064eeab
0x0064eeae
0x0064eeb5
0x0064eeb8
0x0064eec9
0x0064eed1
0x0064eed5
0x0064eedd
0x0064eede
0x0064eeee
0x0064eef1
0x0064eef6
0x0064ef17
0x0064ef1e
0x0064ef21
0x0064ef24
0x0064ef32

APIs

Part of subcall function 005F89FC: CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,?,_iu,?,00000000,005F8B37), ref: 005F8AE7
Part of subcall function 005F89FC: CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,?,_iu,?,00000000,005F8B37), ref: 005F8AF7

CopyFileW.KERNEL32(00000000,00000000,00000000,00000000,0064EF6A), ref: 0064EDFF
SetFileAttributesW.KERNEL32(00000000,00000080,00000000,00000000,00000000,00000000,0064EF6A), ref: 0064EE26
SetWindowLongW.USER32 ref: 0064EE60
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,0064EF33,?,?,000000FC,0064E478,00000000,?,00000000), ref: 0064EE95
MsgWaitForMultipleObjects.USER32 ref: 0064EF09
CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,0064EF33,?,?,000000FC,0064E478,00000000), ref: 0064EF17

Part of subcall function 005F8EF4: WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,00000000), ref: 005F8FDA

DestroyWindow.USER32(?,0064EF3A,00000000,00000000,00000000,00000000,00000000,00000097,00000000,0064EF33,?,?,000000FC,0064E478,00000000,?), ref: 0064EF2D

Strings

STATIC, xrefs: 0064EE46
/SECONDPHASE="%s" /FIRSTPHASEWND=$%x , xrefs: 0064EEC4

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileWindow$CloseHandle$AttributesCopyCreateDestroyLongMultipleObjectsPrivateProfileStringWaitWrite
String ID: /SECONDPHASE="%s" /FIRSTPHASEWND=$%x $STATIC
API String ID: 1779715363-2312673372
Opcode ID: 56fda804b63d440547723367f12470b33185f30f1e9388556ff6818bac528482
Instruction ID: cb016fcbe83d026b746195098022f91b3a08dbab4975f128bac4cf3c8a8463a3
Opcode Fuzzy Hash: 56fda804b63d440547723367f12470b33185f30f1e9388556ff6818bac528482
Instruction Fuzzy Hash: 04416D70A40208AFDB40EFB8DC52AEEBBF9FB09714F51446AF500F7691E6759E008B64

Uniqueness

Uniqueness Score: -1.00%

Function 0061AFDC, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 124
pipeCOMMON

Download Yara Rule

C-Code - Quality: 55%

			E0061AFDC(intOrPtr __eax, void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __fp0, char _a4) {
				intOrPtr _v8;
				long _v12;
				void* _v16;
				struct _OVERLAPPED _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				long _t83;
				intOrPtr _t94;
				void* _t99;
				void* _t100;
				intOrPtr _t101;

				_t99 = _t100;
				_t101 = _t100 + 0xffffffd8;
				_v40 = 0;
				_v44 = 0;
				_v8 = __eax;
				_push(_t99);
				_push(0x61b21a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t101;
				 *(_v8 + 0x14) =  *(_v8 + 0x14) + 1;
				 *(_v8 + 0x20) =  *(_v8 + 0x14);
				 *((intOrPtr*)(_v8 + 0x24)) = __edx;
				 *((intOrPtr*)(_v8 + 0x28)) = __ecx;
				_t83 = 0xc + __ecx;
				_push(_t99);
				_push(0x61b1bf);
				_push( *[fs:edx]);
				 *[fs:edx] = _t101;
				_v16 = CreateEventW(0, 0xffffffff, 0, 0);
				if(_v16 == 0) {
					E005F84D8(L"CreateEvent");
				}
				_push(_t99);
				_push(0x61b154);
				_push( *[fs:edx]);
				 *[fs:edx] = _t101;
				E00405CE4( &_v36, 0x14);
				_v36.hEvent = _v16;
				if(TransactNamedPipe( *(_v8 + 0xc), _v8 + 0x20, _t83, _v8 + 0x4034, 0x14,  &_v12,  &_v36) != 0) {
					_pop(_t94);
					 *[fs:eax] = _t94;
					_push(E0061B15B);
					return CloseHandle(_v16);
				} else {
					if(GetLastError() != 0x3e5) {
						E005F84D8(L"TransactNamedPipe");
					}
					_push(_t99);
					_push(0x61b126);
					_push( *[fs:edx]);
					 *[fs:edx] = _t101;
					if(_a4 != 0 &&  *((short*)(_v8 + 0x1a)) != 0) {
						do {
							 *((intOrPtr*)(_v8 + 0x18))();
						} while (MsgWaitForMultipleObjects(1,  &_v16, 0, 0xffffffff, 0x4ff) == 1);
					}
					_pop( *[fs:0x0]);
					_push(E0061B12D);
					GetOverlappedResult( *(_v8 + 0xc),  &_v36,  &_v12, 0xffffffff);
					return GetLastError();
				}
			}

0x0061afdd
0x0061afdf
0x0061afe7
0x0061afea
0x0061afed
0x0061aff2
0x0061aff3
0x0061aff8
0x0061affb
0x0061b001
0x0061b00d
0x0061b013
0x0061b019
0x0061b021
0x0061b025
0x0061b026
0x0061b02b
0x0061b02e
0x0061b03e
0x0061b045
0x0061b04c
0x0061b04c
0x0061b053
0x0061b054
0x0061b059
0x0061b05c
0x0061b069
0x0061b071
0x0061b09d
0x0061b13f
0x0061b142
0x0061b145
0x0061b153
0x0061b0a3
0x0061b0ad
0x0061b0b4
0x0061b0b4
0x0061b0bb
0x0061b0bc
0x0061b0c1
0x0061b0c4
0x0061b0cb
0x0061b0d7
0x0061b0dd
0x0061b0f4
0x0061b0d7
0x0061b0f9
0x0061b103
0x0061b119
0x0061b125
0x0061b125

APIs

CreateEventW.KERNEL32(00000000,000000FF,00000000,00000000,00000000,0061B1BF,?,00000000,0061B21A,?,?,00000000,00000000), ref: 0061B039
TransactNamedPipe.KERNEL32(?,-00000020,0000000C,-00004034,00000014,00000000,?,00000000,0061B154,?,00000000,000000FF,00000000,00000000,00000000,0061B1BF), ref: 0061B096
GetLastError.KERNEL32(?,-00000020,0000000C,-00004034,00000014,00000000,?,00000000,0061B154,?,00000000,000000FF,00000000,00000000,00000000,0061B1BF), ref: 0061B0A3
MsgWaitForMultipleObjects.USER32 ref: 0061B0EF
GetOverlappedResult.KERNEL32(?,?,00000000,000000FF,0061B12D,00000000,00000000), ref: 0061B119
GetLastError.KERNEL32(?,?,00000000,000000FF,0061B12D,00000000,00000000), ref: 0061B120

Part of subcall function 005F84D8: GetLastError.KERNEL32(00000000,005F91EE,00000005,00000000,005F9216,?,?,0066978C,?,00000000,00000000,00000000,?,00650A7F,00000000,00650A9A), ref: 005F84DB

Strings

CreateEvent, xrefs: 0061B047
TransactNamedPipe, xrefs: 0061B0AF

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ErrorLast$CreateEventMultipleNamedObjectsOverlappedPipeResultTransactWait
String ID: CreateEvent$TransactNamedPipe
API String ID: 2182916169-3012584893
Opcode ID: 8db3512c30ce29ded26b971a397ebc05e83142d97360ae08ee65095d45f9f927
Instruction ID: d0b5e641d23b1beaa1296b08846350201fa2eda204b4eae0268dfb10b8facce3
Opcode Fuzzy Hash: 8db3512c30ce29ded26b971a397ebc05e83142d97360ae08ee65095d45f9f927
Instruction Fuzzy Hash: 03418E70A00208AFDB01DF99CD91EEEBBB9FB0D314F1541A5FA14E7391D7749A90CA68

Uniqueness

Uniqueness Score: -1.00%

Function 0040C15C, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E0040C15C(signed short __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				char _v8;
				void* _t18;
				signed short _t28;
				intOrPtr _t35;
				intOrPtr* _t44;
				intOrPtr _t47;

				_t42 = __edi;
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t44 = __edx;
				_t28 = __eax;
				_push(_t47);
				_push(0x40c260);
				_push( *[fs:eax]);
				 *[fs:eax] = _t47;
				EnterCriticalSection(0x665c14);
				if(_t28 !=  *0x665c2c) {
					LeaveCriticalSection(0x665c14);
					E00408718(_t44);
					if(IsValidLocale(_t28 & 0x0000ffff, 2) != 0) {
						if( *0x665c10 == 0) {
							_t18 = E0040BE44(_t28, _t28, _t44, __edi, _t44);
							L004037D8();
							if(_t28 != _t18) {
								if( *_t44 != 0) {
									_t18 = E004099C0(_t44, E0040C278);
								}
								L004037D8();
								E0040BE44(_t18, _t28,  &_v8, _t42, _t44);
								E004099C0(_t44, _v8);
							}
						} else {
							E0040C040(_t28, _t44);
						}
					}
					EnterCriticalSection(0x665c14);
					 *0x665c2c = _t28;
					E0040BCC4(0x665c2e, E004097C8( *_t44), 0xaa);
					LeaveCriticalSection(0x665c14);
				} else {
					E00409868(_t44, 0x55, 0x665c2e);
					LeaveCriticalSection(0x665c14);
				}
				_pop(_t35);
				 *[fs:eax] = _t35;
				_push(E0040C267);
				return E00408718( &_v8);
			}

0x0040c15c
0x0040c15f
0x0040c161
0x0040c162
0x0040c163
0x0040c165
0x0040c169
0x0040c16a
0x0040c16f
0x0040c172
0x0040c17a
0x0040c186
0x0040c1ad
0x0040c1b4
0x0040c1c6
0x0040c1cf
0x0040c1e0
0x0040c1e5
0x0040c1ed
0x0040c1f2
0x0040c1fb
0x0040c1fb
0x0040c200
0x0040c208
0x0040c212
0x0040c212
0x0040c1d1
0x0040c1d5
0x0040c1d5
0x0040c1cf
0x0040c21c
0x0040c221
0x0040c23b
0x0040c245
0x0040c188
0x0040c194
0x0040c19e
0x0040c19e
0x0040c24c
0x0040c24f
0x0040c252
0x0040c25f

APIs

EnterCriticalSection.KERNEL32(00665C14,00000000,0040C260,?,?,?,00000000,?,0040CB40,00000000,0040CB9F,?,?,00000000,00000000,00000000), ref: 0040C17A
LeaveCriticalSection.KERNEL32(00665C14,00665C14,00000000,0040C260,?,?,?,00000000,?,0040CB40,00000000,0040CB9F,?,?,00000000,00000000), ref: 0040C19E
LeaveCriticalSection.KERNEL32(00665C14,00665C14,00000000,0040C260,?,?,?,00000000,?,0040CB40,00000000,0040CB9F,?,?,00000000,00000000), ref: 0040C1AD
IsValidLocale.KERNEL32(00000000,00000002,00665C14,00665C14,00000000,0040C260,?,?,?,00000000,?,0040CB40,00000000,0040CB9F), ref: 0040C1BF
EnterCriticalSection.KERNEL32(00665C14,00000000,00000002,00665C14,00665C14,00000000,0040C260,?,?,?,00000000,?,0040CB40,00000000,0040CB9F), ref: 0040C21C
LeaveCriticalSection.KERNEL32(00665C14,00665C14,00000000,00000002,00665C14,00665C14,00000000,0040C260,?,?,?,00000000,?,0040CB40,00000000,0040CB9F), ref: 0040C245

Strings

en-US,en,, xrefs: 0040C18A, 0040C231

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$LocaleValid
String ID: en-US,en,
API String ID: 975949045-3579323720
Opcode ID: de0372bb15fcd8e3e5d738d8cbfd73958d23adeb0fb7aae7c0ca44c7a909b8f1
Instruction ID: 62fecbf31074def960baab5c845f0e3528801b11b7ae68e71bde5ae064a172bd
Opcode Fuzzy Hash: de0372bb15fcd8e3e5d738d8cbfd73958d23adeb0fb7aae7c0ca44c7a909b8f1
Instruction Fuzzy Hash: EC2196A0750701BADB207BBA8C8365925999B85B09F50457FF041BB7C2DE7C9D4182AF

Uniqueness

Uniqueness Score: -1.00%

Function 0061971C, Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 90
COMMON

Download Yara Rule

C-Code - Quality: 25%

			E0061971C(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				void* _v12;
				char _v16;
				char _v20;
				void* _t28;
				intOrPtr* _t30;
				intOrPtr _t33;
				intOrPtr* _t37;
				intOrPtr* _t49;
				intOrPtr _t61;
				intOrPtr* _t66;
				void* _t68;
				intOrPtr _t70;
				intOrPtr _t71;

				_t70 = _t71;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t68 = __eax;
				_push(_t70);
				_push(0x619836);
				_push( *[fs:eax]);
				 *[fs:eax] = _t71;
				_t66 = E00411E58(__ebx, _t68, GetModuleHandleW(L"OLEAUT32.DLL"), L"UnRegisterTypeLib");
				_t49 = _t66;
				if(_t66 == 0) {
					E005F84D8(L"GetProcAddress");
				}
				E005AF910(_t68,  &_v20, _t70);
				E004098B8( &_v8, _v20);
				_push(E0040CDF4( &_v12));
				_t28 = E00409444(_v8);
				_push(_t28);
				L00437630();
				if(_t28 != 0) {
					E005F84EC(L"LoadTypeLib", _t49, _t28, _t68);
				}
				_push( &_v16);
				_t30 = _v12;
				_push(_t30);
				if( *((intOrPtr*)( *_t30 + 0x1c))() != 0) {
					E005F84EC(L"ITypeLib::GetLibAttr", _t49, _t32, _t68);
				}
				_push(_t70);
				_push(0x619809);
				_push( *[fs:edx]);
				 *[fs:edx] = _t71;
				_t33 = _v16;
				_push( *((intOrPtr*)(_t33 + 0x14)));
				_push( *((intOrPtr*)(_t33 + 0x10)));
				_push( *(_t33 + 0x1a) & 0x0000ffff);
				_push( *(_t33 + 0x18) & 0x0000ffff);
				_push(_t33);
				if( *_t49() != 0) {
					E005F84EC(L"UnRegisterTypeLib", _t49, _t34, _t68);
				}
				_pop(_t61);
				 *[fs:eax] = _t61;
				_t37 = _v12;
				return  *((intOrPtr*)( *_t37 + 0x30))(_t37, _v16, E00619810);
			}

0x0061971d
0x00619721
0x00619722
0x00619723
0x00619724
0x00619725
0x00619726
0x00619728
0x0061972c
0x0061972d
0x00619732
0x00619735
0x0061974d
0x0061974f
0x00619753
0x0061975a
0x0061975a
0x00619764
0x0061976f
0x0061977c
0x00619780
0x00619785
0x00619786
0x0061978d
0x00619796
0x00619796
0x0061979e
0x0061979f
0x006197a2
0x006197aa
0x006197b3
0x006197b3
0x006197ba
0x006197bb
0x006197c0
0x006197c3
0x006197c6
0x006197cc
0x006197d0
0x006197d5
0x006197da
0x006197db
0x006197e0
0x006197e9
0x006197e9
0x006197f0
0x006197f3
0x006197ff
0x00619808

APIs

GetModuleHandleW.KERNEL32(OLEAUT32.DLL,UnRegisterTypeLib,00000000,00619836,?,?,?,00000000,00000000,00000000,00000000,00000000,?,0061F1D9,00000000,0061F1ED), ref: 00619742

Part of subcall function 00411E58: GetProcAddress.KERNEL32(?,?), ref: 00411E82

LoadTypeLib.OLEAUT32(00000000,00000000), ref: 00619786

Part of subcall function 005F84D8: GetLastError.KERNEL32(00000000,005F91EE,00000005,00000000,005F9216,?,?,0066978C,?,00000000,00000000,00000000,?,00650A7F,00000000,00650A9A), ref: 005F84DB

Strings

OLEAUT32.DLL, xrefs: 0061973D
LoadTypeLib, xrefs: 00619791
GetProcAddress, xrefs: 00619755
UnRegisterTypeLib, xrefs: 00619738
ITypeLib::GetLibAttr, xrefs: 006197AE
UnRegisterTypeLib, xrefs: 006197E4

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressErrorHandleLastLoadModuleProcType
String ID: GetProcAddress$ITypeLib::GetLibAttr$LoadTypeLib$OLEAUT32.DLL$UnRegisterTypeLib$UnRegisterTypeLib
API String ID: 1914119943-2711329623
Opcode ID: b7417e744222dc32596ba48d8879329c41578bde9f378d1b62ec6412459632a8
Instruction ID: 3a55b39a5a19b99bbd5c937055682b7473fb8c80a336333e8498f9d46bcc4c61
Opcode Fuzzy Hash: b7417e744222dc32596ba48d8879329c41578bde9f378d1b62ec6412459632a8
Instruction Fuzzy Hash: E6218B71610205AF9B50EFAAC866DAB77EEEF897047058868B500D3261EA34DC41C770

Uniqueness

Uniqueness Score: -1.00%

Function 005B155C, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 82
registryCOMMON

Download Yara Rule

C-Code - Quality: 61%

			E005B155C(void* __ebx, void* __esi, void* __eflags) {
				char _v8;
				void* _v12;
				char _v16;
				char _v20;
				intOrPtr* _t21;
				intOrPtr _t61;
				void* _t68;

				_push(__ebx);
				_v20 = 0;
				_v8 = 0;
				_push(_t68);
				_push(0x5b1656);
				_push( *[fs:eax]);
				 *[fs:eax] = _t68 + 0xfffffff0;
				_t21 = E00411E58(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"GetUserDefaultUILanguage");
				if(_t21 == 0) {
					if(E0042719C() != 2) {
						if(E005B0F7C(0, L"Control Panel\\Desktop\\ResourceLocale", 0x80000001,  &_v12, 1, 0) == 0) {
							E005B0EA4();
							RegCloseKey(_v12);
						}
					} else {
						if(E005B0F7C(0, L".DEFAULT\\Control Panel\\International", 0x80000003,  &_v12, 1, 0) == 0) {
							E005B0EA4();
							RegCloseKey(_v12);
						}
					}
					E00409A18( &_v20, _v8, 0x5b176c);
					E00405DF4(_v20,  &_v16);
					if(_v16 != 0) {
					}
				} else {
					 *_t21();
				}
				_pop(_t61);
				 *[fs:eax] = _t61;
				_push(E005B165D);
				E00408718( &_v20);
				return E00408718( &_v8);
			}

0x005b1562
0x005b1565
0x005b1568
0x005b156d
0x005b156e
0x005b1573
0x005b1576
0x005b1589
0x005b1590
0x005b15a3
0x005b15f8
0x005b1605
0x005b160e
0x005b160e
0x005b15a5
0x005b15c0
0x005b15cd
0x005b15d6
0x005b15d6
0x005b15c0
0x005b161e
0x005b1629
0x005b1634
0x005b1634
0x005b1592
0x005b1592
0x005b1594
0x005b163a
0x005b163d
0x005b1640
0x005b1648
0x005b1655

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,005B1656,?,00000000), ref: 005B1583

Part of subcall function 00411E58: GetProcAddress.KERNEL32(?,?), ref: 00411E82

RegCloseKey.ADVAPI32(00000001,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,005B1656,?,00000000), ref: 005B15D6

Strings

.DEFAULT\Control Panel\International, xrefs: 005B15AD
kernel32.dll, xrefs: 005B157E
GetUserDefaultUILanguage, xrefs: 005B1579
Locale, xrefs: 005B15C5
Control Panel\Desktop\ResourceLocale, xrefs: 005B15E5

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressCloseHandleModuleProc
String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
API String ID: 4190037839-2401316094
Opcode ID: 354e76ca12d3382da0e925c859bca735769531503c93ea892a78b59f1c5e106b
Instruction ID: f3b80c1a87da7667449a85c8543438c8ab4114b066e130539604926b1af64128
Opcode Fuzzy Hash: 354e76ca12d3382da0e925c859bca735769531503c93ea892a78b59f1c5e106b
Instruction Fuzzy Hash: C7219634A40604ABDB50EBB5CD66ADE7BE8FB84340FA04475E501E3581DB74BE408B58

Uniqueness

Uniqueness Score: -1.00%

Function 00619BC0, Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 124
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E00619BC0(char __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				char _v13;
				char _v84;
				void* _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				char _v124;
				char _v128;
				void* _t58;
				void* _t91;
				char _t92;
				intOrPtr _t110;
				void* _t120;
				void* _t123;

				_t118 = __edi;
				_v116 = 0;
				_v120 = 0;
				_v112 = 0;
				_v108 = 0;
				_v104 = 0;
				_v8 = 0;
				_v12 = 0;
				_t120 = __ecx;
				_t91 = __edx;
				_v13 = __eax;
				_push(_t123);
				_push(0x619d54);
				_push( *[fs:eax]);
				 *[fs:eax] = _t123 + 0xffffff84;
				E005B09C4( &_v8);
				_push(0x619d70);
				E005AF4EC(_v8,  &_v104);
				_push(_v104);
				_push(L"regsvr32.exe\"");
				E00409AA0( &_v12, _t91, 3, __edi, _t120);
				if(_v13 != 0) {
					E004099C0( &_v12, 0x619da8);
				}
				_push(_v12);
				_push(L" /s \"");
				_push(_t120);
				_push(0x619d70);
				E00409AA0( &_v12, _t91, 4, _t118, _t120);
				_t126 = _t91;
				if(_t91 == 0) {
					E00409A18( &_v112, _v12, L"Spawning 32-bit RegSvr32: ");
					E006013D8(_v112, _t91, _t118, _t120);
				} else {
					E00409A18( &_v108, _v12, L"Spawning 64-bit RegSvr32: ");
					E006013D8(_v108, _t91, _t118, _t120);
				}
				E00405CE4( &_v84, 0x44);
				_v84 = 0x44;
				_t58 = E004097C8(_v8);
				if(E005F7694(_t91, E004097C8(_v12), 0, _t126,  &_v100,  &_v84, _t58, 0, 0x4000000, 0, 0, 0) == 0) {
					E005F84D8(L"CreateProcess");
				}
				CloseHandle(_v96);
				_t92 = E00619ABC( &_v100);
				if(_t92 != 0) {
					_v128 = _t92;
					_v124 = 0;
					E00421A6C(L"0x%x", 0,  &_v128,  &_v120);
					E005B8018(0x4a,  &_v116, _v120);
					E0042648C(_v116, 1);
					E00407E14();
				}
				_pop(_t110);
				 *[fs:eax] = _t110;
				_push(E00619D5B);
				E00408778( &_v120, 5);
				return E00408778( &_v12, 2);
			}

0x00619bc0
0x00619bca
0x00619bcd
0x00619bd0
0x00619bd3
0x00619bd6
0x00619bd9
0x00619bdc
0x00619bdf
0x00619be1
0x00619be3
0x00619be8
0x00619be9
0x00619bee
0x00619bf1
0x00619bf7
0x00619bfc
0x00619c07
0x00619c0c
0x00619c0f
0x00619c1c
0x00619c25
0x00619c2f
0x00619c2f
0x00619c34
0x00619c37
0x00619c3c
0x00619c3d
0x00619c4a
0x00619c4f
0x00619c51
0x00619c78
0x00619c80
0x00619c53
0x00619c5e
0x00619c66
0x00619c66
0x00619c8f
0x00619c94
0x00619cab
0x00619cce
0x00619cd5
0x00619cd5
0x00619cde
0x00619ceb
0x00619cef
0x00619cf5
0x00619cf8
0x00619d06
0x00619d13
0x00619d22
0x00619d27
0x00619d27
0x00619d2e
0x00619d31
0x00619d34
0x00619d41
0x00619d53

APIs

Part of subcall function 005B09C4: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005B09D7

CloseHandle.KERNEL32(?,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,00619D70,00000000, /s ",0066978C,regsvr32.exe",?,00619D70), ref: 00619CDE

Strings

0x%x, xrefs: 00619D01
Spawning 64-bit RegSvr32: , xrefs: 00619C59
regsvr32.exe", xrefs: 00619C0F
/s ", xrefs: 00619C37
D, xrefs: 00619C94
/u, xrefs: 00619C2A
CreateProcess, xrefs: 00619CD0
Spawning 32-bit RegSvr32: , xrefs: 00619C73

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CloseDirectoryHandleSystem
String ID: /s "$ /u$0x%x$CreateProcess$D$Spawning 32-bit RegSvr32: $Spawning 64-bit RegSvr32: $regsvr32.exe"
API String ID: 2051275411-1862435767
Opcode ID: d2ec7c97a4b75825815478db6a4901fec6acdcfbe344a6a9b268dddb5c5461e1
Instruction ID: 91a7d65596da60d3ab410b317687a4738a38aed02517376cad794b957d245f8b
Opcode Fuzzy Hash: d2ec7c97a4b75825815478db6a4901fec6acdcfbe344a6a9b268dddb5c5461e1
Instruction Fuzzy Hash: A5413F70E0024C9BDB14EFE5D892ADDBBBAAF49304F64407EE504B7282D7746E44CB65

Uniqueness

Uniqueness Score: -1.00%

Function 0040430C, Relevance: 12.2, APIs: 8, Instructions: 221
sleepCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E0040430C(void* __eax, signed int __edi, void* __ebp) {
				struct _MEMORY_BASIC_INFORMATION _v44;
				void* _v48;
				signed int __ebx;
				void* _t58;
				signed int _t61;
				signed int _t67;
				void _t70;
				int _t71;
				signed int _t78;
				void* _t79;
				signed int _t81;
				intOrPtr _t82;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				signed int _t92;
				void* _t96;
				signed int _t99;
				void* _t103;
				intOrPtr _t104;
				void* _t106;
				void* _t108;
				signed int _t113;
				void* _t115;
				void* _t116;

				_t56 = __eax;
				_t89 =  *(__eax - 4);
				_t78 =  *0x66305d; // 0x0
				if((_t89 & 0x00000007) != 0) {
					__eflags = _t89 & 0x00000005;
					if((_t89 & 0x00000005) != 0) {
						_pop(_t78);
						__eflags = _t89 & 0x00000003;
						if((_t89 & 0x00000003) == 0) {
							_push(_t78);
							_push(__edi);
							_t116 = _t115 + 0xffffffdc;
							_t103 = __eax - 0x10;
							E00403CE8();
							_t58 = _t103;
							 *_t116 =  *_t58;
							_v48 =  *((intOrPtr*)(_t58 + 4));
							_t92 =  *(_t58 + 0xc);
							if((_t92 & 0x00000008) != 0) {
								_t79 = _t103;
								_t113 = _t92 & 0xfffffff0;
								_t99 = 0;
								__eflags = 0;
								while(1) {
									VirtualQuery(_t79,  &_v44, 0x1c);
									_t61 = VirtualFree(_t79, 0, 0x8000);
									__eflags = _t61;
									if(_t61 == 0) {
										_t99 = _t99 | 0xffffffff;
										goto L10;
									}
									_t104 = _v44.RegionSize;
									__eflags = _t113 - _t104;
									if(_t113 > _t104) {
										_t113 = _t113 - _t104;
										_t79 = _t79 + _t104;
										continue;
									}
									goto L10;
								}
							} else {
								if(VirtualFree(_t103, 0, 0x8000) == 0) {
									_t99 = __edi | 0xffffffff;
								} else {
									_t99 = 0;
								}
							}
							L10:
							if(_t99 == 0) {
								 *_v48 =  *_t116;
								 *( *_t116 + 4) = _v48;
							}
							 *0x665b7c = 0;
							return _t99;
						} else {
							return 0xffffffff;
						}
					} else {
						goto L31;
					}
				} else {
					__eflags = __bl;
					__ebx =  *__edx;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L14;
							}
							asm("pause");
							__eflags =  *0x66398d;
							if(__eflags != 0) {
								continue;
							} else {
								Sleep(0);
								__edx = __edx;
								__ecx = __ecx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__eflags != 0) {
									Sleep(0xa);
									__edx = __edx;
									__ecx = __ecx;
									continue;
								}
							}
							goto L14;
						}
					}
					L14:
					_t14 = __edx + 0x14;
					 *_t14 =  *(__edx + 0x14) - 1;
					__eflags =  *_t14;
					__eax =  *(__edx + 0x10);
					if( *_t14 == 0) {
						__eflags = __eax;
						if(__eax == 0) {
							L20:
							 *(__ebx + 0x14) = __eax;
						} else {
							__eax =  *(__edx + 0xc);
							__ecx =  *(__edx + 8);
							 *(__eax + 8) = __ecx;
							 *(__ecx + 0xc) = __eax;
							__eax = 0;
							__eflags =  *((intOrPtr*)(__ebx + 0x18)) - __edx;
							if( *((intOrPtr*)(__ebx + 0x18)) == __edx) {
								goto L20;
							}
						}
						 *__ebx = __al;
						__eax = __edx;
						__edx =  *(__edx - 4);
						__bl =  *0x66305d; // 0x0
						L31:
						__eflags = _t78;
						_t81 = _t89 & 0xfffffff0;
						_push(_t101);
						_t106 = _t56;
						if(__eflags != 0) {
							while(1) {
								_t67 = 0x100;
								asm("lock cmpxchg [0x663aec], ah");
								if(__eflags == 0) {
									goto L32;
								}
								asm("pause");
								__eflags =  *0x66398d;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									_t67 = 0x100;
									asm("lock cmpxchg [0x663aec], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L32;
							}
						}
						L32:
						__eflags = (_t106 - 4)[_t81] & 0x00000001;
						_t87 = (_t106 - 4)[_t81];
						if(((_t106 - 4)[_t81] & 0x00000001) != 0) {
							_t67 = _t81 + _t106;
							_t88 = _t87 & 0xfffffff0;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E00403B60(_t67);
							}
						} else {
							_t88 = _t87 | 0x00000008;
							__eflags = _t88;
							(_t106 - 4)[_t81] = _t88;
						}
						__eflags =  *(_t106 - 4) & 0x00000008;
						if(( *(_t106 - 4) & 0x00000008) != 0) {
							_t88 =  *(_t106 - 8);
							_t106 = _t106 - _t88;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E00403B60(_t106);
							}
						}
						__eflags = _t81 - 0x13ffe0;
						if(_t81 == 0x13ffe0) {
							__eflags =  *0x663af4 - 0x13ffe0;
							if( *0x663af4 != 0x13ffe0) {
								_t82 = _t106 + 0x13ffe0;
								E00403C00(_t67);
								 *((intOrPtr*)(_t82 - 4)) = 2;
								 *0x663af4 = 0x13ffe0;
								 *0x663af0 = _t82;
								 *0x663aec = 0;
								__eflags = 0;
								return 0;
							} else {
								_t108 = _t106 - 0x10;
								_t70 =  *_t108;
								_t96 =  *(_t108 + 4);
								 *(_t70 + 4) = _t96;
								 *_t96 = _t70;
								 *0x663aec = 0;
								_t71 = VirtualFree(_t108, 0, 0x8000);
								__eflags = _t71 - 1;
								asm("sbb eax, eax");
								return _t71;
							}
						} else {
							 *(_t106 - 4) = _t81 + 3;
							 *(_t106 - 8 + _t81) = _t81;
							E00403BA0(_t106, _t88, _t81);
							 *0x663aec = 0;
							__eflags = 0;
							return 0;
						}
					} else {
						__eflags = __eax;
						 *(__edx + 0x10) = __ecx;
						 *(__ecx - 4) = __eax;
						if(__eflags == 0) {
							__ecx =  *(__ebx + 8);
							 *(__edx + 0xc) = __ebx;
							 *(__edx + 8) = __ecx;
							 *(__ecx + 0xc) = __edx;
							 *(__ebx + 8) = __edx;
							 *__ebx = 0;
							__eax = 0;
							__eflags = 0;
							_pop(__ebx);
							return 0;
						} else {
							__eax = 0;
							__eflags = 0;
							 *__ebx = __al;
							_pop(__ebx);
							return 0;
						}
					}
				}
			}

0x0040430c
0x0040430c
0x00404315
0x0040431b
0x00404404
0x00404407
0x004044f4
0x004044f5
0x004044f8
0x00403d98
0x00403d9a
0x00403d9c
0x00403da1
0x00403da4
0x00403da9
0x00403dad
0x00403db3
0x00403db7
0x00403dbd
0x00403dd9
0x00403ddd
0x00403de0
0x00403de0
0x00403de2
0x00403dea
0x00403df7
0x00403dfc
0x00403dfe
0x00403e00
0x00403e03
0x00403e03
0x00403e05
0x00403e09
0x00403e0b
0x00403e0d
0x00403e0f
0x00000000
0x00403e0f
0x00000000
0x00403e0b
0x00403dbf
0x00403dce
0x00403dd4
0x00403dd0
0x00403dd0
0x00403dd0
0x00403dce
0x00403e13
0x00403e15
0x00403e1e
0x00403e27
0x00403e27
0x00403e2a
0x00403e3a
0x004044fe
0x00404503
0x00404503
0x00000000
0x00000000
0x00000000
0x00404321
0x00404321
0x00404323
0x00404325
0x00404388
0x00404388
0x0040438d
0x00404391
0x00000000
0x00000000
0x00404393
0x00404395
0x0040439c
0x00000000
0x0040439e
0x004043a2
0x004043a7
0x004043a8
0x004043a9
0x004043ae
0x004043b2
0x004043bc
0x004043c1
0x004043c2
0x00000000
0x004043c2
0x004043b2
0x00000000
0x0040439c
0x00404388
0x00404327
0x00404327
0x00404327
0x00404327
0x0040432b
0x0040432e
0x0040435c
0x0040435e
0x00404373
0x00404373
0x00404360
0x00404360
0x00404363
0x00404366
0x00404369
0x0040436c
0x0040436e
0x00404371
0x00000000
0x00000000
0x00404371
0x00404376
0x00404378
0x0040437a
0x0040437d
0x0040440d
0x00404410
0x00404412
0x00404414
0x00404415
0x00404417
0x004043c8
0x004043c8
0x004043cd
0x004043d5
0x00000000
0x00000000
0x004043d7
0x004043d9
0x004043e0
0x00000000
0x004043e2
0x004043e4
0x004043e9
0x004043ee
0x004043f6
0x004043fa
0x00000000
0x004043fa
0x004043f6
0x00000000
0x004043e0
0x004043c8
0x00404419
0x00404419
0x00404421
0x00404425
0x0040445c
0x0040445f
0x00404462
0x00404464
0x0040446a
0x0040446c
0x0040446c
0x00404427
0x00404427
0x00404427
0x0040442a
0x0040442a
0x0040442e
0x00404432
0x00404474
0x00404477
0x00404479
0x0040447b
0x00404481
0x00404485
0x00404485
0x00404481
0x00404434
0x0040443a
0x0040448c
0x00404496
0x004044c4
0x004044ca
0x004044cf
0x004044d6
0x004044e0
0x004044e6
0x004044ed
0x004044f1
0x00404498
0x00404498
0x0040449b
0x0040449d
0x004044a0
0x004044a3
0x004044a5
0x004044b4
0x004044b9
0x004044bc
0x004044c0
0x004044c0
0x0040443c
0x0040443f
0x00404442
0x0040444a
0x0040444f
0x00404456
0x0040445a
0x0040445a
0x00404330
0x00404330
0x00404332
0x00404338
0x0040433b
0x00404344
0x00404347
0x0040434a
0x0040434d
0x00404350
0x00404353
0x00404356
0x00404356
0x00404358
0x00404359
0x0040433d
0x0040433d
0x0040433d
0x0040433f
0x00404341
0x00404342
0x00404342
0x0040433b
0x0040432e

APIs

Sleep.KERNEL32(00000000,?,?,00000000,0040D4B8,0040D51E,?,00000000,?,?,0040D841,00000000,?,00000000,0040DD42,00000000), ref: 004043A2
Sleep.KERNEL32(0000000A,00000000,?,?,00000000,0040D4B8,0040D51E,?,00000000,?,?,0040D841,00000000,?,00000000,0040DD42), ref: 004043BC

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 945da118234bdbc0bf4805ab90db10ad778ad2228b81d3ea76aaf88e8472c1a1
Instruction ID: 18b38d09955f91067994ce57c2704c259faaba03eea283e8c2a7273f2993d898
Opcode Fuzzy Hash: 945da118234bdbc0bf4805ab90db10ad778ad2228b81d3ea76aaf88e8472c1a1
Instruction Fuzzy Hash: E97132716043104BD315DF69C984B16BBD8AFC5315F1482BFE984AB3D2C7B8C901CB89

Uniqueness

Uniqueness Score: -1.00%

Function 005A2B7C, Relevance: 12.1, APIs: 8, Instructions: 99
windowthreadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E005A2B7C(void* __eax, struct HWND__** __edx) {
				long _v20;
				intOrPtr _t17;
				intOrPtr _t30;
				void* _t46;
				void* _t50;
				struct HWND__** _t51;
				struct HWND__* _t52;
				struct HWND__* _t53;
				void* _t54;
				DWORD* _t55;

				_t55 = _t54 + 0xfffffff8;
				_t51 = __edx;
				_t50 = __eax;
				_t46 = 0;
				_t17 =  *((intOrPtr*)(__edx + 4));
				if(_t17 < 0x100 || _t17 > 0x109) {
					L19:
					return _t46;
				} else {
					_t52 = GetCapture();
					if(_t52 != 0) {
						GetWindowThreadProcessId(_t52, _t55);
						GetWindowThreadProcessId( *(_t50 + 0x188),  &_v20);
						if( *_t55 == _v20 && SendMessageW(_t52, _t51[1] + 0xbc00, _t51[2], _t51[3]) != 0) {
							_t46 = 1;
						}
						goto L19;
					}
					_t53 =  *_t51;
					_t30 =  *((intOrPtr*)(_t50 + 0x58));
					if(_t30 == 0 || _t53 !=  *((intOrPtr*)(_t30 + 0x3c4))) {
						L7:
						if(E004F91A0(_t53) == 0 && _t53 != 0) {
							_t53 = GetParent(_t53);
							goto L7;
						}
						if(_t53 == 0) {
							_t53 =  *_t51;
						}
						goto L11;
					} else {
						_t53 = E00505C00(_t30);
						L11:
						if(IsWindowUnicode(_t53) == 0) {
							if(SendMessageA(_t53, _t51[1] + 0xbc00, _t51[2], _t51[3]) != 0) {
								_t46 = 1;
							}
						} else {
							if(SendMessageW(_t53, _t51[1] + 0xbc00, _t51[2], _t51[3]) != 0) {
								_t46 = 1;
							}
						}
						goto L19;
					}
				}
			}

0x005a2b80
0x005a2b83
0x005a2b85
0x005a2b87
0x005a2b89
0x005a2b91
0x005a2c6a
0x005a2c72
0x005a2ba2
0x005a2ba7
0x005a2bab
0x005a2c2e
0x005a2c3f
0x005a2c4b
0x005a2c68
0x005a2c68
0x00000000
0x005a2c4b
0x005a2bad
0x005a2baf
0x005a2bb4
0x005a2bcf
0x005a2bd8
0x005a2bcd
0x00000000
0x005a2bcd
0x005a2be0
0x005a2be2
0x005a2be2
0x00000000
0x005a2bbe
0x005a2bc3
0x005a2be4
0x005a2bec
0x005a2c26
0x005a2c28
0x005a2c28
0x005a2bee
0x005a2c07
0x005a2c09
0x005a2c09
0x005a2c07
0x00000000
0x005a2bec
0x005a2bb4

APIs

GetCapture.USER32 ref: 005A2BA2
IsWindowUnicode.USER32(00000000), ref: 005A2BE5
SendMessageW.USER32(00000000,-0000BBEE,00000000,00000000), ref: 005A2C00
SendMessageA.USER32(00000000,-0000BBEE,00000000,00000000), ref: 005A2C1F
GetWindowThreadProcessId.USER32(00000000), ref: 005A2C2E
GetWindowThreadProcessId.USER32(?,?), ref: 005A2C3F
SendMessageW.USER32(00000000,-0000BBEE,00000000,00000000), ref: 005A2C5F

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: MessageSendWindow$ProcessThread$CaptureUnicode
String ID:
API String ID: 1994056952-0
Opcode ID: 79780fc3bec1803b35e57a68d2ec923f4b549fb1d4fc9166e9bf7d30cdcaf988
Instruction ID: 4dfba5f3d1d218beddb166fd502ba4ee7a64a30cf6ddade1315904ca74e7163d
Opcode Fuzzy Hash: 79780fc3bec1803b35e57a68d2ec923f4b549fb1d4fc9166e9bf7d30cdcaf988
Instruction Fuzzy Hash: 51219CB12046096FA620FA5DCA82FAF77DCEF06724F10842AF959C3242EA54FC509774

Uniqueness

Uniqueness Score: -1.00%

Function 00404504, Relevance: 10.9, APIs: 7, Instructions: 406
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E00404504(signed int __eax, intOrPtr __edx, void* __edi) {
				signed int __ebx;
				void* __esi;
				signed int _t69;
				signed int _t78;
				signed int _t93;
				long _t94;
				void* _t100;
				signed int _t102;
				signed int _t109;
				signed int _t115;
				signed int _t123;
				signed int _t129;
				void* _t131;
				signed int _t140;
				unsigned int _t148;
				signed int _t150;
				long _t152;
				signed int _t156;
				intOrPtr _t161;
				signed int _t166;
				signed int _t170;
				unsigned int _t171;
				intOrPtr _t174;
				intOrPtr _t192;
				signed int _t195;
				signed int _t196;
				signed int _t197;
				void* _t205;
				unsigned int _t207;
				intOrPtr _t213;
				void* _t225;
				intOrPtr _t227;
				void* _t228;
				signed int _t230;
				void* _t232;
				signed int _t233;
				signed int _t234;
				signed int _t238;
				signed int _t241;
				void* _t243;
				intOrPtr* _t244;

				_t176 = __edx;
				_t66 = __eax;
				_t166 =  *(__eax - 4);
				_t217 = __eax;
				if((_t166 & 0x00000007) != 0) {
					__eflags = _t166 & 0x00000005;
					if((_t166 & 0x00000005) != 0) {
						_pop(_t217);
						_pop(_t145);
						__eflags = _t166 & 0x00000003;
						if((_t166 & 0x00000003) == 0) {
							_push(_t145);
							_push(__eax);
							_push(__edi);
							_push(_t225);
							_t244 = _t243 + 0xffffffe0;
							_t218 = __edx;
							_t202 = __eax;
							_t69 =  *(__eax - 4);
							_t148 = (0xfffffff0 & _t69) - 0x14;
							if(0xfffffff0 >= __edx) {
								__eflags = __edx - _t148 >> 1;
								if(__edx < _t148 >> 1) {
									_t150 = E00403F88(__edx);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t218 - 0x40a2c;
										if(_t218 > 0x40a2c) {
											_t78 = _t202 - 0x10;
											__eflags = _t78;
											 *((intOrPtr*)(_t78 + 8)) = _t218;
										}
										E00403B44(_t202, _t218, _t150);
										E0040430C(_t202, _t202, _t225);
									}
								} else {
									_t150 = __eax;
									 *((intOrPtr*)(__eax - 0x10 + 8)) = __edx;
								}
							} else {
								if(0xfffffff0 <= __edx) {
									_t227 = __edx;
								} else {
									_t227 = 0xbadb9d;
								}
								 *_t244 = _t202 - 0x10 + (_t69 & 0xfffffff0);
								VirtualQuery( *(_t244 + 8), _t244 + 8, 0x1c);
								if( *((intOrPtr*)(_t244 + 0x14)) != 0x10000) {
									L12:
									_t150 = E00403F88(_t227);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t227 - 0x40a2c;
										if(_t227 > 0x40a2c) {
											_t93 = _t150 - 0x10;
											__eflags = _t93;
											 *((intOrPtr*)(_t93 + 8)) = _t218;
										}
										E00403B14(_t202,  *((intOrPtr*)(_t202 - 0x10 + 8)), _t150);
										E0040430C(_t202, _t202, _t227);
									}
								} else {
									 *(_t244 + 0x10) =  *(_t244 + 0x10) & 0xffff0000;
									_t94 =  *(_t244 + 0x10);
									if(_t218 - _t148 >= _t94) {
										goto L12;
									} else {
										_t152 = _t227 - _t148 + 0x00010000 - 0x00000001 & 0xffff0000;
										if(_t94 < _t152) {
											_t152 = _t94;
										}
										if(VirtualAlloc( *(_t244 + 0xc), _t152, 0x2000, 4) == 0 || VirtualAlloc( *(_t244 + 0xc), _t152, 0x1000, 4) == 0) {
											goto L12;
										} else {
											_t100 = _t202 - 0x10;
											 *((intOrPtr*)(_t100 + 8)) = _t218;
											 *(_t100 + 0xc) = _t152 +  *(_t100 + 0xc) | 0x00000008;
											_t150 = _t202;
										}
									}
								}
							}
							return _t150;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t170 = _t166 & 0xfffffff0;
						_push(__edi);
						_t205 = _t170 + __eax;
						_t171 = _t170 - 4;
						_t156 = _t166 & 0x0000000f;
						__eflags = __edx - _t171;
						_push(_t225);
						if(__edx > _t171) {
							_t102 =  *(_t205 - 4);
							__eflags = _t102 & 0x00000001;
							if((_t102 & 0x00000001) == 0) {
								L75:
								asm("adc edi, 0xffffffff");
								_t228 = ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176;
								_t207 = _t171;
								_t109 = E00403F88(((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176);
								_t192 = _t176;
								__eflags = _t109;
								if(_t109 == 0) {
									goto L73;
								} else {
									__eflags = _t228 - 0x40a2c;
									if(_t228 > 0x40a2c) {
										 *((intOrPtr*)(_t109 - 8)) = _t192;
									}
									_t230 = _t109;
									E00403B14(_t217, _t207, _t109);
									E0040430C(_t217, _t207, _t230);
									return _t230;
								}
							} else {
								_t115 = _t102 & 0xfffffff0;
								_t232 = _t171 + _t115;
								__eflags = __edx - _t232;
								if(__edx > _t232) {
									goto L75;
								} else {
									__eflags =  *0x66305d;
									if(__eflags == 0) {
										L66:
										__eflags = _t115 - 0xb30;
										if(_t115 >= 0xb30) {
											E00403B60(_t205);
											_t176 = _t176;
											_t171 = _t171;
										}
										asm("adc edi, 0xffffffff");
										_t123 = (_t176 + ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + 0x000000d3 & 0xffffff00) + 0x30;
										_t195 = _t232 + 4 - _t123;
										__eflags = _t195;
										if(_t195 > 0) {
											 *(_t217 + _t232 - 4) = _t195;
											 *((intOrPtr*)(_t217 - 4 + _t123)) = _t195 + 3;
											_t233 = _t123;
											__eflags = _t195 - 0xb30;
											if(_t195 >= 0xb30) {
												__eflags = _t123 + _t217;
												E00403BA0(_t123 + _t217, _t171, _t195);
											}
										} else {
											 *(_t217 + _t232) =  *(_t217 + _t232) & 0xfffffff7;
											_t233 = _t232 + 4;
										}
										_t234 = _t233 | _t156;
										__eflags = _t234;
										 *(_t217 - 4) = _t234;
										 *0x663aec = 0;
										_t109 = _t217;
										L73:
										return _t109;
									} else {
										while(1) {
											asm("lock cmpxchg [0x663aec], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x66398d;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t176 = _t176;
												_t171 = _t171;
												asm("lock cmpxchg [0x663aec], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t176 = _t176;
													_t171 = _t171;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t217 - 4);
										_t129 =  *(_t205 - 4);
										__eflags = _t129 & 0x00000001;
										if((_t129 & 0x00000001) == 0) {
											L74:
											 *0x663aec = 0;
											goto L75;
										} else {
											_t115 = _t129 & 0xfffffff0;
											_t232 = _t171 + _t115;
											__eflags = _t176 - _t232;
											if(_t176 > _t232) {
												goto L74;
											} else {
												goto L66;
											}
										}
									}
								}
							}
						} else {
							__eflags = __edx + __edx - _t171;
							if(__edx + __edx < _t171) {
								__eflags = __edx - 0xb2c;
								if(__edx >= 0xb2c) {
									L41:
									_t32 = _t176 + 0xd3; // 0xbff
									_t238 = (_t32 & 0xffffff00) + 0x30;
									_t174 = _t171 + 4 - _t238;
									__eflags =  *0x66305d;
									if(__eflags != 0) {
										while(1) {
											asm("lock cmpxchg [0x663aec], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x66398d;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t174 = _t174;
												asm("lock cmpxchg [0x663aec], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t174 = _t174;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t217 - 4);
										__eflags = 0xf;
									}
									 *(_t217 - 4) = _t156 | _t238;
									_t161 = _t174;
									_t196 =  *(_t205 - 4);
									__eflags = _t196 & 0x00000001;
									if((_t196 & 0x00000001) != 0) {
										_t131 = _t205;
										_t197 = _t196 & 0xfffffff0;
										_t161 = _t161 + _t197;
										_t205 = _t205 + _t197;
										__eflags = _t197 - 0xb30;
										if(_t197 >= 0xb30) {
											E00403B60(_t131);
										}
									} else {
										 *(_t205 - 4) = _t196 | 0x00000008;
									}
									 *((intOrPtr*)(_t205 - 8)) = _t161;
									 *((intOrPtr*)(_t217 + _t238 - 4)) = _t161 + 3;
									__eflags = _t161 - 0xb30;
									if(_t161 >= 0xb30) {
										E00403BA0(_t217 + _t238, _t174, _t161);
									}
									 *0x663aec = 0;
									return _t217;
								} else {
									__eflags = __edx - 0x2cc;
									if(__edx < 0x2cc) {
										_t213 = __edx;
										_t140 = E00403F88(__edx);
										__eflags = _t140;
										if(_t140 != 0) {
											_t241 = _t140;
											E00403B44(_t217, _t213, _t140);
											E0040430C(_t217, _t213, _t241);
											_t140 = _t241;
										}
										return _t140;
									} else {
										_t176 = 0xb2c;
										__eflags = _t171 - 0xb2c;
										if(_t171 <= 0xb2c) {
											goto L37;
										} else {
											goto L41;
										}
									}
								}
							} else {
								L37:
								return _t66;
							}
						}
					}
				} else {
					__ebx =  *__ecx;
					__ecx =  *(__ebx + 2) & 0x0000ffff;
					__ecx = ( *(__ebx + 2) & 0x0000ffff) - 4;
					__eflags = __ecx - __edx;
					if(__ecx < __edx) {
						__ecx = __ecx + __ecx + 0x20;
						_push(__edi);
						__edi = __edx;
						__eax = 0;
						__ecx = __ecx - __edx;
						asm("adc eax, 0xffffffff");
						__eax = 0 & __ecx;
						__eax = (0 & __ecx) + __edx;
						__eax = E00403F88((0 & __ecx) + __edx);
						__eflags = __eax;
						if(__eax != 0) {
							__eflags = __edi - 0x40a2c;
							if(__edi > 0x40a2c) {
								 *(__eax - 8) = __edi;
							}
							 *(__ebx + 2) & 0x0000ffff = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__eflags = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__edx = __eax;
							__edi = __eax;
							 *((intOrPtr*)(__ebx + 0x1c))() = E0040430C(__esi, __edi, __ebp);
							__eax = __edi;
						}
						_pop(__edi);
						_pop(__esi);
						_pop(__ebx);
						return __eax;
					} else {
						__ebx = 0x40 + __edx * 4;
						__eflags = 0x40 + __edx * 4 - __ecx;
						if(0x40 + __edx * 4 < __ecx) {
							__ebx = __edx;
							__eax = __edx;
							__eax = E00403F88(__edx);
							__eflags = __eax;
							if(__eax != 0) {
								__ecx = __ebx;
								__edx = __eax;
								__ebx = __eax;
								__esi = E0040430C(__esi, __edi, __ebp);
								__eax = __ebx;
							}
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						} else {
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}

0x00404504
0x00404504
0x00404504
0x0040450c
0x0040450e
0x0040459c
0x0040459f
0x0040480c
0x0040480d
0x0040480e
0x00404811
0x00403e3c
0x00403e3d
0x00403e3e
0x00403e3f
0x00403e40
0x00403e43
0x00403e45
0x00403e4c
0x00403e55
0x00403e5a
0x00403f41
0x00403f43
0x00403f56
0x00403f58
0x00403f5a
0x00403f5c
0x00403f62
0x00403f66
0x00403f66
0x00403f69
0x00403f69
0x00403f72
0x00403f79
0x00403f79
0x00403f45
0x00403f45
0x00403f4a
0x00403f4a
0x00403e60
0x00403e69
0x00403e6f
0x00403e6b
0x00403e6b
0x00403e6b
0x00403e7b
0x00403e8a
0x00403e97
0x00403f07
0x00403f0e
0x00403f10
0x00403f12
0x00403f14
0x00403f1a
0x00403f1e
0x00403f1e
0x00403f21
0x00403f21
0x00403f31
0x00403f38
0x00403f38
0x00403e99
0x00403e99
0x00403ea5
0x00403eab
0x00000000
0x00403ead
0x00403ebe
0x00403ec2
0x00403ec4
0x00403ec4
0x00403eda
0x00000000
0x00403ef2
0x00403ef4
0x00403ef7
0x00403f00
0x00403f03
0x00403f03
0x00403eda
0x00403eab
0x00403e97
0x00403f87
0x00404817
0x00404817
0x00404819
0x00404819
0x004045a5
0x004045a7
0x004045aa
0x004045ab
0x004045ae
0x004045b1
0x004045b4
0x004045b6
0x004045b7
0x004046cc
0x004046cf
0x004046d1
0x004047c4
0x004047cf
0x004047d6
0x004047d8
0x004047db
0x004047e0
0x004047e1
0x004047e3
0x00000000
0x004047e5
0x004047e5
0x004047eb
0x004047ed
0x004047ed
0x004047f0
0x004047f8
0x004047ff
0x0040480a
0x0040480a
0x004046d7
0x004046d7
0x004046da
0x004046dd
0x004046df
0x00000000
0x004046e5
0x004046e5
0x004046ec
0x00404749
0x00404749
0x0040474e
0x00404754
0x00404759
0x0040475a
0x0040475a
0x00404766
0x00404777
0x0040477d
0x0040477d
0x0040477f
0x0040478c
0x00404793
0x00404797
0x00404799
0x0040479f
0x004047a1
0x004047a3
0x004047a3
0x00404781
0x00404781
0x00404785
0x00404785
0x004047a8
0x004047a8
0x004047aa
0x004047ad
0x004047b4
0x004047b6
0x004047ba
0x004046ee
0x004046ee
0x004046f3
0x004046fb
0x00000000
0x00000000
0x004046fd
0x004046ff
0x00404706
0x00000000
0x00404708
0x0040470c
0x00404711
0x00404712
0x00404718
0x00404720
0x00404726
0x0040472b
0x0040472c
0x00000000
0x0040472c
0x00404720
0x00000000
0x00404706
0x00404735
0x00404738
0x0040473b
0x0040473d
0x004047bd
0x004047bd
0x00000000
0x0040473f
0x0040473f
0x00404742
0x00404745
0x00404747
0x00000000
0x00000000
0x00000000
0x00000000
0x00404747
0x0040473d
0x004046ec
0x004046df
0x004045bd
0x004045c0
0x004045c2
0x004045cc
0x004045d2
0x004045e9
0x004045e9
0x004045f5
0x004045fb
0x004045fd
0x00404604
0x00404606
0x0040460b
0x00404613
0x00000000
0x00000000
0x00404615
0x00404617
0x0040461e
0x00000000
0x00404620
0x00404623
0x00404628
0x0040462e
0x00404636
0x0040463b
0x00404640
0x00000000
0x00404640
0x00404636
0x00000000
0x0040461e
0x00404649
0x00404649
0x00404649
0x0040464e
0x00404651
0x00404653
0x00404656
0x00404659
0x00404664
0x00404666
0x00404669
0x0040466b
0x0040466d
0x00404673
0x00404675
0x00404675
0x0040465b
0x0040465e
0x0040465e
0x0040467a
0x00404680
0x00404684
0x0040468a
0x00404691
0x00404691
0x00404696
0x004046a3
0x004045d4
0x004045d4
0x004045da
0x004046a4
0x004046a8
0x004046ad
0x004046af
0x004046b1
0x004046b9
0x004046c0
0x004046c5
0x004046c5
0x004046cb
0x004045e0
0x004045e0
0x004045e5
0x004045e7
0x00000000
0x00000000
0x00000000
0x00000000
0x004045e7
0x004045da
0x004045c4
0x004045c4
0x004045c8
0x004045c8
0x004045c2
0x004045b7
0x00404514
0x00404514
0x00404516
0x0040451a
0x0040451d
0x0040451f
0x00404558
0x0040455c
0x0040455d
0x0040455f
0x00404561
0x00404563
0x00404566
0x00404568
0x0040456a
0x0040456f
0x00404571
0x00404573
0x00404579
0x0040457b
0x0040457b
0x00404582
0x00404582
0x00404585
0x00404587
0x00404590
0x00404595
0x00404595
0x00404597
0x00404598
0x00404599
0x0040459a
0x00404521
0x00404521
0x00404528
0x0040452a
0x00404530
0x00404532
0x00404534
0x00404539
0x0040453b
0x0040453d
0x0040453f
0x00404541
0x0040454c
0x00404551
0x00404551
0x00404553
0x00404554
0x00404555
0x0040452c
0x0040452c
0x0040452d
0x0040452e
0x0040452e
0x0040452a
0x0040451f

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b420960be7612eada432a77e615af7240d6d4924a0c7790bebf07fd1b9e1ec2
Instruction ID: 291e5d107d462672790c1edf6ff7d0cc3542d77857f31f2adbac887a00927ee5
Opcode Fuzzy Hash: 0b420960be7612eada432a77e615af7240d6d4924a0c7790bebf07fd1b9e1ec2
Instruction Fuzzy Hash: 17C117A2B102010BD714AE7DDC8476EBA999BC5316F18827FF214EB3D6DA7CDD058348

Uniqueness

Uniqueness Score: -1.00%

Function 005F8EF4, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 216
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E005F8EF4(char __eax, void* __ebx, char __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v41;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				void* __ecx;
				char _t90;
				char _t167;
				char _t168;
				intOrPtr _t171;
				intOrPtr _t179;
				intOrPtr _t186;
				intOrPtr _t207;
				intOrPtr _t217;
				intOrPtr _t218;

				_t215 = __esi;
				_t214 = __edi;
				_t217 = _t218;
				_t171 = 8;
				goto L1;
				L4:
				if(E005B0D50() != 0) {
					__eflags = _t167;
					if(__eflags == 0) {
						E005F8C94(_v8, _t167,  &_v68, _t214, _t215, __eflags);
						E00408B40( &_v8, _v68);
						__eflags = _v12;
						if(__eflags != 0) {
							E005F8C94(_v12, _t167,  &_v72, _t214, _t215, __eflags);
							E00408B40( &_v12, _v72);
						}
					}
					_t90 = E005F7BB4(_t167, _v12, _v8, 5);
					__eflags = _t90;
					if(_t90 == 0) {
						E005F84D8(L"MoveFileEx");
					}
					__eflags = 0;
					_pop(_t186);
					 *[fs:eax] = _t186;
					_push(E005F921D);
					E00408778( &_v72, 7);
					return E00408778( &_v32, 7);
				} else {
					E005B0998( &_v16);
					E005AF4EC(_v16,  &_v56);
					E00409A18( &_v20, L"WININIT.INI", _v56);
					E005F88E0(0, _t167, L".tmp", _v16, _t214, _t215,  &_v24);
					_push(_t217);
					_push(0x5f9182);
					_push( *[fs:eax]);
					 *[fs:eax] = _t218;
					_v36 = 0;
					_v40 = 0;
					_push(_t217);
					_push(0x5f9126);
					_push( *[fs:eax]);
					 *[fs:eax] = _t218;
					WritePrivateProfileStringW(0, 0, 0, E004097C8(_v20));
					_v36 = E005B6AC8(1, 1, 0, 3);
					_t179 = _v24;
					_v40 = E005B6AC8(1, 0, 1, 0);
					_v41 = 0;
					_t168 = 0;
					while(E005B6D68(_v36) == 0) {
						E005B6D78(_v36, _t168,  &_v28, _t214, _t215, __eflags);
						E0041FC38(_v28, 1,  &_v32, _t215);
						__eflags = _v32;
						if(__eflags == 0) {
							L11:
							E005B70B0(_v40, 1, _v28, _t215, __eflags);
							_t168 = 0;
							__eflags = 0;
							continue;
						} else {
							__eflags =  *_v32 - 0x5b;
							if(__eflags != 0) {
								goto L11;
							} else {
								__eflags = E0041F9B4(_v32, _t179, L"[rename]");
								if(__eflags != 0) {
									__eflags = _v41;
									if(__eflags == 0) {
										goto L11;
									}
								} else {
									_v41 = 1;
									goto L11;
								}
							}
						}
						break;
					}
					_t223 = _v41;
					if(_v41 == 0) {
						E005B70B0(_v40, _t168, L"[rename]", _t215, _t223);
					}
					_t224 = _v12;
					if(_v12 == 0) {
						E00408B40( &_v32, 0x5f928c);
					} else {
						E005B0940(_v12, _t179,  &_v32, _t224);
					}
					_push(_v32);
					_push(0x5f92a0);
					E005B0940(_v8, _t179,  &_v64, _t224);
					_push(_v64);
					E00409AA0( &_v60, _t168, 3, _t214, _t215);
					E005B70B0(_v40, _t168, _v60, _t215, _t224);
					_t225 = _t168;
					if(_t168 != 0) {
						E005B70B0(_v40, _t168, _v28, _t215, _t225);
					}
					while(E005B6D68(_v36) == 0) {
						E005B6D78(_v36, _t168,  &_v28, _t214, _t215, __eflags);
						E005B70B0(_v40, _t168, _v28, _t215, __eflags);
					}
					_pop(_t207);
					 *[fs:eax] = _t207;
					_push(E005F912D);
					E004069C8(_v40);
					return E004069C8(_v36);
				}
				L1:
				_push(0);
				_push(0);
				_t171 = _t171 - 1;
				if(_t171 != 0) {
					goto L1;
				} else {
					_t1 =  &_v8;
					 *_t1 = _t171;
					_push(__esi);
					_push(__edi);
					_v12 =  *_t1;
					_v8 = __edx;
					_t167 = __eax;
					E004087FC(_v8);
					E004087FC(_v12);
					_push(_t217);
					_push(0x5f9216);
					 *[fs:eax] = _t218;
					E005AF910(_v8,  &_v48, _t217,  *[fs:eax]);
					E00408B40( &_v8, _v48);
					if(_v12 != 0) {
						E005AF910(_v12,  &_v52, _t217);
						E00408B40( &_v12, _v52);
					}
				}
				goto L4;
			}

0x005f8ef4
0x005f8ef4
0x005f8ef5
0x005f8ef8
0x005f8ef8
0x005f8f62
0x005f8f69
0x005f919b
0x005f919d
0x005f91a5
0x005f91b0
0x005f91b5
0x005f91b9
0x005f91c1
0x005f91cc
0x005f91cc
0x005f91b9
0x005f91db
0x005f91e0
0x005f91e2
0x005f91e9
0x005f91e9
0x005f91ee
0x005f91f0
0x005f91f3
0x005f91f6
0x005f9203
0x005f9215
0x005f8f6f
0x005f8f72
0x005f8f7d
0x005f8f8d
0x005f8fa0
0x005f8fa7
0x005f8fa8
0x005f8fad
0x005f8fb0
0x005f8fb5
0x005f8fba
0x005f8fbf
0x005f8fc0
0x005f8fc5
0x005f8fc8
0x005f8fda
0x005f8ff4
0x005f8ffd
0x005f900c
0x005f900f
0x005f9013
0x005f9068
0x005f901d
0x005f902a
0x005f902f
0x005f9033
0x005f905b
0x005f9061
0x005f9066
0x005f9066
0x00000000
0x005f9035
0x005f9038
0x005f903c
0x00000000
0x005f903e
0x005f904b
0x005f904d
0x005f9055
0x005f9059
0x00000000
0x00000000
0x005f904f
0x005f904f
0x00000000
0x005f904f
0x005f904d
0x005f903c
0x00000000
0x005f9033
0x005f9074
0x005f9078
0x005f9082
0x005f9082
0x005f9087
0x005f908b
0x005f90a2
0x005f908d
0x005f9093
0x005f9093
0x005f90a7
0x005f90aa
0x005f90b5
0x005f90ba
0x005f90c5
0x005f90d0
0x005f90d5
0x005f90d7
0x005f90df
0x005f90df
0x005f90fc
0x005f90ec
0x005f90f7
0x005f90f7
0x005f910a
0x005f910d
0x005f9110
0x005f9118
0x005f9125
0x005f9125
0x005f8efd
0x005f8efd
0x005f8eff
0x005f8f01
0x005f8f02
0x00000000
0x005f8f04
0x005f8f04
0x005f8f04
0x005f8f08
0x005f8f09
0x005f8f0a
0x005f8f0d
0x005f8f10
0x005f8f15
0x005f8f1d
0x005f8f24
0x005f8f25
0x005f8f2d
0x005f8f36
0x005f8f41
0x005f8f4a
0x005f8f52
0x005f8f5d
0x005f8f5d
0x005f8f4a
0x00000000

APIs

WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,00000000), ref: 005F8FDA

Strings

[rename], xrefs: 005F903E, 005F907A
WININIT.INI, xrefs: 005F8F88
NUL, xrefs: 005F909D
.tmp, xrefs: 005F8F96
MoveFileEx, xrefs: 005F91E4

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: PrivateProfileStringWrite
String ID: .tmp$MoveFileEx$NUL$WININIT.INI$[rename]
API String ID: 390214022-3304407042
Opcode ID: 8601ee7eb476dbd104a6261fca0965cc2c801222b740c62f20ae587fedbc705b
Instruction ID: 2223d5580d9881282453f8846468d4fa0c2eade89701c8d1d1552e55bc4b479c
Opcode Fuzzy Hash: 8601ee7eb476dbd104a6261fca0965cc2c801222b740c62f20ae587fedbc705b
Instruction Fuzzy Hash: A6811E34A0060DAFDF10EBA4C986BEEBBB5FF88304F504465E600B7291DB79AE45CB55

Uniqueness

Uniqueness Score: -1.00%

Function 005FA33C, Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 157
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E005FA33C(signed char __eax, void* __ebx, char __ecx, void* __edx, void* __edi, void* __esi, void* __fp0, intOrPtr* _a4, void* _a8, signed short _a12, signed char _a16, char _a20) {
				char _v8;
				signed char _v9;
				short _v32;
				intOrPtr _v36;
				char _v80;
				void* _v92;
				char _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				intOrPtr _t63;
				intOrPtr _t64;
				void* _t75;
				intOrPtr _t107;
				char _t114;
				intOrPtr _t132;
				void* _t142;
				intOrPtr* _t144;
				void* _t147;

				_t116 = __ecx;
				_v116 = 0;
				_v120 = 0;
				_v108 = 0;
				_v112 = 0;
				_v104 = 0;
				_v100 = 0;
				_v8 = 0;
				_t114 = __ecx;
				_t142 = __edx;
				_v9 = __eax;
				_t144 = _a4;
				E004087FC(_a20);
				_push(_t147);
				_push(0x5fa53e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t147 + 0xffffff8c;
				E00409BB0(_t142, 0x5fa55c);
				if(0 != 0) {
					_push(0x5fa56c);
					_push(_t142);
					_push(0x5fa56c);
					E00409AA0( &_v8, _t114, 3, _t142, _t144);
					__eflags = _t114;
					if(_t114 != 0) {
						_push(_v8);
						_push(0x5fa57c);
						_push(_t114);
						E00409AA0( &_v8, _t114, 3, _t142, _t144);
					}
					E005AFA18(_t142,  &_v100);
					_t63 = E0041F9B4(_v100, _t116, L".bat");
					__eflags = _t63;
					if(_t63 == 0) {
						L6:
						_t64 = E005B0D50();
						__eflags = _t64;
						if(_t64 == 0) {
							_push(0x5fa56c);
							E005B0998( &_v120);
							E005AF4EC(_v120,  &_v116);
							_push(_v116);
							_push(L"COMMAND.COM\" /C ");
							_push(_v8);
							E00409AA0( &_v8, _t114, 4, _t142, _t144);
						} else {
							_push(0x5fa56c);
							E005B09C4( &_v112);
							E005AF4EC(_v112,  &_v108);
							_push(_v108);
							_push(L"cmd.exe\" /C \"");
							_push(_v8);
							_push(0x5fa56c);
							E00409AA0( &_v8, _t114, 5, _t142, _t144);
						}
						goto L9;
					} else {
						E005AFA18(_t142,  &_v104);
						_t107 = E0041F9B4(_v104, _t116, L".cmd");
						__eflags = _t107;
						if(_t107 != 0) {
							L9:
							__eflags = _a20;
							if(_a20 == 0) {
								E005AF9C0(_t142, _t116,  &_a20);
							}
							goto L11;
						}
						goto L6;
					}
				} else {
					E00408B40( &_v8, _t114);
					L11:
					E00405CE4( &_v80, 0x44);
					_v80 = 0x44;
					_v36 = 1;
					_v32 = _a12 & 0x0000ffff;
					_t150 = _a20;
					if(_a20 == 0) {
						E005B09C4( &_a20);
					}
					_t75 = E004097C8(_a20);
					E005F7694(_v9 & 0x000000ff, E004097C8(_v8), 0, _t150,  &_v96,  &_v80, _t75, 0, 0x4000000, 0, 0, 0);
					asm("sbb ebx, ebx");
					_t115 = _t114 + 1;
					if(_t114 + 1 != 0) {
						CloseHandle(_v92);
						E005FA2A8(_v96, _t115, _a16 & 0x000000ff, _t142, _t144, _t144);
					} else {
						 *_t144 = GetLastError();
					}
					_pop(_t132);
					 *[fs:eax] = _t132;
					_push(E005FA545);
					E00408778( &_v120, 6);
					E00408718( &_v8);
					return E00408718( &_a20);
				}
			}

0x005fa33c
0x005fa347
0x005fa34a
0x005fa34d
0x005fa350
0x005fa353
0x005fa356
0x005fa359
0x005fa35c
0x005fa35e
0x005fa360
0x005fa363
0x005fa369
0x005fa370
0x005fa371
0x005fa376
0x005fa379
0x005fa383
0x005fa388
0x005fa399
0x005fa39e
0x005fa39f
0x005fa3ac
0x005fa3b1
0x005fa3b3
0x005fa3b5
0x005fa3b8
0x005fa3bd
0x005fa3c6
0x005fa3c6
0x005fa3d0
0x005fa3dd
0x005fa3e2
0x005fa3e4
0x005fa401
0x005fa401
0x005fa406
0x005fa408
0x005fa441
0x005fa449
0x005fa454
0x005fa459
0x005fa45c
0x005fa461
0x005fa46c
0x005fa40a
0x005fa40a
0x005fa412
0x005fa41d
0x005fa422
0x005fa425
0x005fa42a
0x005fa42d
0x005fa43a
0x005fa43a
0x00000000
0x005fa3e6
0x005fa3eb
0x005fa3f8
0x005fa3fd
0x005fa3ff
0x005fa471
0x005fa471
0x005fa475
0x005fa47c
0x005fa47c
0x00000000
0x005fa475
0x00000000
0x005fa3ff
0x005fa38a
0x005fa38f
0x005fa481
0x005fa48b
0x005fa490
0x005fa497
0x005fa4a2
0x005fa4a6
0x005fa4aa
0x005fa4af
0x005fa4af
0x005fa4c4
0x005fa4e2
0x005fa4ea
0x005fa4ec
0x005fa4ef
0x005fa4fe
0x005fa50e
0x005fa4f1
0x005fa4f6
0x005fa4f6
0x005fa515
0x005fa518
0x005fa51b
0x005fa528
0x005fa530
0x005fa53d
0x005fa53d

APIs

GetLastError.KERNEL32(?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,005FA56C,005FA56C,?,005FA56C,00000000), ref: 005FA4F1
CloseHandle.KERNEL32(0064F783,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,005FA56C,005FA56C,?,005FA56C), ref: 005FA4FE

Part of subcall function 005FA2A8: WaitForInputIdle.USER32 ref: 005FA2D4
Part of subcall function 005FA2A8: MsgWaitForMultipleObjects.USER32 ref: 005FA2F6
Part of subcall function 005FA2A8: GetExitCodeProcess.KERNEL32 ref: 005FA307
Part of subcall function 005FA2A8: CloseHandle.KERNEL32(00000001,005FA334,005FA32D,?,?,?,00000001,?,?,005FA6D6,?,00000000,005FA6EC,?,?,?), ref: 005FA327

Strings

cmd.exe" /C ", xrefs: 005FA425
.cmd, xrefs: 005FA3F3
.bat, xrefs: 005FA3D8
COMMAND.COM" /C , xrefs: 005FA45C
D, xrefs: 005FA490

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CloseHandleWait$CodeErrorExitIdleInputLastMultipleObjectsProcess
String ID: .bat$.cmd$COMMAND.COM" /C $D$cmd.exe" /C "
API String ID: 854858120-615399546
Opcode ID: feaf500f3b467a210b59843845fe73ac91142b829c5c2c54808dd9de2faab057
Instruction ID: 2851525c7277894cafa7e250a73c59dc5c7168e306ca50922dee4e1ecfb85d1b
Opcode Fuzzy Hash: feaf500f3b467a210b59843845fe73ac91142b829c5c2c54808dd9de2faab057
Instruction Fuzzy Hash: 945124B0A0020D9BDF10EFA5C986AEEBFF5BF45304F50443AB508A7292D7789E05DB56

Uniqueness

Uniqueness Score: -1.00%

Function 00407368, Relevance: 10.6, APIs: 7, Instructions: 130
threadCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E00407368(signed char* __eax, void* __edx, void* __eflags) {
				void* _t49;
				signed char _t56;
				intOrPtr _t57;
				signed char _t59;
				void* _t70;
				signed char* _t71;
				intOrPtr _t72;
				signed char* _t73;

				_t70 = __edx;
				_t71 = __eax;
				_t72 =  *((intOrPtr*)(__eax + 0x10));
				while(1) {
					L1:
					 *_t73 = E00407828(_t71);
					if( *_t73 != 0 || _t70 == 0) {
						break;
					}
					_t73[1] = 0;
					if(_t72 <= 0) {
						while(1) {
							L17:
							_t56 =  *_t71;
							if(_t56 == 0) {
								goto L1;
							}
							asm("lock cmpxchg [esi], edx");
							if(_t56 != _t56) {
								continue;
							} else {
								goto L19;
							}
							do {
								L19:
								_t73[4] = GetTickCount();
								E0040756C(_t71);
								_t57 =  *0x6638fc; // 0x65f2d4
								 *((intOrPtr*)(_t57 + 0x10))();
								 *_t73 = 0 == 0;
								if(_t70 != 0xffffffff) {
									_t73[8] = GetTickCount();
									if(_t70 <= _t73[8] - _t73[4]) {
										_t70 = 0;
									} else {
										_t70 = _t70 - _t73[8] - _t73[4];
									}
								}
								if( *_t73 == 0) {
									do {
										asm("lock cmpxchg [esi], edx");
									} while ( *_t71 !=  *_t71);
									_t73[1] = 1;
								} else {
									while(1) {
										_t59 =  *_t71;
										if((_t59 & 0x00000001) != 0) {
											goto L29;
										}
										asm("lock cmpxchg [esi], edx");
										if(_t59 != _t59) {
											continue;
										}
										_t73[1] = 1;
										goto L29;
									}
								}
								L29:
							} while (_t73[1] == 0);
							if( *_t73 != 0) {
								_t71[8] = GetCurrentThreadId();
								_t71[4] = 1;
							}
							goto L32;
						}
						continue;
					}
					_t73[4] = GetTickCount();
					_t73[0xc] = 0;
					if(_t72 <= 0) {
						L13:
						if(_t70 == 0xffffffff) {
							goto L17;
						}
						_t73[8] = GetTickCount();
						_t49 = _t73[8] - _t73[4];
						if(_t70 > _t49) {
							_t70 = _t70 - _t49;
							goto L17;
						}
						 *_t73 = 0;
						break;
					}
					L5:
					L5:
					if(_t70 == 0xffffffff || _t70 > GetTickCount() - _t73[4]) {
						goto L8;
					} else {
						 *_t73 = 0;
					}
					break;
					L8:
					if( *_t71 > 1) {
						goto L13;
					}
					if( *_t71 != 0) {
						L12:
						E00407048( &(_t73[0xc]));
						_t72 = _t72 - 1;
						if(_t72 > 0) {
							goto L5;
						}
						goto L13;
					}
					asm("lock cmpxchg [esi], edx");
					if(0 != 0) {
						goto L12;
					}
					_t71[8] = GetCurrentThreadId();
					_t71[4] = 1;
					 *_t73 = 1;
					break;
				}
				L32:
				return  *_t73 & 0x000000ff;
			}

0x0040736f
0x00407371
0x00407373
0x00407376
0x00407376
0x0040737d
0x00407384
0x00000000
0x00000000
0x00407392
0x00407399
0x00407431
0x00407431
0x00407431
0x00407435
0x00000000
0x00000000
0x00407440
0x00407446
0x00000000
0x00000000
0x00000000
0x00000000
0x00407448
0x00407448
0x0040744d
0x00407453
0x0040745a
0x00407464
0x00407469
0x00407470
0x00407477
0x00407485
0x00407493
0x00407487
0x0040748f
0x0040748f
0x00407485
0x00407499
0x004074bb
0x004074c4
0x004074c8
0x004074cc
0x00000000
0x0040749b
0x0040749b
0x004074a0
0x00000000
0x00000000
0x004074ac
0x004074b2
0x00000000
0x00000000
0x004074b4
0x00000000
0x004074b4
0x0040749b
0x004074d1
0x004074d1
0x004074e0
0x004074e7
0x004074ea
0x004074ea
0x00000000
0x004074e0
0x00000000
0x00407431
0x004073a4
0x004073aa
0x004073b0
0x0040740c
0x0040740f
0x00000000
0x00000000
0x00407416
0x0040741e
0x00407424
0x0040742f
0x00000000
0x0040742f
0x00407426
0x00000000
0x00407426
0x00000000
0x004073b2
0x004073b5
0x00000000
0x004073c4
0x004073c4
0x004073c4
0x00000000
0x004073cd
0x004073d0
0x00000000
0x00000000
0x004073d5
0x004073fe
0x00407402
0x00407407
0x0040740a
0x00000000
0x00000000
0x00000000
0x0040740a
0x004073de
0x004073e4
0x00000000
0x00000000
0x004073eb
0x004073ee
0x004073f5
0x00000000
0x004073f5
0x004074f1
0x004074fc

APIs

Part of subcall function 00407828: GetCurrentThreadId.KERNEL32 ref: 0040782B

GetTickCount.KERNEL32 ref: 0040739F
GetTickCount.KERNEL32 ref: 004073B7
GetCurrentThreadId.KERNEL32 ref: 004073E6
GetTickCount.KERNEL32 ref: 00407411
GetTickCount.KERNEL32 ref: 00407448
GetTickCount.KERNEL32 ref: 00407472
GetCurrentThreadId.KERNEL32 ref: 004074E2

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CountTick$CurrentThread
String ID:
API String ID: 3968769311-0
Opcode ID: b6c747f1f3183ebf2fa2335631dbbd010361f17b0d67fd249504f6f789ff61e7
Instruction ID: 7eaf3b8bd419559424612c501055e418296922ef1fbe2de70383ecb09e47f5c1
Opcode Fuzzy Hash: b6c747f1f3183ebf2fa2335631dbbd010361f17b0d67fd249504f6f789ff61e7
Instruction Fuzzy Hash: 67414F71A0C3559ED721AE38C48431FBFD1AB80354F14893EE8D8973C2E778A8859757

Uniqueness

Uniqueness Score: -1.00%

Function 005A2DDC, Relevance: 10.6, APIs: 7, Instructions: 105
windowCOMMON

Download Yara Rule

C-Code - Quality: 90%

			E005A2DDC(void* __eax, void* __ecx, struct tagMSG* __edx) {
				char _v19;
				char _t12;
				int _t13;
				void* _t14;
				int _t30;
				int _t32;
				MSG* _t43;
				void* _t44;
				char* _t46;

				_t43 = __edx;
				_t44 = __eax;
				_t32 = 0;
				if(PeekMessageW(__edx, 0, 0, 0, 0) != 0) {
					_v19 = _t12;
					if(_v19 == 0) {
						_t13 = PeekMessageA(_t43, 0, 0, 0, 1);
						asm("sbb eax, eax");
						_t14 = _t13 + 1;
					} else {
						_t30 = PeekMessageW(_t43, 0, 0, 0, 1);
						asm("sbb eax, eax");
						_t14 = _t30 + 1;
					}
					if(_t14 != 0) {
						_t32 = 1;
						if(_t43->message == 0x12) {
							 *((char*)(_t44 + 0xbc)) = 1;
						} else {
							 *_t46 = 0;
							if( *((short*)(_t44 + 0x122)) != 0) {
								 *((intOrPtr*)(_t44 + 0x120))();
							}
							if(E005A4B54(_t44, _t43) == 0 && E005A2C74(_t44, _t43) == 0 &&  *_t46 == 0 && E005A2B2C(_t44, _t43) == 0 && E005A2B7C(_t44, _t43) == 0 && E005A2AE4(_t44, _t43) == 0) {
								TranslateMessage(_t43);
								if(_v19 == 0) {
									DispatchMessageA(_t43);
								} else {
									DispatchMessageW(_t43);
								}
							}
						}
					}
				}
				return _t32;
			}

0x005a2de1
0x005a2de3
0x005a2de5
0x005a2df7
0x005a2e13
0x005a2e1c
0x005a2e3d
0x005a2e45
0x005a2e47
0x005a2e1e
0x005a2e27
0x005a2e2f
0x005a2e31
0x005a2e31
0x005a2e4a
0x005a2e50
0x005a2e56
0x005a2ede
0x005a2e5c
0x005a2e5c
0x005a2e68
0x005a2e74
0x005a2e74
0x005a2e85
0x005a2ec2
0x005a2ecc
0x005a2ed7
0x005a2ece
0x005a2ecf
0x005a2ecf
0x005a2ecc
0x005a2e85
0x005a2e56
0x005a2e4a
0x005a2eec

APIs

PeekMessageW.USER32 ref: 005A2DF0
IsWindowUnicode.USER32 ref: 005A2E04
PeekMessageW.USER32 ref: 005A2E27
PeekMessageA.USER32 ref: 005A2E3D
TranslateMessage.USER32 ref: 005A2EC2
DispatchMessageW.USER32 ref: 005A2ECF
DispatchMessageA.USER32 ref: 005A2ED7

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Message$Peek$Dispatch$TranslateUnicodeWindow
String ID:
API String ID: 2190272339-0
Opcode ID: fd761d7266132de43e7474990c2049500dae5730ede02df76ae55a535cf0bf77
Instruction ID: d2fd1ee5a8e11b9fb307f93f8c6e517243e3696a9ac5cec3ed267a911c5f8ddb
Opcode Fuzzy Hash: fd761d7266132de43e7474990c2049500dae5730ede02df76ae55a535cf0bf77
Instruction Fuzzy Hash: AB21D63034434176EB31A92D0D47BBFAF9E6F97748F24441EF481DB282CAD698D68226

Uniqueness

Uniqueness Score: -1.00%

Function 005B2830, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91
windowregistryCOMMON

Download Yara Rule

C-Code - Quality: 67%

			E005B2830(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				void* _t10;
				intOrPtr* _t27;
				void* _t42;
				intOrPtr _t44;
				void* _t49;
				intOrPtr _t51;
				struct HWND__* _t52;
				intOrPtr _t54;
				intOrPtr _t55;

				_t50 = __esi;
				_t42 = __edx;
				_t54 = _t55;
				_push(0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				if(__edx != 0) {
					_t55 = _t55 + 0xfffffff0;
					_t10 = E00406F90(_t10, _t54);
				}
				_t49 = _t10;
				_push(_t54);
				_push(0x5b2942);
				_push( *[fs:eax]);
				 *[fs:eax] = _t55;
				E00406998(0);
				 *((intOrPtr*)(_t49 + 0xc)) = GetActiveWindow();
				 *((intOrPtr*)(_t49 + 0x10)) = GetFocus();
				 *((intOrPtr*)(_t49 + 0x14)) = E00596338(0, _t42, _t49, _t50);
				if( *0x6697fe == 0) {
					 *0x6697fe = RegisterClassW(0x661834);
				}
				if( *0x6697fe != 0) {
					_t51 = E00412B68(0, L"TWindowDisabler-Window", 0,  *0x666634, 0, 0, 0, 0, 0, 0, 0x88000000);
					 *((intOrPtr*)(_t49 + 8)) = _t51;
					if(_t51 != 0) {
						_t5 = _t49 + 8; // 0x41146400
						_t27 =  *0x662788; // 0x66978c
						E005A2830( *_t27,  &_v8);
						E004097C8(_v8);
						_t52 = E00412B68(0, L"TWindowDisabler-Window", 0,  *0x666634, 0,  *_t5, 0, 0, 0, 0, 0x80000000);
						 *(_t49 + 4) = _t52;
						if(_t52 != 0) {
							ShowWindow(_t52, 8);
						}
					}
				}
				SetFocus(0);
				_pop(_t44);
				 *[fs:eax] = _t44;
				_push(E005B2949);
				return E00408718( &_v8);
			}

0x005b2830
0x005b2830
0x005b2831
0x005b2833
0x005b2835
0x005b2836
0x005b2837
0x005b283a
0x005b283c
0x005b283f
0x005b283f
0x005b2846
0x005b284a
0x005b284b
0x005b2850
0x005b2853
0x005b285a
0x005b2864
0x005b286c
0x005b2876
0x005b2881
0x005b288d
0x005b288d
0x005b289b
0x005b28cb
0x005b28cd
0x005b28d2
0x005b28e1
0x005b28f2
0x005b28f9
0x005b2901
0x005b2914
0x005b2916
0x005b291b
0x005b2920
0x005b2920
0x005b291b
0x005b28d2
0x005b2927
0x005b292e
0x005b2931
0x005b2934
0x005b2941

APIs

GetActiveWindow.USER32 ref: 005B285F
GetFocus.USER32(00000000,005B2942,?,?,00000000,00000001,00000000,?,00619EC3,0066978C,?,00000000,00650DBE,?,00000001,00000000), ref: 005B2867
RegisterClassW.USER32 ref: 005B2888
ShowWindow.USER32(00000000,00000008,00000000,?,00000000,41146400,00000000,00000000,00000000,00000000,80000000,00000000,?,00000000,00000000,00000000), ref: 005B2920
SetFocus.USER32(00000000,00000000,005B2942,?,?,00000000,00000001,00000000,?,00619EC3,0066978C,?,00000000,00650DBE,?,00000001), ref: 005B2927

Strings

TWindowDisabler-Window, xrefs: 005B28BF, 005B2908

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FocusWindow$ActiveClassRegisterShow
String ID: TWindowDisabler-Window
API String ID: 495420250-1824977358
Opcode ID: b65364672cf27e03ed7f998f58329f436fec15a4319dc76059577f2d8132a453
Instruction ID: d82140f50c977c4be84b76ca69f426c0dffd831fcdb5b5c939c24f55dbe8d353
Opcode Fuzzy Hash: b65364672cf27e03ed7f998f58329f436fec15a4319dc76059577f2d8132a453
Instruction Fuzzy Hash: 1921D171B10701ABE320EF65DD02F9A7AE5FB45B04F504529F904FB2D0EAB8BC9087A5

Uniqueness

Uniqueness Score: -1.00%

Function 0063DBC0, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 72
fileCOMMON

Download Yara Rule

C-Code - Quality: 79%

			E0063DBC0(void* __eax, void* __edx, intOrPtr _a4076) {
				char _v4120;
				void* __ebx;
				void* __esi;
				void* __ebp;
				void* _t6;
				void* _t11;
				signed char _t14;
				void* _t22;
				intOrPtr* _t23;
				void* _t24;
				void* _t28;
				long _t30;
				void* _t31;
				void* _t32;
				void* _t33;

				_push(__eax);
				_t6 = 2;
				do {
					_t32 = _t32 + 0xfffff004;
					_push(_t6);
					_t6 = _t6 - 1;
				} while (_t6 != 0);
				_t33 = _t32 + 4;
				_t28 = __edx;
				_t29 = _a4076;
				_t23 = E00411E58(_t22, _a4076, GetModuleHandleW(L"kernel32.dll"), L"GetFinalPathNameByHandleW");
				if(_t23 == 0) {
					L11:
					_t11 = E00408AF8(_t28, _t29);
				} else {
					_t14 = GetFileAttributesW(E004097C8(_t29));
					if(_t14 == 0xffffffff) {
						goto L11;
					} else {
						if((_t14 & 0x00000010) == 0) {
							_t30 = 0;
							__eflags = 0;
						} else {
							_t30 = 0x2000000;
						}
						_t31 = CreateFileW(E004097C8(_t29), 0, 7, 0, 3, _t30, 0);
						if(_t31 == 0xffffffff) {
							goto L11;
						} else {
							_t24 =  *_t23(_t31,  &_v4120, 0x1000, 0);
							CloseHandle(_t31);
							if(_t24 <= 0) {
								goto L11;
							} else {
								_t41 = _t24 - 0xff0;
								if(_t24 >= 0xff0) {
									goto L11;
								} else {
									_t11 = E0063DAD8(_t33, _t24, _t28, _t29, _t41);
								}
							}
						}
					}
				}
				return _t11;
			}

0x0063dbc4
0x0063dbc5
0x0063dbca
0x0063dbca
0x0063dbd0
0x0063dbd1
0x0063dbd1
0x0063dbdb
0x0063dbde
0x0063dbe0
0x0063dbf7
0x0063dbfb
0x0063dc69
0x0063dc6d
0x0063dbfd
0x0063dc05
0x0063dc0d
0x00000000
0x0063dc0f
0x0063dc11
0x0063dc1a
0x0063dc1a
0x0063dc13
0x0063dc13
0x0063dc13
0x0063dc34
0x0063dc39
0x00000000
0x0063dc3b
0x0063dc4a
0x0063dc4d
0x0063dc54
0x00000000
0x0063dc56
0x0063dc56
0x0063dc5c
0x00000000
0x0063dc5e
0x0063dc62
0x0063dc62
0x0063dc5c
0x0063dc54
0x0063dc39
0x0063dc0d
0x0063dc7c

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,GetFinalPathNameByHandleW), ref: 0063DBEC
GetFileAttributesW.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleW), ref: 0063DC05
CreateFileW.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleW), ref: 0063DC2F
CloseHandle.KERNEL32(00000000), ref: 0063DC4D

Strings

kernel32.dll, xrefs: 0063DBE7
GetFinalPathNameByHandleW, xrefs: 0063DBE2

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileHandle$AttributesCloseCreateModule
String ID: GetFinalPathNameByHandleW$kernel32.dll
API String ID: 791737717-340263132
Opcode ID: d9edd0384482e5d9340c1b2fba0bbbe8bde44c1cf50051a0f3d891ae2b31e499
Instruction ID: 6026778cd775b34b266e918d1895d9f5e5aeea77bfc3c582f4084562949ce8b5
Opcode Fuzzy Hash: d9edd0384482e5d9340c1b2fba0bbbe8bde44c1cf50051a0f3d891ae2b31e499
Instruction Fuzzy Hash: AD11A9A175030526E62032AA6CC7FBBA14E8B51758F14023ABA54D72D2EDD99D4282DA

Uniqueness

Uniqueness Score: -1.00%

Function 00407104, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 36%

			E00407104(void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char* _t23;
				intOrPtr _t29;
				intOrPtr _t39;
				void* _t41;
				void* _t43;
				intOrPtr _t44;

				_t41 = _t43;
				_t44 = _t43 + 0xfffffff4;
				_v16 = 0;
				if(GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetLogicalProcessorInformation") == 0) {
					L10:
					_v8 = 0x40;
					goto L11;
				} else {
					_t23 =  &_v16;
					_push(_t23);
					_push(0);
					L004038A8();
					if(_t23 != 0 || GetLastError() != 0x7a) {
						goto L10;
					} else {
						_v12 = E00405490(_v16);
						_push(_t41);
						_push(E004071B2);
						_push( *[fs:edx]);
						 *[fs:edx] = _t44;
						_push( &_v16);
						_push(_v12);
						L004038A8();
						_t29 = _v12;
						if(_v16 <= 0) {
							L8:
							_pop(_t39);
							 *[fs:eax] = _t39;
							_push(E004071B9);
							return E004054AC(_v12);
						} else {
							while( *((short*)(_t29 + 4)) != 2 ||  *((char*)(_t29 + 8)) != 1) {
								_t29 = _t29 + 0x18;
								_v16 = _v16 - 0x18;
								if(_v16 > 0) {
									continue;
								} else {
									goto L8;
								}
								goto L12;
							}
							_v8 =  *(_t29 + 0xa) & 0x0000ffff;
							E00407F08();
							L11:
							return _v8;
						}
					}
				}
				L12:
			}

0x00407105
0x00407107
0x0040710c
0x00407126
0x004071b9
0x004071b9
0x00000000
0x0040712c
0x0040712c
0x0040712f
0x00407130
0x00407132
0x00407139
0x00000000
0x00407145
0x0040714d
0x00407152
0x00407153
0x00407158
0x0040715b
0x00407161
0x00407165
0x00407166
0x0040716b
0x00407172
0x0040719c
0x0040719e
0x004071a1
0x004071a4
0x004071b1
0x00407174
0x00407174
0x0040718f
0x00407192
0x0040719a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0040719a
0x00407185
0x00407188
0x004071c0
0x004071c6
0x004071c6
0x00407172
0x00407139
0x00000000

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 00407119
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040711F
GetLastError.KERNEL32(00000000,?,GetLogicalProcessorInformation), ref: 0040713B

Strings

kernel32.dll, xrefs: 00407114
@, xrefs: 004071B9
GetLogicalProcessorInformation, xrefs: 0040710F

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressErrorHandleLastModuleProc
String ID: @$GetLogicalProcessorInformation$kernel32.dll
API String ID: 4275029093-79381301
Opcode ID: ab45faa3e83f118afb7bdd2a45464dc82f59aa28fdfb947b44ab8597940da1fa
Instruction ID: 2a2551bed56c130c8612e6e6611bb7f0169533bd52abfaf2f231836d318f311a
Opcode Fuzzy Hash: ab45faa3e83f118afb7bdd2a45464dc82f59aa28fdfb947b44ab8597940da1fa
Instruction Fuzzy Hash: 99114571D08204BADB10EFA5D84576EBBF8EB44705F1481BBE914B73C1D67CAA808B5A

Uniqueness

Uniqueness Score: -1.00%

Function 005B8F18, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 51%

			E005B8F18(void* __eax, void* __ebx, long* __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				struct HDC__* _v8;
				struct tagSIZE _v16;
				struct tagTEXTMETRICW _v76;
				signed int _t26;
				signed int _t27;
				void* _t36;
				intOrPtr _t43;
				long* _t45;
				signed int* _t47;
				void* _t50;

				_t37 = __ecx;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t45 = __ecx;
				_t47 = __edx;
				_t36 = __eax;
				_v8 = GetDC(0);
				_push(_t50);
				_push(0x5b8fa4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t50 + 0xffffffb8;
				SelectObject(_v8, E004DD0C0(_t36, _t36, _t37, _t45, _t47));
				GetTextExtentPointW(_v8, L"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz", 0x34,  &_v16);
				asm("cdq");
				_t26 = _v16.cx / 0x1a + 1;
				_t27 = _t26 >> 1;
				if(_t26 < 0) {
					asm("adc eax, 0x0");
				}
				 *_t47 = _t27;
				GetTextMetricsW(_v8,  &_v76);
				 *_t45 = _v76.tmHeight;
				_pop(_t43);
				 *[fs:eax] = _t43;
				_push(E005B8FAB);
				return ReleaseDC(0, _v8);
			}

0x005b8f18
0x005b8f1e
0x005b8f1f
0x005b8f20
0x005b8f21
0x005b8f23
0x005b8f25
0x005b8f2e
0x005b8f33
0x005b8f34
0x005b8f39
0x005b8f3c
0x005b8f4b
0x005b8f5f
0x005b8f6c
0x005b8f6f
0x005b8f70
0x005b8f72
0x005b8f74
0x005b8f74
0x005b8f77
0x005b8f81
0x005b8f89
0x005b8f8d
0x005b8f90
0x005b8f93
0x005b8fa3

APIs

GetDC.USER32(00000000), ref: 005B8F29

Part of subcall function 004DD0C0: EnterCriticalSection.KERNEL32(?,00000000,004DD32F,?,?), ref: 004DD108

SelectObject.GDI32(006125F0,00000000), ref: 005B8F4B
GetTextExtentPointW.GDI32(006125F0,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz,00000034,?), ref: 005B8F5F
GetTextMetricsW.GDI32(006125F0,?,00000000,005B8FA4,?,00000000,?,?,006125F0), ref: 005B8F81
ReleaseDC.USER32 ref: 005B8F9E

Strings

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz, xrefs: 005B8F56

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Text$CriticalEnterExtentMetricsObjectPointReleaseSectionSelect
String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
API String ID: 1334710084-222967699
Opcode ID: 958775d07e3e9b45620c2f21b6b018f80563130afb076ad44b94cc2abff4fe22
Instruction ID: 51f75fe6070d711ca219fc08ac8bc05be8c07b0fd7becc7a938aa07a23ceff98
Opcode Fuzzy Hash: 958775d07e3e9b45620c2f21b6b018f80563130afb076ad44b94cc2abff4fe22
Instruction Fuzzy Hash: 28016D76B14608AFDB01DBE9CD41EEEB7BDEB49714F500466BA00D3281DAB8AD10C764

Uniqueness

Uniqueness Score: -1.00%

Function 004083B0, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40
fileCOMMON

Download Yara Rule

C-Code - Quality: 43%

			E004083B0(void* __ecx) {
				long _v4;
				void* _t3;
				void* _t9;

				if( *0x66305c == 0) {
					if( *0x65d032 == 0) {
						_push(0);
						_push("Error");
						_push("Runtime error     at 00000000");
						_push(0);
						L00403820();
					}
					return _t3;
				} else {
					if( *0x663348 == 0xd7b2 &&  *0x663350 > 0) {
						 *0x663360();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1d,  &_v4, 0);
					_t9 = E004091C0(0x408444);
					return WriteFile(GetStdHandle(0xfffffff5), _t9, 2,  &_v4, 0);
				}
			}

0x004083b8
0x0040841e
0x00408420
0x00408422
0x00408427
0x0040842c
0x0040842e
0x0040842e
0x00408434
0x004083ba
0x004083c3
0x004083d3
0x004083d3
0x004083ef
0x00408402
0x00408416
0x00408416

APIs

GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00408468,?,?,?,00408582,0040559F,004055E6,?,?,004055FF), ref: 004083E9
WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00408468,?,?,?,00408582,0040559F,004055E6,?,?), ref: 004083EF
GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00408468,?,?,?), ref: 0040840A
WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00408468,?,?), ref: 00408410

Strings

Error, xrefs: 00408422
Runtime error at 00000000, xrefs: 004083E2, 00408427

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileHandleWrite
String ID: Error$Runtime error at 00000000
API String ID: 3320372497-2970929446
Opcode ID: 1799082cea74c045af580b6b465f8dc7798a511c29439770589693c57301ea16
Instruction ID: 8a17602c2e75a12023cfcc5c7f70c251d3057b547bf485000fb7f9983d30ebe3
Opcode Fuzzy Hash: 1799082cea74c045af580b6b465f8dc7798a511c29439770589693c57301ea16
Instruction Fuzzy Hash: 1AF046B0640341B9E720BB616D07F1A3A4D4740F26F00053FF550B93C2DEFA4A88836D

Uniqueness

Uniqueness Score: -1.00%

Function 0042CB08, Relevance: 9.1, APIs: 6, Instructions: 144
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E0042CB08(short* __eax, intOrPtr __ecx, signed short* __edx) {
				char _v260;
				char _v768;
				char _v772;
				short* _v776;
				intOrPtr _v780;
				char _v784;
				signed int _v788;
				signed short* _v792;
				char _v796;
				char _v800;
				intOrPtr* _v804;
				signed short* _v808;
				void* __ebp;
				signed char _t55;
				signed int _t64;
				void* _t72;
				intOrPtr* _t83;
				void* _t103;
				void* _t105;
				void* _t108;
				void* _t109;
				intOrPtr* _t118;
				void* _t122;
				intOrPtr _t123;
				char* _t124;
				void* _t125;

				_t110 = __ecx;
				_v780 = __ecx;
				_v808 = __edx;
				_v776 = __eax;
				if((_v808[0] & 0x00000020) == 0) {
					L0042C2B4(0x80070057);
				}
				_t55 =  *_v808 & 0x0000ffff;
				if((_t55 & 0x00000fff) != 0xc) {
					_push(_v808);
					_push(_v776);
					L0042A438();
					return L0042C2B4(_v776);
				} else {
					if((_t55 & 0x00000040) == 0) {
						_v792 = _v808[4];
					} else {
						_v792 =  *(_v808[4]);
					}
					_v788 =  *_v792 & 0x0000ffff;
					_t103 = _v788 - 1;
					if(_t103 < 0) {
						L9:
						_push( &_v772);
						_t64 = _v788;
						_push(_t64);
						_push(0xc);
						L0042AA14();
						_t123 = _t64;
						if(_t123 == 0) {
							E0042C00C(_t110);
						}
						L0042C550(_v776);
						 *_v776 = 0x200c;
						 *((intOrPtr*)(_v776 + 8)) = _t123;
						_t105 = _v788 - 1;
						if(_t105 < 0) {
							L14:
							_t107 = _v788 - 1;
							if(E0042CA80(_v788 - 1, _t125) != 0) {
								L0042AA3C();
								L0042C2B4(_v792);
								L0042AA3C();
								L0042C2B4( &_v260);
								_v780(_t123,  &_v260,  &_v800, _v792,  &_v260,  &_v796);
							}
							_t72 = E0042CAB0(_t107, _t125);
						} else {
							_t108 = _t105 + 1;
							_t83 =  &_v768;
							_t118 =  &_v260;
							do {
								 *_t118 =  *_t83;
								_t118 = _t118 + 4;
								_t83 = _t83 + 8;
								_t108 = _t108 - 1;
							} while (_t108 != 0);
							do {
								goto L14;
							} while (_t72 != 0);
							return _t72;
						}
					} else {
						_t109 = _t103 + 1;
						_t122 = 0;
						_t124 =  &_v772;
						do {
							_v804 = _t124;
							_push(_v804 + 4);
							_t23 = _t122 + 1; // 0x1
							_push(_v792);
							L0042AA1C();
							L0042C2B4(_v792);
							_push( &_v784);
							_t26 = _t122 + 1; // 0x1
							_push(_v792);
							L0042AA24();
							L0042C2B4(_v792);
							 *_v804 = _v784 -  *((intOrPtr*)(_v804 + 4)) + 1;
							_t122 = _t122 + 1;
							_t124 = _t124 + 8;
							_t109 = _t109 - 1;
						} while (_t109 != 0);
						goto L9;
					}
				}
			}

0x0042cb08
0x0042cb14
0x0042cb1a
0x0042cb20
0x0042cb30
0x0042cb37
0x0042cb37
0x0042cb42
0x0042cb50
0x0042ccdb
0x0042cce2
0x0042cce3
0x00000000
0x0042cb56
0x0042cb59
0x0042cb77
0x0042cb5b
0x0042cb66
0x0042cb66
0x0042cb86
0x0042cb92
0x0042cb95
0x0042cc02
0x0042cc08
0x0042cc09
0x0042cc0f
0x0042cc10
0x0042cc12
0x0042cc17
0x0042cc1b
0x0042cc1d
0x0042cc1d
0x0042cc28
0x0042cc33
0x0042cc3e
0x0042cc47
0x0042cc4a
0x0042cc66
0x0042cc6d
0x0042cc78
0x0042cc8f
0x0042cc94
0x0042cca8
0x0042ccad
0x0042ccc0
0x0042ccc0
0x0042ccc9
0x0042cc4c
0x0042cc4c
0x0042cc4d
0x0042cc53
0x0042cc59
0x0042cc5b
0x0042cc5d
0x0042cc60
0x0042cc63
0x0042cc63
0x0042cc66
0x00000000
0x00000000
0x00000000
0x0042cc66
0x0042cb97
0x0042cb97
0x0042cb98
0x0042cb9a
0x0042cba0
0x0042cba2
0x0042cbb1
0x0042cbb2
0x0042cbbc
0x0042cbbd
0x0042cbc2
0x0042cbcd
0x0042cbce
0x0042cbd8
0x0042cbd9
0x0042cbde
0x0042cbf9
0x0042cbfb
0x0042cbfc
0x0042cbff
0x0042cbff
0x00000000
0x0042cba0
0x0042cb95

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0042CBBD
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0042CBD9
SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 0042CC12
SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0042CC8F
SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 0042CCA8
VariantCopy.OLEAUT32(?,?), ref: 0042CCE3

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ArraySafe$BoundIndex$CopyCreateVariant
String ID:
API String ID: 351091851-0
Opcode ID: 040e7940f355aaa7652d1378d9b08393b08e43244b2170bcb39dc03bfc7fe70c
Instruction ID: b9c2064567b20e793381e804e5bc2438c092fd9c167849d7407d8daf0e01c371
Opcode Fuzzy Hash: 040e7940f355aaa7652d1378d9b08393b08e43244b2170bcb39dc03bfc7fe70c
Instruction Fuzzy Hash: 1951CA75A006299BCB22DB99D9C1BDDB3FCAF4C304F8041DAE509E7211D634AF858F69

Uniqueness

Uniqueness Score: -1.00%

Function 00646274, Relevance: 9.1, APIs: 6, Instructions: 66
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00646274(signed int __eax) {
				intOrPtr* _t14;
				signed int _t18;
				intOrPtr* _t19;
				intOrPtr* _t23;
				signed int _t26;
				long _t27;
				intOrPtr* _t29;
				intOrPtr* _t33;
				signed int _t37;
				intOrPtr* _t38;

				_t37 = __eax;
				 *0x66a732 = __eax ^ 0x00000001;
				_t14 =  *0x662788; // 0x66978c
				_t18 = GetWindowLongW( *( *_t14 + 0x188), 0xffffffec) & 0xffffff00 | (_t17 & 0x00000080) == 0x00000000;
				if(_t37 != _t18) {
					_t19 =  *0x662788; // 0x66978c
					SetWindowPos( *( *_t19 + 0x188), 0, 0, 0, 0, 0, 0x97);
					_t23 =  *0x662788; // 0x66978c
					_t26 = GetWindowLongW( *( *_t23 + 0x188), 0xffffffec);
					if(_t37 == 0) {
						_t27 = _t26 | 0x00000080;
					} else {
						_t27 = _t26 & 0xffffff7f;
					}
					_t38 =  *0x662788; // 0x66978c
					SetWindowLongW( *( *_t38 + 0x188), 0xffffffec, _t27);
					if(_t37 == 0) {
						_t29 =  *0x662788; // 0x66978c
						return SetWindowPos( *( *_t29 + 0x188), 0, 0, 0, 0, 0, 0x57);
					} else {
						_t33 =  *0x662788; // 0x66978c
						return ShowWindow( *( *_t33 + 0x188), 5);
					}
				}
				return _t18;
			}

0x00646275
0x0064627b
0x00646280
0x00646297
0x0064629c
0x006462b1
0x006462bf
0x006462c4
0x006462d4
0x006462db
0x006462e4
0x006462dd
0x006462dd
0x006462dd
0x006462e9
0x006462fb
0x00646302
0x00646327
0x00000000
0x00646304
0x00646306
0x00000000
0x00646314
0x00646302
0x0064633b

APIs

GetWindowLongW.USER32(?,000000EC), ref: 00646290
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC,?,0064F22D,00000000,0064FB5F), ref: 006462BF
GetWindowLongW.USER32(?,000000EC), ref: 006462D4
SetWindowLongW.USER32 ref: 006462FB
ShowWindow.USER32(?,00000005,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC), ref: 00646314
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000057,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000), ref: 00646335

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Window$Long$Show
String ID:
API String ID: 3609083571-0
Opcode ID: e6f7a7cbc5305619f3d5acc79f4ede1ef98261b5fbca8d487833083e98d77ea8
Instruction ID: 4dd900cc12852a0d25872cc702cb4c4dd59defd6bf464013fc66fcb0f6f5a345
Opcode Fuzzy Hash: e6f7a7cbc5305619f3d5acc79f4ede1ef98261b5fbca8d487833083e98d77ea8
Instruction Fuzzy Hash: F0112E35344701BFCB00DB68DD91FD237E9AB1A355F0452A5F645DB3B2CAB8E8809B44

Uniqueness

Uniqueness Score: -1.00%

Function 00404850, Relevance: 9.1, APIs: 6, Instructions: 51
fileCOMMON

Download Yara Rule

C-Code - Quality: 72%

			E00404850(int __eax, void* __ecx, void* __edx) {
				long _v12;
				int _t4;
				long _t7;
				void* _t11;
				long _t12;
				void* _t13;
				long _t18;

				_t4 = __eax;
				_t24 = __edx;
				_t20 = __eax;
				if( *0x66305c == 0) {
					_push(0x2010);
					_push(__edx);
					_push(__eax);
					_push(0);
					L00403820();
				} else {
					_t7 = E00408C14(__edx);
					WriteFile(GetStdHandle(0xfffffff4), _t24, _t7,  &_v12, 0);
					_t11 =  *0x65d078; // 0x4039c0
					_t12 = E00408C14(_t11);
					_t13 =  *0x65d078; // 0x4039c0
					WriteFile(GetStdHandle(0xfffffff4), _t13, _t12,  &_v12, 0);
					_t18 = E00408C14(_t20);
					_t4 = WriteFile(GetStdHandle(0xfffffff4), _t20, _t18,  &_v12, 0);
				}
				return _t4;
			}

0x00404850
0x00404853
0x00404855
0x0040485e
0x004048c1
0x004048c6
0x004048c7
0x004048c8
0x004048ca
0x00404860
0x00404869
0x00404878
0x00404884
0x00404889
0x0040488f
0x0040489d
0x004048ab
0x004048ba
0x004048ba
0x004048d2

APIs

GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00404872
WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000), ref: 00404878
GetStdHandle.KERNEL32(000000F4,004039C0,00000000,?,00000000,00000000,000000F4,?,00000000,?,00000000), ref: 00404897
WriteFile.KERNEL32(00000000,000000F4,004039C0,00000000,?,00000000,00000000,000000F4,?,00000000,?,00000000), ref: 0040489D
GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000000,000000F4,004039C0,00000000,?,00000000,00000000,000000F4,?,00000000,?), ref: 004048B4
WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000000,000000F4,004039C0,00000000,?,00000000,00000000,000000F4,?,00000000), ref: 004048BA

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileHandleWrite
String ID:
API String ID: 3320372497-0
Opcode ID: 3b84c7de9e87f93af77f7477f8be1846f9128e6c778f958114ccbc8c47435102
Instruction ID: 9db4a11d59ebcb307a3cfeeab30a2223b0d8a9ead0fdef3697f8df52dc81456b
Opcode Fuzzy Hash: 3b84c7de9e87f93af77f7477f8be1846f9128e6c778f958114ccbc8c47435102
Instruction Fuzzy Hash: 3C01A9E26053103EF610FB6A9D86F5B2ADC8B4576AF10463B7218F31D2C9389D44937E

Uniqueness

Uniqueness Score: -1.00%

Function 00403F88, Relevance: 9.0, APIs: 7, Instructions: 298
sleepCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E00403F88(signed int __eax) {
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				intOrPtr* _t99;
				signed int _t104;
				signed int _t109;
				signed int _t110;
				intOrPtr* _t114;
				void* _t116;
				intOrPtr* _t121;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				unsigned int _t141;
				signed int _t142;
				void* _t144;
				intOrPtr* _t147;
				intOrPtr _t148;
				signed int _t150;
				long _t156;
				intOrPtr _t159;
				signed int _t162;

				_t95 = __eax;
				_t129 =  *0x66305d; // 0x0
				if(__eax > 0xa2c) {
					__eflags = __eax - 0x40a2c;
					if(__eax > 0x40a2c) {
						_pop(_t120);
						__eflags = __eax;
						if(__eax >= 0) {
							_push(_t120);
							_t162 = __eax;
							_t2 = _t162 + 0x10010; // 0x10110
							_t156 = _t2 - 0x00000001 + 0x00000004 & 0xffff0000;
							_t121 = VirtualAlloc(0, _t156, 0x101000, 4);
							if(_t121 != 0) {
								_t147 = _t121;
								 *((intOrPtr*)(_t147 + 8)) = _t162;
								 *(_t147 + 0xc) = _t156 | 0x00000004;
								E00403CE8();
								_t99 =  *0x665b84; // 0x665b80
								 *_t147 = 0x665b80;
								 *0x665b84 = _t121;
								 *((intOrPtr*)(_t147 + 4)) = _t99;
								 *_t99 = _t121;
								 *0x665b7c = 0;
								_t121 = _t121 + 0x10;
							}
							return _t121;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t67 = _t95 + 0xd3; // 0x1d3
						_t125 = (_t67 & 0xffffff00) + 0x30;
						__eflags = _t129;
						if(__eflags != 0) {
							while(1) {
								asm("lock cmpxchg [0x663aec], ah");
								if(__eflags == 0) {
									goto L42;
								}
								asm("pause");
								__eflags =  *0x66398d;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									asm("lock cmpxchg [0x663aec], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L42;
							}
						}
						L42:
						_t68 = _t125 - 0xb30; // -2445
						_t141 = _t68;
						_t142 = _t141 >> 0xd;
						_t131 = _t141 >> 8;
						_t104 = 0xffffffff << _t131 &  *(0x663afc + _t142 * 4);
						__eflags = 0xffffffff;
						if(0xffffffff == 0) {
							_t132 = _t142;
							__eflags = 0xfffffffe << _t132 &  *0x663af8;
							if((0xfffffffe << _t132 &  *0x663af8) == 0) {
								_t133 =  *0x663af4; // 0x0
								_t134 = _t133 - _t125;
								__eflags = _t134;
								if(_t134 < 0) {
									_t109 = E00403C6C(_t125);
								} else {
									_t110 =  *0x663af0; // 0x37ae910
									_t109 = _t110 - _t125;
									 *0x663af0 = _t109;
									 *0x663af4 = _t134;
									 *(_t109 - 4) = _t125 | 0x00000002;
								}
								 *0x663aec = 0;
								return _t109;
							} else {
								asm("bsf edx, eax");
								asm("bsf ecx, eax");
								_t135 = _t132 | _t142 << 0x00000005;
								goto L50;
							}
						} else {
							asm("bsf eax, eax");
							_t135 = _t131 & 0xffffffe0 | _t104;
							L50:
							_push(_t152);
							_push(_t145);
							_t148 = 0x663b7c + _t135 * 8;
							_t159 =  *((intOrPtr*)(_t148 + 4));
							_t114 =  *((intOrPtr*)(_t159 + 4));
							 *((intOrPtr*)(_t148 + 4)) = _t114;
							 *_t114 = _t148;
							__eflags = _t148 - _t114;
							if(_t148 == _t114) {
								asm("rol eax, cl");
								_t80 = 0x663afc + _t142 * 4;
								 *_t80 =  *(0x663afc + _t142 * 4) & 0xfffffffe;
								__eflags =  *_t80;
								if( *_t80 == 0) {
									asm("btr [0x663af8], edx");
								}
							}
							_t150 = 0xfffffff0 &  *(_t159 - 4);
							_t144 = 0xfffffff0 - _t125;
							__eflags = 0xfffffff0;
							if(0xfffffff0 == 0) {
								_t89 =  &((_t159 - 4)[0xfffffffffffffffc]);
								 *_t89 =  *(_t159 - 4 + _t150) & 0x000000f7;
								__eflags =  *_t89;
							} else {
								_t116 = _t125 + _t159;
								 *((intOrPtr*)(_t116 - 4)) = 0xfffffffffffffff3;
								 *(0xfffffff0 + _t116 - 8) = 0xfffffff0;
								__eflags = 0xfffffff0 - 0xb30;
								if(0xfffffff0 >= 0xb30) {
									E00403BA0(_t116, 0xfffffffffffffff3, _t144);
								}
							}
							_t93 = _t125 + 2; // 0x1a5
							 *(_t159 - 4) = _t93;
							 *0x663aec = 0;
							return _t159;
						}
					}
				} else {
					__eflags = __cl;
					_t6 = __edx + 0x663994; // 0xc8c8c8c8
					__eax =  *_t6 & 0x000000ff;
					__ebx = 0x65d080 + ( *_t6 & 0x000000ff) * 8;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L5;
							}
							__ebx = __ebx + 0x20;
							__eflags = __ebx;
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__ebx != 0) {
								__ebx = __ebx + 0x20;
								__eflags = __ebx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__ebx != 0) {
									__ebx = __ebx - 0x40;
									asm("pause");
									__eflags =  *0x66398d;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [ebx], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
								}
							}
							goto L5;
						}
					}
					L5:
					__edx =  *(__ebx + 8);
					__eax =  *(__edx + 0x10);
					__ecx = 0xfffffff8;
					__eflags = __edx - __ebx;
					if(__edx == __ebx) {
						__edx =  *(__ebx + 0x18);
						__ecx =  *(__ebx + 2) & 0x0000ffff;
						__ecx = ( *(__ebx + 2) & 0x0000ffff) + __eax;
						__eflags = __eax -  *(__ebx + 0x14);
						if(__eax >  *(__ebx + 0x14)) {
							_push(__esi);
							_push(__edi);
							__eflags =  *0x66305d;
							if(__eflags != 0) {
								while(1) {
									__eax = 0x100;
									asm("lock cmpxchg [0x663aec], ah");
									if(__eflags == 0) {
										goto L22;
									}
									asm("pause");
									__eflags =  *0x66398d;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [0x663aec], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
									goto L22;
								}
							}
							L22:
							 *(__ebx + 1) =  *(__ebx + 1) &  *0x663af8;
							__eflags =  *(__ebx + 1) &  *0x663af8;
							if(( *(__ebx + 1) &  *0x663af8) == 0) {
								__ecx =  *(__ebx + 4) & 0x0000ffff;
								__edi =  *0x663af4; // 0x0
								__eflags = __edi - ( *(__ebx + 4) & 0x0000ffff);
								if(__edi < ( *(__ebx + 4) & 0x0000ffff)) {
									__eax =  *(__ebx + 6) & 0x0000ffff;
									__edi = __eax;
									__eax = E00403C6C(__eax);
									__esi = __eax;
									__eflags = __eax;
									if(__eax != 0) {
										goto L35;
									} else {
										 *0x663aec = __al;
										 *__ebx = __al;
										_pop(__edi);
										_pop(__esi);
										_pop(__ebx);
										return __eax;
									}
								} else {
									__esi =  *0x663af0; // 0x37ae910
									__ecx =  *(__ebx + 6) & 0x0000ffff;
									__edx = __ecx + 0xb30;
									__eflags = __edi - __ecx + 0xb30;
									if(__edi >= __ecx + 0xb30) {
										__edi = __ecx;
									}
									__esi = __esi - __edi;
									 *0x663af4 =  *0x663af4 - __edi;
									 *0x663af0 = __esi;
									goto L35;
								}
							} else {
								asm("bsf eax, esi");
								__esi = __eax * 8;
								__ecx =  *(0x663afc + __eax * 4);
								asm("bsf ecx, ecx");
								__ecx =  *(0x663afc + __eax * 4) + __eax * 8 * 4;
								__edi = 0x663b7c + ( *(0x663afc + __eax * 4) + __eax * 8 * 4) * 8;
								__esi =  *(__edi + 4);
								__edx =  *(__esi + 4);
								 *(__edi + 4) = __edx;
								 *__edx = __edi;
								__eflags = __edi - __edx;
								if(__edi == __edx) {
									__edx = 0xfffffffe;
									asm("rol edx, cl");
									_t38 = 0x663afc + __eax * 4;
									 *_t38 =  *(0x663afc + __eax * 4) & 0xfffffffe;
									__eflags =  *_t38;
									if( *_t38 == 0) {
										asm("btr [0x663af8], eax");
									}
								}
								__edi = 0xfffffff0;
								__edi = 0xfffffff0 &  *(__esi - 4);
								__eflags = 0xfffffff0 - 0x10a60;
								if(0xfffffff0 < 0x10a60) {
									_t52 =  &((__esi - 4)[0xfffffffffffffffc]);
									 *_t52 = (__esi - 4)[0xfffffffffffffffc] & 0x000000f7;
									__eflags =  *_t52;
								} else {
									__edx = __edi;
									__edi =  *(__ebx + 6) & 0x0000ffff;
									__edx = __edx - __edi;
									__eax = __edi + __esi;
									__ecx = __edx + 3;
									 *(__eax - 4) = __ecx;
									 *(__edx + __eax - 8) = __edx;
									__eax = E00403BA0(__eax, __ecx, __edx);
								}
								L35:
								_t56 = __edi + 6; // 0x6
								__ecx = _t56;
								 *(__esi - 4) = _t56;
								__eax = 0;
								 *0x663aec = __al;
								 *__esi = __ebx;
								 *((intOrPtr*)(__esi + 0x10)) = 0;
								 *((intOrPtr*)(__esi + 0x14)) = 1;
								 *(__ebx + 0x18) = __esi;
								_t61 = __esi + 0x20; // 0x37ae930
								__eax = _t61;
								__ecx =  *(__ebx + 2) & 0x0000ffff;
								__edx = __ecx + __eax;
								 *(__ebx + 0x10) = __ecx + __eax;
								__edi = __edi + __esi;
								__edi = __edi - __ecx;
								__eflags = __edi;
								 *(__ebx + 0x14) = __edi;
								 *__ebx = 0;
								 *(__eax - 4) = __esi;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return __eax;
							}
						} else {
							_t19 = __edx + 0x14;
							 *_t19 =  *(__edx + 0x14) + 1;
							__eflags =  *_t19;
							 *(__ebx + 0x10) = __ecx;
							 *__ebx = 0;
							 *(__eax - 4) = __edx;
							_pop(__ebx);
							return __eax;
						}
					} else {
						 *(__edx + 0x14) =  *(__edx + 0x14) + 1;
						__ecx = 0xfffffff8 &  *(__eax - 4);
						__eflags = 0xfffffff8;
						 *(__edx + 0x10) = 0xfffffff8 &  *(__eax - 4);
						 *(__eax - 4) = __edx;
						if(0xfffffff8 == 0) {
							__ecx =  *(__edx + 8);
							 *(__ecx + 0xc) = __ebx;
							 *(__ebx + 8) = __ecx;
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						} else {
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}

0x00403f88
0x00403f94
0x00403f9a
0x004041e8
0x004041ed
0x00404300
0x00404301
0x00404303
0x00403d34
0x00403d38
0x00403d3a
0x00403d44
0x00403d59
0x00403d5d
0x00403d5f
0x00403d61
0x00403d67
0x00403d6a
0x00403d6f
0x00403d74
0x00403d7a
0x00403d80
0x00403d83
0x00403d85
0x00403d8c
0x00403d8c
0x00403d95
0x00404309
0x00404309
0x0040430b
0x0040430b
0x004041f3
0x004041f3
0x004041ff
0x00404202
0x00404204
0x004041ac
0x004041b1
0x004041b9
0x00000000
0x00000000
0x004041bb
0x004041bd
0x004041c4
0x00000000
0x004041c6
0x004041c8
0x004041d2
0x004041da
0x004041de
0x00000000
0x004041de
0x004041da
0x00000000
0x004041c4
0x004041ac
0x00404206
0x00404206
0x00404206
0x0040420e
0x00404211
0x0040421b
0x0040421b
0x00404222
0x00404235
0x00404239
0x0040423f
0x00404258
0x0040425e
0x0040425e
0x00404260
0x0040427e
0x00404262
0x00404262
0x00404267
0x00404269
0x0040426e
0x00404277
0x00404277
0x00404283
0x0040428b
0x00404241
0x00404241
0x0040424b
0x00404253
0x00000000
0x00404253
0x00404224
0x00404227
0x0040422a
0x0040428c
0x0040428c
0x0040428d
0x0040428e
0x00404295
0x00404298
0x0040429b
0x0040429e
0x004042a0
0x004042a2
0x004042a9
0x004042ab
0x004042ab
0x004042ab
0x004042b2
0x004042b4
0x004042b4
0x004042b2
0x004042c0
0x004042c5
0x004042c5
0x004042c7
0x004042e8
0x004042e8
0x004042e8
0x004042c9
0x004042c9
0x004042cf
0x004042d2
0x004042d6
0x004042dc
0x004042de
0x004042de
0x004042dc
0x004042ed
0x004042f0
0x004042f3
0x004042ff
0x004042ff
0x00404222
0x00403fa0
0x00403fa0
0x00403fa2
0x00403fa2
0x00403fa9
0x00403fb0
0x00404008
0x00404008
0x0040400d
0x00404011
0x00000000
0x00000000
0x00404013
0x00404013
0x00404016
0x0040401b
0x0040401f
0x00404021
0x00404021
0x00404024
0x00404029
0x0040402d
0x0040402f
0x00404032
0x00404034
0x0040403b
0x00000000
0x0040403d
0x0040403f
0x00404044
0x00404049
0x0040404d
0x00404055
0x00000000
0x00404055
0x0040404d
0x0040403b
0x0040402d
0x00000000
0x0040401f
0x00404008
0x00403fb2
0x00403fb2
0x00403fb5
0x00403fb8
0x00403fbd
0x00403fbf
0x00403fd8
0x00403fdb
0x00403fdf
0x00403fe1
0x00403fe4
0x0040405c
0x0040405d
0x0040405e
0x00404065
0x00404067
0x00404067
0x0040406c
0x00404074
0x00000000
0x00000000
0x00404076
0x00404078
0x0040407f
0x00000000
0x00404081
0x00404083
0x00404088
0x0040408d
0x00404095
0x00404099
0x00000000
0x00404099
0x00404095
0x00000000
0x0040407f
0x00404067
0x004040a0
0x004040a4
0x004040a4
0x004040aa
0x0040411c
0x00404120
0x00404126
0x00404128
0x00404150
0x00404154
0x00404156
0x0040415b
0x0040415d
0x0040415f
0x00000000
0x00404161
0x00404161
0x00404166
0x00404168
0x00404169
0x0040416a
0x0040416b
0x0040416b
0x0040412a
0x0040412a
0x00404130
0x00404134
0x0040413a
0x0040413c
0x0040413e
0x0040413e
0x00404140
0x00404142
0x00404148
0x00000000
0x00404148
0x004040ac
0x004040ac
0x004040af
0x004040b6
0x004040bd
0x004040c0
0x004040c3
0x004040ca
0x004040cd
0x004040d0
0x004040d3
0x004040d5
0x004040d7
0x004040d9
0x004040de
0x004040e0
0x004040e0
0x004040e0
0x004040e7
0x004040e9
0x004040e9
0x004040e7
0x004040f0
0x004040f5
0x004040f8
0x004040fe
0x0040416c
0x0040416c
0x0040416c
0x00404100
0x00404100
0x00404102
0x00404106
0x00404108
0x0040410b
0x0040410e
0x00404111
0x00404115
0x00404115
0x00404171
0x00404171
0x00404171
0x00404174
0x00404177
0x00404179
0x0040417e
0x00404180
0x00404183
0x0040418a
0x0040418d
0x0040418d
0x00404190
0x00404194
0x00404197
0x0040419a
0x0040419c
0x0040419c
0x0040419e
0x004041a1
0x004041a4
0x004041a7
0x004041a8
0x004041a9
0x004041aa
0x004041aa
0x00403fe6
0x00403fe6
0x00403fe6
0x00403fe6
0x00403fea
0x00403fed
0x00403ff0
0x00403ff3
0x00403ff4
0x00403ff4
0x00403fc1
0x00403fc1
0x00403fc5
0x00403fc5
0x00403fc8
0x00403fcb
0x00403fce
0x00403ff8
0x00403ffb
0x00403ffe
0x00404001
0x00404004
0x00404005
0x00403fd0
0x00403fd0
0x00403fd3
0x00403fd4
0x00403fd4
0x00403fce
0x00403fbf

APIs

Sleep.KERNEL32(00000000,000000FF,00404828,00000000,0040D55F,00000000,0040DA6D,00000000,0040DD2F,00000000,0040DD65), ref: 0040403F
Sleep.KERNEL32(0000000A,00000000,000000FF,00404828,00000000,0040D55F,00000000,0040DA6D,00000000,0040DD2F,00000000,0040DD65), ref: 00404055
Sleep.KERNEL32(00000000,00000000,?,000000FF,00404828,00000000,0040D55F,00000000,0040DA6D,00000000,0040DD2F,00000000,0040DD65), ref: 00404083
Sleep.KERNEL32(0000000A,00000000,00000000,?,000000FF,00404828,00000000,0040D55F,00000000,0040DA6D,00000000,0040DD2F,00000000,0040DD65), ref: 00404099

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: a598ac984ca6d6d73212e0fd315234ea6574c8b8a2a6145f01de04c21ee36eec
Instruction ID: f1ec43ae1c30d41b10cc41b48195bce38923192b9b407a0b5587fa379d4d1d3c
Opcode Fuzzy Hash: a598ac984ca6d6d73212e0fd315234ea6574c8b8a2a6145f01de04c21ee36eec
Instruction Fuzzy Hash: 1FC136B2A002618FC715CF69E884316BFE5ABC5311F0882BFE555AB3D1C3B8DA41DB94

Uniqueness

Uniqueness Score: -1.00%

Function 00600B6C, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 239
windowCOMMON

Download Yara Rule

C-Code - Quality: 62%

			E00600B6C(void* __ebx, int* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				int* _v16;
				char _v144;
				intOrPtr _v148;
				void* _v152;
				intOrPtr _v156;
				char _v164;
				char _v168;
				void* _t51;
				intOrPtr* _t57;
				intOrPtr* _t62;
				intOrPtr* _t65;
				intOrPtr* _t71;
				intOrPtr _t77;
				void* _t104;
				void* _t107;
				int* _t108;
				struct HWND__* _t118;
				int _t122;
				intOrPtr _t152;
				intOrPtr _t156;
				intOrPtr _t157;
				intOrPtr _t162;
				struct HWND__* _t163;
				intOrPtr _t164;
				intOrPtr _t165;
				intOrPtr _t166;
				intOrPtr _t169;
				intOrPtr _t172;
				intOrPtr _t176;
				void* _t181;
				void* _t182;
				intOrPtr _t183;
				void* _t189;

				_t189 = __fp0;
				_t179 = __esi;
				_t178 = __edi;
				_t181 = _t182;
				_t183 = _t182 + 0xffffff5c;
				_push(__esi);
				_push(__edi);
				_v168 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = __edx;
				_push(_t181);
				_push(0x600f26);
				_push( *[fs:eax]);
				 *[fs:eax] = _t183;
				_push(_t181);
				_push(0x600ee8);
				_push( *[fs:edx]);
				 *[fs:edx] = _t183;
				_t122 =  *_v16;
				_t51 = _t122 - 0x4a;
				if(_t51 == 0) {
					_t53 = _v16[2];
					_t152 =  *(_v16[2]) - 0x800;
					__eflags = _t152;
					if(__eflags == 0) {
						_push(_t181);
						_push(0x600d13);
						_push( *[fs:edx]);
						 *[fs:edx] = _t183;
						E004088A0( &_v8,  *(_t53 + 4) >> 1,  *((intOrPtr*)(_t53 + 8)), __eflags);
						_push(_t181);
						_push(0x600cd1);
						_push( *[fs:eax]);
						 *[fs:eax] = _t183;
						_t57 =  *0x662210; // 0x66a728
						 *_t57 =  *_t57 + 1;
						_push(_t181);
						_push(0x600cb6);
						_push( *[fs:eax]);
						 *[fs:eax] = _t183;
						L0064390C(_v8,  *(_t53 + 4) >> 1,  &_v12);
						_pop(_t156);
						 *[fs:eax] = _t156;
						_push(E00600CBD);
						_t62 =  *0x662210; // 0x66a728
						 *_t62 =  *_t62 - 1;
						__eflags =  *_t62;
						return _t62;
					} else {
						_t157 = _t152 - 1;
						__eflags = _t157;
						if(_t157 == 0) {
							_push(_t181);
							_push(0x600e09);
							_push( *[fs:edx]);
							 *[fs:edx] = _t183;
							E004056D0( *((intOrPtr*)(_t53 + 8)), _t122, 0x94,  &_v164);
							_push(_t181);
							_push(0x600dc7);
							_push( *[fs:eax]);
							 *[fs:eax] = _t183;
							_t65 =  *0x66244c; // 0x66a738
							__eflags =  *_t65;
							if( *_t65 == 0) {
								E0042648C(L"Cannot evaluate variable because [Code] isn\'t running yet", 1);
								E00407E14();
							}
							E00408EE8( &_v168, 0x80,  &_v144, 0);
							_t71 =  *0x66244c; // 0x66a738
							E0063BABC( *_t71, _t122, _v156, _t178, _t179, _t189,  &_v12, _v168, _v148);
							_v16[3] = 1;
							_pop(_t162);
							 *[fs:eax] = _t162;
							_t163 =  *0x66a29c; // 0x0
							_t77 =  *0x66a298; // 0x0
							E005C0D18(_t77, _t122, _t163, _t178, _t179, _v12);
							_pop(_t164);
							 *[fs:eax] = _t164;
						} else {
							_t169 = _t157 - 1;
							__eflags = _t169;
							if(_t169 == 0) {
								_push(_t181);
								_push(0x600e5f);
								_push( *[fs:edx]);
								 *[fs:edx] = _t183;
								E0040873C(0x66a28c);
								E004088F4(0x66a28c,  *(_v16[2] + 4) >> 0,  *((intOrPtr*)(_v16[2] + 8)), __eflags, 0);
								_v16[3] = 1;
								_pop(_t172);
								 *[fs:eax] = _t172;
							} else {
								__eflags = _t169 == 1;
								if(_t169 == 1) {
									_push(_t181);
									_push(0x600eb2);
									_push( *[fs:edx]);
									 *[fs:edx] = _t183;
									E0040873C(0x66a290);
									E004088F4(0x66a290,  *(_v16[2] + 4) >> 0,  *((intOrPtr*)(_v16[2] + 8)), __eflags, 0);
									_v16[3] = 1;
									_pop(_t176);
									 *[fs:eax] = _t176;
								}
							}
						}
						goto L21;
					}
				} else {
					_t104 = _t51 - 0xbb6;
					if(_t104 == 0) {
						 *0x66a288 = 0;
						 *0x66a298 = 0;
						 *0x66a2a0 = 1;
						 *0x66a2a1 = 0;
						PostMessageW(0, 0, 0, 0);
					} else {
						_t107 = _t104 - 1;
						if(_t107 == 0) {
							 *0x66a2a0 = 1;
							_t108 = _v16;
							__eflags =  *((intOrPtr*)(_t108 + 4)) - 1;
							 *0x66a2a1 =  *((intOrPtr*)(_t108 + 4)) == 1;
							PostMessageW(0, 0, 0, 0);
						} else {
							if(_t107 == 2) {
								SetForegroundWindow(_v16[1]);
							} else {
								_t118 =  *0x66a29c; // 0x0
								_v16[3] = DefWindowProcW(_t118, _t122, _v16[1], _v16[2]);
							}
						}
					}
					L21:
					_pop(_t165);
					 *[fs:eax] = _t165;
					_pop(_t166);
					 *[fs:eax] = _t166;
					_push(E00600F2D);
					E0040873C( &_v168);
					return E00408778( &_v12, 2);
				}
			}

0x00600b6c
0x00600b6c
0x00600b6c
0x00600b6d
0x00600b6f
0x00600b76
0x00600b77
0x00600b7a
0x00600b80
0x00600b83
0x00600b86
0x00600b8b
0x00600b8c
0x00600b91
0x00600b94
0x00600b99
0x00600b9a
0x00600b9f
0x00600ba2
0x00600ba8
0x00600bac
0x00600baf
0x00600c2e
0x00600c33
0x00600c33
0x00600c39
0x00600c57
0x00600c58
0x00600c5d
0x00600c60
0x00600c6e
0x00600c75
0x00600c76
0x00600c7b
0x00600c7e
0x00600c81
0x00600c86
0x00600c8a
0x00600c8b
0x00600c90
0x00600c93
0x00600c9c
0x00600ca3
0x00600ca6
0x00600ca9
0x00600cae
0x00600cb3
0x00600cb3
0x00600cb5
0x00600c3b
0x00600c3b
0x00600c3b
0x00600c3c
0x00600d24
0x00600d25
0x00600d2a
0x00600d2d
0x00600d3e
0x00600d45
0x00600d46
0x00600d4b
0x00600d4e
0x00600d51
0x00600d56
0x00600d59
0x00600d67
0x00600d6c
0x00600d6c
0x00600d8b
0x00600d9b
0x00600dae
0x00600db6
0x00600dbf
0x00600dc2
0x00600dec
0x00600df2
0x00600df7
0x00600dfe
0x00600e01
0x00600c42
0x00600c42
0x00600c42
0x00600c43
0x00600e1a
0x00600e1b
0x00600e20
0x00600e23
0x00600e2b
0x00600e46
0x00600e4e
0x00600e57
0x00600e5a
0x00600c49
0x00600c49
0x00600c4a
0x00600e6d
0x00600e6e
0x00600e73
0x00600e76
0x00600e7e
0x00600e99
0x00600ea1
0x00600eaa
0x00600ead
0x00600ead
0x00600c4a
0x00600c43
0x00000000
0x00600c3c
0x00600bb1
0x00600bb1
0x00600bb6
0x00600bc5
0x00600bce
0x00600bd3
0x00600bda
0x00600be9
0x00600bb8
0x00600bb8
0x00600bb9
0x00600bf3
0x00600bfa
0x00600bfd
0x00600c01
0x00600c10
0x00600bbb
0x00600bbe
0x00600c21
0x00600bc0
0x00600ecd
0x00600edb
0x00600edb
0x00600bbe
0x00600bb9
0x00600ede
0x00600ee0
0x00600ee3
0x00600f02
0x00600f05
0x00600f08
0x00600f13
0x00600f25
0x00600f25

APIs

PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00600BE9
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00600C10
SetForegroundWindow.USER32(?,00000000,00600EE8,?,00000000,00600F26), ref: 00600C21
DefWindowProcW.USER32(00000000,?,?,?,00000000,00600EE8,?,00000000,00600F26), ref: 00600ED3

Strings

Cannot evaluate variable because [Code] isn't running yet, xrefs: 00600D5B

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: MessagePostWindow$ForegroundProc
String ID: Cannot evaluate variable because [Code] isn't running yet
API String ID: 602442252-3182603685
Opcode ID: 25868026e616825efd40218a5019be6deeba83c182515bb988c7acbd9ffc5826
Instruction ID: ab36fd57ef67da6a4d73ccec4cc41cbfff4955b2beb65bb6a2c22b7cd4e29d0d
Opcode Fuzzy Hash: 25868026e616825efd40218a5019be6deeba83c182515bb988c7acbd9ffc5826
Instruction Fuzzy Hash: 65911134644204AFE719DF58CD61F9ABBBAEB89700F1584AAF804AB3E1C675AD40CF14

Uniqueness

Uniqueness Score: -1.00%

Function 005F89FC, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 105
fileCOMMON

Download Yara Rule

C-Code - Quality: 39%

			E005F89FC(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v17;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				void* _t60;
				signed int _t63;
				intOrPtr _t77;
				void* _t83;
				intOrPtr _t86;

				_t64 = 0;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_v16 = __edx;
				_v8 = __eax;
				E004087FC(_v8);
				_push(_t86);
				_push(0x5f8b37);
				_push( *[fs:eax]);
				 *[fs:eax] = _t86;
				_t4 =  &_v24; // 0x64ef6a
				E005AF4EC(_v8, _t4);
				_t6 =  &_v24; // 0x64ef6a
				E00408B40( &_v8,  *_t6);
				_t83 = 0x123456;
				_t63 = 0;
				_v17 = 0;
				do {
					_t83 = _t83 + 1;
					if(_t83 > 0x1ffffff) {
						_t83 = 0;
					}
					_t90 = 0x123456 - _t83;
					if(0x123456 == _t83) {
						E005AFCC4(_v8, _t64,  &_v32, _t90);
						E005B8018(0x51,  &_v28, _v32);
						_t64 = _v28;
						E0042648C(_v28, 1);
						E00407E14();
					}
					_push(_v8);
					_push("_iu");
					E005F8868(_t83, _t63,  &_v36, 0x123456, _t83);
					_push(_v36);
					_push(L".tmp");
					E00409AA0( &_v12, _t63, 4, 0x123456, _t83);
					if(E005AFDE8(_t90) == 0) {
						_t63 = 1;
						_v17 = E005AFDC4(_v12);
						if(_v17 != 0) {
							_t60 = CreateFileW(E004097C8(_v12), 0xc0000000, 0, 0, 2, 0x80, 0);
							_t63 = 0 | _t60 != 0xffffffff;
							if(1 != 0) {
								CloseHandle(_t60);
							}
						}
					}
				} while (_t63 == 0);
				E00408AF8(_v16, _v12);
				_pop(_t77);
				 *[fs:eax] = _t77;
				_push(E005F8B3E);
				E00408778( &_v36, 4);
				return E00408778( &_v12, 2);
			}

0x005f89ff
0x005f8a01
0x005f8a02
0x005f8a03
0x005f8a04
0x005f8a05
0x005f8a06
0x005f8a07
0x005f8a08
0x005f8a0c
0x005f8a0f
0x005f8a15
0x005f8a1c
0x005f8a1d
0x005f8a22
0x005f8a25
0x005f8a28
0x005f8a2e
0x005f8a33
0x005f8a39
0x005f8a43
0x005f8a45
0x005f8a47
0x005f8a4b
0x005f8a4b
0x005f8a52
0x005f8a54
0x005f8a54
0x005f8a56
0x005f8a58
0x005f8a60
0x005f8a6d
0x005f8a72
0x005f8a7c
0x005f8a81
0x005f8a81
0x005f8a86
0x005f8a89
0x005f8a93
0x005f8a98
0x005f8a9b
0x005f8aa8
0x005f8ab7
0x005f8ab9
0x005f8ac3
0x005f8aca
0x005f8ae7
0x005f8aef
0x005f8af4
0x005f8af7
0x005f8af7
0x005f8af4
0x005f8aca
0x005f8afc
0x005f8b0a
0x005f8b11
0x005f8b14
0x005f8b17
0x005f8b24
0x005f8b36

APIs

CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,?,_iu,?,00000000,005F8B37), ref: 005F8AE7
CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,?,_iu,?,00000000,005F8B37), ref: 005F8AF7

Strings

jd, xrefs: 005F8A28, 005F8A33
.tmp, xrefs: 005F8A9B
_iu, xrefs: 005F8A89

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CloseCreateFileHandle
String ID: .tmp$_iu$jd
API String ID: 3498533004-1802150322
Opcode ID: 2be609185de3ecedbbef9110650187b62c2b42e140f9870684e40b01a39d05d5
Instruction ID: 3061496996edbf0f295552ba256b7f5cd8ef57c15fc1c95d12c7dd96c3447177
Opcode Fuzzy Hash: 2be609185de3ecedbbef9110650187b62c2b42e140f9870684e40b01a39d05d5
Instruction Fuzzy Hash: 9C31A430A4021DABDB10EBA5C846BEEBBB4FF45314F10417AF640B72D2DA786E059758

Uniqueness

Uniqueness Score: -1.00%

Function 005A3AB4, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 103
timethreadwindowCOMMON

Download Yara Rule

C-Code - Quality: 80%

			E005A3AB4(char __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				char _v9;
				char _v16;
				char _v20;
				intOrPtr _t41;
				long _t46;
				_Unknown_base(*)()* _t54;
				intOrPtr _t64;
				void* _t68;
				intOrPtr _t79;
				intOrPtr* _t80;
				intOrPtr _t81;
				void* _t87;
				void* _t88;
				intOrPtr _t89;

				_t87 = _t88;
				_t89 = _t88 + 0xfffffff0;
				_v16 = 0;
				_v20 = 0;
				_v8 = __eax;
				_push(_t87);
				_push(0x5a3c1d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t89;
				_t4 =  &_v8; // 0x5a2f24
				_t68 = E005A3A28( *_t4, 0);
				_t5 =  &_v8; // 0x5a2f24
				if( *((char*)( *_t5 + 0x9c)) != 0) {
					_t7 =  &_v8; // 0x5a2f24
					_t64 =  *_t7;
					_t91 =  *((intOrPtr*)(_t64 + 0x5c));
					if( *((intOrPtr*)(_t64 + 0x5c)) == 0) {
						_t9 =  &_v8; // 0x5a2f24
						E005A4134( *_t9, 0);
					}
				}
				E005A0948(_t68,  &_v20);
				E004F9250(_v20, 0,  &_v16, _t91);
				_t41 =  *0x66978c; // 0x0
				E005A3CE8(_t41, _v16, _t91);
				_v9 = 1;
				_push(_t87);
				_push(0x5a3bc4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t89;
				_t15 =  &_v8; // 0x5a2f24
				if( *((short*)( *_t15 + 0x14a)) != 0) {
					_t18 =  &_v8; // 0x5a2f24
					 *((intOrPtr*)( *_t18 + 0x148))();
				}
				if(_v9 != 0) {
					_t23 =  &_v8; // 0x5a2f24
					if( *((intOrPtr*)( *_t23 + 0xd8)) > 0) {
						__eflags =  *0x6697b8;
						if( *0x6697b8 == 0) {
							__eflags =  *0x6697bc;
							if( *0x6697bc == 0) {
								 *0x6697bc = 0x5a3a4c;
							}
							_t54 =  *0x6697bc; // 0x0
							_t26 =  &_v8; // 0x5a2f24
							 *0x6697b8 = SetTimer(0, 0,  *( *_t26 + 0xd8), _t54);
							__eflags =  *0x6697b8;
							if( *0x6697b8 == 0) {
								E005A39C4();
							}
						}
					} else {
						E005A39C4();
					}
				}
				_pop(_t79);
				 *[fs:eax] = _t79;
				_t46 = GetCurrentThreadId();
				_t80 =  *0x662a44; // 0x663044
				if(_t46 ==  *_t80 && E0046FF88(0, _t80) != 0) {
					_v9 = 0;
				}
				if(_v9 != 0) {
					WaitMessage();
				}
				_pop(_t81);
				 *[fs:eax] = _t81;
				_push(E005A3C24);
				return E00408778( &_v20, 2);
			}

0x005a3ab5
0x005a3ab7
0x005a3abf
0x005a3ac2
0x005a3ac5
0x005a3aca
0x005a3acb
0x005a3ad0
0x005a3ad3
0x005a3ad6
0x005a3ade
0x005a3ae0
0x005a3aea
0x005a3aec
0x005a3aec
0x005a3aef
0x005a3af3
0x005a3af5
0x005a3af8
0x005a3af8
0x005a3af3
0x005a3b02
0x005a3b0d
0x005a3b15
0x005a3b1a
0x005a3b1f
0x005a3b25
0x005a3b26
0x005a3b2b
0x005a3b2e
0x005a3b31
0x005a3b3c
0x005a3b41
0x005a3b4d
0x005a3b4d
0x005a3b57
0x005a3b59
0x005a3b63
0x005a3b6f
0x005a3b76
0x005a3b78
0x005a3b7f
0x005a3b81
0x005a3b81
0x005a3b8b
0x005a3b91
0x005a3ba4
0x005a3ba9
0x005a3bb0
0x005a3bb5
0x005a3bb5
0x005a3bb0
0x005a3b65
0x005a3b68
0x005a3b68
0x005a3b63
0x005a3bbc
0x005a3bbf
0x005a3bd9
0x005a3bde
0x005a3be6
0x005a3bf3
0x005a3bf3
0x005a3bfb
0x005a3bfd
0x005a3bfd
0x005a3c04
0x005a3c07
0x005a3c0a
0x005a3c1c

APIs

Part of subcall function 005A3A28: GetCursorPos.USER32 ref: 005A3A2F

SetTimer.USER32(00000000,00000000,00000000,00000000), ref: 005A3B9F
GetCurrentThreadId.KERNEL32 ref: 005A3BD9
WaitMessage.USER32(00000000,005A3C1D,?,?,?,00000000), ref: 005A3BFD

Strings

$/Z, xrefs: 005A3AD6, 005A3AE0, 005A3B31, 005A3B59, 005A3B91, 005A3BB2, 005A3B65, 005A3B41, 005A3B44, 005A3AEC, 005A3AF5
D0f, xrefs: 005A3BDE

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CurrentCursorMessageThreadTimerWait
String ID: $/Z$D0f
API String ID: 3909455694-26430867
Opcode ID: e2e3de10f7278643966aab215cfa17f3b3663590b4ea95498438a05ed21afb36
Instruction ID: e22e41007f1cd188d3129f5814c38c56834451e257cf5d477a750d23bbd2f832
Opcode Fuzzy Hash: e2e3de10f7278643966aab215cfa17f3b3663590b4ea95498438a05ed21afb36
Instruction Fuzzy Hash: F4415E30A04248EFDB51DFA8D896B9DBBF6FB46318F5584A9F804A7291C7B45F44CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00650308, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 102
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E00650308(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v40;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr _t44;
				intOrPtr _t48;
				intOrPtr _t61;
				intOrPtr _t66;
				intOrPtr _t92;
				void* _t96;
				void* _t97;
				void* _t98;
				intOrPtr _t99;

				_t100 = __eflags;
				_t95 = __esi;
				_t94 = __edi;
				_t68 = __ebx;
				_t97 = _t98;
				_t99 = _t98 + 0xffffffdc;
				_v32 = 0;
				_v28 = 0;
				_v24 = 0;
				_v20 = 0;
				 *[fs:eax] = _t99;
				_t27 =  *0x662788; // 0x66978c
				E005A2A3C( *_t27, L"Uninstall", __eflags);
				_t30 =  *0x662788; // 0x66978c
				ShowWindow( *( *_t30 + 0x188), 5);
				 *[fs:edx] = _t99;
				E00647310();
				E005B09C4( &_v20);
				E00421594(_v20);
				E005B0518(0, __ebx,  &_v24, __edi, __esi);
				E00408AF8(0x66a7dc, _v24);
				E0064E648(__ebx, __edi, __esi, _t100);
				_t44 =  *0x66a7dc; // 0x0
				E005AF5D8(_t44, _t68,  &_v28, L".dat", _t94, _t95);
				E00408AF8(0x66a7e0, _v28);
				_t48 =  *0x66a7dc; // 0x0
				E005AF5D8(_t48, _t68,  &_v32, L".msg", _t94, _t95);
				E00408AF8(0x66a7e4, _v32);
				_v8 = E005B6AC8(1, 1, 0, 2);
				 *[fs:eax] = _t99;
				 *((intOrPtr*)( *_v8 + 4))( *[fs:eax], 0x650460, _t97,  *[fs:edx], 0x650583, _t97,  *[fs:eax], 0x6505bc, _t97, __edi, __esi, __ebx, _t96);
				E005B6A88(_v8, _v40 - 8);
				E005B6A60(_v8, 8,  &_v16);
				if(_v16 == 0x67734d49) {
					_t61 =  *0x66a7dc; // 0x0
					E005B81C4(_t61, _t68, 1, _v12, _t94, _t95);
				} else {
					_t66 =  *0x66a7e4; // 0x0
					E005B81C4(_t66, _t68, 1, 0, _t94, _t95);
				}
				_pop(_t92);
				 *[fs:eax] = _t92;
				_push(E00650467);
				return E004069C8(_v8);
			}

0x00650308
0x00650308
0x00650308
0x00650308
0x00650309
0x0065030b
0x00650313
0x00650316
0x00650319
0x0065031c
0x0065032a
0x0065032d
0x00650339
0x00650340
0x0065034e
0x0065035e
0x00650361
0x00650369
0x00650371
0x0065037b
0x00650388
0x0065038d
0x0065039a
0x0065039f
0x006503ac
0x006503b9
0x006503be
0x006503cb
0x006503e8
0x006503f6
0x00650401
0x0065040d
0x0065041d
0x00650429
0x00650440
0x00650445
0x0065042b
0x0065042f
0x00650434
0x00650434
0x0065044c
0x0065044f
0x00650452
0x0065045f

APIs

Part of subcall function 005A2A3C: SetWindowTextW.USER32(?,00000000), ref: 005A2A6D

ShowWindow.USER32(?,00000005,00000000,006505BC,?,?,00000000), ref: 0065034E

Part of subcall function 005B09C4: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005B09D7

Part of subcall function 00421594: SetCurrentDirectoryW.KERNEL32(00000000,?,00650376,00000000,00650583,?,?,00000005,00000000,006505BC,?,?,00000000), ref: 0042159F

Part of subcall function 005B0518: GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,005B05AD,?,?,?,00000001,?,005FB63E,00000000,005FB6A9), ref: 005B054D

Strings

IMsg, xrefs: 00650422
.msg, xrefs: 006503B4
.dat, xrefs: 00650395
Uninstall, xrefs: 00650334

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: DirectoryWindow$CurrentFileModuleNameShowSystemText
String ID: .dat$.msg$IMsg$Uninstall
API String ID: 3312786188-1660910688
Opcode ID: f1a236e2430c453bd2d4804922fd2251dcafb6bddc65ab012eb207bd86612867
Instruction ID: f4c181762cbf351847136a24d252f6132ab9ebf6a138c6ef489f4fabac20360c
Opcode Fuzzy Hash: f1a236e2430c453bd2d4804922fd2251dcafb6bddc65ab012eb207bd86612867
Instruction Fuzzy Hash: 5A416F34A006099FD700EFA8CD569AEBFB6FB89300F508465F900B7791DA75AE05DF51

Uniqueness

Uniqueness Score: -1.00%

Function 00619ABC, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E00619ABC(HANDLE* __eax) {
				HANDLE* _v8;
				long _v12;
				intOrPtr* _t7;
				long _t11;
				intOrPtr _t27;
				void* _t30;

				_v8 = __eax;
				_push(_t30);
				_push(0x619b3d);
				_push( *[fs:edx]);
				 *[fs:edx] = _t30 + 0xfffffff8;
				do {
					_t7 =  *0x662788; // 0x66978c
					E005A2EF0( *_t7);
					_t11 = MsgWaitForMultipleObjects(1, _v8, 0, 0xffffffff, 0x4ff);
				} while (_t11 == 1);
				if(_t11 == 0xffffffff) {
					E005F84D8(L"MsgWaitForMultipleObjects");
				}
				if(GetExitCodeProcess( *_v8,  &_v12) == 0) {
					E005F84D8(L"GetExitCodeProcess");
				}
				_pop(_t27);
				 *[fs:eax] = _t27;
				_push(E00619B44);
				return CloseHandle( *_v8);
			}

0x00619ac2
0x00619ac7
0x00619ac8
0x00619acd
0x00619ad0
0x00619ad3
0x00619ad3
0x00619ada
0x00619aee
0x00619af3
0x00619afb
0x00619b02
0x00619b02
0x00619b18
0x00619b1f
0x00619b1f
0x00619b26
0x00619b29
0x00619b2c
0x00619b3c

APIs

MsgWaitForMultipleObjects.USER32 ref: 00619AEE
GetExitCodeProcess.KERNEL32 ref: 00619B11
CloseHandle.KERNEL32(?,00619B44,00000001,00000000,000000FF,000004FF,00000000,00619B3D), ref: 00619B37

Strings

MsgWaitForMultipleObjects, xrefs: 00619AFD
GetExitCodeProcess, xrefs: 00619B1A

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CloseCodeExitHandleMultipleObjectsProcessWait
String ID: GetExitCodeProcess$MsgWaitForMultipleObjects
API String ID: 2573145106-3235461205
Opcode ID: ba53c600be26915f909191a06568e7db8e5f74361853eaba85404e46484a8880
Instruction ID: 17f76d570b79bce70c84d933d727bccac0e9e9e67c25deff2b623aab18eb49ef
Opcode Fuzzy Hash: ba53c600be26915f909191a06568e7db8e5f74361853eaba85404e46484a8880
Instruction Fuzzy Hash: 0C01F730708209AFDB10DBACDC62DEE77EAEB85724F140570F510C73D0DA38AD809625

Uniqueness

Uniqueness Score: -1.00%

Function 00405634, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 36
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405634(signed int __eax, void* __edx) {
				short _v530;
				short _v1052;
				short _v1056;
				short _v1058;
				signed int _t20;
				void* _t24;
				WCHAR* _t25;

				_t25 =  &_v1052;
				_t24 = __edx;
				_t20 = __eax;
				if(__eax != 0) {
					 *_t25 = (__eax & 0x000000ff) + 0x41 - 1;
					_v1058 = 0x3a;
					_v1056 = 0;
					GetCurrentDirectoryW(0x105,  &_v530);
					SetCurrentDirectoryW(_t25);
				}
				GetCurrentDirectoryW(0x105,  &_v1052);
				if(_t20 != 0) {
					SetCurrentDirectoryW( &_v530);
				}
				return E00409868(_t24, 0x105,  &_v1052);
			}

0x00405636
0x0040563c
0x0040563e
0x00405642
0x0040564c
0x00405650
0x00405657
0x0040566b
0x00405671
0x00405671
0x00405680
0x00405687
0x00405691
0x00405691
0x004056ae

APIs

GetCurrentDirectoryW.KERNEL32(00000105,?), ref: 0040566B
SetCurrentDirectoryW.KERNEL32(?,00000105,?), ref: 00405671
GetCurrentDirectoryW.KERNEL32(00000105,?), ref: 00405680
SetCurrentDirectoryW.KERNEL32(?,00000105,?), ref: 00405691

Strings

:, xrefs: 00405650

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CurrentDirectory
String ID: :
API String ID: 1611563598-336475711
Opcode ID: d2c8ee2b01b8bc9c31e1c2f3e7020ed8b4575a480701506d2b7bff4a0b959189
Instruction ID: dce63c72c99c25e19be56c3ef1376a95404931ccd87f5083cd5fd4336c869f13
Opcode Fuzzy Hash: d2c8ee2b01b8bc9c31e1c2f3e7020ed8b4575a480701506d2b7bff4a0b959189
Instruction Fuzzy Hash: 94F0F061140B447AD320EB65C852AEB72DCDF44305F40883F7AC8D73D2E67E8948976A

Uniqueness

Uniqueness Score: -1.00%

Function 005865CC, Relevance: 7.6, APIs: 5, Instructions: 77
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E005865CC(int __eax, void* __edx) {
				void* __edi;
				void* __esi;
				signed int _t39;
				signed int _t40;
				intOrPtr _t44;
				int _t45;
				void* _t47;
				int _t48;
				intOrPtr* _t49;

				_t18 = __eax;
				_t49 = __eax;
				if(( *(__eax + 0x1c) & 0x00000008) == 0) {
					if(( *(__eax + 0x1c) & 0x00000002) != 0) {
						 *((char*)(__eax + 0x80)) = 1;
						return __eax;
					}
					_t19 =  *((intOrPtr*)(__eax + 0x78));
					if( *((intOrPtr*)(__eax + 0x78)) != 0) {
						return E005865CC(_t19, __edx);
					}
					_t18 = GetMenuItemCount(E00586704(__eax, _t45, _t47));
					_t48 = _t18;
					_t40 = _t39 & 0xffffff00 | _t48 == 0x00000000;
					while(_t48 > 0) {
						_t45 = _t48 - 1;
						_t18 = GetMenuState(E00586704(_t49, _t45, _t48), _t45, 0x400);
						if((_t18 & 0x00000004) == 0) {
							_t18 = RemoveMenu(E00586704(_t49, _t45, _t48), _t45, 0x400);
							_t40 = 1;
						}
						_t48 = _t48 - 1;
					}
					if(_t40 != 0) {
						if( *((intOrPtr*)(_t49 + 0x70)) != 0) {
							L14:
							E00586488(_t49, _t45, _t48);
							L15:
							return  *((intOrPtr*)( *_t49 + 0x50))();
						}
						_t44 =  *0x5849b0; // 0x584a08
						if(E00406C10( *((intOrPtr*)(_t49 + 0x7c)), _t44) == 0 || GetMenuItemCount(E00586704(_t49, _t45, _t48)) != 0) {
							goto L14;
						} else {
							DestroyMenu( *(_t49 + 0xbc));
							 *(_t49 + 0xbc) = 0;
							goto L15;
						}
					}
				}
				return _t18;
			}

0x005865cc
0x005865d0
0x005865d6
0x005865e0
0x005865e2
0x00000000
0x005865e2
0x005865ee
0x005865f3
0x00000000
0x005865f5
0x00586607
0x0058660c
0x00586610
0x00586615
0x0058661e
0x00586628
0x0058662f
0x0058663f
0x00586644
0x00586644
0x00586646
0x00586647
0x0058664d
0x00586653
0x0058668e
0x00586690
0x00586695
0x00000000
0x0058669b
0x00586658
0x00586665
0x00000000
0x00586678
0x0058667f
0x00586686
0x00000000
0x00586686
0x00586665
0x0058664d
0x005866a2

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf7bdf9da67ecc928336aab066482e6213c2e24160aca79d3e9667660882f776
Instruction ID: 7ced4f6ac72d4b624eb87d8c68b941b316f9879e7a3a6f593d5052ea882bc33a
Opcode Fuzzy Hash: cf7bdf9da67ecc928336aab066482e6213c2e24160aca79d3e9667660882f776
Instruction Fuzzy Hash: D411A230A0029A9ADB307B3A595AB9A3F88BF81758F040429BD01FF246EE74DC5587A0

Uniqueness

Uniqueness Score: -1.00%

Function 00420F94, Relevance: 7.5, APIs: 5, Instructions: 41
fileCOMMON

Download Yara Rule

C-Code - Quality: 82%

			E00420F94(void* __eax) {
				signed char _t10;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t17;
				WCHAR* _t18;

				_t17 = __eax;
				_t18 = E004097C8(__eax);
				DeleteFileW(_t18);
				asm("sbb ebx, ebx");
				_t15 = _t14 + 1;
				if(_t15 == 0) {
					_t16 = GetLastError();
					_t10 = GetFileAttributesW(_t18);
					if(_t10 == 0xffffffff || (_t10 & 0x00000004) == 0 || (_t10 & 0x00000010) == 0) {
						SetLastError(_t16);
					} else {
						RemoveDirectoryW(E004097C8(_t17));
						asm("sbb ebx, ebx");
						_t15 = _t15 + 1;
					}
				}
				return _t15;
			}

0x00420f98
0x00420fa1
0x00420fa4
0x00420fac
0x00420fae
0x00420fb1
0x00420fb8
0x00420fbb
0x00420fc3
0x00420fe4
0x00420fce
0x00420fd6
0x00420fde
0x00420fe0
0x00420fe0
0x00420fc3
0x00420fef

APIs

DeleteFileW.KERNEL32(00000000,?,?,0066978C,?,00650DE7,00000000,00650E3C,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex), ref: 00420FA4
GetLastError.KERNEL32(00000000,?,?,0066978C,?,00650DE7,00000000,00650E3C,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex), ref: 00420FB3
GetFileAttributesW.KERNEL32(00000000,00000000,?,?,0066978C,?,00650DE7,00000000,00650E3C,?,?,00000005,?,00000000,00000000,00000000), ref: 00420FBB
RemoveDirectoryW.KERNEL32(00000000,00000000,00000000,?,?,0066978C,?,00650DE7,00000000,00650E3C,?,?,00000005,?,00000000,00000000), ref: 00420FD6
SetLastError.KERNEL32(00000000,00000000,00000000,?,?,0066978C,?,00650DE7,00000000,00650E3C,?,?,00000005,?,00000000,00000000), ref: 00420FE4

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ErrorFileLast$AttributesDeleteDirectoryRemove
String ID:
API String ID: 2814369299-0
Opcode ID: cdbfdfc32e21faa2f53a0d5ecc2ffdddae70f8e7307789f3e693d22f1bd1cdf5
Instruction ID: 6ebe3b4cf45532d28852752088064c3a0fe5d7edeb4f0602fc5494761cc484af
Opcode Fuzzy Hash: cdbfdfc32e21faa2f53a0d5ecc2ffdddae70f8e7307789f3e693d22f1bd1cdf5
Instruction Fuzzy Hash: 43F0A7613843211D9630397E29C9EFF158C894276DB55073FFA50D22A3C59D5D4A816E

Uniqueness

Uniqueness Score: -1.00%

Function 005A0B08, Relevance: 7.5, APIs: 5, Instructions: 39
threadCOMMON

Download Yara Rule

C-Code - Quality: 92%

			E005A0B08() {
				intOrPtr _v4;
				void* _v8;
				int _t5;
				void* _t6;
				intOrPtr _t12;
				struct HHOOK__* _t14;
				void* _t19;
				void* _t20;

				if( *0x6697b0 != 0) {
					_t14 =  *0x6697b0; // 0x0
					UnhookWindowsHookEx(_t14);
				}
				 *0x6697b0 = 0;
				_v4 = 0x6697b4;
				_t5 = 0;
				asm("lock xchg [edx], eax");
				_v8 = 0;
				if(_v8 != 0) {
					_t6 =  *0x6697ac; // 0x0
					SetEvent(_t6);
					if(GetCurrentThreadId() !=  *0x6697a8) {
						while(MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff) != 0) {
							_t12 =  *0x66978c; // 0x0
							E005A2F08(_t12, _t19, _t20);
						}
					}
					_t5 = CloseHandle(_v8);
				}
				return _t5;
			}

0x005a0b12
0x005a0b14
0x005a0b1a
0x005a0b1a
0x005a0b21
0x005a0b26
0x005a0b32
0x005a0b34
0x005a0b37
0x005a0b3e
0x005a0b40
0x005a0b46
0x005a0b56
0x005a0b64
0x005a0b5a
0x005a0b5f
0x005a0b5f
0x005a0b64
0x005a0b81
0x005a0b81
0x005a0b88

APIs

UnhookWindowsHookEx.USER32(00000000), ref: 005A0B1A
SetEvent.KERNEL32(00000000), ref: 005A0B46
GetCurrentThreadId.KERNEL32 ref: 005A0B4B
MsgWaitForMultipleObjects.USER32 ref: 005A0B74
CloseHandle.KERNEL32(00000000,00000000), ref: 005A0B81

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CloseCurrentEventHandleHookMultipleObjectsThreadUnhookWaitWindows
String ID:
API String ID: 2132507429-0
Opcode ID: e6b659a67628e6597ebfa78dc1528b0cb64968c2b27a36c0fea25693f55d3dc7
Instruction ID: eeeb615204661b1aca082b56b3788136df217e3b650a30bde2679d9a32e7b538
Opcode Fuzzy Hash: e6b659a67628e6597ebfa78dc1528b0cb64968c2b27a36c0fea25693f55d3dc7
Instruction Fuzzy Hash: 2701AD70228204AFCB00EF68DE06B9D3BE8FB05314F005A2AF654C71E4E7B49880CB66

Uniqueness

Uniqueness Score: -1.00%

Function 004702D4, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87
threadCOMMON

Download Yara Rule

C-Code - Quality: 80%

			E004702D4(void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v5;
				char _v12;
				char _v16;
				char _v20;
				void* _t23;
				char _t29;
				void* _t50;
				intOrPtr _t55;
				char _t57;
				intOrPtr _t59;
				void* _t64;
				void* _t66;
				void* _t68;
				void* _t69;
				intOrPtr _t70;

				_t64 = __edi;
				_t57 = __edx;
				_t50 = __ecx;
				_t68 = _t69;
				_t70 = _t69 + 0xfffffff0;
				_v20 = 0;
				if(__edx != 0) {
					_t70 = _t70 + 0xfffffff0;
					_t23 = E00406F90(_t23, _t68);
				}
				_t49 = _t50;
				_v5 = _t57;
				_t66 = _t23;
				_push(_t68);
				_push(0x4703cd);
				_push( *[fs:eax]);
				 *[fs:eax] = _t70;
				E00406998(0);
				_t3 = _t66 + 0x2c; // 0x266461
				 *(_t66 + 0xf) =  *_t3 & 0x000000ff ^ 0x00000001;
				if(_t50 == 0 ||  *(_t66 + 0x2c) != 0) {
					_t29 = 0;
				} else {
					_t29 = 1;
				}
				 *((char*)(_t66 + 0xd)) = _t29;
				if( *(_t66 + 0x2c) != 0) {
					 *((intOrPtr*)(_t66 + 8)) = GetCurrentThread();
					 *((intOrPtr*)(_t66 + 4)) = GetCurrentThreadId();
				} else {
					if(_a4 == 0) {
						_t12 = _t66 + 4; // 0x46e670
						 *((intOrPtr*)(_t66 + 8)) = E004085D8(0, 0x4701e0, 0, _t12, 4, _t66);
					} else {
						_t9 = _t66 + 4; // 0x46e670
						 *((intOrPtr*)(_t66 + 8)) = E004085D8(0, 0x4701e0, _a4, _t9, 0x10004, _t66);
					}
					if( *((intOrPtr*)(_t66 + 8)) == 0) {
						E004251D8(GetLastError(), _t49, 0, _t66);
						_v16 = _v20;
						_v12 = 0x11;
						_t55 =  *0x662958; // 0x4133c4
						E00426584(_t49, _t55, 1, _t64, _t66, 0,  &_v16);
						E00407E14();
					}
				}
				_pop(_t59);
				 *[fs:eax] = _t59;
				_push(E004703D4);
				return E00408718( &_v20);
			}

0x004702d4
0x004702d4
0x004702d4
0x004702d5
0x004702d7
0x004702de
0x004702e3
0x004702e5
0x004702e8
0x004702e8
0x004702ed
0x004702ef
0x004702f2
0x004702f6
0x004702f7
0x004702fc
0x004702ff
0x00470306
0x0047030b
0x00470311
0x00470316
0x0047031e
0x00470322
0x00470322
0x00470322
0x00470324
0x0047032b
0x004703ac
0x004703b4
0x0047032d
0x00470331
0x00470354
0x00470366
0x00470333
0x00470339
0x0047034c
0x0047034c
0x0047036d
0x00470379
0x00470381
0x00470384
0x0047038e
0x0047039b
0x004703a0
0x004703a0
0x0047036d
0x004703b9
0x004703bc
0x004703bf
0x004703cc

APIs

GetLastError.KERNEL32(0046E670,00000004,0046E66C,00000000,004703CD,?,0046E66C,00000000), ref: 0047036F

Part of subcall function 004085D8: CreateThread.KERNEL32 ref: 00408632

GetCurrentThread.KERNEL32 ref: 004703A7
GetCurrentThreadId.KERNEL32 ref: 004703AF

Strings

9D, xrefs: 00470396

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Thread$Current$CreateErrorLast
String ID: 9D
API String ID: 3539746228-2600770735
Opcode ID: 782b105c7adc803218f25929232b7c06f2167ee4bc93601274e59246b82acb12
Instruction ID: f9857796ad14231e6e04606ef7c0ce10faa70948f457118b7ae5954610b77c36
Opcode Fuzzy Hash: 782b105c7adc803218f25929232b7c06f2167ee4bc93601274e59246b82acb12
Instruction Fuzzy Hash: 9B31E070A05744EFD720DB76C8417EBBBE4AF09304F40C87EE899D7691DA78A844C769

Uniqueness

Uniqueness Score: -1.00%

Function 006508D4, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E006508D4(intOrPtr __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				char _v32;
				WCHAR* _t43;
				char _t58;
				intOrPtr _t68;
				void* _t72;
				signed int _t74;
				void* _t78;

				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 = __edx;
				_v16 = __eax;
				_push(_t78);
				_push(0x6509d2);
				_push( *[fs:eax]);
				 *[fs:eax] = _t78 + 0xffffffe4;
				E00408718(_v20);
				E005AFA70(_v16, 0,  &_v8);
				_t72 = 0;
				_t58 = 0;
				do {
					_v32 = _t58;
					_v28 = 0;
					E00421A6C(L"isRS-%.3u.tmp", 0,  &_v32,  &_v24);
					E00409A18( &_v12, _v24, _v8);
					_t74 = GetFileAttributesW(E004097C8(_v12));
					if(_t74 == 0xffffffff) {
						L5:
						_t43 = E004097C8(_v12);
						if(MoveFileExW(E004097C8(_v16), _t43, 1) == 0) {
							_t72 = _t72 + 1;
							if(_t72 == 0xa) {
								break;
							}
							goto L8;
						}
						E00408AF8(_v20, _v12);
						break;
					}
					if((_t74 & 0x00000010) != 0) {
						goto L8;
					}
					if((_t74 & 0x00000001) != 0) {
						SetFileAttributesW(E004097C8(_v12), _t74 & 0xfffffffe);
					}
					goto L5;
					L8:
					_t58 = _t58 + 1;
				} while (_t58 != 0x3e8);
				_pop(_t68);
				 *[fs:eax] = _t68;
				_push(E006509D9);
				E00408718( &_v24);
				return E00408778( &_v12, 2);
			}

0x006508df
0x006508e2
0x006508e5
0x006508e8
0x006508eb
0x006508f0
0x006508f1
0x006508f6
0x006508f9
0x006508ff
0x0065090a
0x0065090f
0x00650911
0x00650913
0x00650917
0x0065091a
0x00650928
0x00650936
0x00650949
0x0065094e
0x00650972
0x00650977
0x0065098d
0x0065099c
0x006509a0
0x00000000
0x00000000
0x00000000
0x006509a0
0x00650995
0x00000000
0x00650995
0x00650956
0x00000000
0x00000000
0x0065095e
0x0065096d
0x0065096d
0x00000000
0x006509a2
0x006509a2
0x006509a3
0x006509b1
0x006509b4
0x006509b7
0x006509bf
0x006509d1

APIs

GetFileAttributesW.KERNEL32(00000000,000000EC,00000000,006509D2,?,?,0066978C,?,00650E02,00000000,00650E0C,?,00000000,00650E3C,?,?), ref: 00650944
SetFileAttributesW.KERNEL32(00000000,00000000,00000000,000000EC,00000000,006509D2,?,?,0066978C,?,00650E02,00000000,00650E0C,?,00000000,00650E3C), ref: 0065096D
MoveFileExW.KERNEL32(00000000,00000000,00000001,00000000,000000EC,00000000,006509D2,?,?,0066978C,?,00650E02,00000000,00650E0C,?,00000000), ref: 00650986

Strings

isRS-%.3u.tmp, xrefs: 00650923

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: File$Attributes$Move
String ID: isRS-%.3u.tmp
API String ID: 3839737484-3657609586
Opcode ID: 73c0874dde1645869020931b14af0b8d603a3c02a8dad8aa43691cc204376f73
Instruction ID: fd64645e21a18fecabc0b8dc279039ee35b9e16079179385e1984e8b922befa7
Opcode Fuzzy Hash: 73c0874dde1645869020931b14af0b8d603a3c02a8dad8aa43691cc204376f73
Instruction Fuzzy Hash: 8131C571E002099FEB00EBA9C9829DEB7F9AF44314F50457EF814F32D2CB389E458A55

Uniqueness

Uniqueness Score: -1.00%

Function 0064E360, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59
processCOMMON

Download Yara Rule

C-Code - Quality: 56%

			E0064E360(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				struct _STARTUPINFOW _v76;
				struct _PROCESS_INFORMATION _v92;
				int _t22;
				intOrPtr _t28;
				intOrPtr _t41;
				void* _t47;

				_v8 = 0;
				_t44 = __edx;
				_t32 = __eax;
				_push(_t47);
				_push(0x64e408);
				_push( *[fs:eax]);
				 *[fs:eax] = _t47 + 0xffffffa8;
				_push(0x64e424);
				_push(__eax);
				_push(E0064E434);
				_push(__edx);
				E00409AA0( &_v8, __eax, 4, __edi, __edx);
				E00405CE4( &_v76, 0x44);
				_v76.cb = 0x44;
				_t22 = CreateProcessW(0, E004097C8(_v8), 0, 0, 0, 0, 0, 0,  &_v76,  &_v92);
				_t49 = _t22;
				if(_t22 == 0) {
					_t28 =  *0x66279c; // 0x669c04
					_t8 = _t28 + 0x1c8; // 0x0
					E0064E2B8( *_t8, _t32, 0, _t44, _t49);
				}
				_t9 =  &(_v92.hThread); // 0x64e478
				CloseHandle( *_t9);
				_pop(_t41);
				 *[fs:eax] = _t41;
				_push(E0064E40F);
				return E00408718( &_v8);
			}

0x0064e36a
0x0064e36d
0x0064e36f
0x0064e373
0x0064e374
0x0064e379
0x0064e37c
0x0064e37f
0x0064e384
0x0064e385
0x0064e38a
0x0064e393
0x0064e3a2
0x0064e3a7
0x0064e3cd
0x0064e3d2
0x0064e3d4
0x0064e3d6
0x0064e3db
0x0064e3e1
0x0064e3e1
0x0064e3e6
0x0064e3ea
0x0064e3f4
0x0064e3f7
0x0064e3fa
0x0064e407

APIs

CreateProcessW.KERNEL32 ref: 0064E3CD
CloseHandle.KERNEL32(xd,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,0064E434,?,0064E424,00000000), ref: 0064E3EA

Part of subcall function 0064E2B8: GetLastError.KERNEL32(00000000,0064E353,?,?,?), ref: 0064E2DB

Strings

xd, xrefs: 0064E3E6, 0064E3E9
D, xrefs: 0064E3A7

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CloseCreateErrorHandleLastProcess
String ID: D$xd
API String ID: 3798668922-589168589
Opcode ID: 2ca9de96d9ef3f2fda2e75e4a70d42fac544a84f5ff059f388952b66a3a43b6d
Instruction ID: 2770b63dbd5f0664191502d66b5aa67e7b61ccad1497a3da23e2b2c891076db0
Opcode Fuzzy Hash: 2ca9de96d9ef3f2fda2e75e4a70d42fac544a84f5ff059f388952b66a3a43b6d
Instruction Fuzzy Hash: 4111A171644608AFEB00DBD5CC82EDE77EDEF09704F51407AF604E7291E6799D008A69

Uniqueness

Uniqueness Score: -1.00%

Function 00600654, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59
windowCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E00600654(struct HWND__* __eax, signed char __edx, void* __ebp) {
				char _v16;
				signed char _v20;
				char _v24;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t8;
				struct HWND__* _t14;
				void* _t21;
				intOrPtr* _t22;
				struct HWND__* _t28;
				void* _t29;
				signed char* _t31;

				_t31 =  &_v20;
				 *_t31 = __edx;
				_t28 = __eax;
				_t21 = SendMessageW(__eax, 0xb06, 0, 0);
				if(_t21 != 0x6000500) {
					_v28 = _t21;
					_v24 = 0;
					_v20 = 0x6000500;
					_v16 = 0;
					_t23 = L"Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x)";
					E004264C8(_t21, L"Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x)", 1, 0x66a29c, _t28, 1,  &_v28);
					E00407E14();
				}
				 *0x66a288 = 1;
				 *0x66a298 = _t28;
				_t8 =  *0x6005b8; // 0x600610
				 *0x66a29c = E004733A4(E00600B6C, _t8);
				if( *0x66a29c == 0) {
					E005F8384(L"Failed to create DebugClientWnd", _t21);
				}
				_t29 = 4;
				_t22 =  *0x662454; // 0x6619dc
				do {
					E005B1C48( *0x66a29c, _t23,  *_t22);
					_t22 = _t22 + 4;
					_t29 = _t29 - 1;
				} while (_t29 != 0);
				_t14 =  *0x66a298; // 0x0
				return SendMessageW(_t14, 0xb00,  *0x66a29c,  *_t31 & 0x000000ff);
			}

0x00600657
0x0060065a
0x0060065d
0x00600673
0x0060067b
0x0060067d
0x00600681
0x00600686
0x0060068e
0x0060069a
0x006006a6
0x006006ab
0x006006ab
0x006006b0
0x006006b7
0x006006bd
0x006006cd
0x006006d2
0x006006d9
0x006006d9
0x006006de
0x006006e3
0x006006e9
0x006006ed
0x006006f2
0x006006f5
0x006006f5
0x00600705
0x00600716

APIs

SendMessageW.USER32(00000000,00000B06,00000000,00000000), ref: 0060066E
SendMessageW.USER32(00000000,00000B00,00000000,00000000), ref: 0060070B

Strings

Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x), xrefs: 0060069A
Failed to create DebugClientWnd, xrefs: 006006D4

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: MessageSend
String ID: Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x)$Failed to create DebugClientWnd
API String ID: 3850602802-3720027226
Opcode ID: 52b731dd62755f7d8c1f6c397bbe7d9ce1d8ae19bbd7a28dc5bb00d12e237df0
Instruction ID: 4175b821cf142c8e622798afdf7fde6d0c746e5252e1edb01a77202dd48d2af0
Opcode Fuzzy Hash: 52b731dd62755f7d8c1f6c397bbe7d9ce1d8ae19bbd7a28dc5bb00d12e237df0
Instruction Fuzzy Hash: 7E1123B06843409FF310EB68DC81B9B7FD99B85708F180429F5849B3D2D7B66C50CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 00619624, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54
registryCOMMON

Download Yara Rule

C-Code - Quality: 48%

			E00619624(void* __eax, void* __ebx, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				void* _t19;
				char _t20;
				void* _t34;
				intOrPtr _t39;
				intOrPtr _t45;

				_t42 = __esi;
				_push(0);
				_push(0);
				_push(0);
				_push(_t45);
				_push(0x6196be);
				 *[fs:eax] = _t45;
				E005AF910(__eax,  &_v16, _t45,  *[fs:eax]);
				E004098B8( &_v8, _v16);
				_push(E0040CDF4( &_v12));
				_t19 = E00409444(_v8);
				_t34 = _t19;
				_push(_t34);
				L00437630();
				if(_t19 != 0) {
					E005F84EC(L"LoadTypeLib", _t34, _t19, __esi);
				}
				_push(0);
				_push(_t34);
				_t20 = _v12;
				_push(_t20);
				L00437638();
				if(_t20 != 0) {
					E005F84EC(L"RegisterTypeLib", _t34, _t20, _t42);
				}
				_pop(_t39);
				 *[fs:eax] = _t39;
				_push(E006196C5);
				E00408718( &_v16);
				E0040CDF4( &_v12);
				return E00408760( &_v8);
			}

0x00619624
0x00619627
0x00619629
0x0061962b
0x00619632
0x00619633
0x0061963b
0x00619643
0x0061964e
0x0061965b
0x0061965f
0x00619664
0x00619666
0x00619667
0x0061966e
0x00619677
0x00619677
0x0061967c
0x0061967e
0x0061967f
0x00619682
0x00619683
0x0061968a
0x00619693
0x00619693
0x0061969a
0x0061969d
0x006196a0
0x006196a8
0x006196b0
0x006196bd

APIs

Part of subcall function 005AF910: GetFullPathNameW.KERNEL32(00000000,00001000,?,?,00000002,?,?,0066978C,00000000,005F8F3B,00000000,005F9216,?,?,0066978C), ref: 005AF941

LoadTypeLib.OLEAUT32(00000000,00000000), ref: 00619667
RegisterTypeLib.OLEAUT32(?,00000000,00000000), ref: 00619683

Strings

RegisterTypeLib, xrefs: 0061968E
LoadTypeLib, xrefs: 00619672

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Type$FullLoadNamePathRegister
String ID: LoadTypeLib$RegisterTypeLib
API String ID: 4170313675-2435364021
Opcode ID: 2795a7f06e11a5e2ab57fd77d59c37836fa9153c6ed2c0c27515d59caf167488
Instruction ID: a1c6d1944a89705a1ae2f70c12028eadbe445236a7dfe10c2b454775ce8fdd12
Opcode Fuzzy Hash: 2795a7f06e11a5e2ab57fd77d59c37836fa9153c6ed2c0c27515d59caf167488
Instruction Fuzzy Hash: FA014470704209AFEB10FBA5CD92BDE77EDEB48704F504475B500F3292EA78AE458678

Uniqueness

Uniqueness Score: -1.00%

Function 005F912D, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41
fileCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E005F912D(void* __edx) {
				WCHAR* _t13;
				intOrPtr _t32;
				intOrPtr _t33;
				void* _t36;

				SetFileAttributesW(E004097C8( *((intOrPtr*)(_t36 - 0x10))), 0x20);
				if(E00420F94( *((intOrPtr*)(_t36 - 0x10))) == 0) {
					E005F84D8(L"DeleteFile");
				}
				_t13 = E004097C8( *((intOrPtr*)(_t36 - 0x10)));
				if(MoveFileW(E004097C8( *((intOrPtr*)(_t36 - 0x14))), _t13) == 0) {
					E005F84D8(L"MoveFile");
				}
				_pop(_t32);
				 *[fs:eax] = _t32;
				_pop(_t33);
				 *[fs:eax] = _t33;
				_push(E005F921D);
				E00408778(_t36 - 0x44, 7);
				return E00408778(_t36 - 0x1c, 7);
			}

0x005f9138
0x005f9147
0x005f914e
0x005f914e
0x005f9156
0x005f916c
0x005f9173
0x005f9173
0x005f917a
0x005f917d
0x005f91f0
0x005f91f3
0x005f91f6
0x005f9203
0x005f9215

APIs

SetFileAttributesW.KERNEL32(00000000,00000020), ref: 005F9138

Part of subcall function 00420F94: DeleteFileW.KERNEL32(00000000,?,?,0066978C,?,00650DE7,00000000,00650E3C,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex), ref: 00420FA4
Part of subcall function 00420F94: GetLastError.KERNEL32(00000000,?,?,0066978C,?,00650DE7,00000000,00650E3C,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex), ref: 00420FB3
Part of subcall function 00420F94: GetFileAttributesW.KERNEL32(00000000,00000000,?,?,0066978C,?,00650DE7,00000000,00650E3C,?,?,00000005,?,00000000,00000000,00000000), ref: 00420FBB
Part of subcall function 00420F94: RemoveDirectoryW.KERNEL32(00000000,00000000,00000000,?,?,0066978C,?,00650DE7,00000000,00650E3C,?,?,00000005,?,00000000,00000000), ref: 00420FD6

MoveFileW.KERNEL32(00000000,00000000), ref: 005F9165

Part of subcall function 005F84D8: GetLastError.KERNEL32(00000000,005F91EE,00000005,00000000,005F9216,?,?,0066978C,?,00000000,00000000,00000000,?,00650A7F,00000000,00650A9A), ref: 005F84DB

Strings

MoveFile, xrefs: 005F916E
DeleteFile, xrefs: 005F9149

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: File$AttributesErrorLast$DeleteDirectoryMoveRemove
String ID: DeleteFile$MoveFile
API String ID: 3947864702-139070271
Opcode ID: 5bb618f7b427b5195a6abe4a513320b3d44db0debb22a050014d2d0feb17a377
Instruction ID: b8499831526bb04dbf5f9ac4b51478e099ff73939971a2d4390da8e0a4ff792a
Opcode Fuzzy Hash: 5bb618f7b427b5195a6abe4a513320b3d44db0debb22a050014d2d0feb17a377
Instruction Fuzzy Hash: CAF0497565850A9AEB00FB65D946BBE7BD4FB94304F60443BF504E32C6D93C9C01C629

Uniqueness

Uniqueness Score: -1.00%

Function 0061BF60, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39
registryCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E0061BF60(signed int __eax, void* __ecx, void* __edx, void* __ebp) {
				void* _v16;
				void* __ebx;
				void* _t31;
				signed int _t33;

				_push(__ecx);
				_t31 = __edx;
				_t22 = __eax;
				_t33 = __eax & 0x0000007f;
				if( *((intOrPtr*)(0x66a328 + _t33 * 4)) == 0) {
					if(E005B0F7C(__eax, L"SOFTWARE\\Microsoft\\.NETFramework", 0x80000002,  &_v16, 1, 0) == 0) {
						E005B0EA4();
						RegCloseKey(_v16);
					}
					if( *((intOrPtr*)(0x66a328 + _t33 * 4)) == 0) {
						E005F8384(L".NET Framework not found", _t22);
					}
				}
				return E00408AF8(_t31,  *((intOrPtr*)(0x66a328 + _t33 * 4)));
			}

0x0061bf63
0x0061bf64
0x0061bf66
0x0061bf6a
0x0061bf75
0x0061bf93
0x0061bfa4
0x0061bfad
0x0061bfad
0x0061bfba
0x0061bfc1
0x0061bfc1
0x0061bfba
0x0061bfd8

APIs

Part of subcall function 005B0F7C: RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,005B1656,?,00000000,?,005B15F6,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,005B1656), ref: 005B0F98

RegCloseKey.ADVAPI32(00000000,?,00000001,00000000,00000003,0061BDB8,00000003,00000000,0061C103,00000000,0061C2BD,?,0061BDB8,?,00000000,00000000), ref: 0061BFAD

Strings

SOFTWARE\Microsoft\.NETFramework, xrefs: 0061BF82
.NET Framework not found, xrefs: 0061BFBC
InstallRoot, xrefs: 0061BF9C

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CloseOpen
String ID: .NET Framework not found$InstallRoot$SOFTWARE\Microsoft\.NETFramework
API String ID: 47109696-2631785700
Opcode ID: 885fc4394270ad0df09e5d25c9b1bcd6a6d4fafc537a740705776ff6a9d2b009
Instruction ID: 448ca6937d64a862ac112d139eaec94d33f57e5ce0c2616cf06513c74001078b
Opcode Fuzzy Hash: 885fc4394270ad0df09e5d25c9b1bcd6a6d4fafc537a740705776ff6a9d2b009
Instruction Fuzzy Hash: FFF0A4313401155FC710DF999C45BDE6A8EDBC4361F542439F244D7351C775DC828AA2

Uniqueness

Uniqueness Score: -1.00%

Function 00464920, Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 107
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E00464920(void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, void* _a4, signed short _a8) {
				char _v5;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				void* _t30;
				void* _t67;
				void* _t68;
				intOrPtr _t73;
				intOrPtr _t77;
				char _t78;
				intOrPtr _t82;
				signed short _t93;
				void* _t96;
				void* _t98;
				void* _t99;
				intOrPtr _t100;

				_t78 = __edx;
				_t68 = __ecx;
				_t98 = _t99;
				_t100 = _t99 + 0xffffffdc;
				_v36 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				if(__edx != 0) {
					_t100 = _t100 + 0xfffffff0;
					_t30 = E00406F90(_t30, _t98);
				}
				_t96 = _t68;
				_v5 = _t78;
				_t67 = _t30;
				_t93 = _a8;
				_push(_t98);
				_push(0x464a70);
				_push( *[fs:eax]);
				 *[fs:eax] = _t100;
				if((0x0000ff00 & _t93) != 0xff00) {
					E00464790(E00420CF0(_t96, _t93 & 0x0000ffff), 0);
					if( *((intOrPtr*)(_t67 + 4)) == 0xffffffff) {
						E00421144(_t96,  &_v36);
						_v24 = _v36;
						_v20 = 0x11;
						E004251D8(GetLastError(), _t67, 0, _t96);
						_v16 = _v40;
						_v12 = 0x11;
						_t73 =  *0x6621f0; // 0x413314
						E00426584(_t67, _t73, 1, _t93, _t96, 1,  &_v24);
						E00407E14();
					}
				} else {
					_t94 = _t93 & 0x000000ff;
					if((_t93 & 0x000000ff) == 0xff) {
						_t94 = 0x10;
					}
					E00464790(E00420D48(_t96, _t94 & 0x0000ffff), 0);
					if( *((intOrPtr*)(_t67 + 4)) == 0xffffffff) {
						E00421144(_t96,  &_v28);
						_v24 = _v28;
						_v20 = 0x11;
						E004251D8(GetLastError(), _t67, 0, _t96);
						_v16 = _v32;
						_v12 = 0x11;
						_t77 =  *0x662a30; // 0x41330c
						E00426584(_t67, _t77, 1, _t94, _t96, 1,  &_v24);
						E00407E14();
					}
				}
				_t28 = _t67 + 8; // 0x43f140
				E00408AF8(_t28, _t96);
				_pop(_t82);
				 *[fs:eax] = _t82;
				_push(E00464A77);
				return E00408778( &_v40, 4);
			}

0x00464920
0x00464920
0x00464921
0x00464923
0x0046492b
0x0046492e
0x00464931
0x00464934
0x00464939
0x0046493b
0x0046493e
0x0046493e
0x00464943
0x00464945
0x00464948
0x0046494a
0x0046494f
0x00464950
0x00464955
0x00464958
0x00464966
0x004649f6
0x004649ff
0x00464a06
0x00464a0e
0x00464a11
0x00464a1f
0x00464a27
0x00464a2a
0x00464a34
0x00464a41
0x00464a46
0x00464a46
0x00464968
0x00464968
0x00464972
0x00464974
0x00464974
0x0046498b
0x00464994
0x0046499f
0x004649a7
0x004649aa
0x004649b8
0x004649c0
0x004649c3
0x004649cd
0x004649da
0x004649df
0x004649df
0x00464994
0x00464a4b
0x00464a50
0x00464a57
0x00464a5a
0x00464a5d
0x00464a6f

APIs

GetLastError.KERNEL32(00000000,00464A70,?,?,0043F138,00000001), ref: 004649AE

Part of subcall function 00420CF0: CreateFileW.KERNEL32(00000000,000000F0,000000F0,00000000,00000003,00000080,00000000,?,?,0043F138,004649F0,00000000,00464A70,?,?,0043F138), ref: 00420D3F

Part of subcall function 00421144: GetFullPathNameW.KERNEL32(00000000,00000104,?,?,?,?,?,0043F138,00464A0B,00000000,00464A70,?,?,0043F138,00000001), ref: 00421167

GetLastError.KERNEL32(00000000,00464A70,?,?,0043F138,00000001), ref: 00464A15

Part of subcall function 004251D8: FormatMessageW.KERNEL32(00003300,00000000,00000000,00000000,00000001,00000000,00000000,?,0043F138,00000000,?,00464A24,00000000,00464A70), ref: 004251FC
Part of subcall function 004251D8: LocalFree.KERNEL32(00000001,00425255,00003300,00000000,00000000,00000000,00000001,00000000,00000000,?,0043F138,00000000,?,00464A24,00000000,00464A70), ref: 00425248

Strings

4Dd, xrefs: 004649C7
d{C, xrefs: 004649D5

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ErrorLast$CreateFileFormatFreeFullLocalMessageNamePath
String ID: 4Dd$d{C
API String ID: 503893064-2058038346
Opcode ID: 64a095c14a0f96203810d5c2f6b8d630ed5934c52ddf125560378948caaaaf86
Instruction ID: 0683953512549e244d6d4d668f9f4a6bb5012169835e8b5d33232cac3ad6031b
Opcode Fuzzy Hash: 64a095c14a0f96203810d5c2f6b8d630ed5934c52ddf125560378948caaaaf86
Instruction Fuzzy Hash: 3F41F670E002099FCB10EFB5C8815EEB7F1AF49314F90817AE904A7382DB785E01CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 0040C040, Relevance: 6.1, APIs: 4, Instructions: 95
threadCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E0040C040(signed short __eax, void* __edx) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				signed int _v20;
				short _v22;
				short _v24;
				char _v26;
				char _v32;
				void* __ebp;
				void* _t39;
				void* _t55;
				void* _t59;
				short* _t62;
				signed short _t66;
				void* _t67;
				void* _t68;
				signed short _t79;
				void* _t81;

				_t81 = __edx;
				_t66 = __eax;
				_v16 = 0;
				if(__eax !=  *0x665c0c()) {
					_v16 = E0040BFFC( &_v8);
					_t79 = _t66;
					_v20 = 3;
					_t62 =  &_v26;
					do {
						 *_t62 =  *(0xf + "0123456789ABCDEF") & 0x000000ff;
						_t79 = (_t79 & 0x0000ffff) >> 4;
						_v20 = _v20 - 1;
						_t62 = _t62 - 2;
					} while (_v20 != 0xffffffff);
					_v24 = 0;
					_v22 = 0;
					 *0x665c08(4,  &_v32,  &_v20);
				}
				_t39 = E0040BFFC( &_v12);
				_t67 = _t39;
				if(_t67 != 0) {
					_t55 = _v12 - 2;
					if(_t55 >= 0) {
						_t59 = _t55 + 1;
						_v20 = 0;
						do {
							if( *((short*)(_t67 + _v20 * 2)) == 0) {
								 *((short*)(_t67 + _v20 * 2)) = 0x2c;
							}
							_v20 = _v20 + 1;
							_t59 = _t59 - 1;
						} while (_t59 != 0);
					}
					E0040982C(_t81, _t67);
					_t39 = E004054AC(_t67);
				}
				if(_v16 != 0) {
					 *0x665c08(0, 0,  &_v20);
					_t68 = E0040BFFC( &_v12);
					if(_v8 != _v12 || E0040BFD8(_v16, _v12, _t68) != 0) {
						 *0x665c08(8, _v16,  &_v20);
					}
					E004054AC(_t68);
					return E004054AC(_v16);
				}
				return _t39;
			}

0x0040c048
0x0040c04a
0x0040c04e
0x0040c05a
0x0040c064
0x0040c067
0x0040c069
0x0040c070
0x0040c073
0x0040c084
0x0040c08a
0x0040c08d
0x0040c090
0x0040c093
0x0040c099
0x0040c09f
0x0040c0af
0x0040c0af
0x0040c0b8
0x0040c0bd
0x0040c0c1
0x0040c0c6
0x0040c0cb
0x0040c0cd
0x0040c0ce
0x0040c0d5
0x0040c0dd
0x0040c0e2
0x0040c0e2
0x0040c0e8
0x0040c0eb
0x0040c0eb
0x0040c0d5
0x0040c0f2
0x0040c0f9
0x0040c0f9
0x0040c102
0x0040c10c
0x0040c11a
0x0040c122
0x0040c13f
0x0040c13f
0x0040c147
0x00000000
0x0040c14f
0x0040c159

APIs

GetThreadUILanguage.KERNEL32(?,00000000), ref: 0040C051
SetThreadPreferredUILanguages.KERNEL32(00000004,?,?), ref: 0040C0AF
SetThreadPreferredUILanguages.KERNEL32(00000000,00000000,?), ref: 0040C10C
SetThreadPreferredUILanguages.KERNEL32(00000008,?,?), ref: 0040C13F

Part of subcall function 0040BFFC: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,00000000,?,?,0040C0BD), ref: 0040C013
Part of subcall function 0040BFFC: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,?,0040C0BD), ref: 0040C030

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Thread$LanguagesPreferred$Language
String ID:
API String ID: 2255706666-0
Opcode ID: 0c1f2c1c9d5c7ff37f6e9c8c355f8cabf370a15ff2cbfb9c2a42e9f649f7a9ae
Instruction ID: e50dbe343586da412169edcbcf2f18ed2f71acdc650f4f92d90da3ef9dabf820
Opcode Fuzzy Hash: 0c1f2c1c9d5c7ff37f6e9c8c355f8cabf370a15ff2cbfb9c2a42e9f649f7a9ae
Instruction Fuzzy Hash: 11311C70A0021EDBDB10DFE9C885AAEB3B5EF04315F00427AE551E7291DB789A44CB99

Uniqueness

Uniqueness Score: -1.00%

Function 005FA2A8, Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

WaitForInputIdle.USER32 ref: 005FA2D4
MsgWaitForMultipleObjects.USER32 ref: 005FA2F6
GetExitCodeProcess.KERNEL32 ref: 005FA307
CloseHandle.KERNEL32(00000001,005FA334,005FA32D,?,?,?,00000001,?,?,005FA6D6,?,00000000,005FA6EC,?,?,?), ref: 005FA327

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Wait$CloseCodeExitHandleIdleInputMultipleObjectsProcess
String ID:
API String ID: 4071923889-0
Opcode ID: 361074192ec374a05e2cf2df013bf89d016834e5deaa6a3beb335715fc6fd1be
Instruction ID: 586ac432c32a70313b0c318b61cb05b5cd87a00297960769d1cb778e8dd03f91
Opcode Fuzzy Hash: 361074192ec374a05e2cf2df013bf89d016834e5deaa6a3beb335715fc6fd1be
Instruction Fuzzy Hash: 5C01B5B4A4420C7EEB109BAA8D46EAA7FACEB09760F500516F708C31D1D5B99D408667

Uniqueness

Uniqueness Score: -1.00%

Function 005A3D7C, Relevance: 6.1, APIs: 4, Instructions: 53
windowCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E005A3D7C(signed char __eax, intOrPtr _a4) {
				int _t22;
				void* _t23;
				int _t31;
				signed int _t35;
				signed char _t38;
				void* _t43;
				void* _t44;

				_t38 = __eax;
				_t2 = _a4 - 4; // 0xc31852ff
				_t22 = IsWindowVisible( *( *_t2 + 0x188));
				asm("sbb eax, eax");
				_t23 = _t22 + 1;
				_t43 = _t23 -  *0x661800; // 0x0
				if(_t43 == 0) {
					_t44 = _t38 -  *0x661800; // 0x0
					if(_t44 != 0) {
						_t5 = _a4 - 4; // 0xc31852ff
						if( *((char*)( *_t5 + 0xeb)) != 0 &&  *0x661800 == 0) {
							_t8 = _a4 - 4; // 0xc31852ff
							_t35 = GetWindowLongW( *( *_t8 + 0x188), 0xffffffec);
							_t11 = _a4 - 4; // 0xc31852ff
							SetWindowLongW( *( *_t11 + 0x188), 0xffffffec, _t35 | 0x08000000);
						}
						_t16 = _a4 - 4; // 0xc31852ff
						_t31 = SetWindowPos( *( *_t16 + 0x188), 0, 0, 0, 0, 0,  *(0x661802 + (_t38 & 0x000000ff) * 2) & 0x0000ffff);
						 *0x661800 = _t38;
						return _t31;
					}
				}
				return _t23;
			}

0x005a3d80
0x005a3d85
0x005a3d8f
0x005a3d97
0x005a3d99
0x005a3d9a
0x005a3da0
0x005a3da2
0x005a3da8
0x005a3dad
0x005a3db7
0x005a3dc5
0x005a3dd1
0x005a3dd9
0x005a3deb
0x005a3deb
0x005a3e09
0x005a3e13
0x005a3e18
0x00000000
0x005a3e18
0x005a3da8
0x005a3e20

APIs

IsWindowVisible.USER32 ref: 005A3D8F
GetWindowLongW.USER32(?,000000EC), ref: 005A3DD1
SetWindowLongW.USER32 ref: 005A3DEB
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,C31852FF,?,00000000,?,005A3EA5,?,?,?,00000000), ref: 005A3E13

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Window$Long$Visible
String ID:
API String ID: 2967648141-0
Opcode ID: 3701598597631481a4bebe85878359a59fd4de1d73864697aee8f0662b462547
Instruction ID: a7e9761be64e8251a726e41e5ea799dd36543e273c62785c0243dde29f2c5ab3
Opcode Fuzzy Hash: 3701598597631481a4bebe85878359a59fd4de1d73864697aee8f0662b462547
Instruction Fuzzy Hash: 50115670205144AFDB10EB29D889FA97FD9BB45356F448595F844CF361C774EE80C790

Uniqueness

Uniqueness Score: -1.00%

Function 0046523C, Relevance: 6.1, APIs: 4, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E0046523C(void* __eax, struct HINSTANCE__* __edx, WCHAR* _a8) {
				WCHAR* _v8;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t18;
				void* _t23;
				WCHAR* _t24;
				void* _t25;
				struct HRSRC__* _t29;
				void* _t30;
				struct HINSTANCE__* _t31;
				void* _t32;

				_v8 = _t24;
				_t31 = __edx;
				_t23 = __eax;
				_t29 = FindResourceW(__edx, _v8, _a8);
				 *(_t23 + 0x10) = _t29;
				if(_t29 == 0) {
					E0046519C(_t23, _t24, _t29, _t31, _t32);
					_pop(_t24);
				}
				_t5 = _t23 + 0x10; // 0x4652d8
				_t30 = LoadResource(_t31,  *_t5);
				 *(_t23 + 0x14) = _t30;
				if(_t30 == 0) {
					E0046519C(_t23, _t24, _t30, _t31, _t32);
				}
				_t7 = _t23 + 0x10; // 0x4652d8
				_push(SizeofResource(_t31,  *_t7));
				_t8 = _t23 + 0x14; // 0x464b24
				_t18 = LockResource( *_t8);
				_pop(_t25);
				return E00464AD0(_t23, _t25, _t18);
			}

0x00465243
0x00465246
0x00465248
0x00465258
0x0046525a
0x0046525f
0x00465262
0x00465267
0x00465267
0x00465268
0x00465272
0x00465274
0x00465279
0x0046527c
0x00465281
0x00465282
0x0046528c
0x0046528d
0x00465291
0x0046529a
0x004652a5

APIs

FindResourceW.KERNEL32(?,?,?,0043FE3C,?,00000001,00000000,?,0046517E,00000000,00000000,?,0066978C,?,?,00644460), ref: 00465253
LoadResource.KERNEL32(?,004652D8,?,?,?,0043FE3C,?,00000001,00000000,?,0046517E,00000000,00000000,?,0066978C,?), ref: 0046526D
SizeofResource.KERNEL32(?,004652D8,?,004652D8,?,?,?,0043FE3C,?,00000001,00000000,?,0046517E,00000000,00000000), ref: 00465287
LockResource.KERNEL32(00464B24,00000000,?,004652D8,?,004652D8,?,?,?,0043FE3C,?,00000001,00000000,?,0046517E,00000000), ref: 00465291

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Resource$FindLoadLockSizeof
String ID:
API String ID: 3473537107-0
Opcode ID: 0f0122636f5e1f829796b1b782f7f01f5b08c6add20a43d762356a9fcebc62f1
Instruction ID: cc44b1e40f387fa113896bb731206f382d166b60eb9947859bc6d233c5ebbc2f
Opcode Fuzzy Hash: 0f0122636f5e1f829796b1b782f7f01f5b08c6add20a43d762356a9fcebc62f1
Instruction Fuzzy Hash: 32F0D1B36046046F5744EE9DA881D9B77ECEE89368310015FF908C7206EA38DE118779

Uniqueness

Uniqueness Score: -1.00%

Function 005FB310, Relevance: 6.0, APIs: 4, Instructions: 41
registrywindowCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E005FB310(void* __eax, void* __ecx, void* __edx, void* __eflags) {
				void* _v12;
				int _t13;
				void* _t20;
				void* _t26;

				_push(__ecx);
				_t20 = __edx;
				_t26 = __eax;
				if(E005B0F7C(0,  *((intOrPtr*)(0x661aec + (E005B0D50() & 0x0000007f) * 4)), 0x80000002,  &_v12, 2, 0) == 0) {
					RegDeleteValueW(_v12, E004097C8(_t26));
					RegCloseKey(_v12);
				}
				_t13 = RemoveFontResourceW(E004097C8(_t20));
				if(_t13 != 0) {
					_t13 = SendNotifyMessageW(0xffff, 0x1d, 0, 0);
				}
				return _t13;
			}

0x005fb312
0x005fb313
0x005fb315
0x005fb33d
0x005fb34c
0x005fb355
0x005fb355
0x005fb362
0x005fb369
0x005fb376
0x005fb376
0x005fb37e

APIs

Part of subcall function 005B0F7C: RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,005B1656,?,00000000,?,005B15F6,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,005B1656), ref: 005B0F98

RegDeleteValueW.ADVAPI32(?,00000000,?,00000002,00000000,?,?,?,0061FC1F), ref: 005FB34C
RegCloseKey.ADVAPI32(00000000,?,00000000,?,00000002,00000000,?,?,?,0061FC1F), ref: 005FB355
RemoveFontResourceW.GDI32(00000000), ref: 005FB362
SendNotifyMessageW.USER32(0000FFFF,0000001D,00000000,00000000), ref: 005FB376

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CloseDeleteFontMessageNotifyOpenRemoveResourceSendValue
String ID:
API String ID: 4283692357-0
Opcode ID: b1a75d6fce208f2cb670cef040c725f436818ea9a7a6bd064fa13dfabe8b8bc4
Instruction ID: c52067ccd3556da8fd7ad667957e5be6d739970e3ed5feb56a743fdae82ea117
Opcode Fuzzy Hash: b1a75d6fce208f2cb670cef040c725f436818ea9a7a6bd064fa13dfabe8b8bc4
Instruction Fuzzy Hash: DCF054B279430566E610B6B69C87FAB16CC5F44745F144C29F704EB1D3D66CDC405265

Uniqueness

Uniqueness Score: -1.00%

Function 004F9144, Relevance: 6.0, APIs: 4, Instructions: 35
threadCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E004F9144(struct HWND__* __eax, void* __ecx) {
				intOrPtr _t5;
				struct HWND__* _t12;
				void* _t15;
				DWORD* _t16;

				_t13 = __ecx;
				_push(__ecx);
				_t12 = __eax;
				_t15 = 0;
				if(__eax != 0 && GetWindowThreadProcessId(__eax, _t16) != 0 && GetCurrentProcessId() ==  *_t16) {
					_t5 =  *0x669638; // 0x0
					if(GlobalFindAtomW(E004097C8(_t5)) !=  *0x669632) {
						_t15 = E004F9110(_t12, _t13);
					} else {
						_t15 = GetPropW(_t12,  *0x669632 & 0x0000ffff);
					}
				}
				return _t15;
			}

0x004f9144
0x004f9146
0x004f9147
0x004f9149
0x004f914d
0x004f9164
0x004f917b
0x004f9196
0x004f917d
0x004f918b
0x004f918b
0x004f917b
0x004f919d

APIs

GetWindowThreadProcessId.USER32(00000000), ref: 004F9151
GetCurrentProcessId.KERNEL32(?,00000000,00000000,005A4B86,?,?,00000000,00000001,005A2E83,?,00000000,00000000,00000000,00000001,?,00000000), ref: 004F915A
GlobalFindAtomW.KERNEL32(00000000), ref: 004F916F
GetPropW.USER32 ref: 004F9186

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Process$AtomCurrentFindGlobalPropThreadWindow
String ID:
API String ID: 2582817389-0
Opcode ID: ee2e1ef9a1a35f1a24730f2b5013e39de037f09d4d18ee7efcebb2db094489bf
Instruction ID: 6cdfd07cd157af09d6636e7e024685bcdc2838eed951bc29520a0badc25c7c68
Opcode Fuzzy Hash: ee2e1ef9a1a35f1a24730f2b5013e39de037f09d4d18ee7efcebb2db094489bf
Instruction Fuzzy Hash: 32F0306260021666B72477B6AE85AFB328C8A057A5740297FFA01D7216D57CCC8283BD

Uniqueness

Uniqueness Score: -1.00%

Function 0063DA44, Relevance: 6.0, APIs: 4, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0063DA44() {
				long _v8;
				void _v12;
				void* _v16;
				void* _t16;
				HANDLE* _t17;

				_t17 =  &_v12;
				_t16 = 0;
				if(OpenProcessToken(GetCurrentProcess(), 8, _t17) != 0) {
					_v12 = 0;
					if(GetTokenInformation(_v16, 0x12,  &_v12, 4,  &_v8) != 0) {
						_t16 = _v16;
					}
					CloseHandle( *_t17);
				}
				return _t16;
			}

0x0063da45
0x0063da48
0x0063da5a
0x0063da5e
0x0063da7c
0x0063da7e
0x0063da7e
0x0063da86
0x0063da86
0x0063da91

APIs

GetCurrentProcess.KERNEL32(00000008), ref: 0063DA4D
OpenProcessToken.ADVAPI32(00000000,00000008), ref: 0063DA53
GetTokenInformation.ADVAPI32(00000008,00000012(TokenIntegrityLevel),00000000,00000004,00000008,00000000,00000008), ref: 0063DA75
CloseHandle.KERNEL32(00000000,00000008,TokenIntegrityLevel,00000000,00000004,00000008,00000000,00000008), ref: 0063DA86

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ProcessToken$CloseCurrentHandleInformationOpen
String ID:
API String ID: 215268677-0
Opcode ID: 7194473c555c5df6bfb519c3e81e3fa7fb4f7991b3d4a0d63cce9941d0bcb8a4
Instruction ID: a157fd3303c1430b13f319c7757610127fd6bd2de266f3ae7d41e5c3beec6acc
Opcode Fuzzy Hash: 7194473c555c5df6bfb519c3e81e3fa7fb4f7991b3d4a0d63cce9941d0bcb8a4
Instruction Fuzzy Hash: 59F030706483006BD700EBA5DD82EDB76DCAF44394F00492EBF94C7291E678D95897A2

Uniqueness

Uniqueness Score: -1.00%

Function 004E43D0, Relevance: 6.0, APIs: 4, Instructions: 29
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004E43D0() {
				signed char _v28;
				void* _t4;
				signed int _t8;
				struct HDC__* _t9;
				struct tagTEXTMETRICW* _t10;

				_t8 = 1;
				_t9 = GetDC(0);
				if(_t9 != 0) {
					_t4 =  *0x6694a0; // 0x58a00b4
					if(SelectObject(_t9, _t4) != 0 && GetTextMetricsW(_t9, _t10) != 0) {
						_t8 = _v28 & 0x000000ff;
					}
					ReleaseDC(0, _t9);
				}
				return _t8;
			}

0x004e43d5
0x004e43de
0x004e43e2
0x004e43e4
0x004e43f2
0x004e43ff
0x004e43ff
0x004e4407
0x004e4407
0x004e4413

APIs

GetDC.USER32(00000000), ref: 004E43D9
SelectObject.GDI32(00000000,058A00B4), ref: 004E43EB
GetTextMetricsW.GDI32(00000000,?,00000000,058A00B4,00000000), ref: 004E43F6
ReleaseDC.USER32 ref: 004E4407

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: MetricsObjectReleaseSelectText
String ID:
API String ID: 2013942131-0
Opcode ID: a6aecb0737437b3e4e44ddca18d58a6d0b7d8c9274c0db10c9c3bc7fb89915e8
Instruction ID: d4d349d3644daeae5b714f5edb0297babd8c78eacc5647d64bd84649639e733b
Opcode Fuzzy Hash: a6aecb0737437b3e4e44ddca18d58a6d0b7d8c9274c0db10c9c3bc7fb89915e8
Instruction Fuzzy Hash: 33E04F617026A126D61161A75D82BEB274C4F423AAF08012AFD54D92E3DA4DCD62C2FA

Uniqueness

Uniqueness Score: -1.00%

Function 00407BAA, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E00407BAA(void* __ebx, long __edi, void* __esi, void* __ebp, struct _EXCEPTION_POINTERS _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				intOrPtr _v44;
				struct _EXCEPTION_RECORD* _t31;
				long _t34;
				long _t35;
				struct _EXCEPTION_RECORD* _t36;
				intOrPtr* _t38;
				long _t42;
				long _t44;
				long _t45;
				void* _t46;
				intOrPtr* _t47;
				void* _t51;
				long _t52;
				void* _t55;
				intOrPtr _t57;
				long* _t58;
				long _t64;
				intOrPtr* _t67;
				intOrPtr* _t69;
				long _t70;
				void* _t73;
				long* _t74;
				void* _t76;
				long _t77;
				intOrPtr _t80;

				_t76 = __ebp;
				_t73 = __esi;
				_t70 = __edi;
				_t51 = __ebx;
				_t31 = _a4.ExceptionRecord;
				if((_t31->ExceptionFlags & 0x00000006) == 0) {
					if(_t31->ExceptionCode == 0xeedfade) {
						_t34 =  *(_t31->ExceptionInformation[1]);
						goto L6;
					} else {
						asm("cld");
						E004068AC(_t31);
						_t69 =  *0x663014; // 0x0
						if(_t69 != 0) {
							_t34 =  *_t69();
							if(_t34 != 0) {
								L6:
								_push(_t51);
								_push(_t73);
								_push(_t70);
								_push(_t76);
								_t57 =  *((intOrPtr*)(_a8 + 4));
								_t52 =  *(_t57 + 5);
								_t9 = _t57 + 9; // 0xf
								_t74 = _t9;
								_t77 = _t34;
								while(1) {
									L7:
									_t35 =  *_t74;
									__eflags = _t35;
									if(_t35 == 0) {
										break;
									}
									_t70 = _t77;
									while(1) {
										_t46 =  *_t35;
										__eflags = _t46 - _t70;
										if(_t46 == _t70) {
											goto L17;
										}
										__eflags =  *((intOrPtr*)(_t46 - 0x34)) -  *((intOrPtr*)(_t70 - 0x34));
										if( *((intOrPtr*)(_t46 - 0x34)) !=  *((intOrPtr*)(_t70 - 0x34))) {
											L14:
											_t70 =  *(_t70 - 0x30);
											_t35 =  *_t74;
											__eflags = _t70;
											if(_t70 != 0) {
												_t70 =  *_t70;
												continue;
											} else {
												_t74 =  &(_t74[2]);
												_t52 = _t52 - 1;
												__eflags = _t52;
												if(_t52 != 0) {
													goto L7;
												} else {
												}
											}
										} else {
											_t47 =  *((intOrPtr*)(_t46 - 0x38));
											_t67 =  *((intOrPtr*)(_t70 - 0x38));
											_t62 =  *_t47;
											__eflags =  *_t47 -  *_t67;
											if( *_t47 !=  *_t67) {
												goto L14;
											} else {
												__eflags = _t67 + 1;
												E00408D60(_t47 + 1, _t62, _t67 + 1);
												if(__eflags == 0) {
													goto L17;
												} else {
													goto L14;
												}
											}
										}
										goto L26;
									}
									break;
								}
								L17:
								_t36 = _a4.ExceptionRecord;
								__eflags = _t36->ExceptionCode - 0xeedfade;
								_t64 = _t36->ExceptionInformation[1];
								_t58 = _t36->ExceptionInformation;
								if(_t36->ExceptionCode == 0xeedfade) {
									__eflags =  *0x65d031 - 1;
									if( *0x65d031 <= 1) {
										goto L25;
									}
									__eflags =  *0x65d030;
									if( *0x65d030 > 0) {
										goto L25;
									}
									_t42 = UnhandledExceptionFilter( &_a4);
									__eflags = _t42;
									_t58 = _t58;
									_t64 = _t64;
									_t36 = _t36;
									if(_t42 != 0) {
										goto L25;
									}
								} else {
									_t44 = E00407998( *0x663018(), _a12, _t70);
									__eflags =  *0x65d031;
									if( *0x65d031 <= 0) {
										L21:
										_t64 = _t44;
										_t36 = _a4.ExceptionRecord;
										_t58 = _t36->ExceptionAddress;
										L25:
										_t36->ExceptionFlags = _t36->ExceptionFlags | 0x00000002;
										 *0x663020(_a8, 0x407ce0, _t36, 0, _t74, _t58, _t64, _t36,  *[fs:ebx]);
										_pop(_t55);
										_t38 = E0040E728();
										_push( *_t38);
										 *_t38 = _t80;
										 *((intOrPtr*)(_v8 + 4)) = E00407D0C;
										E004079D4(_v44, _t55, _t74);
										goto ( *((intOrPtr*)(_t55 + 4)));
									}
									__eflags =  *0x65d030;
									if( *0x65d030 > 0) {
										goto L21;
									}
									_t45 = UnhandledExceptionFilter( &_a4);
									__eflags = _t45;
									_t44 = _t44;
									if(_t45 != 0) {
										goto L21;
									}
								}
							} else {
							}
						}
					}
				}
				L26:
				return 1;
			}

0x00407baa
0x00407baa
0x00407baa
0x00407baa
0x00407bac
0x00407bb7
0x00407bc3
0x00407be7
0x00000000
0x00407bc5
0x00407bc5
0x00407bc6
0x00407bcb
0x00407bd3
0x00407bd9
0x00407bdd
0x00407be9
0x00407bed
0x00407bee
0x00407bef
0x00407bf0
0x00407bf1
0x00407bf4
0x00407bf7
0x00407bf7
0x00407bfa
0x00407bfc
0x00407bfc
0x00407bfc
0x00407bfe
0x00407c00
0x00000000
0x00000000
0x00407c02
0x00407c08
0x00407c08
0x00407c0a
0x00407c0c
0x00000000
0x00000000
0x00407c11
0x00407c14
0x00407c2d
0x00407c2d
0x00407c30
0x00407c32
0x00407c34
0x00407c06
0x00000000
0x00407c36
0x00407c36
0x00407c39
0x00407c39
0x00407c3a
0x00000000
0x00407c3c
0x00407c3f
0x00407c3a
0x00407c16
0x00407c16
0x00407c19
0x00407c1e
0x00407c20
0x00407c22
0x00000000
0x00407c24
0x00407c25
0x00407c26
0x00407c2b
0x00000000
0x00000000
0x00000000
0x00000000
0x00407c2b
0x00407c22
0x00000000
0x00407c14
0x00000000
0x00407c08
0x00407c45
0x00407c45
0x00407c49
0x00407c4f
0x00407c52
0x00407c55
0x00407c98
0x00407c9f
0x00000000
0x00000000
0x00407ca1
0x00407ca8
0x00000000
0x00000000
0x00407cb2
0x00407cb7
0x00407cba
0x00407cbb
0x00407cbc
0x00407cbd
0x00000000
0x00000000
0x00407c57
0x00407c61
0x00407c66
0x00407c6d
0x00407c8d
0x00407c8d
0x00407c8f
0x00407c93
0x00407cbf
0x00407ccc
0x00407cda
0x00407ce0
0x00407ce5
0x00407cea
0x00407cf0
0x00407cf9
0x00407d04
0x00407d09
0x00407d09
0x00407c6f
0x00407c76
0x00000000
0x00000000
0x00407c7e
0x00407c83
0x00407c86
0x00407c87
0x00000000
0x00000000
0x00407c87
0x00000000
0x00407bdf
0x00407bdd
0x00407bd3
0x00407bc3
0x00407d2c
0x00407d31

APIs

UnhandledExceptionFilter.KERNEL32(?,00000000), ref: 00407C7E

Strings

X7@, xrefs: 00407CDA

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID: X7@
API String ID: 3192549508-2067089342
Opcode ID: d474f96cc521961e1fc2c800fb3644ce0b4c5573f96add85b8c0f66107ec8d2f
Instruction ID: 9b8732aad967581ee1cfddc98b064603106c7b26d23cb4f63de0fa6512a07937
Opcode Fuzzy Hash: d474f96cc521961e1fc2c800fb3644ce0b4c5573f96add85b8c0f66107ec8d2f
Instruction Fuzzy Hash: 3C417F71A0C2059FE720DF14D884B2BB7A5EF94314F15856AE549AB3D1C738FC82CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 005FA608, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E005FA608(void* __eax, void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __fp0, intOrPtr* _a4, void* _a8, intOrPtr _a12, signed char _a16, char _a20) {
				intOrPtr _v8;
				struct _SHELLEXECUTEINFOW _v68;
				void* _t52;
				intOrPtr _t61;
				void* _t65;
				intOrPtr* _t67;
				void* _t70;

				_v8 = __ecx;
				_t65 = __edx;
				_t52 = __eax;
				_t67 = _a4;
				E004087FC(_a20);
				_push(_t70);
				_push(0x5fa6ec);
				_push( *[fs:eax]);
				 *[fs:eax] = _t70 + 0xffffffc0;
				if(_a20 == 0) {
					E005AF9C0(_t65, __ecx,  &_a20);
					if(_a20 == 0) {
						E005B09C4( &_a20);
					}
				}
				E00405CE4( &_v68, 0x3c);
				_v68.cbSize = 0x3c;
				_v68.fMask = 0x540;
				if(_t52 != 0) {
					_v68.lpVerb = E004097C8(_t52);
				}
				_v68.lpFile = E004097C8(_t65);
				_v68.lpParameters = E004097C8(_v8);
				_v68.lpDirectory = E004097C8(_a20);
				_v68.nShow = _a12;
				ShellExecuteExW( &_v68);
				asm("sbb ebx, ebx");
				_t53 = _t52 + 1;
				if(_t52 + 1 != 0) {
					 *_t67 = 0x103;
					_t39 = _v68.hProcess;
					if(_v68.hProcess != 0) {
						E005FA2A8(_t39, _t53, _a16 & 0x000000ff, _t65, _t67, _t67);
					}
				} else {
					 *_t67 = GetLastError();
				}
				_pop(_t61);
				 *[fs:eax] = _t61;
				_push(E005FA6F3);
				return E00408718( &_a20);
			}

0x005fa611
0x005fa614
0x005fa616
0x005fa618
0x005fa61e
0x005fa625
0x005fa626
0x005fa62b
0x005fa62e
0x005fa635
0x005fa63c
0x005fa645
0x005fa64a
0x005fa64a
0x005fa645
0x005fa659
0x005fa65e
0x005fa665
0x005fa66e
0x005fa677
0x005fa677
0x005fa681
0x005fa68c
0x005fa697
0x005fa69d
0x005fa6a4
0x005fa6ac
0x005fa6ae
0x005fa6b1
0x005fa6bc
0x005fa6c2
0x005fa6c7
0x005fa6d1
0x005fa6d1
0x005fa6b3
0x005fa6b8
0x005fa6b8
0x005fa6d8
0x005fa6db
0x005fa6de
0x005fa6eb

APIs

ShellExecuteExW.SHELL32(0000003C), ref: 005FA6A4
GetLastError.KERNEL32(00000000,005FA6EC,?,?,?,00000001), ref: 005FA6B3

Part of subcall function 005B09C4: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005B09D7

Strings

<, xrefs: 005FA65E

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: DirectoryErrorExecuteLastShellSystem
String ID: <
API String ID: 893404051-4251816714
Opcode ID: 0a9b082c1069c59383b16b89d6b511dbfc357daf43ef4275e9d98049e7ddfab3
Instruction ID: e4ccdbaf28eb45cffedc4cff125a313c88ebf31cdc213b6ee3f8489b0761fba7
Opcode Fuzzy Hash: 0a9b082c1069c59383b16b89d6b511dbfc357daf43ef4275e9d98049e7ddfab3
Instruction Fuzzy Hash: E1217CB0A1020D9FDB10EF65C8826EE7BE8BF49384F54043AF904E7291E7389D418B96

Uniqueness

Uniqueness Score: -1.00%

Function 0064EC32, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E0064EC32(void* __ecx, void* __esi, void* __fp0) {
				void* _t21;
				intOrPtr* _t27;
				intOrPtr* _t33;
				void* _t41;
				intOrPtr _t43;
				char _t46;
				void* _t47;
				intOrPtr _t55;
				intOrPtr _t59;
				void* _t60;
				void* _t61;
				intOrPtr _t62;
				void* _t67;

				_t67 = __fp0;
				_t60 = __esi;
				_t47 = __ecx;
				if(( *(_t61 - 9) & 0x00000001) != 0) {
					L3:
					_t46 = 1;
				} else {
					_t64 =  *(_t61 - 9) & 0x00000040;
					if(( *(_t61 - 9) & 0x00000040) != 0) {
						goto L3;
					} else {
						_t46 = 0;
					}
				}
				_t21 = E0063DA94(_t46, _t47, 0, _t64, _t67);
				_t65 = _t21;
				if(_t21 != 0) {
					_t27 =  *0x662788; // 0x66978c
					SetWindowPos( *( *_t27 + 0x188), 0, 0, 0, 0, 0, 0x97);
					_push(_t61);
					_push(0x64ecdd);
					_push( *[fs:eax]);
					 *[fs:eax] = _t62;
					_t33 =  *0x662788; // 0x66978c
					 *((intOrPtr*)(_t61 - 0x18)) =  *((intOrPtr*)( *_t33 + 0x188));
					 *((char*)(_t61 - 0x14)) = 0;
					E00421A6C(L"/INITPROCWND=$%x ", 0, _t61 - 0x18, _t61 - 0x10);
					_push(_t61 - 0x10);
					E005B03F8(_t61 - 0x1c, _t46, _t60, _t65);
					_pop(_t41);
					E004099C0(_t41,  *((intOrPtr*)(_t61 - 0x1c)));
					_t43 =  *0x66a7dc; // 0x0
					E0063DDA4(_t43, _t46, 0x6621cc,  *((intOrPtr*)(_t61 - 0x10)), _t60, _t65, _t67);
					_pop(_t59);
					 *[fs:eax] = _t59;
					 *((char*)(_t61 - 1)) = 1;
				}
				_pop(_t55);
				 *[fs:eax] = _t55;
				_push(E0064ED3E);
				E00408718(_t61 - 0x1c);
				return E00408718(_t61 - 0x10);
			}

0x0064ec32
0x0064ec32
0x0064ec32
0x0064ec36
0x0064ec42
0x0064ec42
0x0064ec38
0x0064ec38
0x0064ec3c
0x00000000
0x0064ec3e
0x0064ec3e
0x0064ec3e
0x0064ec3c
0x0064ec48
0x0064ec4d
0x0064ec4f
0x0064ec64
0x0064ec72
0x0064ec79
0x0064ec7a
0x0064ec7f
0x0064ec82
0x0064ec89
0x0064ec96
0x0064ec99
0x0064eca7
0x0064ecaf
0x0064ecb3
0x0064ecbb
0x0064ecbc
0x0064ecc9
0x0064ecce
0x0064ecd5
0x0064ecd8
0x0064ed15
0x0064ed15
0x0064ed1b
0x0064ed1e
0x0064ed21
0x0064ed29
0x0064ed36

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097), ref: 0064EC72

Strings

/INITPROCWND=$%x , xrefs: 0064ECA2
@, xrefs: 0064EC38

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Window
String ID: /INITPROCWND=$%x $@
API String ID: 2353593579-4169826103
Opcode ID: 44ff1a77dffd48a8112f53353e8fae7f869311409f6108c1eb8eefbf8afa24bc
Instruction ID: 8b2991d2d1f953f99e0989ce018fc3471add5941c41498d69d44fc2df87f3202
Opcode Fuzzy Hash: 44ff1a77dffd48a8112f53353e8fae7f869311409f6108c1eb8eefbf8afa24bc
Instruction Fuzzy Hash: A321A234A043499FDB04EBA4DC91EEEBBF6FF49304F64447AE500E7291DA799904C754

Uniqueness

Uniqueness Score: -1.00%

Function 0064FAA7, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E0064FAA7(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char* _t18;
				char* _t23;
				intOrPtr* _t25;
				intOrPtr _t29;
				intOrPtr _t32;
				void* _t34;
				intOrPtr _t42;
				intOrPtr _t44;
				void* _t45;
				void* _t48;

				if( *((char*)(_t48 - 0x21)) != 0) {
					_t18 =  *0x66288c; // 0x66a288
					if( *_t18 != 0) {
						E006013D8(L"Not restarting Windows because Uninstall is being run from the debugger.", __ebx, __edi, __esi);
					} else {
						E006013D8(L"Restarting Windows.", __ebx, __edi, __esi);
						_t23 =  *0x6627b8; // 0x66a731
						 *_t23 = 1;
						if(E005FA9A8() == 0) {
							_t25 =  *0x662788; // 0x66978c
							SetForegroundWindow( *( *_t25 + 0x188));
							_push(1);
							_push(1);
							_t29 =  *0x66279c; // 0x669c04
							_t3 = _t29 + 0x140; // 0x0
							_push(E004097C8( *_t3));
							_t32 =  *0x66279c; // 0x669c04
							_t4 = _t32 + 0x138; // 0x0
							_t34 = E004097C8( *_t4);
							_pop(_t45);
							E00646D0C(_t34, __ebx, 0x30, _t45, __edi, __esi);
						}
					}
				}
				_pop(_t42);
				 *[fs:eax] = _t42;
				_push(E0064FB66);
				E00408718(_t48 - 0x48);
				E00408778(_t48 - 0x3c, 5);
				_t44 =  *0x4012b8; // 0x4012bc
				E0040A370(_t48 - 0x20, 7, _t44);
				return E0040873C(_t48 - 4);
			}

0x0064faab
0x0064faad
0x0064fab5
0x0064fb1c
0x0064fab7
0x0064fabc
0x0064fac1
0x0064fac6
0x0064fad0
0x0064fad2
0x0064fae0
0x0064fae5
0x0064fae7
0x0064fae9
0x0064faee
0x0064faf9
0x0064fafa
0x0064faff
0x0064fb05
0x0064fb0f
0x0064fb10
0x0064fb10
0x0064fad0
0x0064fab5
0x0064fb23
0x0064fb26
0x0064fb29
0x0064fb31
0x0064fb3e
0x0064fb4b
0x0064fb51
0x0064fb5e

APIs

Part of subcall function 005FA9A8: GetCurrentProcess.KERNEL32(00000028), ref: 005FA9B8
Part of subcall function 005FA9A8: OpenProcessToken.ADVAPI32(00000000,00000028), ref: 005FA9BE

SetForegroundWindow.USER32(?), ref: 0064FAE0

Strings

Restarting Windows., xrefs: 0064FAB7
Not restarting Windows because Uninstall is being run from the debugger., xrefs: 0064FB17

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Process$CurrentForegroundOpenTokenWindow
String ID: Not restarting Windows because Uninstall is being run from the debugger.$Restarting Windows.
API String ID: 3179053593-4147564754
Opcode ID: 63eab6b8201274ba2830d049dbaa56beb2e0d5c2d42d60cea0edaecc71424ae3
Instruction ID: d4bf9f36ef96bf7cd5cd4c99b625b6b1cd4e930e58df0cf614d5cda783460847
Opcode Fuzzy Hash: 63eab6b8201274ba2830d049dbaa56beb2e0d5c2d42d60cea0edaecc71424ae3
Instruction Fuzzy Hash: 341182346002449FEB04EB94E896FD837E6EB46304F5150BAF804AB3E2CB78AD41C716

Uniqueness

Uniqueness Score: -1.00%

Function 004085D8, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48
threadCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E004085D8(struct _SECURITY_ATTRIBUTES* __eax, void __ecx, char __edx, char _a4, long _a8, intOrPtr _a12) {
				struct _SECURITY_ATTRIBUTES* _v8;
				char _v12;
				void* _t24;
				intOrPtr _t32;
				void* _t36;

				_v12 = __edx;
				_v8 = __eax;
				_t32 = _a12;
				if( *0x65d034 == 0) {
					_t24 = E00405490(8);
					 *_t24 = __ecx;
					 *((intOrPtr*)(_t24 + 4)) = _t32;
				} else {
					_t24 =  *0x65d034();
				}
				 *0x66305d = 1;
				_t5 =  &_a4; // 0x46e66c
				_t7 =  &_v12; // 0x46e66c
				_t36 = CreateThread(_v8,  *_t7, E004085A0, _t24, _a8,  *_t5);
				if(_t36 == 0) {
					E004054AC(_t24);
				}
				return _t36;
			}

0x004085e3
0x004085e6
0x004085e9
0x004085f3
0x0040860d
0x0040860f
0x00408611
0x004085f5
0x004085ff
0x004085ff
0x00408614
0x0040861b
0x0040862a
0x00408637
0x0040863b
0x0040863f
0x0040863f
0x0040864c

APIs

CreateThread.KERNEL32 ref: 00408632

Strings

lF, xrefs: 0040862A, 0040862D
lF, xrefs: 0040861B, 0040861E

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CreateThread
String ID: lF$lF
API String ID: 2422867632-1147170537
Opcode ID: 0529f0b7f12290d432196590a8dec7f6d5627ec2bdcd4761f2e3b992bbb6d3a8
Instruction ID: c79f99a2a18cb61d71feea710bf58fa565dd156bb3bf8665f6744fc7077f86ea
Opcode Fuzzy Hash: 0529f0b7f12290d432196590a8dec7f6d5627ec2bdcd4761f2e3b992bbb6d3a8
Instruction Fuzzy Hash: 33017171605214AFC750CF9D9980B8EB7ECDB58361F10443AF508E73C1DA75DD0087A8

Uniqueness

Uniqueness Score: -1.00%

Function 004309F4, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E004309F4(signed short* __eax, void* __ebx, void* __edx) {
				signed short* _v8;
				char _v16;
				char _v24;
				intOrPtr* _t13;
				void* _t23;
				intOrPtr _t31;
				void* _t32;
				void* _t34;

				_t23 = __edx;
				_v8 = __eax;
				_t2 =  &_v24; // 0x430d32
				L0042A428();
				 *[fs:eax] = _t34 + 0xffffffec;
				_t4 =  &_v24; // 0x430d32
				_t13 =  *0x6628ac; // 0x66890c
				E0042C2C0( *((intOrPtr*)( *_t13))(_v8, 0x400, 0, 8,  *[fs:eax], 0x430a60, _t34, _t2, __ebx, _t32), 8,  *_v8 & 0x0000ffff);
				_t6 =  &_v16; // 0x430d57
				E00408B6C(_t23,  *_t6);
				_t31 = _t4;
				 *[fs:eax] = _t31;
				_push(E00430A67);
				_t7 =  &_v24; // 0x430d32
				return L0042C550(_t7);
			}

0x004309fb
0x004309fd
0x00430a00
0x00430a04
0x00430a14
0x00430a24
0x00430a28
0x00430a3b
0x00430a42
0x00430a45
0x00430a4c
0x00430a4f
0x00430a52
0x00430a57
0x00430a5f

APIs

VariantInit.OLEAUT32(2C), ref: 00430A04

Part of subcall function 00408B6C: SysReAllocStringLen.OLEAUT32(00000000,?,?), ref: 00408B86

Strings

WC, xrefs: 00430A42
2C, xrefs: 00430A00, 00430A24, 00430A57, 00430A03, 00430A27

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AllocInitStringVariant
String ID: 2C$WC
API String ID: 4010818693-495268985
Opcode ID: df370b3d9da647af4402dd277e6d6925b7b152161429339756cd47c20e76cd35
Instruction ID: 96bda85ea37abc6d5613da839bc8b5d910035a35706cb6c2dd4bd2584f76f0b9
Opcode Fuzzy Hash: df370b3d9da647af4402dd277e6d6925b7b152161429339756cd47c20e76cd35
Instruction Fuzzy Hash: F1F0A471700608AFD700EB99DC92E9FB3FCEB48700FA04176F500E3290DA78AE0486A9

Uniqueness

Uniqueness Score: -1.00%

Function 0065061C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E0065061C(void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t1;
				int _t9;
				void* _t12;
				void* _t15;
				intOrPtr _t16;
				void* _t17;
				void* _t18;
				intOrPtr _t20;

				_t15 = __edx;
				if( *0x66a7f1 != 0) {
					E006013D8(L"Detected restart. Removing temporary directory.", _t12, _t17, _t18);
					_push(0x650657);
					_push( *[fs:eax]);
					 *[fs:eax] = _t20;
					E006449EC();
					E006446DC(_t12, _t15, _t17, _t18);
					_pop(_t16);
					 *[fs:eax] = _t16;
					E00600808();
					_t9 =  *0x6621cc; // 0x1
					return TerminateProcess(GetCurrentProcess(), _t9);
				}
				return _t1;
			}

0x0065061c
0x00650629
0x00650630
0x00650638
0x0065063d
0x00650640
0x00650643
0x00650648
0x0065064f
0x00650652
0x00650666
0x0065066b
0x00000000
0x00650677
0x00650680

APIs

Part of subcall function 006449EC: FreeLibrary.KERNEL32(00000000,00650648,00000000,00650657,?,?,?,?,?,0065113B), ref: 00644A02

Part of subcall function 006446DC: GetTickCount.KERNEL32 ref: 00644724

Part of subcall function 00600808: SendMessageW.USER32(00000000,00000B01,00000000,00000000), ref: 00600827

GetCurrentProcess.KERNEL32(00000001,?,?,?,?,0065113B), ref: 00650671
TerminateProcess.KERNEL32(00000000,00000001,?,?,?,?,0065113B), ref: 00650677

Strings

Detected restart. Removing temporary directory., xrefs: 0065062B

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Process$CountCurrentFreeLibraryMessageSendTerminateTick
String ID: Detected restart. Removing temporary directory.
API String ID: 1717587489-3199836293
Opcode ID: c36e34da1e104d1f2235e770290d2b3aa7f7ebd478f535fd799e81fc0386343a
Instruction ID: 464bd2d836879dd3474a0288fef1e2a55e7a5b05e4adc84fe2957298e905eb94
Opcode Fuzzy Hash: c36e34da1e104d1f2235e770290d2b3aa7f7ebd478f535fd799e81fc0386343a
Instruction Fuzzy Hash: F1E0ABB52483402EF39137F6BC13A5B3F4EE7C7362F61043AFA0481441CC599864C138

Uniqueness

Uniqueness Score: -1.00%

Function 005B1C48, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 47%

			E005B1C48(void* __eax, void* __ecx, void* __edx) {
				void* __ebx;
				void* __esi;
				void* _t3;
				void* _t7;
				void* _t12;
				intOrPtr* _t13;

				_t8 = __ecx;
				_push(__ecx);
				_t7 = __edx;
				_t12 = __eax;
				if( *0x6697cc == 0) {
					 *0x6697d0 = E00411E58(_t7, _t12, GetModuleHandleW(L"user32.dll"), L"ChangeWindowMessageFilterEx");
					 *_t13 = 0x6697cc;
					asm("lock xchg [edx], eax");
				}
				if( *0x6697d0 == 0) {
					_t3 = E005B1BAC(_t7, _t8);
				} else {
					_t3 =  *0x6697d0(_t12, _t7, 1, 0);
				}
				return _t3;
			}

0x005b1c48
0x005b1c4a
0x005b1c4b
0x005b1c4d
0x005b1c56
0x005b1c6d
0x005b1c72
0x005b1c81
0x005b1c81
0x005b1c8b
0x005b1c9d
0x005b1c8d
0x005b1c93
0x005b1c93
0x005b1ca5

APIs

GetModuleHandleW.KERNEL32(user32.dll,ChangeWindowMessageFilterEx,?,00000004,006619DC,006006F2,00600B6C,00600610,00000000,00000B06,00000000,00000000), ref: 005B1C62

Part of subcall function 00411E58: GetProcAddress.KERNEL32(?,?), ref: 00411E82

Part of subcall function 005B1BAC: GetModuleHandleW.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,?,005B1CA2,?,00000004,006619DC,006006F2,00600B6C,00600610,00000000,00000B06,00000000,00000000), ref: 005B1BC3

Strings

ChangeWindowMessageFilterEx, xrefs: 005B1C58
user32.dll, xrefs: 005B1C5D

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: HandleModule$AddressProc
String ID: ChangeWindowMessageFilterEx$user32.dll
API String ID: 1883125708-2676053874
Opcode ID: 488719f1734a720192567827968b6c6bb54d5b16907bebd818bbcd853cf4aa44
Instruction ID: 9df0a5d5a98339ba50c13b8e37e12c07401c504aaeadd98406a6411a3d2f2949
Opcode Fuzzy Hash: 488719f1734a720192567827968b6c6bb54d5b16907bebd818bbcd853cf4aa44
Instruction Fuzzy Hash: 6DF05C302B07109FD7416F659C44FD53EADFB44342F401924F504962A0C7F41C80C76C

Uniqueness

Uniqueness Score: -1.00%

Function 005B1CF8, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E005B1CF8(void* __eax, void* __edx, void* __eflags) {
				void* __ebx;
				void* __esi;
				void* _t9;
				void* _t11;
				intOrPtr* _t12;
				void* _t14;
				void* _t15;

				_t14 = __edx;
				_t15 = __eax;
				E005B1D88(__eax, __eflags);
				_t12 = E00411E58(_t11, _t15, GetModuleHandleW(L"user32.dll"), L"ShutdownBlockReasonCreate");
				if(_t12 == 0) {
					__eflags = 0;
					return 0;
				}
				_t9 =  *_t12(_t15, E004097C8(_t14));
				asm("sbb eax, eax");
				return _t9 + 1;
			}

0x005b1cfb
0x005b1cfd
0x005b1d01
0x005b1d1b
0x005b1d1f
0x005b1d34
0x00000000
0x005b1d34
0x005b1d2a
0x005b1d2f
0x00000000

APIs

Part of subcall function 005B1D88: GetModuleHandleW.KERNEL32(user32.dll,ShutdownBlockReasonDestroy,?,?,005B1D06,?,?,?,0064F751,0000000A,00000002,00000001,00000031,00000000,0064F97F), ref: 005B1D96

GetModuleHandleW.KERNEL32(user32.dll,ShutdownBlockReasonCreate,?,?,?,0064F751,0000000A,00000002,00000001,00000031,00000000,0064F97F,?,00000000,0064FA4C), ref: 005B1D10

Part of subcall function 00411E58: GetProcAddress.KERNEL32(?,?), ref: 00411E82

Strings

ShutdownBlockReasonCreate, xrefs: 005B1D06
user32.dll, xrefs: 005B1D0B

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: HandleModule$AddressProc
String ID: ShutdownBlockReasonCreate$user32.dll
API String ID: 1883125708-2866557904
Opcode ID: b9171061b71589111744670f5ddc2c0e18f7743a89ea9999c43542bd128ce54c
Instruction ID: 40c05ee6389ba05014c80f0bb6a4273d02a3409cfaf78f9ef14993339606f823
Opcode Fuzzy Hash: b9171061b71589111744670f5ddc2c0e18f7743a89ea9999c43542bd128ce54c
Instruction Fuzzy Hash: 14E0C2633A1E512E538072FA2CA1CEF088C9DA6A5A3900C36F505E3152D948DC02017D

Uniqueness

Uniqueness Score: -1.00%

Function 005B09F0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E005B09F0(void* __eax, void* __esi, void* __ebp, void* __eflags) {
				char _v536;
				void* __ebx;
				intOrPtr* _t6;
				void* _t9;
				void* _t15;

				_t9 = __eax;
				E00408718(__eax);
				_t6 = E00411E58(_t9, __esi, GetModuleHandleW(L"kernel32.dll"), L"GetSystemWow64DirectoryW");
				if(_t6 != 0) {
					_t6 =  *_t6( &_v536, 0x105);
					if(_t6 > 0 && _t6 < 0x105) {
						return E00409868(_t9, 0x105, _t15);
					}
				}
				return _t6;
			}

0x005b09f7
0x005b09fb
0x005b0a10
0x005b0a17
0x005b0a23
0x005b0a27
0x00000000
0x005b0a39
0x005b0a27
0x005b0a45

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,GetSystemWow64DirectoryW,?,005F8CBC,00000000,005F8D8E,?,?,0066978C,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005B0A0A

Part of subcall function 00411E58: GetProcAddress.KERNEL32(?,?), ref: 00411E82

Strings

kernel32.dll, xrefs: 005B0A05
GetSystemWow64DirectoryW, xrefs: 005B0A00

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetSystemWow64DirectoryW$kernel32.dll
API String ID: 1646373207-1816364905
Opcode ID: a14a36301432e1a3e110fd712480c76c871248904e43d2ef50993095b30b5c7d
Instruction ID: 6e2db57afe9603e13bbcb28d8d27c56aba657c1237ebb3fd90a72f709f2b52c2
Opcode Fuzzy Hash: a14a36301432e1a3e110fd712480c76c871248904e43d2ef50993095b30b5c7d
Instruction Fuzzy Hash: AEE0266178070013DB00A2BA4D83EEF158A5B94700F105C3D7999D62D2EDBCE88082A2

Uniqueness

Uniqueness Score: -1.00%

Function 00586704, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00586704(void* __eax, void* __edi, void* __esi) {
				void* _t16;
				intOrPtr _t17;
				void* _t18;
				void* _t19;

				_t19 = __esi;
				_t18 = __edi;
				_t16 = __eax;
				if( *((intOrPtr*)(__eax + 0xbc)) == 0) {
					_t17 =  *0x584ef0; // 0x584f48
					if(E00406C10( *((intOrPtr*)(__eax + 4)), _t17) == 0) {
						 *((intOrPtr*)(_t16 + 0xbc)) = CreateMenu();
					} else {
						 *((intOrPtr*)(_t16 + 0xbc)) = CreatePopupMenu();
					}
					if( *((intOrPtr*)(_t16 + 0xbc)) == 0) {
						E005856E8();
					}
					E00586488(_t16, _t18, _t19);
				}
				return  *((intOrPtr*)(_t16 + 0xbc));
			}

0x00586704
0x00586704
0x00586705
0x0058670e
0x00586713
0x00586720
0x00586734
0x00586722
0x00586727
0x00586727
0x00586741
0x00586748
0x00586748
0x0058674f
0x0058674f
0x0058675b

APIs

CreatePopupMenu.USER32(?,00586606,?,?,00000000,?,00586587,?,0058BE31,0059C47C), ref: 00586722
CreateMenu.USER32(?,00586606,?,?,00000000,?,00586587,?,0058BE31,0059C47C), ref: 0058672F

Strings

HOX, xrefs: 00586713

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CreateMenu$Popup
String ID: HOX
API String ID: 257293969-2476314470
Opcode ID: 3fef10723f1ca8ff26ecb47d99a67e8efce527985917f034024353e37165076f
Instruction ID: 16515f4fc79d7f94603b2a7c1aa1a4c0f70e6e138b00580e915dac0b9c35f144
Opcode Fuzzy Hash: 3fef10723f1ca8ff26ecb47d99a67e8efce527985917f034024353e37165076f
Instruction Fuzzy Hash: F5F0C930604201CFDB00BF66D5C9B887B92BB55308F8454B9AC45AF25BD77488448FB1

Uniqueness

Uniqueness Score: -1.00%

Function 005B1BAC, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E005B1BAC(void* __eax, void* __ecx) {
				void* __ebx;
				void* _t1;
				void* _t4;
				void* _t8;
				intOrPtr* _t9;

				_t1 = __eax;
				_t4 = __eax;
				if( *0x6697c4 == 0) {
					 *0x6697c8 = E00411E58(_t4, _t8, GetModuleHandleW(L"user32.dll"), L"ChangeWindowMessageFilter");
					 *_t9 = 0x6697c4;
					_t1 = 1;
					asm("lock xchg [edx], eax");
				}
				if( *0x6697c8 != 0) {
					_t1 =  *0x6697c8(_t4, 1);
				}
				return _t1;
			}

0x005b1bac
0x005b1bae
0x005b1bb7
0x005b1bce
0x005b1bd3
0x005b1bdd
0x005b1be2
0x005b1be2
0x005b1bec
0x005b1bf1
0x005b1bf1
0x005b1bf9

APIs

GetModuleHandleW.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,?,005B1CA2,?,00000004,006619DC,006006F2,00600B6C,00600610,00000000,00000B06,00000000,00000000), ref: 005B1BC3

Part of subcall function 00411E58: GetProcAddress.KERNEL32(?,?), ref: 00411E82

Strings

user32.dll, xrefs: 005B1BBE
ChangeWindowMessageFilter, xrefs: 005B1BB9

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: ChangeWindowMessageFilter$user32.dll
API String ID: 1646373207-2498399450
Opcode ID: 8723bdbec3ebe6ecd8f733c1f52b72a6ce9ab3b08cb5a20827632fe113f6d114
Instruction ID: 8c40f62a632f2fa97ec710fedad9e0295ca43648f38e841b9d187b64430073cf
Opcode Fuzzy Hash: 8723bdbec3ebe6ecd8f733c1f52b72a6ce9ab3b08cb5a20827632fe113f6d114
Instruction Fuzzy Hash: 5DE09A75220700DFD781AF64AC88FDA3FE9F708B01F002819F544921A0D6F818C0CA28

Uniqueness

Uniqueness Score: -1.00%

Function 005B1D88, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E005B1D88(void* __eax, void* __eflags) {
				void* __ebx;
				void* __esi;
				void* _t7;
				intOrPtr* _t8;
				void* _t9;

				_t9 = __eax;
				_t8 = E00411E58(_t7, _t9, GetModuleHandleW(L"user32.dll"), L"ShutdownBlockReasonDestroy");
				if(_t8 == 0) {
					L2:
					return 0;
				} else {
					_push(_t9);
					if( *_t8() != 0) {
						return 1;
					} else {
						goto L2;
					}
				}
			}

0x005b1d8a
0x005b1da1
0x005b1da5
0x005b1dae
0x005b1db2
0x005b1da7
0x005b1da7
0x005b1dac
0x005b1db7
0x00000000
0x00000000
0x00000000
0x005b1dac

APIs

GetModuleHandleW.KERNEL32(user32.dll,ShutdownBlockReasonDestroy,?,?,005B1D06,?,?,?,0064F751,0000000A,00000002,00000001,00000031,00000000,0064F97F), ref: 005B1D96

Part of subcall function 00411E58: GetProcAddress.KERNEL32(?,?), ref: 00411E82

Strings

ShutdownBlockReasonDestroy, xrefs: 005B1D8C
user32.dll, xrefs: 005B1D91

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: ShutdownBlockReasonDestroy$user32.dll
API String ID: 1646373207-260599015
Opcode ID: 583c78502001d261193476c1b592cca9c21aed56afa6b6c91eeda59ab33fc80d
Instruction ID: cfd2a97203f557c8c57e6b3927d22065e7e78818251efbac2aa6542449ac9364
Opcode Fuzzy Hash: 583c78502001d261193476c1b592cca9c21aed56afa6b6c91eeda59ab33fc80d
Instruction Fuzzy Hash: 23D0A763351F222E179022F51EE1CEB068C9D242963440136FA00D2100D544DC4012AC

Uniqueness

Uniqueness Score: -1.00%

Function 00651170, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 9
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E00651170(void* __eflags) {
				intOrPtr* _t2;
				void* _t4;
				void* _t5;

				_t2 = E00411E58(_t4, _t5, GetModuleHandleW(L"user32.dll"), L"DisableProcessWindowsGhosting");
				if(_t2 != 0) {
					return  *_t2();
				}
				return _t2;
			}

0x00651180
0x00651187
0x00000000
0x00651189
0x0065118b

APIs

GetModuleHandleW.KERNEL32(user32.dll,DisableProcessWindowsGhosting,0065C502,00000001,00000000,0065C528,?,?,000000EC,00000000), ref: 0065117A

Part of subcall function 00411E58: GetProcAddress.KERNEL32(?,?), ref: 00411E82

Strings

DisableProcessWindowsGhosting, xrefs: 00651170
user32.dll, xrefs: 00651175

Memory Dump Source

Source File: 00000001.00000002.255083591.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.255080732.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255304067.000000000065D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255307058.000000000065E000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255310421.000000000065F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255314847.0000000000668000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255318610.000000000066D000.00000008.00020000.sdmp Download File
Associated: 00000001.00000002.255321587.000000000066F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.255324136.0000000000670000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.255327018.0000000000672000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: DisableProcessWindowsGhosting$user32.dll
API String ID: 1646373207-834958232
Opcode ID: 31f36cc695b2fa1f15c7f37fcb297ea2f9feb4baaca13df88f536c992c28126c
Instruction ID: 5f29c36bf5ef2573be6bf32c1ba0481e8d956120234237a4d8ff77b8e3f328bd
Opcode Fuzzy Hash: 31f36cc695b2fa1f15c7f37fcb297ea2f9feb4baaca13df88f536c992c28126c
Instruction Fuzzy Hash: C3B01265281F00310B7033F30F43FDB044A0C93B4BF0245D97F00D9092CD58C0490039

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: Mario Deluxe InstaII.exe PID: 2292 Parent PID: 2540 Mario Deluxe InstaII.exeCOMMON

Execution Graph

Execution Coverage:	3.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	837
Total number of Limit Nodes:	32

Executed Functions

Function 0040B044, Relevance: 3.1, APIs: 2, Instructions: 63
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E0040B044(char __eax, void* __ebx, intOrPtr* __edx, void* __eflags) {
				char _v8;
				short _v12;
				void* _v16;
				char _v20;
				char _v24;
				void* _t29;
				void* _t40;
				intOrPtr* _t44;
				intOrPtr _t55;
				void* _t61;

				_push(__ebx);
				_v24 = 0;
				_v20 = 0;
				_t44 = __edx;
				_v8 = __eax;
				E00407B04(_v8);
				_push(_t61);
				_push(0x40b104);
				_push( *[fs:eax]);
				 *[fs:eax] = _t61 + 0xffffffec;
				_t21 =  &_v16;
				L00403730();
				GetLocaleInfoW( &_v16 & 0x0000ffff, 3, _t21, 4);
				E0040858C( &_v20, 4,  &_v16);
				E0040873C(_t44, _v20, _v8);
				_t29 = E0040AEF4( *_t44, _t44); // executed
				if(_t29 == 0) {
					_v12 = 0;
					E0040858C( &_v24, 4,  &_v16);
					E0040873C(_t44, _v24, _v8);
					_t40 = E0040AEF4( *_t44, _t44); // executed
					if(_t40 == 0) {
						E00407A20(_t44);
					}
				}
				_pop(_t55);
				 *[fs:eax] = _t55;
				_push(E0040B10B);
				E00407A80( &_v24, 2);
				return E00407A20( &_v8);
			}

APIs

GetUserDefaultUILanguage.KERNEL32(00000003,?,00000004,00000000,0040B104,?,?), ref: 0040B076
GetLocaleInfoW.KERNEL32(?,00000003,?,00000004,00000000,0040B104,?,?), ref: 0040B07F

Part of subcall function 0040AEF4: FindFirstFileW.KERNEL32(00000000,?,00000000,0040AF52,?,?), ref: 0040AF27
Part of subcall function 0040AEF4: FindClose.KERNEL32(00000000,00000000,?,00000000,0040AF52,?,?), ref: 0040AF37

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
String ID:
API String ID: 3216391948-0
Opcode ID: 044937d21d1936a91ef9b6e1a310017a9e27582e27e23f6d989339badd03c388
Instruction ID: a9cfc37755e84068b6e5d0711ea0537dd567252b91127d2e7da10f621904fc04
Opcode Fuzzy Hash: 044937d21d1936a91ef9b6e1a310017a9e27582e27e23f6d989339badd03c388
Instruction Fuzzy Hash: 35113674A041099BDB00EB95C9529AEB3B9EF44304F50447FA515B73C1DB785E058A6E

Uniqueness

Uniqueness Score: -1.00%

Function 0040AEF4, Relevance: 3.0, APIs: 2, Instructions: 33
fileCOMMON

Download Yara Rule

C-Code - Quality: 46%

			E0040AEF4(char __eax, signed int __ebx) {
				char _v8;
				struct _WIN32_FIND_DATAW _v600;
				void* _t15;
				intOrPtr _t24;
				void* _t27;

				_push(__ebx);
				_v8 = __eax;
				E00407B04(_v8);
				_push(_t27);
				_push(0x40af52);
				_push( *[fs:eax]);
				 *[fs:eax] = _t27 + 0xfffffdac;
				_t15 = FindFirstFileW(E004084EC(_v8),  &_v600); // executed
				if((__ebx & 0xffffff00 | _t15 != 0xffffffff) != 0) {
					FindClose(_t15);
				}
				_pop(_t24);
				 *[fs:eax] = _t24;
				_push(E0040AF59);
				return E00407A20( &_v8);
			}

0x0040aefd
0x0040aefe
0x0040af04
0x0040af0b
0x0040af0c
0x0040af11
0x0040af14
0x0040af27
0x0040af34
0x0040af37
0x0040af37
0x0040af3e
0x0040af41
0x0040af44
0x0040af51

APIs

FindFirstFileW.KERNEL32(00000000,?,00000000,0040AF52,?,?), ref: 0040AF27
FindClose.KERNEL32(00000000,00000000,?,00000000,0040AF52,?,?), ref: 0040AF37

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: bba38ffe097e2c5d51b68bca4dd41d34791c3125f335f0c7ddbac3aaaf9dd96f
Instruction ID: b27eefbf95a445daf5872925c41aeb1c7ded3ce7930a436f9b8cfd192dc84724
Opcode Fuzzy Hash: bba38ffe097e2c5d51b68bca4dd41d34791c3125f335f0c7ddbac3aaaf9dd96f
Instruction Fuzzy Hash: 5FF0B471518209BFC710FB75CD4294EB7ACEB043147A005B6B504F32C1E638AF149519

Uniqueness

Uniqueness Score: -1.00%

Function 004B5114, Relevance: 47.4, APIs: 7, Strings: 20, Instructions: 165
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 73%

			E004B5114(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				long _t39;
				_Unknown_base(*)()* _t42;
				_Unknown_base(*)()* _t43;
				_Unknown_base(*)()* _t46;
				signed int _t51;
				void* _t111;
				void* _t112;
				intOrPtr _t129;
				struct HINSTANCE__* _t148;
				intOrPtr* _t150;
				intOrPtr _t152;
				intOrPtr _t153;

				_t152 = _t153;
				_t112 = 7;
				do {
					_push(0);
					_push(0);
					_t112 = _t112 - 1;
				} while (_t112 != 0);
				_push(_t152);
				_push(0x4b5388);
				_push( *[fs:eax]);
				 *[fs:eax] = _t153;
				 *0x4be664 =  *0x4be664 - 1;
				if( *0x4be664 >= 0) {
					L19:
					_pop(_t129);
					 *[fs:eax] = _t129;
					_push(0x4b538f);
					return E00407A80( &_v60, 0xe);
				} else {
					_t148 = GetModuleHandleW(L"kernel32.dll");
					_t39 = GetVersion();
					_t111 = 0;
					if(_t39 != 0x600) {
						_t150 = GetProcAddress(_t148, "SetDefaultDllDirectories");
						if(_t150 != 0) {
							 *_t150(0x800);
							asm("sbb ebx, ebx");
							_t111 = 1;
						}
					}
					if(_t111 == 0) {
						_t46 = GetProcAddress(_t148, "SetDllDirectoryW");
						if(_t46 != 0) {
							 *_t46(0x4b53e4);
						}
						E0040E520( &_v8);
						E00407E00(0x4be668, _v8);
						if( *0x4be668 != 0) {
							_t51 =  *0x4be668;
							if(_t51 != 0) {
								_t51 =  *(_t51 - 4);
							}
							if( *((short*)( *0x4be668 + _t51 * 2 - 2)) != 0x5c) {
								E004086E4(0x4be668, 0x4b53f4);
							}
							E0040873C( &_v12, L"uxtheme.dll",  *0x4be668);
							E0040E54C(_v12, _t111);
							E0040873C( &_v16, L"userenv.dll",  *0x4be668);
							E0040E54C(_v16, _t111);
							E0040873C( &_v20, L"setupapi.dll",  *0x4be668);
							E0040E54C(_v20, _t111);
							E0040873C( &_v24, L"apphelp.dll",  *0x4be668);
							E0040E54C(_v24, _t111);
							E0040873C( &_v28, L"propsys.dll",  *0x4be668);
							E0040E54C(_v28, _t111);
							E0040873C( &_v32, L"dwmapi.dll",  *0x4be668);
							E0040E54C(_v32, _t111);
							E0040873C( &_v36, L"cryptbase.dll",  *0x4be668);
							E0040E54C(_v36, _t111);
							E0040873C( &_v40, L"oleacc.dll",  *0x4be668);
							E0040E54C(_v40, _t111);
							E0040873C( &_v44, L"version.dll",  *0x4be668);
							E0040E54C(_v44, _t111);
							E0040873C( &_v48, L"profapi.dll",  *0x4be668);
							E0040E54C(_v48, _t111);
							E0040873C( &_v52, L"comres.dll",  *0x4be668);
							E0040E54C(_v52, _t111);
							E0040873C( &_v56, L"clbcatq.dll",  *0x4be668);
							E0040E54C(_v56, _t111);
							E0040873C( &_v60, L"ntmarta.dll",  *0x4be668);
							E0040E54C(_v60, _t111);
						}
					}
					_t42 = GetProcAddress(_t148, "SetSearchPathMode");
					if(_t42 != 0) {
						 *_t42(0x8001);
					}
					_t43 = GetProcAddress(_t148, "SetProcessDEPPolicy");
					if(_t43 != 0) {
						 *_t43(1); // executed
					}
					goto L19;
				}
			}

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,00000000,004B5388,?,?,?,?,00000000,00000000), ref: 004B5146
GetVersion.KERNEL32(kernel32.dll,00000000,004B5388,?,?,?,?,00000000,00000000), ref: 004B514D
GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 004B5162
GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 004B5188

Part of subcall function 0040E54C: SetErrorMode.KERNEL32(00008000), ref: 0040E55A
Part of subcall function 0040E54C: LoadLibraryW.KERNEL32(00000000,00000000,0040E5AE,?,00000000,0040E5CC,?,00008000), ref: 0040E58F

GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 004B534A
GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 004B5360
SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,00000000,004B5388,?,?,?,?,00000000,00000000), ref: 004B536B

Strings

comres.dll, xrefs: 004B52F6
kernel32.dll, xrefs: 004B5141
SetSearchPathMode, xrefs: 004B5344
userenv.dll, xrefs: 004B5203
SetDllDirectoryW, xrefs: 004B5182
cryptbase.dll, xrefs: 004B528A
SetDefaultDllDirectories, xrefs: 004B515C
oleacc.dll, xrefs: 004B52A5
SetProcessDEPPolicy, xrefs: 004B535A
setupapi.dll, xrefs: 004B521E
profapi.dll, xrefs: 004B52DB
version.dll, xrefs: 004B52C0
apphelp.dll, xrefs: 004B5239
hK, xrefs: 004B51A3
propsys.dll, xrefs: 004B5254
dwmapi.dll, xrefs: 004B526F
hK, xrefs: 004B51D6
ntmarta.dll, xrefs: 004B532C
clbcatq.dll, xrefs: 004B5311
uxtheme.dll, xrefs: 004B51E8

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressProc$ErrorHandleLibraryLoadModeModulePolicyProcessVersion
String ID: SetDefaultDllDirectories$SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$apphelp.dll$clbcatq.dll$comres.dll$cryptbase.dll$dwmapi.dll$hK$hK$kernel32.dll$ntmarta.dll$oleacc.dll$profapi.dll$propsys.dll$setupapi.dll$userenv.dll$uxtheme.dll$version.dll
API String ID: 2248137261-3182217745
Opcode ID: 68b2adb77f8f7151d30e1a894141e6e7486eaa9f98baa6450b00b79ea83e97ab
Instruction ID: 14362f36823de93a6bafc63c1bb5288ecf7b8ac372eee3bc1917329a49ba756d
Opcode Fuzzy Hash: 68b2adb77f8f7151d30e1a894141e6e7486eaa9f98baa6450b00b79ea83e97ab
Instruction Fuzzy Hash: 57513C34601504ABE701EBA6DC82FDEB3A5AB94348BA4493BE40077395DF7C9D428B6D

Uniqueness

Uniqueness Score: -1.00%

Function 0040AB18, Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 78%

			E0040AB18(char __eax, void* __ebx, void* __ecx, void* __edx) {
				char _v8;
				char* _v12;
				void* _v16;
				int _v20;
				short _v542;
				long _t51;
				long _t85;
				long _t87;
				long _t89;
				long _t91;
				long _t93;
				void* _t97;
				intOrPtr _t106;
				intOrPtr _t108;
				void* _t112;
				void* _t113;
				intOrPtr _t114;

				_t112 = _t113;
				_t114 = _t113 + 0xfffffde4;
				_t97 = __edx;
				_v8 = __eax;
				E00407B04(_v8);
				_push(_t112);
				_push(0x40ad3d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t114;
				if(_v8 != 0) {
					E0040A34C( &_v542, E004084EC(_v8), 0x105);
				} else {
					GetModuleFileNameW(0,  &_v542, 0x105);
				}
				if(_v542 == 0) {
					L18:
					_pop(_t106);
					 *[fs:eax] = _t106;
					_push(E0040AD44);
					return E00407A20( &_v8);
				} else {
					_v12 = 0;
					_t51 = RegOpenKeyExW(0x80000001, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
					if(_t51 == 0) {
						L10:
						_push(_t112);
						_push(0x40ad20);
						_push( *[fs:eax]);
						 *[fs:eax] = _t114;
						E0040A928( &_v542, 0x105);
						if(RegQueryValueExW(_v16,  &_v542, 0, 0, 0,  &_v20) != 0) {
							if(RegQueryValueExW(_v16, E0040AE30, 0, 0, 0,  &_v20) == 0) {
								_v12 = E004053F0(_v20);
								RegQueryValueExW(_v16, E0040AE30, 0, 0, _v12,  &_v20);
								E00408550(_t97, _v12);
							}
						} else {
							_v12 = E004053F0(_v20);
							RegQueryValueExW(_v16,  &_v542, 0, 0, _v12,  &_v20);
							E00408550(_t97, _v12);
						}
						_pop(_t108);
						 *[fs:eax] = _t108;
						_push(E0040AD27);
						if(_v12 != 0) {
							E0040540C(_v12);
						}
						return RegCloseKey(_v16);
					} else {
						_t85 = RegOpenKeyExW(0x80000002, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
						if(_t85 == 0) {
							goto L10;
						} else {
							_t87 = RegOpenKeyExW(0x80000001, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
							if(_t87 == 0) {
								goto L10;
							} else {
								_t89 = RegOpenKeyExW(0x80000002, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
								if(_t89 == 0) {
									goto L10;
								} else {
									_t91 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Locales", 0, 0xf0019,  &_v16); // executed
									if(_t91 == 0) {
										goto L10;
									} else {
										_t93 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v16); // executed
										if(_t93 != 0) {
											goto L18;
										} else {
											goto L10;
										}
									}
								}
							}
						}
					}
				}
			}

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040AD3D,?,?), ref: 0040AB51
RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040AD3D,?,?), ref: 0040AB9A
RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040AD3D,?,?), ref: 0040ABBC
RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000), ref: 0040ABDA
RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001), ref: 0040ABF8
RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002), ref: 0040AC16
RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 0040AC34
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,0040AD20,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040AD3D), ref: 0040AC74
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,?,00000000,0040AD20,?,80000001), ref: 0040AC9F
RegCloseKey.ADVAPI32(?,0040AD27,00000000,00000000,?,?,?,00000000,00000000,00000000,?,00000000,0040AD20,?,80000001,Software\Embarcadero\Locales), ref: 0040AD1A

Strings

Software\Borland\Delphi\Locales, xrefs: 0040AC2A
Software\Borland\Locales, xrefs: 0040AC0C
Software\Embarcadero\Locales, xrefs: 0040AB90, 0040ABB2
Software\CodeGear\Locales, xrefs: 0040ABD0, 0040ABEE

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Open$QueryValue$CloseFileModuleName
String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
API String ID: 2701450724-3496071916
Opcode ID: 8af598c5208afc10239ec938650b713086258bd8f52ea94da89803fd33d180c8
Instruction ID: cdbeddac4db4dda9279672c2614f8dce2a18b15a4a55f9a64fe791b6da82c449
Opcode Fuzzy Hash: 8af598c5208afc10239ec938650b713086258bd8f52ea94da89803fd33d180c8
Instruction Fuzzy Hash: FB514371A80308BEEB10DA95CC46FAE77BCEB08709F504477BA04F75C1D6B8AA50975E

Uniqueness

Uniqueness Score: -1.00%

Function 0040426C, Relevance: 12.2, APIs: 8, Instructions: 221
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 91%

			E0040426C(void* __eax, signed int __edi, void* __ebp) {
				struct _MEMORY_BASIC_INFORMATION _v44;
				void* _v48;
				signed int __ebx;
				void* _t58;
				signed int _t61;
				int _t65;
				signed int _t67;
				void _t70;
				int _t71;
				signed int _t78;
				void* _t79;
				signed int _t81;
				intOrPtr _t82;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				signed int _t92;
				void* _t96;
				signed int _t99;
				void* _t103;
				intOrPtr _t104;
				void* _t106;
				void* _t108;
				signed int _t113;
				void* _t115;
				void* _t116;

				_t56 = __eax;
				_t89 =  *(__eax - 4);
				_t78 =  *0x4bb059; // 0x0
				if((_t89 & 0x00000007) != 0) {
					__eflags = _t89 & 0x00000005;
					if((_t89 & 0x00000005) != 0) {
						_pop(_t78);
						__eflags = _t89 & 0x00000003;
						if((_t89 & 0x00000003) == 0) {
							_push(_t78);
							_push(__edi);
							_t116 = _t115 + 0xffffffdc;
							_t103 = __eax - 0x10;
							E00403C48();
							_t58 = _t103;
							 *_t116 =  *_t58;
							_v48 =  *((intOrPtr*)(_t58 + 4));
							_t92 =  *(_t58 + 0xc);
							if((_t92 & 0x00000008) != 0) {
								_t79 = _t103;
								_t113 = _t92 & 0xfffffff0;
								_t99 = 0;
								__eflags = 0;
								while(1) {
									VirtualQuery(_t79,  &_v44, 0x1c);
									_t61 = VirtualFree(_t79, 0, 0x8000);
									__eflags = _t61;
									if(_t61 == 0) {
										_t99 = _t99 | 0xffffffff;
										goto L10;
									}
									_t104 = _v44.RegionSize;
									__eflags = _t113 - _t104;
									if(_t113 > _t104) {
										_t113 = _t113 - _t104;
										_t79 = _t79 + _t104;
										continue;
									}
									goto L10;
								}
							} else {
								_t65 = VirtualFree(_t103, 0, 0x8000); // executed
								if(_t65 == 0) {
									_t99 = __edi | 0xffffffff;
								} else {
									_t99 = 0;
								}
							}
							L10:
							if(_t99 == 0) {
								 *_v48 =  *_t116;
								 *( *_t116 + 4) = _v48;
							}
							 *0x4bdb78 = 0;
							return _t99;
						} else {
							return 0xffffffff;
						}
					} else {
						goto L31;
					}
				} else {
					__eflags = __bl;
					__ebx =  *__edx;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L14;
							}
							asm("pause");
							__eflags =  *0x4bb989;
							if(__eflags != 0) {
								continue;
							} else {
								Sleep(0);
								__edx = __edx;
								__ecx = __ecx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__eflags != 0) {
									Sleep(0xa);
									__edx = __edx;
									__ecx = __ecx;
									continue;
								}
							}
							goto L14;
						}
					}
					L14:
					_t14 = __edx + 0x14;
					 *_t14 =  *(__edx + 0x14) - 1;
					__eflags =  *_t14;
					__eax =  *(__edx + 0x10);
					if( *_t14 == 0) {
						__eflags = __eax;
						if(__eax == 0) {
							L20:
							 *(__ebx + 0x14) = __eax;
						} else {
							__eax =  *(__edx + 0xc);
							__ecx =  *(__edx + 8);
							 *(__eax + 8) = __ecx;
							 *(__ecx + 0xc) = __eax;
							__eax = 0;
							__eflags =  *((intOrPtr*)(__ebx + 0x18)) - __edx;
							if( *((intOrPtr*)(__ebx + 0x18)) == __edx) {
								goto L20;
							}
						}
						 *__ebx = __al;
						__eax = __edx;
						__edx =  *(__edx - 4);
						__bl =  *0x4bb059; // 0x0
						L31:
						__eflags = _t78;
						_t81 = _t89 & 0xfffffff0;
						_push(_t101);
						_t106 = _t56;
						if(__eflags != 0) {
							while(1) {
								_t67 = 0x100;
								asm("lock cmpxchg [0x4bbae8], ah");
								if(__eflags == 0) {
									goto L32;
								}
								asm("pause");
								__eflags =  *0x4bb989;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									_t67 = 0x100;
									asm("lock cmpxchg [0x4bbae8], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L32;
							}
						}
						L32:
						__eflags = (_t106 - 4)[_t81] & 0x00000001;
						_t87 = (_t106 - 4)[_t81];
						if(((_t106 - 4)[_t81] & 0x00000001) != 0) {
							_t67 = _t81 + _t106;
							_t88 = _t87 & 0xfffffff0;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E00403AC0(_t67);
							}
						} else {
							_t88 = _t87 | 0x00000008;
							__eflags = _t88;
							(_t106 - 4)[_t81] = _t88;
						}
						__eflags =  *(_t106 - 4) & 0x00000008;
						if(( *(_t106 - 4) & 0x00000008) != 0) {
							_t88 =  *(_t106 - 8);
							_t106 = _t106 - _t88;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E00403AC0(_t106);
							}
						}
						__eflags = _t81 - 0x13ffe0;
						if(_t81 == 0x13ffe0) {
							__eflags =  *0x4bbaf0 - 0x13ffe0;
							if( *0x4bbaf0 != 0x13ffe0) {
								_t82 = _t106 + 0x13ffe0;
								E00403B60(_t67);
								 *((intOrPtr*)(_t82 - 4)) = 2;
								 *0x4bbaf0 = 0x13ffe0;
								 *0x4bbaec = _t82;
								 *0x4bbae8 = 0;
								__eflags = 0;
								return 0;
							} else {
								_t108 = _t106 - 0x10;
								_t70 =  *_t108;
								_t96 =  *(_t108 + 4);
								 *(_t70 + 4) = _t96;
								 *_t96 = _t70;
								 *0x4bbae8 = 0;
								_t71 = VirtualFree(_t108, 0, 0x8000);
								__eflags = _t71 - 1;
								asm("sbb eax, eax");
								return _t71;
							}
						} else {
							 *(_t106 - 4) = _t81 + 3;
							 *(_t106 - 8 + _t81) = _t81;
							E00403B00(_t106, _t88, _t81);
							 *0x4bbae8 = 0;
							__eflags = 0;
							return 0;
						}
					} else {
						__eflags = __eax;
						 *(__edx + 0x10) = __ecx;
						 *(__ecx - 4) = __eax;
						if(__eflags == 0) {
							__ecx =  *(__ebx + 8);
							 *(__edx + 0xc) = __ebx;
							 *(__edx + 8) = __ecx;
							 *(__ecx + 0xc) = __edx;
							 *(__ebx + 8) = __edx;
							 *__ebx = 0;
							__eax = 0;
							__eflags = 0;
							_pop(__ebx);
							return 0;
						} else {
							__eax = 0;
							__eflags = 0;
							 *__ebx = __al;
							_pop(__ebx);
							return 0;
						}
					}
				}
			}

APIs

Sleep.KERNEL32(00000000,?,?,00000000,0040BB40,0040BBA6,?,00000000,?,?,0040BEC9,00000000,?,00000000,0040C3CA,00000000), ref: 00404302
Sleep.KERNEL32(0000000A,00000000,?,?,00000000,0040BB40,0040BBA6,?,00000000,?,?,0040BEC9,00000000,?,00000000,0040C3CA), ref: 0040431C

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: bb44cecb062a42ab294f9ebbddb74143d6ecf503913ace061e42b720e5e9e313
Instruction ID: daf3465a9571387f72e828d046180f4ce70f3b260d456b91f151aa63c4646fa2
Opcode Fuzzy Hash: bb44cecb062a42ab294f9ebbddb74143d6ecf503913ace061e42b720e5e9e313
Instruction Fuzzy Hash: AA71E2B17042008BD715DF29CC84B16BBD8AF85715F2482BFE984AB3D2D7B899418789

Uniqueness

Uniqueness Score: -1.00%

Function 004B639F, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 103
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 85%

			E004B639F(void* __ebx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				intOrPtr _t17;
				struct HWND__* _t21;
				struct HWND__* _t22;
				struct HWND__* _t25;
				intOrPtr _t26;
				intOrPtr _t28;
				intOrPtr _t36;
				intOrPtr _t39;
				int _t40;
				intOrPtr _t41;
				intOrPtr _t43;
				struct HWND__* _t46;
				intOrPtr _t47;
				intOrPtr _t50;
				intOrPtr _t60;
				intOrPtr _t62;
				intOrPtr _t68;
				intOrPtr _t69;
				intOrPtr _t70;
				void* _t73;
				void* _t74;

				_t74 = __eflags;
				_t72 = __esi;
				_t71 = __edi;
				_t52 = __ebx;
				_pop(_t62);
				 *[fs:eax] = _t62;
				_t17 =  *0x4c1d40; // 0x0
				 *0x4c1d40 = 0;
				E00405CE8(_t17);
				_t21 = E0040E450(0, L"STATIC", 0,  *0x4be634, 0, 0, 0, 0, 0, 0, 0); // executed
				 *0x4ba450 = _t21;
				_t22 =  *0x4ba450; // 0x40372
				 *0x4c1d38 = SetWindowLongW(_t22, 0xfffffffc, E004AF688);
				_t25 =  *0x4ba450; // 0x40372
				 *(_t73 - 0x58) = _t25;
				 *((char*)(_t73 - 0x54)) = 0;
				_t26 =  *0x4c1d48; // 0x4de39c
				_t4 = _t26 + 0x20; // 0x1d2050c
				 *((intOrPtr*)(_t73 - 0x50)) =  *_t4;
				 *((char*)(_t73 - 0x4c)) = 0;
				_t28 =  *0x4c1d48; // 0x4de39c
				_t7 = _t28 + 0x24; // 0xd2400
				 *((intOrPtr*)(_t73 - 0x48)) =  *_t7;
				 *((char*)(_t73 - 0x44)) = 0;
				E0041A87C(L"/SL5=\"$%x,%d,%d,", 2, _t73 - 0x58, _t73 - 0x40);
				_push( *((intOrPtr*)(_t73 - 0x40)));
				_push( *0x4c1d3c);
				_push(0x4b667c);
				E00422BC4(_t73 - 0x5c, __ebx, __esi, _t74);
				_push( *((intOrPtr*)(_t73 - 0x5c)));
				E004087C4(_t73 - 0x3c, __ebx, 4, __edi, __esi);
				_t36 =  *0x4c1d54; // 0x0, executed
				E004AF714(_t36, _t52, 0x4ba44c,  *((intOrPtr*)(_t73 - 0x3c)), _t71, _t72, __fp0); // executed
				if( *0x4ba448 != 0xffffffff) {
					_t50 =  *0x4ba448; // 0x0
					E004AF5F8(_t50);
				}
				_pop(_t68);
				 *[fs:eax] = _t68;
				_push(E004B6550);
				_t39 =  *0x4c1d40; // 0x0
				_t40 = E00405CE8(_t39);
				if( *0x4c1d54 != 0) {
					_t70 =  *0x4c1d54; // 0x0
					_t40 = E004AF1A4(0, _t70, 0xfa, 0x32); // executed
				}
				if( *0x4c1d4c != 0) {
					_t47 =  *0x4c1d4c; // 0x0
					_t40 = RemoveDirectoryW(E004084EC(_t47)); // executed
				}
				if( *0x4ba450 != 0) {
					_t46 =  *0x4ba450; // 0x40372
					_t40 = DestroyWindow(_t46); // executed
				}
				if( *0x4c1d30 != 0) {
					_t41 =  *0x4c1d30; // 0x0
					_t60 =  *0x4c1d34; // 0x1
					_t69 =  *0x426bb0; // 0x426bb4
					E00408D08(_t41, _t60, _t69);
					_t43 =  *0x4c1d30; // 0x0
					E0040540C(_t43);
					 *0x4c1d30 = 0;
					return 0;
				}
				return _t40;
			}

APIs

Part of subcall function 0040E450: CreateWindowExW.USER32 ref: 0040E48F

SetWindowLongW.USER32 ref: 004B641A

Part of subcall function 00422BC4: GetCommandLineW.KERNEL32(00000000,00422C06,?,?,00000000,?,004B647A,004B667C,?), ref: 00422BDA

Part of subcall function 004AF714: CreateProcessW.KERNEL32 ref: 004AF784
Part of subcall function 004AF714: CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004AF814,00000000,004AF804,00000000), ref: 004AF798
Part of subcall function 004AF714: MsgWaitForMultipleObjects.USER32 ref: 004AF7B1
Part of subcall function 004AF714: GetExitCodeProcess.KERNEL32 ref: 004AF7C5
Part of subcall function 004AF714: CloseHandle.KERNEL32(?,?,004BA44C,00000001,?,00000000,000000FF,000004FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004AF7CE

RemoveDirectoryW.KERNEL32(00000000,004B6550), ref: 004B64FC
DestroyWindow.USER32(00040372,004B6550), ref: 004B6510

Strings

STATIC, xrefs: 004B63FC
/SL5="$%x,%d,%d,, xrefs: 004B645A
InnoSetupLdrWindow, xrefs: 004B63F7

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Window$CloseCreateHandleProcess$CodeCommandDestroyDirectoryExitLineLongMultipleObjectsRemoveWait
String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
API String ID: 3586484885-3001827809
Opcode ID: 3336f65c966fe36ad7587ac9acf267b8e8210ce6e91d17542745454ea8e171b3
Instruction ID: b7eaecffb53aa05ddf1cf37d982a6b9f715e6a16dd8061e16f501f9384e95f83
Opcode Fuzzy Hash: 3336f65c966fe36ad7587ac9acf267b8e8210ce6e91d17542745454ea8e171b3
Instruction Fuzzy Hash: 74413974600240DFD764EBA9EC45B9A37B4FB89308F51463BE4019B2B2DB7CA855CB2D

Uniqueness

Uniqueness Score: -1.00%

Function 004AF714, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 61%

			E004AF714(void* __eax, void* __ebx, DWORD* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				struct _STARTUPINFOW _v76;
				void* _v88;
				void* _v92;
				int _t23;
				intOrPtr _t49;
				DWORD* _t51;
				void* _t56;

				_v8 = 0;
				_t51 = __ecx;
				_t53 = __edx;
				_t41 = __eax;
				_push(_t56);
				_push(0x4af7e9);
				_push( *[fs:eax]);
				 *[fs:eax] = _t56 + 0xffffffa8;
				_push(0x4af804);
				_push(__eax);
				_push(0x4af814);
				_push(__edx);
				E004087C4( &_v8, __eax, 4, __ecx, __edx);
				E00405884( &_v76, 0x44);
				_v76.cb = 0x44;
				_t23 = CreateProcessW(0, E004084EC(_v8), 0, 0, 0, 0, 0, 0,  &_v76,  &_v92); // executed
				_t58 = _t23;
				if(_t23 == 0) {
					E004AF33C(0x72, _t41, 0, _t53, _t58);
				}
				CloseHandle(_v88);
				do {
					E004AF6E8();
				} while (MsgWaitForMultipleObjects(1,  &_v92, 0, 0xffffffff, 0x4ff) == 1);
				E004AF6E8();
				GetExitCodeProcess(_v92, _t51); // executed
				CloseHandle(_v92);
				_pop(_t49);
				 *[fs:eax] = _t49;
				_push(0x4af7f0);
				return E00407A20( &_v8);
			}

APIs

CreateProcessW.KERNEL32 ref: 004AF784
CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004AF814,00000000,004AF804,00000000), ref: 004AF798
MsgWaitForMultipleObjects.USER32 ref: 004AF7B1
GetExitCodeProcess.KERNEL32 ref: 004AF7C5
CloseHandle.KERNEL32(?,?,004BA44C,00000001,?,00000000,000000FF,000004FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004AF7CE

Part of subcall function 004AF33C: GetLastError.KERNEL32(00000000,004AF3E3,?,?,00000000), ref: 004AF35F

Strings

D, xrefs: 004AF75E

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CloseHandleProcess$CodeCreateErrorExitLastMultipleObjectsWait
String ID: D
API String ID: 3356880605-2746444292
Opcode ID: d24d345b1e63e396f028edbb06d8d13123cfcf4b17ffea6e22d5a060aaca728b
Instruction ID: aed82a99fc7c4294e21d4a72de24efe39242c504942d712e9f968ed89c43dfc9
Opcode Fuzzy Hash: d24d345b1e63e396f028edbb06d8d13123cfcf4b17ffea6e22d5a060aaca728b
Instruction Fuzzy Hash: EB1172756442086BDB10EBE6CC82F9FB7ACDF15714F60043BF604E72C1DA789905866D

Uniqueness

Uniqueness Score: -1.00%

Function 004B5A90, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 56
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 60%

			E004B5A90(void* __ebx, void* __ecx, void* __edx, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _t16;
				intOrPtr _t32;
				intOrPtr _t41;

				_t27 = __ebx;
				_push(0);
				_push(0);
				_push(0);
				_push(_t41);
				_push(0x4b5b5a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t41;
				 *0x4c10dc =  *0x4c10dc - 1;
				if( *0x4c10dc < 0) {
					 *0x4c10e0 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"Wow64DisableWow64FsRedirection");
					 *0x4c10e4 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"Wow64RevertWow64FsRedirection");
					if( *0x4c10e0 == 0 ||  *0x4c10e4 == 0) {
						_t16 = 0;
					} else {
						_t16 = 1;
					}
					 *0x4c10e8 = _t16;
					E00422D44( &_v12);
					E00422660(_v12,  &_v8);
					E004086E4( &_v8, L"shell32.dll");
					E00421230(_v8, _t27, 0x8000); // executed
					E004232EC(0x4c783afb,  &_v16);
				}
				_pop(_t32);
				 *[fs:eax] = _t32;
				_push(0x4b5b61);
				return E00407A80( &_v16, 3);
			}

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004B5B5A,?,00000000,00000000,00000000), ref: 004B5ABE

Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116), ref: 0040E1D2

GetModuleHandleW.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004B5B5A,?,00000000,00000000,00000000), ref: 004B5AD8

Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00000000), ref: 0040E20B

Strings

Wow64RevertWow64FsRedirection, xrefs: 004B5ACE
Wow64DisableWow64FsRedirection, xrefs: 004B5AB4
shell32.dll, xrefs: 004B5B1B
kernel32.dll, xrefs: 004B5AB9, 004B5AD3

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
API String ID: 1646373207-2130885113
Opcode ID: d3436a8aef5dc403501eca62794627bf535e37fb620941cc2275c971991e602d
Instruction ID: 6ea4a141a574a621f9963068001d000fcf1dfb25abde6d391abeb26bafe3dfd6
Opcode Fuzzy Hash: d3436a8aef5dc403501eca62794627bf535e37fb620941cc2275c971991e602d
Instruction Fuzzy Hash: 89119430604744AED744EBA7DD42FDDB764EB45704F60447BF401A6591CABC6A44C63D

Uniqueness

Uniqueness Score: -1.00%

Function 00403EE8, Relevance: 9.0, APIs: 7, Instructions: 298
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 68%

			E00403EE8(signed int __eax) {
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* _t96;
				void** _t99;
				signed int _t104;
				signed int _t109;
				signed int _t110;
				intOrPtr* _t114;
				void* _t116;
				void* _t121;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				unsigned int _t141;
				signed int _t142;
				void* _t144;
				void* _t147;
				intOrPtr _t148;
				signed int _t150;
				long _t156;
				intOrPtr _t159;
				signed int _t162;

				_t95 = __eax;
				_t129 =  *0x4bb059; // 0x0
				if(__eax > 0xa2c) {
					__eflags = __eax - 0x40a2c;
					if(__eax > 0x40a2c) {
						_pop(_t120);
						__eflags = __eax;
						if(__eax >= 0) {
							_push(_t120);
							_t162 = __eax;
							_t2 = _t162 + 0x10010; // 0x10110
							_t156 = _t2 - 0x00000001 + 0x00000004 & 0xffff0000;
							_t96 = VirtualAlloc(0, _t156, 0x101000, 4); // executed
							_t121 = _t96;
							if(_t121 != 0) {
								_t147 = _t121;
								 *((intOrPtr*)(_t147 + 8)) = _t162;
								 *(_t147 + 0xc) = _t156 | 0x00000004;
								E00403C48();
								_t99 =  *0x4bdb80; // 0x4bdb7c
								 *_t147 = 0x4bdb7c;
								 *0x4bdb80 = _t121;
								 *(_t147 + 4) = _t99;
								 *_t99 = _t121;
								 *0x4bdb78 = 0;
								_t121 = _t121 + 0x10;
							}
							return _t121;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t67 = _t95 + 0xd3; // 0x1d3
						_t125 = (_t67 & 0xffffff00) + 0x30;
						__eflags = _t129;
						if(__eflags != 0) {
							while(1) {
								asm("lock cmpxchg [0x4bbae8], ah");
								if(__eflags == 0) {
									goto L42;
								}
								asm("pause");
								__eflags =  *0x4bb989;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									asm("lock cmpxchg [0x4bbae8], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L42;
							}
						}
						L42:
						_t68 = _t125 - 0xb30; // -2445
						_t141 = _t68;
						_t142 = _t141 >> 0xd;
						_t131 = _t141 >> 8;
						_t104 = 0xffffffff << _t131 &  *(0x4bbaf8 + _t142 * 4);
						__eflags = 0xffffffff;
						if(0xffffffff == 0) {
							_t132 = _t142;
							__eflags = 0xfffffffe << _t132 &  *0x4bbaf4;
							if((0xfffffffe << _t132 &  *0x4bbaf4) == 0) {
								_t133 =  *0x4bbaf0; // 0x0
								_t134 = _t133 - _t125;
								__eflags = _t134;
								if(_t134 < 0) {
									_t109 = E00403BCC(_t125);
								} else {
									_t110 =  *0x4bbaec; // 0x20f10a0
									_t109 = _t110 - _t125;
									 *0x4bbaec = _t109;
									 *0x4bbaf0 = _t134;
									 *(_t109 - 4) = _t125 | 0x00000002;
								}
								 *0x4bbae8 = 0;
								return _t109;
							} else {
								asm("bsf edx, eax");
								asm("bsf ecx, eax");
								_t135 = _t132 | _t142 << 0x00000005;
								goto L50;
							}
						} else {
							asm("bsf eax, eax");
							_t135 = _t131 & 0xffffffe0 | _t104;
							L50:
							_push(_t152);
							_push(_t145);
							_t148 = 0x4bbb78 + _t135 * 8;
							_t159 =  *((intOrPtr*)(_t148 + 4));
							_t114 =  *((intOrPtr*)(_t159 + 4));
							 *((intOrPtr*)(_t148 + 4)) = _t114;
							 *_t114 = _t148;
							__eflags = _t148 - _t114;
							if(_t148 == _t114) {
								asm("rol eax, cl");
								_t80 = 0x4bbaf8 + _t142 * 4;
								 *_t80 =  *(0x4bbaf8 + _t142 * 4) & 0xfffffffe;
								__eflags =  *_t80;
								if( *_t80 == 0) {
									asm("btr [0x4bbaf4], edx");
								}
							}
							_t150 = 0xfffffff0 &  *(_t159 - 4);
							_t144 = 0xfffffff0 - _t125;
							__eflags = 0xfffffff0;
							if(0xfffffff0 == 0) {
								_t89 =  &((_t159 - 4)[0xfffffffffffffffc]);
								 *_t89 =  *(_t159 - 4 + _t150) & 0x000000f7;
								__eflags =  *_t89;
							} else {
								_t116 = _t125 + _t159;
								 *((intOrPtr*)(_t116 - 4)) = 0xfffffffffffffff3;
								 *(0xfffffff0 + _t116 - 8) = 0xfffffff0;
								__eflags = 0xfffffff0 - 0xb30;
								if(0xfffffff0 >= 0xb30) {
									E00403B00(_t116, 0xfffffffffffffff3, _t144);
								}
							}
							_t93 = _t125 + 2; // 0x1a5
							 *(_t159 - 4) = _t93;
							 *0x4bbae8 = 0;
							return _t159;
						}
					}
				} else {
					__eflags = __cl;
					_t6 = __edx + 0x4bb990; // 0xc8c8c8c8
					__eax =  *_t6 & 0x000000ff;
					__ebx = 0x4b7080 + ( *_t6 & 0x000000ff) * 8;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L5;
							}
							__ebx = __ebx + 0x20;
							__eflags = __ebx;
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__ebx != 0) {
								__ebx = __ebx + 0x20;
								__eflags = __ebx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__ebx != 0) {
									__ebx = __ebx - 0x40;
									asm("pause");
									__eflags =  *0x4bb989;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [ebx], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
								}
							}
							goto L5;
						}
					}
					L5:
					__edx =  *(__ebx + 8);
					__eax =  *(__edx + 0x10);
					__ecx = 0xfffffff8;
					__eflags = __edx - __ebx;
					if(__edx == __ebx) {
						__edx =  *(__ebx + 0x18);
						__ecx =  *(__ebx + 2) & 0x0000ffff;
						__ecx = ( *(__ebx + 2) & 0x0000ffff) + __eax;
						__eflags = __eax -  *(__ebx + 0x14);
						if(__eax >  *(__ebx + 0x14)) {
							_push(__esi);
							_push(__edi);
							__eflags =  *0x4bb059;
							if(__eflags != 0) {
								while(1) {
									__eax = 0x100;
									asm("lock cmpxchg [0x4bbae8], ah");
									if(__eflags == 0) {
										goto L22;
									}
									asm("pause");
									__eflags =  *0x4bb989;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [0x4bbae8], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
									goto L22;
								}
							}
							L22:
							 *(__ebx + 1) =  *(__ebx + 1) &  *0x4bbaf4;
							__eflags =  *(__ebx + 1) &  *0x4bbaf4;
							if(( *(__ebx + 1) &  *0x4bbaf4) == 0) {
								__ecx =  *(__ebx + 4) & 0x0000ffff;
								__edi =  *0x4bbaf0; // 0x0
								__eflags = __edi - ( *(__ebx + 4) & 0x0000ffff);
								if(__edi < ( *(__ebx + 4) & 0x0000ffff)) {
									__eax =  *(__ebx + 6) & 0x0000ffff;
									__edi = __eax;
									__eax = E00403BCC(__eax);
									__esi = __eax;
									__eflags = __eax;
									if(__eax != 0) {
										goto L35;
									} else {
										 *0x4bbae8 = __al;
										 *__ebx = __al;
										_pop(__edi);
										_pop(__esi);
										_pop(__ebx);
										return __eax;
									}
								} else {
									__esi =  *0x4bbaec; // 0x20f10a0
									__ecx =  *(__ebx + 6) & 0x0000ffff;
									__edx = __ecx + 0xb30;
									__eflags = __edi - __ecx + 0xb30;
									if(__edi >= __ecx + 0xb30) {
										__edi = __ecx;
									}
									__esi = __esi - __edi;
									 *0x4bbaf0 =  *0x4bbaf0 - __edi;
									 *0x4bbaec = __esi;
									goto L35;
								}
							} else {
								asm("bsf eax, esi");
								__esi = __eax * 8;
								__ecx =  *(0x4bbaf8 + __eax * 4);
								asm("bsf ecx, ecx");
								__ecx =  *(0x4bbaf8 + __eax * 4) + __eax * 8 * 4;
								__edi = 0x4bbb78 + ( *(0x4bbaf8 + __eax * 4) + __eax * 8 * 4) * 8;
								__esi =  *(__edi + 4);
								__edx =  *(__esi + 4);
								 *(__edi + 4) = __edx;
								 *__edx = __edi;
								__eflags = __edi - __edx;
								if(__edi == __edx) {
									__edx = 0xfffffffe;
									asm("rol edx, cl");
									_t38 = 0x4bbaf8 + __eax * 4;
									 *_t38 =  *(0x4bbaf8 + __eax * 4) & 0xfffffffe;
									__eflags =  *_t38;
									if( *_t38 == 0) {
										asm("btr [0x4bbaf4], eax");
									}
								}
								__edi = 0xfffffff0;
								__edi = 0xfffffff0 &  *(__esi - 4);
								__eflags = 0xfffffff0 - 0x10a60;
								if(0xfffffff0 < 0x10a60) {
									_t52 =  &((__esi - 4)[0xfffffffffffffffc]);
									 *_t52 = (__esi - 4)[0xfffffffffffffffc] & 0x000000f7;
									__eflags =  *_t52;
								} else {
									__edx = __edi;
									__edi =  *(__ebx + 6) & 0x0000ffff;
									__edx = __edx - __edi;
									__eax = __edi + __esi;
									__ecx = __edx + 3;
									 *(__eax - 4) = __ecx;
									 *(__edx + __eax - 8) = __edx;
									__eax = E00403B00(__eax, __ecx, __edx);
								}
								L35:
								_t56 = __edi + 6; // 0x6
								__ecx = _t56;
								 *(__esi - 4) = _t56;
								__eax = 0;
								 *0x4bbae8 = __al;
								 *__esi = __ebx;
								 *((intOrPtr*)(__esi + 0x10)) = 0;
								 *((intOrPtr*)(__esi + 0x14)) = 1;
								 *(__ebx + 0x18) = __esi;
								_t61 = __esi + 0x20; // 0x20f10c0
								__eax = _t61;
								__ecx =  *(__ebx + 2) & 0x0000ffff;
								__edx = __ecx + __eax;
								 *(__ebx + 0x10) = __ecx + __eax;
								__edi = __edi + __esi;
								__edi = __edi - __ecx;
								__eflags = __edi;
								 *(__ebx + 0x14) = __edi;
								 *__ebx = 0;
								 *(__eax - 4) = __esi;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return __eax;
							}
						} else {
							_t19 = __edx + 0x14;
							 *_t19 =  *(__edx + 0x14) + 1;
							__eflags =  *_t19;
							 *(__ebx + 0x10) = __ecx;
							 *__ebx = 0;
							 *(__eax - 4) = __edx;
							_pop(__ebx);
							return __eax;
						}
					} else {
						 *(__edx + 0x14) =  *(__edx + 0x14) + 1;
						__ecx = 0xfffffff8 &  *(__eax - 4);
						__eflags = 0xfffffff8;
						 *(__edx + 0x10) = 0xfffffff8 &  *(__eax - 4);
						 *(__eax - 4) = __edx;
						if(0xfffffff8 == 0) {
							__ecx =  *(__edx + 8);
							 *(__ecx + 0xc) = __ebx;
							 *(__ebx + 8) = __ecx;
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						} else {
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}

APIs

Sleep.KERNEL32(00000000,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403F9F
Sleep.KERNEL32(0000000A,00000000,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403FB5
Sleep.KERNEL32(00000000,00000000,?,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403FE3
Sleep.KERNEL32(0000000A,00000000,00000000,?,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403FF9

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: a5f41a95b234689400651ffc7a7e648ad6c8ae29c578f3c4a4f7439c6b153684
Instruction ID: d98b69cfe0522def9def3360e9182a2a8bb24ce33fa39324cc86f3a67812f259
Opcode Fuzzy Hash: a5f41a95b234689400651ffc7a7e648ad6c8ae29c578f3c4a4f7439c6b153684
Instruction Fuzzy Hash: 99C123B2A002018BCB15CF69EC84356BFE4EB89311F1882BFE514AB3D5D7B89941C7D8

Uniqueness

Uniqueness Score: -1.00%

Function 004B60E8, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 165
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 75%

			E004B60E8(void* __ebx, void* __edi, void* __esi, void* __fp0) {
				intOrPtr _t26;
				intOrPtr _t31;
				intOrPtr _t37;
				intOrPtr _t38;
				intOrPtr _t42;
				intOrPtr _t44;
				intOrPtr _t47;
				intOrPtr _t51;
				intOrPtr _t53;
				intOrPtr _t55;
				intOrPtr _t56;
				intOrPtr _t59;
				intOrPtr _t61;
				WCHAR* _t63;
				intOrPtr _t69;
				intOrPtr _t74;
				int _t75;
				intOrPtr _t76;
				intOrPtr _t78;
				struct HWND__* _t81;
				intOrPtr _t82;
				intOrPtr _t86;
				void* _t90;
				intOrPtr _t93;
				intOrPtr _t99;
				intOrPtr _t101;
				intOrPtr _t107;
				intOrPtr _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				void* _t120;
				intOrPtr _t121;

				_t119 = __esi;
				_t118 = __edi;
				_t85 = __ebx;
				_pop(_t101);
				_pop(_t88);
				 *[fs:eax] = _t101;
				E004AF664(_t88);
				if( *0x4ba440 == 0) {
					if(( *0x4c1d29 & 0x00000001) == 0 &&  *0x4ba441 == 0) {
						_t61 =  *0x4ba674; // 0x4c0d0c
						_t4 = _t61 + 0x2b4; // 0x0
						_t63 = E004084EC( *_t4);
						_t88 = _t120 - 0x28;
						_t101 =  *0x4c1c00; // 0x0
						E00426F08(0xb1, _t120 - 0x28, _t101);
						if(MessageBoxW(0, E004084EC( *((intOrPtr*)(_t120 - 0x28))), _t63, 0x24) != 6) {
							 *0x4ba44c = 2;
							E0041F238();
						}
					}
					E004056D0();
					E004AEFDC(_t120 - 0x2c, _t85, _t101, _t118, _t119); // executed
					E00407E00(0x4c1d4c,  *((intOrPtr*)(_t120 - 0x2c)));
					_t26 =  *0x4c1d3c; // 0x0
					E00422954(_t26, _t88, _t120 - 0x34);
					E004226C8( *((intOrPtr*)(_t120 - 0x34)), _t85, _t120 - 0x30, L".tmp", _t118, _t119);
					_push( *((intOrPtr*)(_t120 - 0x30)));
					_t31 =  *0x4c1d4c; // 0x0
					E00422660(_t31, _t120 - 0x38);
					_pop(_t90);
					E0040873C(0x4c1d50, _t90,  *((intOrPtr*)(_t120 - 0x38)));
					_t107 =  *0x4c1d50; // 0x0
					E00407E00(0x4c1d54, _t107);
					_t37 =  *0x4c1d48; // 0x4de39c
					_t15 = _t37 + 0x14; // 0x1d2af6c
					_t38 =  *0x4c1d40; // 0x0
					E00423CE8(_t38,  *_t15);
					_push(_t120);
					_push(0x4b63a9);
					_push( *[fs:edx]);
					 *[fs:edx] = _t121;
					 *0x4c1d98 = 0;
					_t42 = E00423D00(1, 0, 1, 0); // executed
					 *0x4c1d44 = _t42;
					_push(_t120);
					_push(0x4b6398);
					_push( *[fs:eax]);
					 *[fs:eax] = _t121;
					_t44 =  *0x4c1d48; // 0x4de39c
					_t16 = _t44 + 0x18; // 0x287600
					 *0x4c1d98 = E004053F0( *_t16);
					_t47 =  *0x4c1d48; // 0x4de39c
					_t17 = _t47 + 0x18; // 0x287600
					_t86 =  *0x4c1d98; // 0x7fc20010
					E00405884(_t86,  *_t17);
					_push(_t120);
					_push(0x4b62e7);
					_push( *[fs:eax]);
					 *[fs:eax] = _t121;
					_t51 =  *0x424cd8; // 0x424d30
					_t93 =  *0x4c1d40; // 0x0
					_t53 = E00424748(_t93, 1, _t51); // executed
					 *0x4c1d9c = _t53;
					_push(_t120);
					_push(0x4b62d6);
					_push( *[fs:eax]);
					 *[fs:eax] = _t121;
					_t55 =  *0x4c1d48; // 0x4de39c
					_t18 = _t55 + 0x18; // 0x287600
					_t56 =  *0x4c1d9c; // 0x21011d0
					E00424A24(_t56,  *_t18, _t86);
					_pop(_t114);
					 *[fs:eax] = _t114;
					_push(E004B62DD);
					_t59 =  *0x4c1d9c; // 0x21011d0
					return E00405CE8(_t59);
				} else {
					_t69 =  *0x4ba674; // 0x4c0d0c
					_t1 = _t69 + 0x18c; // 0x0
					E004AFA2C( *_t1, __ebx, __edi, __esi);
					 *0x4ba44c = 0;
					_pop(_t115);
					 *[fs:eax] = _t115;
					_push(E004B6550);
					_t74 =  *0x4c1d40; // 0x0
					_t75 = E00405CE8(_t74);
					if( *0x4c1d54 != 0) {
						_t117 =  *0x4c1d54; // 0x0
						_t75 = E004AF1A4(0, _t117, 0xfa, 0x32); // executed
					}
					if( *0x4c1d4c != 0) {
						_t82 =  *0x4c1d4c; // 0x0
						_t75 = RemoveDirectoryW(E004084EC(_t82)); // executed
					}
					if( *0x4ba450 != 0) {
						_t81 =  *0x4ba450; // 0x40372
						_t75 = DestroyWindow(_t81); // executed
					}
					if( *0x4c1d30 != 0) {
						_t76 =  *0x4c1d30; // 0x0
						_t99 =  *0x4c1d34; // 0x1
						_t116 =  *0x426bb0; // 0x426bb4
						E00408D08(_t76, _t99, _t116);
						_t78 =  *0x4c1d30; // 0x0
						E0040540C(_t78);
						 *0x4c1d30 = 0;
						return 0;
					}
					return _t75;
				}
			}

APIs

MessageBoxW.USER32(00000000,00000000,00000000,00000024), ref: 004B6177

Part of subcall function 004AFA2C: MessageBoxW.USER32(00000000,00000000,Setup,00000010), ref: 004AFA96

RemoveDirectoryW.KERNEL32(00000000,004B6550), ref: 004B64FC
DestroyWindow.USER32(00040372,004B6550), ref: 004B6510

Part of subcall function 004AF1A4: Sleep.KERNEL32(?,?,?,?,0000000D,?,004B64E8,000000FA,00000032,004B6550), ref: 004AF1C3
Part of subcall function 004AF1A4: GetLastError.KERNEL32(?,?,?,0000000D,?,004B64E8,000000FA,00000032,004B6550), ref: 004AF1E6
Part of subcall function 004AF1A4: GetLastError.KERNEL32(?,?,?,0000000D,?,004B64E8,000000FA,00000032,004B6550), ref: 004AF1F0

Strings

0MB, xrefs: 004B627F
.tmp, xrefs: 004B61BD

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ErrorLastMessage$DestroyDirectoryRemoveSleepWindow
String ID: .tmp$0MB
API String ID: 3858953238-176122739
Opcode ID: cac19965b38667485c6eaf2bd50fc37efffa93d10f563febf20b5a662215514b
Instruction ID: dd8228bb87b5c3f826920660d5879d0b5443f76f7ba5c686a8b7b1af545f285c
Opcode Fuzzy Hash: cac19965b38667485c6eaf2bd50fc37efffa93d10f563febf20b5a662215514b
Instruction Fuzzy Hash: F6615B746102009FD765EF69EC85E9A37A5EB4A308F51443AF802976B2DA3CBC51CB2D

Uniqueness

Uniqueness Score: -1.00%

Function 004AF904, Relevance: 7.6, APIs: 5, Instructions: 80
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E004AF904(void* __eax) {
				char _v44;
				struct _SYSTEM_INFO _v80;
				long _v84;
				char _v88;
				long _t22;
				int _t28;
				void* _t37;
				struct _MEMORY_BASIC_INFORMATION* _t40;
				long _t41;
				void** _t42;

				_t42 =  &(_v80.dwPageSize);
				 *_t42 = __eax;
				_t40 =  &_v44;
				GetSystemInfo( &_v80); // executed
				_t22 = VirtualQuery( *_t42, _t40, 0x1c);
				if(_t22 == 0) {
					L17:
					return _t22;
				} else {
					while(1) {
						_t22 = _t40->AllocationBase;
						if(_t22 !=  *_t42) {
							goto L17;
						}
						if(_t40->State != 0x1000 || (_t40->Protect & 0x00000001) != 0) {
							L15:
							_t22 = VirtualQuery(_t40->BaseAddress + _t40->RegionSize, _t40, 0x1c);
							if(_t22 == 0) {
								goto L17;
							}
							continue;
						} else {
							_v88 = 0;
							_t41 = _t40->Protect;
							if(_t41 == 1 || _t41 == 2 || _t41 == 0x10 || _t41 == 0x20) {
								_t28 = VirtualProtect(_t40->BaseAddress, _t40->RegionSize, 0x40,  &_v84); // executed
								if(_t28 != 0) {
									_v88 = 1;
								}
							}
							_t37 = 0;
							while(_t37 < _t40->RegionSize) {
								E004AF8FC(_t40->BaseAddress + _t37);
								_t37 = _t37 + _v80.dwPageSize;
							}
							if(_v88 != 0) {
								VirtualProtect( *_t40, _t40->RegionSize, _v84,  &_v84); // executed
							}
							goto L15;
						}
					}
					goto L17;
				}
			}

APIs

GetSystemInfo.KERNEL32(?), ref: 004AF917
VirtualQuery.KERNEL32(?,?,0000001C,?), ref: 004AF923
VirtualProtect.KERNEL32(?,?,00000040,0000001C,?,?,0000001C), ref: 004AF96E
VirtualProtect.KERNEL32(?,?,?,0000001C,?,?,00000040,0000001C,?,?,0000001C), ref: 004AF9AA
VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C,?), ref: 004AF9BA

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Virtual$ProtectQuery$InfoSystem
String ID:
API String ID: 2441996862-0
Opcode ID: 9f7787049e468a5f18debe52421e9e6cdf0c574af4885d60206e685c39788fad
Instruction ID: 9e45b338133956b17b8a8ad54cf185b01de6f5181235357074ed8b47fe3ad323
Opcode Fuzzy Hash: 9f7787049e468a5f18debe52421e9e6cdf0c574af4885d60206e685c39788fad
Instruction Fuzzy Hash: 96216DB1104304BED720EA95C884F6BB7EC9F56354F04482EF5C4C3681D338E949CB66

Uniqueness

Uniqueness Score: -1.00%

Function 00407750, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 86%

			E00407750() {
				void* _t20;
				void* _t23;
				intOrPtr _t31;
				intOrPtr* _t33;
				void* _t46;
				struct HINSTANCE__* _t49;
				void* _t56;

				if( *0x4b7004 != 0) {
					E00407630();
					E004076B8(_t46);
					 *0x4b7004 = 0;
				}
				if( *0x4bdbcc != 0 && GetCurrentThreadId() ==  *0x4bdbf4) {
					E00407388(0x4bdbc8);
					E0040768C(0x4bdbc8);
				}
				if( *0x004BDBC0 != 0 ||  *0x4bb054 == 0) {
					L8:
					if( *((char*)(0x4bdbc0)) == 2 &&  *0x4b7000 == 0) {
						 *0x004BDBA4 = 0;
					}
					if( *((char*)(0x4bdbc0)) != 0) {
						L14:
						E004073B0();
						if( *((char*)(0x4bdbc0)) <= 1 ||  *0x4b7000 != 0) {
							_t15 =  *0x004BDBA8;
							if( *0x004BDBA8 != 0) {
								E0040B40C(_t15);
								_t31 =  *((intOrPtr*)(0x4bdba8));
								_t8 = _t31 + 0x10; // 0x400000
								_t49 =  *_t8;
								_t9 = _t31 + 4; // 0x400000
								if(_t49 !=  *_t9 && _t49 != 0) {
									FreeLibrary(_t49);
								}
							}
						}
						E00407388(0x4bdb98);
						if( *((char*)(0x4bdbc0)) == 1) {
							 *0x004BDBBC();
						}
						if( *((char*)(0x4bdbc0)) != 0) {
							E0040768C(0x4bdb98);
						}
						if( *0x4bdb98 == 0) {
							if( *0x4bb038 != 0) {
								 *0x4bb038();
							}
							ExitProcess( *0x4b7000); // executed
						}
						memcpy(0x4bdb98,  *0x4bdb98, 0xc << 2);
						_t56 = _t56 + 0xc;
						0x4b7000 = 0x4b7000;
						0x4bdb98 = 0x4bdb98;
						goto L8;
					} else {
						_t20 = E004054B4();
						_t44 = _t20;
						if(_t20 == 0) {
							goto L14;
						} else {
							goto L13;
						}
						do {
							L13:
							E00405CE8(_t44);
							_t23 = E004054B4();
							_t44 = _t23;
						} while (_t23 != 0);
						goto L14;
					}
				} else {
					do {
						_t33 =  *0x4bb054; // 0x0
						 *0x4bb054 = 0;
						 *_t33();
					} while ( *0x4bb054 != 0);
					L8:
					while(1) {
					}
				}
			}

APIs

GetCurrentThreadId.KERNEL32 ref: 00407780
FreeLibrary.KERNEL32(00400000,?,?,?,0040788A,004054FF,00405546,?,?,0040555F,?,?,?,?,00453AE2,00000000), ref: 00407828
ExitProcess.KERNEL32(00000000,?,?,?,0040788A,004054FF,00405546,?,?,0040555F,?,?,?,?,00453AE2,00000000), ref: 00407861

Part of subcall function 004076B8: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?,0040555F), ref: 004076F1
Part of subcall function 004076B8: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?), ref: 004076F7
Part of subcall function 004076B8: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?), ref: 00407712
Part of subcall function 004076B8: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?), ref: 00407718

Strings

MZP, xrefs: 00407827

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
String ID: MZP
API String ID: 3490077880-2889622443
Opcode ID: 1ba9ccdc5e5ec41ea7066db700fb32a50d39e50ecd0d58aa72eac7c5645d258d
Instruction ID: 4bb8ca2865ae45d0ec72c9e6ca862cba493d08d50c1d65b63798a8296780cd14
Opcode Fuzzy Hash: 1ba9ccdc5e5ec41ea7066db700fb32a50d39e50ecd0d58aa72eac7c5645d258d
Instruction Fuzzy Hash: 76317220E087415BE721BB7A888875B76E09B45315F14897FE541A33D2D77CB884CB6F

Uniqueness

Uniqueness Score: -1.00%

Function 00407748, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 86%

			E00407748() {
				intOrPtr* _t14;
				void* _t23;
				void* _t26;
				intOrPtr _t34;
				intOrPtr* _t36;
				void* _t50;
				struct HINSTANCE__* _t53;
				void* _t62;

				 *((intOrPtr*)(_t14 +  *_t14)) =  *((intOrPtr*)(_t14 +  *_t14)) + _t14 +  *_t14;
				if( *0x4b7004 != 0) {
					E00407630();
					E004076B8(_t50);
					 *0x4b7004 = 0;
				}
				if( *0x4bdbcc != 0 && GetCurrentThreadId() ==  *0x4bdbf4) {
					E00407388(0x4bdbc8);
					E0040768C(0x4bdbc8);
				}
				if( *0x004BDBC0 != 0 ||  *0x4bb054 == 0) {
					L9:
					if( *((char*)(0x4bdbc0)) == 2 &&  *0x4b7000 == 0) {
						 *0x004BDBA4 = 0;
					}
					if( *((char*)(0x4bdbc0)) != 0) {
						L15:
						E004073B0();
						if( *((char*)(0x4bdbc0)) <= 1 ||  *0x4b7000 != 0) {
							_t18 =  *0x004BDBA8;
							if( *0x004BDBA8 != 0) {
								E0040B40C(_t18);
								_t34 =  *((intOrPtr*)(0x4bdba8));
								_t8 = _t34 + 0x10; // 0x400000
								_t53 =  *_t8;
								_t9 = _t34 + 4; // 0x400000
								if(_t53 !=  *_t9 && _t53 != 0) {
									FreeLibrary(_t53);
								}
							}
						}
						E00407388(0x4bdb98);
						if( *((char*)(0x4bdbc0)) == 1) {
							 *0x004BDBBC();
						}
						if( *((char*)(0x4bdbc0)) != 0) {
							E0040768C(0x4bdb98);
						}
						if( *0x4bdb98 == 0) {
							if( *0x4bb038 != 0) {
								 *0x4bb038();
							}
							ExitProcess( *0x4b7000); // executed
						}
						memcpy(0x4bdb98,  *0x4bdb98, 0xc << 2);
						_t62 = _t62 + 0xc;
						0x4b7000 = 0x4b7000;
						0x4bdb98 = 0x4bdb98;
						goto L9;
					} else {
						_t23 = E004054B4();
						_t48 = _t23;
						if(_t23 == 0) {
							goto L15;
						} else {
							goto L14;
						}
						do {
							L14:
							E00405CE8(_t48);
							_t26 = E004054B4();
							_t48 = _t26;
						} while (_t26 != 0);
						goto L15;
					}
				} else {
					do {
						_t36 =  *0x4bb054; // 0x0
						 *0x4bb054 = 0;
						 *_t36();
					} while ( *0x4bb054 != 0);
					L9:
					while(1) {
					}
				}
			}

APIs

GetCurrentThreadId.KERNEL32 ref: 00407780
FreeLibrary.KERNEL32(00400000,?,?,?,0040788A,004054FF,00405546,?,?,0040555F,?,?,?,?,00453AE2,00000000), ref: 00407828
ExitProcess.KERNEL32(00000000,?,?,?,0040788A,004054FF,00405546,?,?,0040555F,?,?,?,?,00453AE2,00000000), ref: 00407861

Part of subcall function 004076B8: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?,0040555F), ref: 004076F1
Part of subcall function 004076B8: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?), ref: 004076F7
Part of subcall function 004076B8: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?), ref: 00407712
Part of subcall function 004076B8: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?), ref: 00407718

Strings

MZP, xrefs: 00407827

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
String ID: MZP
API String ID: 3490077880-2889622443
Opcode ID: 1e4888025ee955e8cc7e0f2d2f1a13e961f3985afae2446d4f356ca194078bac
Instruction ID: bfc25cbdcfe625b544084418af651039c1e49876b6b13a82c314e6a817d38f33
Opcode Fuzzy Hash: 1e4888025ee955e8cc7e0f2d2f1a13e961f3985afae2446d4f356ca194078bac
Instruction Fuzzy Hash: E3314D20E087419BE721BB7A888935B7BA09B05315F14897FE541A73D2D77CB884CB6F

Uniqueness

Uniqueness Score: -1.00%

Function 004B5000, Relevance: 6.0, APIs: 4, Instructions: 43
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 79%

			E004B5000(void* __ecx, void* __edx) {
				intOrPtr _t19;
				intOrPtr _t22;

				_push(_t22);
				_push(0x4b50d7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t22;
				 *0x4bb98c =  *0x4bb98c - 1;
				if( *0x4bb98c < 0) {
					E00405B74();
					E004051A8();
					SetThreadLocale(0x400); // executed
					E0040A250();
					 *0x4b700c = 2;
					 *0x4bb01c = 0x4036b0;
					 *0x4bb020 = 0x4036b8;
					 *0x4bb05a = 2;
					 *0x4bb060 = E0040CAA4();
					 *0x4bb008 = 0x4095a0;
					E00405BCC(E00405BB0());
					 *0x4bb068 = 0xd7b0;
					 *0x4bb344 = 0xd7b0;
					 *0x4bb620 = 0xd7b0;
					 *0x4bb050 = GetCommandLineW();
					 *0x4bb04c = E00403810();
					 *0x4bb97c = GetACP();
					 *0x4bb980 = 0x4b0;
					 *0x4bb044 = GetCurrentThreadId();
					E0040CAB8();
				}
				_pop(_t19);
				 *[fs:eax] = _t19;
				_push(0x4b50de);
				return 0;
			}

APIs

SetThreadLocale.KERNEL32(00000400,00000000,004B50D7), ref: 004B502D

Part of subcall function 0040A250: InitializeCriticalSection.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A255
Part of subcall function 0040A250: GetVersion.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A263
Part of subcall function 0040A250: GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A28A
Part of subcall function 0040A250: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A290
Part of subcall function 0040A250: GetModuleHandleW.KERNEL32(kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2A4
Part of subcall function 0040A250: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A2AA
Part of subcall function 0040A250: GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadUILanguage,00000000,kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2BE
Part of subcall function 0040A250: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A2C4

Part of subcall function 0040CAA4: GetSystemInfo.KERNEL32 ref: 0040CAA8

GetCommandLineW.KERNEL32(00000400,00000000,004B50D7), ref: 004B5092

Part of subcall function 00403810: GetStartupInfoW.KERNEL32 ref: 00403821

GetACP.KERNEL32(00000400,00000000,004B50D7), ref: 004B50A6
GetCurrentThreadId.KERNEL32 ref: 004B50BA

Part of subcall function 0040CAB8: GetVersion.KERNEL32(004B50C9,00000400,00000000,004B50D7), ref: 0040CAB8

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressHandleModuleProc$InfoThreadVersion$CommandCriticalCurrentInitializeLineLocaleSectionStartupSystem
String ID:
API String ID: 2740004594-0
Opcode ID: aeeb1ef19c021384e5e919f33d2f1f63d534ea4b25bb20b8f726cabb6b9d9f22
Instruction ID: 4c04e7183c3d5c6504f231a905193e891933426fc174ea8e71756e1f90614aff
Opcode Fuzzy Hash: aeeb1ef19c021384e5e919f33d2f1f63d534ea4b25bb20b8f726cabb6b9d9f22
Instruction Fuzzy Hash: 46111CB04047449FE311BF76A8062267BA8EB05309B508A7FE110662E2EBFD15048FEE

Uniqueness

Uniqueness Score: -1.00%

Function 004AEFDC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 73%

			E004AEFDC(void* __eax, long __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char* _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				int _t30;
				intOrPtr _t63;
				void* _t71;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t76;

				_t71 = __edi;
				_t54 = __ebx;
				_t75 = _t76;
				_t55 = 4;
				do {
					_push(0);
					_push(0);
					_t55 = _t55 - 1;
				} while (_t55 != 0);
				_push(_t55);
				_push(__ebx);
				_t73 = __eax;
				_t78 = 0;
				_push(_t75);
				_push(0x4af0d1);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				while(1) {
					E00422D70( &_v12, _t54, _t55, _t78); // executed
					_t55 = L".tmp";
					E004AEEC0(0, _t54, L".tmp", _v12, _t71, _t73,  &_v8); // executed
					_t30 = CreateDirectoryW(E004084EC(_v8), 0); // executed
					if(_t30 != 0) {
						break;
					}
					_t54 = GetLastError();
					_t78 = _t54 - 0xb7;
					if(_t54 != 0xb7) {
						E00426F08(0x3b,  &_v32, _v8);
						_v28 = _v32;
						E00419E18( &_v36, _t54, 0);
						_v24 = _v36;
						E004232EC(_t54,  &_v40);
						_v20 = _v40;
						E00426ED8(0x70, 2,  &_v28,  &_v16);
						_t55 = _v16;
						E0041F264(_v16, 1);
						E0040711C();
					}
				}
				E00407E00(_t73, _v8);
				__eflags = 0;
				_pop(_t63);
				 *[fs:eax] = _t63;
				_push(E004AF0D8);
				E00407A80( &_v40, 3);
				return E00407A80( &_v16, 3);
			}

APIs

CreateDirectoryW.KERNEL32(00000000,00000000,?,00000000,004AF0D1,?,?,?,00000003,00000000,00000000,?,004B619D), ref: 004AF024
GetLastError.KERNEL32(00000000,00000000,?,00000000,004AF0D1,?,?,?,00000003,00000000,00000000,?,004B619D), ref: 004AF02D

Strings

.tmp, xrefs: 004AF00D

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID: .tmp
API String ID: 1375471231-2986845003
Opcode ID: c75eac645f26e3426e01610e57b4024922a873173148b92a04778a5a1a6e5061
Instruction ID: b7596c477a5c5600326e1223ca3cfb4fcc6b3a27470c234041d6d6c97c1718c4
Opcode Fuzzy Hash: c75eac645f26e3426e01610e57b4024922a873173148b92a04778a5a1a6e5061
Instruction Fuzzy Hash: EB217675A042189FDB10EBA5C842ADFB3B9EB49304F51447BF901B7381DA3C6E058BA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040E450, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040E450(long __eax, WCHAR* __edx, void* _a4, struct HINSTANCE__* _a8, struct HMENU__* _a12, struct HWND__* _a16, int _a20, int _a24, int _a28, int _a32, long _a36) {
				WCHAR* _v8;
				void* _t13;
				struct HWND__* _t24;
				WCHAR* _t29;
				long _t32;

				_v8 = _t29;
				_t32 = __eax;
				_t13 = E00405740();
				_t24 = CreateWindowExW(_t32, __edx, _v8, _a36, _a32, _a28, _a24, _a20, _a16, _a12, _a8, _a4); // executed
				E00405730(_t13);
				return _t24;
			}

0x0040e457
0x0040e45c
0x0040e45e
0x0040e48f
0x0040e498
0x0040e4a4

APIs

CreateWindowExW.USER32 ref: 0040E48F

Strings

STATIC, xrefs: 0040E48D
InnoSetupLdrWindow, xrefs: 0040E453

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CreateWindow
String ID: InnoSetupLdrWindow$STATIC
API String ID: 716092398-2209255943
Opcode ID: 4ba199ab3c1e041c72a50ebd66c3ee798d5f8225e8fee486b5eb3d70e3749009
Instruction ID: 770f17d29583ffea265d4876c6cd55b491c436ce5e2cc0b006eebdc9bc405b2a
Opcode Fuzzy Hash: 4ba199ab3c1e041c72a50ebd66c3ee798d5f8225e8fee486b5eb3d70e3749009
Instruction Fuzzy Hash: 73F07FB6600118AF9B84DE9EDC85E9B77ECEB4D264B05412ABA08E7201D634ED118BA4

Uniqueness

Uniqueness Score: -1.00%

Function 004AF1A4, Relevance: 5.0, APIs: 4, Instructions: 45
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E004AF1A4(long __eax, intOrPtr __edx, long _a4, long _a8) {
				intOrPtr _v8;
				long _t5;
				long _t9;
				void* _t10;
				void* _t13;
				void* _t15;
				void* _t16;

				_t5 = __eax;
				_v8 = __edx;
				_t9 = __eax;
				_t15 = _t10 - 1;
				if(_t15 < 0) {
					L10:
					return _t5;
				}
				_t16 = _t15 + 1;
				_t13 = 0;
				while(1) {
					_t19 = _t13 - 1;
					if(_t13 != 1) {
						__eflags = _t13 - 1;
						if(__eflags > 0) {
							Sleep(_a4);
						}
					} else {
						Sleep(_a8);
					}
					_t5 = E0042714C(_t9, _v8, _t19); // executed
					if(_t5 != 0) {
						goto L10;
					}
					_t5 = GetLastError();
					if(_t5 == 2) {
						goto L10;
					}
					_t5 = GetLastError();
					if(_t5 == 3) {
						goto L10;
					}
					_t13 = _t13 + 1;
					_t16 = _t16 - 1;
					if(_t16 != 0) {
						continue;
					}
					goto L10;
				}
				goto L10;
			}

APIs

Sleep.KERNEL32(?,?,?,?,0000000D,?,004B64E8,000000FA,00000032,004B6550), ref: 004AF1C3
Sleep.KERNEL32(?,?,?,?,0000000D,?,004B64E8,000000FA,00000032,004B6550), ref: 004AF1D3
GetLastError.KERNEL32(?,?,?,0000000D,?,004B64E8,000000FA,00000032,004B6550), ref: 004AF1E6
GetLastError.KERNEL32(?,?,?,0000000D,?,004B64E8,000000FA,00000032,004B6550), ref: 004AF1F0

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ErrorLastSleep
String ID:
API String ID: 1458359878-0
Opcode ID: c1e87398912020d40a8f3f3fc67c7cd229e5b3e9e72c69b22c238851739674ee
Instruction ID: 41f2dccd4b5f7aab24c83a5e2e8d9b15ebe3d7cab8471b1031266df413ad678e
Opcode Fuzzy Hash: c1e87398912020d40a8f3f3fc67c7cd229e5b3e9e72c69b22c238851739674ee
Instruction Fuzzy Hash: F0F09632705224E65624A5EEDC46D6FB298DEB2364720463BE904D7341D438CC4543A9

Uniqueness

Uniqueness Score: -1.00%

Function 0041FF94, Relevance: 4.6, APIs: 3, Instructions: 93
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E0041FF94(void* __eax, void* __ebx, signed int* __ecx, signed int* __edx, void* __edi, void* __esi, signed int* _a4) {
				char _v8;
				char _v9;
				int _v16;
				void* _v20;
				void* _v24;
				int _v28;
				int _t33;
				int _t43;
				int _t64;
				intOrPtr _t72;
				intOrPtr _t74;
				signed int* _t77;
				signed int* _t79;
				void* _t81;
				void* _t82;
				intOrPtr _t83;

				_t81 = _t82;
				_t83 = _t82 + 0xffffffe8;
				_v8 = 0;
				_t77 = __ecx;
				_t79 = __edx;
				_push(_t81);
				_push(0x420094);
				_push( *[fs:eax]);
				 *[fs:eax] = _t83;
				_v9 = 0;
				E00407E48( &_v8, __eax);
				E00407FB0( &_v8);
				_t33 = GetFileVersionInfoSizeW(E004084EC(_v8),  &_v16); // executed
				_t64 = _t33;
				if(_t64 == 0) {
					_pop(_t72);
					 *[fs:eax] = _t72;
					_push(0x42009b);
					return E00407A20( &_v8);
				} else {
					_v20 = E004053F0(_t64);
					_push(_t81);
					_push(0x420077);
					_push( *[fs:edx]);
					 *[fs:edx] = _t83;
					_t43 = GetFileVersionInfoW(E004084EC(_v8), _v16, _t64, _v20); // executed
					if(_t43 != 0 && VerQueryValueW(_v20, 0x4200a8,  &_v24,  &_v28) != 0) {
						 *_t79 =  *(_v24 + 0x10) >> 0x00000010 & 0x0000ffff;
						 *_t77 =  *(_v24 + 0x10) & 0x0000ffff;
						 *_a4 =  *(_v24 + 0x14) >> 0x00000010 & 0x0000ffff;
						_v9 = 1;
					}
					_pop(_t74);
					 *[fs:eax] = _t74;
					_push(0x42007e);
					return E0040540C(_v20);
				}
			}

APIs

GetFileVersionInfoSizeW.VERSION(00000000,?,00000000,00420094), ref: 0041FFD9
GetFileVersionInfoW.VERSION(00000000,?,00000000,?,00000000,00420077,?,00000000,?,00000000,00420094), ref: 00420012
VerQueryValueW.VERSION(?,004200A8,?,?,00000000,?,00000000,?,00000000,00420077,?,00000000,?,00000000,00420094), ref: 0042002C

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileInfoVersion$QuerySizeValue
String ID:
API String ID: 2179348866-0
Opcode ID: db1b7188df03ba7b3b32e0e3197f16d1bbb1710ebdecda22b0e2c2fca2e7d661
Instruction ID: 087fa93cc02b824bee97242c1a4c1e6fbe52d07f241be95d6751b2a9bfa32856
Opcode Fuzzy Hash: db1b7188df03ba7b3b32e0e3197f16d1bbb1710ebdecda22b0e2c2fca2e7d661
Instruction Fuzzy Hash: 19314771A042199FD710DFA9D941DAFB7F8EB48700B91447AF944E3252D778DD00C765

Uniqueness

Uniqueness Score: -1.00%

Function 0040B110, Relevance: 3.1, APIs: 2, Instructions: 93
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E0040B110(intOrPtr __eax, void* __ebx, signed int __ecx, signed int __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _t41;
				signed short _t43;
				signed short _t46;
				signed int _t60;
				intOrPtr _t68;
				void* _t79;
				signed int* _t81;
				intOrPtr _t84;

				_t79 = __edi;
				_t61 = __ecx;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t81 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E00407B04(_v8);
				E00407B04(_v12);
				_push(_t84);
				_push(0x40b227);
				_push( *[fs:eax]);
				 *[fs:eax] = _t84;
				E00407A20(__ecx);
				if(_v12 == 0) {
					L14:
					_pop(_t68);
					 *[fs:eax] = _t68;
					_push(E0040B22E);
					return E00407A80( &_v28, 6);
				}
				E00407E48( &_v20, _v12);
				_t41 = _v12;
				if(_t41 != 0) {
					_t41 =  *(_t41 - 4);
				}
				_t60 = _t41;
				if(_t60 < 1) {
					L7:
					_t43 = E0040AE34(_v8, _t60, _t61,  &_v16, _t81); // executed
					if(_v16 == 0) {
						L00403730();
						E0040A7E4(_t43, _t60,  &_v24, _t79, _t81);
						_t46 = E0040AF60(_v20, _t60, _t81, _v24, _t79, _t81); // executed
						__eflags =  *_t81;
						if( *_t81 == 0) {
							__eflags =  *0x4bdc0c;
							if( *0x4bdc0c == 0) {
								L00403738();
								E0040A7E4(_t46, _t60,  &_v28, _t79, _t81);
								E0040AF60(_v20, _t60, _t81, _v28, _t79, _t81);
							}
						}
						__eflags =  *_t81;
						if(__eflags == 0) {
							E0040B044(_v20, _t60, _t81, __eflags); // executed
						}
					} else {
						E0040AF60(_v20, _t60, _t81, _v16, _t79, _t81);
					}
					goto L14;
				}
				while( *((short*)(_v12 + _t60 * 2 - 2)) != 0x2e) {
					_t60 = _t60 - 1;
					__eflags = _t60;
					if(_t60 != 0) {
						continue;
					}
					goto L7;
				}
				_t61 = _t60;
				E004088AC(_v12, _t60, 1,  &_v20);
				goto L7;
			}

APIs

GetUserDefaultUILanguage.KERNEL32(00000000,0040B227,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040B2AE,00000000,?,00000105), ref: 0040B1BB
GetSystemDefaultUILanguage.KERNEL32(00000000,0040B227,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040B2AE,00000000,?,00000105), ref: 0040B1E3

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: DefaultLanguage$SystemUser
String ID:
API String ID: 384301227-0
Opcode ID: 8091743a5a45bbad2069f173d476493d8776fa257b9783c2651a700d4e0e0a8f
Instruction ID: e5bcb09f7540d0846d638ab8db7cc306f2a88a3609992180fc1e837192b0f5a6
Opcode Fuzzy Hash: 8091743a5a45bbad2069f173d476493d8776fa257b9783c2651a700d4e0e0a8f
Instruction Fuzzy Hash: B0313070A142499BDB10EBA5C891AAEB7B5EF48304F50857BE400B73D1DB7CAD41CB9E

Uniqueness

Uniqueness Score: -1.00%

Function 0040B234, Relevance: 3.1, APIs: 2, Instructions: 55
libraryCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E0040B234(void* __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				short _v530;
				char _v536;
				char _v540;
				void* _t44;
				intOrPtr _t45;
				void* _t49;
				void* _t52;

				_v536 = 0;
				_v540 = 0;
				_v8 = 0;
				_t49 = __eax;
				_push(_t52);
				_push(0x40b2ee);
				_push( *[fs:eax]);
				 *[fs:eax] = _t52 + 0xfffffde8;
				GetModuleFileNameW(0,  &_v530, 0x105);
				E00408550( &_v536, _t49);
				_push(_v536);
				E0040858C( &_v540, 0x105,  &_v530);
				_pop(_t44); // executed
				E0040B110(_v540, 0,  &_v8, _t44, __edi, _t49); // executed
				if(_v8 != 0) {
					LoadLibraryExW(E004084EC(_v8), 0, 2);
				}
				_pop(_t45);
				 *[fs:eax] = _t45;
				_push(E0040B2F5);
				E00407A80( &_v540, 2);
				return E00407A20( &_v8);
			}

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040B2EE,?,?,00000000), ref: 0040B270
LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040B2EE,?,?,00000000), ref: 0040B2C1

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileLibraryLoadModuleName
String ID:
API String ID: 1159719554-0
Opcode ID: c89eb0a175d0b8486c29a163bc28afc1dff8206c8c77fc3926f93841ada109dc
Instruction ID: c66d7809fa1512833e1e01641763b0ecb7dd00f0751393a0e64d94d028879d96
Opcode Fuzzy Hash: c89eb0a175d0b8486c29a163bc28afc1dff8206c8c77fc3926f93841ada109dc
Instruction Fuzzy Hash: 35116070A4421CABDB10EB55CD86BDE77B8DB04304F5144BEE508B32C1DA785F848AA9

Uniqueness

Uniqueness Score: -1.00%

Function 0042714C, Relevance: 3.0, APIs: 2, Instructions: 42
fileCOMMON

Download Yara Rule

C-Code - Quality: 60%

			E0042714C(void* __eax, void* __edx, void* __eflags) {
				int _v8;
				char _v16;
				long _v20;
				int _t13;
				intOrPtr _t27;
				void* _t32;
				void* _t34;
				intOrPtr _t35;

				_t32 = _t34;
				_t35 = _t34 + 0xfffffff0;
				if(E00427100(__eax,  &_v16) != 0) {
					_push(_t32);
					_push(0x4271a9);
					_push( *[fs:eax]);
					 *[fs:eax] = _t35;
					_t13 = DeleteFileW(E004084EC(__edx)); // executed
					_v8 = _t13;
					_v20 = GetLastError();
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(E004271B0);
					return E0042713C( &_v16);
				} else {
					_v8 = 0;
					return _v8;
				}
			}

0x0042714d
0x0042714f
0x00427164
0x0042716f
0x00427170
0x00427175
0x00427178
0x00427183
0x00427188
0x00427190
0x00427195
0x00427198
0x0042719b
0x004271a8
0x00427166
0x00427168
0x004271c1
0x004271c1

APIs

DeleteFileW.KERNEL32(00000000,00000000,004271A9,?,0000000D,00000000), ref: 00427183
GetLastError.KERNEL32(00000000,00000000,004271A9,?,0000000D,00000000), ref: 0042718B

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: DeleteErrorFileLast
String ID:
API String ID: 2018770650-0
Opcode ID: fb265b3914bec14af5fbd2795fa5d6ad5009cb2eebf404f6a7520a979d54d266
Instruction ID: 5c745cc114b774f2c3f546e8241c6a746048c5dd5cabe09facdda73b7663d901
Opcode Fuzzy Hash: fb265b3914bec14af5fbd2795fa5d6ad5009cb2eebf404f6a7520a979d54d266
Instruction Fuzzy Hash: 24F0C831B082289FDB01DFB6AC414BEB3E8DF0971479149BBE804E3341EA795D2086A8

Uniqueness

Uniqueness Score: -1.00%

Function 00421230, Relevance: 3.0, APIs: 2, Instructions: 33
libraryCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E00421230(void* __eax, void* __ebx, int __edx) {
				struct HINSTANCE__* _v12;
				int _v16;
				int _t4;
				struct HINSTANCE__* _t9;
				void* _t12;
				intOrPtr _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;

				_t18 = _t19;
				_t20 = _t19 + 0xfffffff4;
				_t12 = __eax;
				_t4 = SetErrorMode(__edx); // executed
				_v16 = _t4;
				_push(_t18);
				_push(0x4212a2);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				asm("fnstcw word [ebp-0x2]");
				_push(_t18);
				_push(0x421284);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				_t9 = LoadLibraryW(E004084EC(_t12)); // executed
				_v12 = _t9;
				_pop(_t16);
				 *[fs:eax] = _t16;
				_push(0x42128b);
				asm("fclex");
				asm("fldcw word [ebp-0x2]");
				return 0;
			}

APIs

SetErrorMode.KERNEL32 ref: 0042123A
LoadLibraryW.KERNEL32(00000000,00000000,00421284,?,00000000,004212A2), ref: 00421269

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ErrorLibraryLoadMode
String ID:
API String ID: 2987862817-0
Opcode ID: 5d62b3fe4766baadd73c675683546c7f58e01c4ce11fe1a914dda1a55ed8f36c
Instruction ID: 4174928c950a8c4d8a753a2a73b5e5f46ee32f9a8ef6f103d2b3a03bcfaff51e
Opcode Fuzzy Hash: 5d62b3fe4766baadd73c675683546c7f58e01c4ce11fe1a914dda1a55ed8f36c
Instruction Fuzzy Hash: 15F08270A14744BFDB115F779C5282BBAACE709B047A348BAF800F2691E53C48208574

Uniqueness

Uniqueness Score: -1.00%

Function 004052D4, Relevance: 2.6, APIs: 2, Instructions: 63
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004052D4() {
				intOrPtr _t13;
				intOrPtr* _t14;
				int _t18;
				intOrPtr* _t23;
				void* _t25;
				void* _t26;
				void* _t28;
				void* _t31;

				_t28 =  *0x004BBADC;
				while(_t28 != 0x4bbad8) {
					_t2 = _t28 + 4; // 0x4bbad8
					VirtualFree(_t28, 0, 0x8000); // executed
					_t28 =  *_t2;
				}
				_t25 = 0x37;
				_t13 = 0x4b7080;
				do {
					 *((intOrPtr*)(_t13 + 0xc)) = _t13;
					 *((intOrPtr*)(_t13 + 8)) = _t13;
					 *((intOrPtr*)(_t13 + 0x10)) = 1;
					 *((intOrPtr*)(_t13 + 0x14)) = 0;
					_t13 = _t13 + 0x20;
					_t25 = _t25 - 1;
				} while (_t25 != 0);
				 *0x4bbad8 = 0x4bbad8;
				 *0x004BBADC = 0x4bbad8;
				_t26 = 0x400;
				_t23 = 0x4bbb78;
				do {
					_t14 = _t23;
					 *_t14 = _t14;
					_t8 = _t14 + 4; // 0x4bbb78
					 *_t8 = _t14;
					_t23 = _t23 + 8;
					_t26 = _t26 - 1;
				} while (_t26 != 0);
				 *0x4bbaf4 = 0;
				E00405884(0x4bbaf8, 0x80);
				_t18 = 0;
				 *0x4bbaf0 = 0;
				_t31 =  *0x004BDB80;
				while(_t31 != 0x4bdb7c) {
					_t10 = _t31 + 4; // 0x4bdb7c
					_t18 = VirtualFree(_t31, 0, 0x8000);
					_t31 =  *_t10;
				}
				 *0x4bdb7c = 0x4bdb7c;
				 *0x004BDB80 = 0x4bdb7c;
				return _t18;
			}

APIs

VirtualFree.KERNEL32(004BBAD8,00000000,00008000,?,?,?,?,004053D4,0040CB76,00000000,0040CB94), ref: 004052F2
VirtualFree.KERNEL32(004BDB7C,00000000,00008000,004BBAD8,00000000,00008000,?,?,?,?,004053D4,0040CB76,00000000,0040CB94), ref: 0040536E

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 2ac254642d4a9788115c799da738c06d3b344f11962515fad3d8dec7c1c1ac76
Instruction ID: 8dfda0fc8014d777c4f42bdf36328f4fb77b4e1ecbcf9529c7d2d9386e1eba40
Opcode Fuzzy Hash: 2ac254642d4a9788115c799da738c06d3b344f11962515fad3d8dec7c1c1ac76
Instruction Fuzzy Hash: A5116D71A046008FC7689F199840B67BBE4EB88754F15C0BFE549EB791D7B8AC018F9C

Uniqueness

Uniqueness Score: -1.00%

Function 004232EC, Relevance: 1.5, APIs: 1, Instructions: 28
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004232EC(long __eax, void* __edx) {
				short _v2052;
				signed int _t7;
				void* _t10;
				signed int _t16;
				void* _t17;

				_t10 = __edx;
				_t7 = FormatMessageW(0x3200, 0, __eax, 0,  &_v2052, 0x400, 0); // executed
				while(_t7 > 0) {
					_t16 =  *(_t17 + _t7 * 2 - 2) & 0x0000ffff;
					if(_t16 <= 0x20) {
						L1:
						_t7 = _t7 - 1;
						__eflags = _t7;
						continue;
					} else {
						_t20 = _t16 - 0x2e;
						if(_t16 == 0x2e) {
							goto L1;
						}
					}
					break;
				}
				return E00407BA8(_t10, _t7, _t17, _t20);
			}

0x004232f3
0x0042330b
0x00423313
0x00423317
0x00423320
0x00423312
0x00423312
0x00423312
0x00000000
0x00423322
0x00423322
0x00423326
0x00000000
0x00000000
0x00423326
0x00000000
0x00423320
0x00423339

APIs

FormatMessageW.KERNEL32(00003200,00000000,00000000,00000000,?,00000400,00000000,00000000,00423C1E,00000000,00423C6F,?,00423E28), ref: 0042330B

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: 8c28d4cd2feba8420b72e2c8323dac74420019247290cbce7f55a68a80108edc
Instruction ID: 75fedbff241bec6efc8727d26b236f8c34027f11b3bdd8370f626a5f6d270aaf
Opcode Fuzzy Hash: 8c28d4cd2feba8420b72e2c8323dac74420019247290cbce7f55a68a80108edc
Instruction Fuzzy Hash: 89E0D86075432121F624A9052C03B7B2129A7C0B12FE084367A80DE3D5DEADAF55525E

Uniqueness

Uniqueness Score: -1.00%

Function 00422A18, Relevance: 1.5, APIs: 1, Instructions: 27
COMMON

Download Yara Rule

C-Code - Quality: 31%

			E00422A18(void* __eax, void* __ebx, void* __ecx, void* __eflags) {
				char _v8;
				intOrPtr _t21;
				intOrPtr _t24;

				_push(0);
				_push(_t24);
				_push(0x422a5e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t24;
				E004229AC(__eax, __ecx,  &_v8, __eflags);
				GetFileAttributesW(E004084EC(_v8)); // executed
				_pop(_t21);
				 *[fs:eax] = _t21;
				_push(E00422A65);
				return E00407A20( &_v8);
			}

0x00422a1b
0x00422a22
0x00422a23
0x00422a28
0x00422a2b
0x00422a33
0x00422a41
0x00422a4a
0x00422a4d
0x00422a50
0x00422a5d

APIs

GetFileAttributesW.KERNEL32(00000000,00000000,00422A5E,?,?,00000000,?,00422A71,00422DE2,00000000,00422E27,?,?,00000000,00000000), ref: 00422A41

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 8cd9a521966ca01502d57987e2d96a70fbf8ec2bcb71e07358b87aea606a80f7
Instruction ID: ce0c41168f735205187e46b6c3e9294348714fcf51f30dd0002a5427be662740
Opcode Fuzzy Hash: 8cd9a521966ca01502d57987e2d96a70fbf8ec2bcb71e07358b87aea606a80f7
Instruction Fuzzy Hash: D7E09231704308BBD721EB76DE9291AB7ECD788700BA14876B500E7682E6B86E108418

Uniqueness

Uniqueness Score: -1.00%

Function 00423DA8, Relevance: 1.5, APIs: 1, Instructions: 26
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00423DA8(signed int __ecx, void* __edx, signed char _a4, signed char _a8) {
				void* _t17;

				_t17 = CreateFileW(E004084EC(__edx),  *(0x4b92e0 + (_a8 & 0x000000ff) * 4),  *(0x4b92ec + (_a4 & 0x000000ff) * 4), 0,  *(0x4b92fc + (__ecx & 0x000000ff) * 4), 0x80, 0); // executed
				return _t17;
			}

0x00423de5
0x00423ded

APIs

CreateFileW.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 00423DE5

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: dd9159e21b70a0e7bcb8d3c3b5b03a1c2ffc365921e6ade8a7c7864e99aae5ed
Instruction ID: 37fe8146f2431012b4276926014d9d5fd10bf57e8855788e2bc853c5fce69268
Opcode Fuzzy Hash: dd9159e21b70a0e7bcb8d3c3b5b03a1c2ffc365921e6ade8a7c7864e99aae5ed
Instruction Fuzzy Hash: 81E048716441283FD6149ADE7C91F76779C9709754F404563F684D7281C4A59D1086FC

Uniqueness

Uniqueness Score: -1.00%

Function 00409FA8, Relevance: 1.5, APIs: 1, Instructions: 26
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00409FA8(void* __eax) {
				short _v532;
				void* __ebx;
				void* __esi;
				intOrPtr _t14;
				void* _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t16 = __eax;
				_t22 =  *((intOrPtr*)(__eax + 0x10));
				if( *((intOrPtr*)(__eax + 0x10)) == 0) {
					GetModuleFileNameW( *(__eax + 4),  &_v532, 0x20a);
					_t14 = E0040B234(_t21, _t16, _t18, _t19, _t22); // executed
					_t20 = _t14;
					 *((intOrPtr*)(_t16 + 0x10)) = _t20;
					if(_t20 == 0) {
						 *((intOrPtr*)(_t16 + 0x10)) =  *((intOrPtr*)(_t16 + 4));
					}
				}
				return  *((intOrPtr*)(_t16 + 0x10));
			}

0x00409fb0
0x00409fb2
0x00409fb6
0x00409fc6
0x00409fcf
0x00409fd4
0x00409fd6
0x00409fdb
0x00409fe0
0x00409fe0
0x00409fdb
0x00409fee

APIs

GetModuleFileNameW.KERNEL32(?,?,0000020A), ref: 00409FC6

Part of subcall function 0040B234: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040B2EE,?,?,00000000), ref: 0040B270
Part of subcall function 0040B234: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040B2EE,?,?,00000000), ref: 0040B2C1

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileModuleName$LibraryLoad
String ID:
API String ID: 4113206344-0
Opcode ID: 2301add7ea149dd4fbebfdf59b7b3942b6e3d1df22e9777a155c308e994de31e
Instruction ID: 1beb63cefa55d3dba2b36e2095187d50c135a0cf4330adb642bee8d6847d8901
Opcode Fuzzy Hash: 2301add7ea149dd4fbebfdf59b7b3942b6e3d1df22e9777a155c308e994de31e
Instruction Fuzzy Hash: 7BE0C971A013119BCB10DE58C8C5A4A3798AB08754F044AA6AD24DF387D3B5DD1487D5

Uniqueness

Uniqueness Score: -1.00%

Function 00423ED8, Relevance: 1.5, APIs: 1, Instructions: 11
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00423ED8(intOrPtr* __eax) {
				int _t4;
				intOrPtr* _t7;

				_t7 = __eax;
				_t4 = SetEndOfFile( *(__eax + 4)); // executed
				if(_t4 == 0) {
					return E00423CAC( *_t7);
				}
				return _t4;
			}

0x00423ed9
0x00423edf
0x00423ee6
0x00000000
0x00423eea
0x00423ef0

APIs

SetEndOfFile.KERNEL32(?,7FC20010,004B6356,00000000), ref: 00423EDF

Part of subcall function 00423CAC: GetLastError.KERNEL32(004237FC,00423D4F,?,?,00000000,?,004B5F76,00000001,00000000,00000002,00000000,004B659A,?,00000000,004B65DE), ref: 00423CAF

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ErrorFileLast
String ID:
API String ID: 734332943-0
Opcode ID: 09339d9670a81d77462708df034512c3e9d7a5ee9c38b49a5b5d33688a33920b
Instruction ID: ae15968ab9cd064c61534cde2c099b4aac4a7b80231ae1acb8e6de6fcc6ca8bf
Opcode Fuzzy Hash: 09339d9670a81d77462708df034512c3e9d7a5ee9c38b49a5b5d33688a33920b
Instruction Fuzzy Hash: 58C04C61300210478B04EEBBD5C190666E85B582157414466B904DB216E67DD9158615

Uniqueness

Uniqueness Score: -1.00%

Function 0040CAA4, Relevance: 1.5, APIs: 1, Instructions: 6
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040CAA4() {
				intOrPtr _v16;
				struct _SYSTEM_INFO* _t3;

				GetSystemInfo(_t3); // executed
				return _v16;
			}

0x0040caa8
0x0040cab4

APIs

GetSystemInfo.KERNEL32 ref: 0040CAA8

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 9dd1f6b5bb1b0da35443b21aa4a452d0333aba70165927044b368234b0936b7a
Instruction ID: 4f21eec972071caf62eebbeb90550a79e4d7a8082c8b53f17589c9beddeb5e45
Opcode Fuzzy Hash: 9dd1f6b5bb1b0da35443b21aa4a452d0333aba70165927044b368234b0936b7a
Instruction Fuzzy Hash: CDA012984088002AC404AB194C4340F39C819C1114FC40224745CB62C2E61D866403DB

Uniqueness

Uniqueness Score: -1.00%

Function 00403BCC, Relevance: 1.3, APIs: 1, Instructions: 41
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403BCC(signed int __eax) {
				void* _t4;
				intOrPtr _t7;
				signed int _t8;
				void** _t10;
				void* _t12;
				void* _t14;

				_t8 = __eax;
				E00403B60(__eax);
				_t4 = VirtualAlloc(0, 0x13fff0, 0x1000, 4); // executed
				if(_t4 == 0) {
					 *0x4bbaf0 = 0;
					return 0;
				} else {
					_t10 =  *0x4bbadc; // 0x4bbad8
					_t14 = _t4;
					 *_t14 = 0x4bbad8;
					 *0x4bbadc = _t4;
					 *(_t14 + 4) = _t10;
					 *_t10 = _t4;
					_t12 = _t14 + 0x13fff0;
					 *((intOrPtr*)(_t12 - 4)) = 2;
					 *0x4bbaf0 = 0x13ffe0 - _t8;
					_t7 = _t12 - _t8;
					 *0x4bbaec = _t7;
					 *(_t7 - 4) = _t8 | 0x00000002;
					return _t7;
				}
			}

APIs

VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,000001A3,004041E3,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000), ref: 00403BE3

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: cb8f292e3956ad7a1a5e0c92f19b435d8be5366ce3ed5ca5418bf36ecf0e0e1a
Instruction ID: ee114c9f451a66722181258b66a673b4223530c98f306d9f720d31c7abdd50f3
Opcode Fuzzy Hash: cb8f292e3956ad7a1a5e0c92f19b435d8be5366ce3ed5ca5418bf36ecf0e0e1a
Instruction Fuzzy Hash: 71F087F2F002404FE7249F799D40742BAE8E709315B10827EE908EB799E7F488018B88

Uniqueness

Uniqueness Score: -1.00%

Function 00403CF6, Relevance: 1.3, APIs: 1, Instructions: 41
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E00403CF6(void* __eax) {
				struct _MEMORY_BASIC_INFORMATION _v44;
				void* _v48;
				void* _t13;
				int _t20;
				void* _t22;
				signed int _t26;
				signed int _t29;
				signed int _t30;
				void* _t34;
				intOrPtr _t35;
				signed int _t39;
				void* _t41;
				void* _t42;

				_push(_t29);
				_t42 = _t41 + 0xffffffdc;
				_t34 = __eax - 0x10;
				E00403C48();
				_t13 = _t34;
				 *_t42 =  *_t13;
				_v48 =  *((intOrPtr*)(_t13 + 4));
				_t26 =  *(_t13 + 0xc);
				if((_t26 & 0x00000008) != 0) {
					_t22 = _t34;
					_t39 = _t26 & 0xfffffff0;
					_t30 = 0;
					while(1) {
						VirtualQuery(_t22,  &_v44, 0x1c);
						if(VirtualFree(_t22, 0, 0x8000) == 0) {
							break;
						}
						_t35 = _v44.RegionSize;
						if(_t39 > _t35) {
							_t39 = _t39 - _t35;
							_t22 = _t22 + _t35;
							continue;
						}
						goto L10;
					}
					_t30 = _t30 | 0xffffffff;
				} else {
					_t20 = VirtualFree(_t34, 0, 0x8000); // executed
					if(_t20 == 0) {
						_t30 = _t29 | 0xffffffff;
					} else {
						_t30 = 0;
					}
				}
				L10:
				if(_t30 == 0) {
					 *_v48 =  *_t42;
					 *( *_t42 + 4) = _v48;
				}
				 *0x4bdb78 = 0;
				return _t30;
			}

APIs

VirtualFree.KERNEL32(?,00000000,00008000), ref: 00403D27
VirtualQuery.KERNEL32(?,?,0000001C), ref: 00403D4A
VirtualFree.KERNEL32(?,00000000,00008000,?,?,0000001C), ref: 00403D57

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Virtual$Free$Query
String ID:
API String ID: 778034434-0
Opcode ID: 70118730a538275f8eba95c50282fe5a7e92951222106072b386c800723d93a4
Instruction ID: 6789628300bf7aa479fe1b8b627d7daf3441881ad106b622f2e79b23e4dc796b
Opcode Fuzzy Hash: 70118730a538275f8eba95c50282fe5a7e92951222106072b386c800723d93a4
Instruction Fuzzy Hash: C5F06D353046005FD311DF1AC844B17BBE9EFC5711F15C67AE888973A1E635DD018796

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040A928, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140
stringlibraryfileCOMMON

Download Yara Rule

C-Code - Quality: 78%

			E0040A928(short* __eax, intOrPtr __edx) {
				short* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v20;
				struct _WIN32_FIND_DATAW _v612;
				short _v1134;
				signed int _t50;
				signed int _t51;
				void* _t55;
				signed int _t88;
				signed int _t89;
				intOrPtr* _t90;
				signed int _t101;
				signed int _t102;
				short* _t112;
				struct HINSTANCE__* _t113;
				short* _t115;
				short* _t116;
				void* _t117;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_t113 = GetModuleHandleW(L"kernel32.dll");
				if(_t113 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_t115 = _v8 + 4;
						goto L10;
					} else {
						if( *((short*)(_v8 + 2)) == 0x5c) {
							_t116 = E0040A904(_v8 + 4);
							if( *_t116 != 0) {
								_t14 = _t116 + 2; // 0x2
								_t115 = E0040A904(_t14);
								if( *_t115 != 0) {
									L10:
									_t88 = _t115 - _v8;
									_t89 = _t88 >> 1;
									if(_t88 < 0) {
										asm("adc ebx, 0x0");
									}
									_t43 = _t89 + 1;
									if(_t89 + 1 <= 0x105) {
										E0040A34C( &_v1134, _v8, _t43);
										while( *_t115 != 0) {
											_t112 = E0040A904(_t115 + 2);
											_t50 = _t112 - _t115;
											_t51 = _t50 >> 1;
											if(_t50 < 0) {
												asm("adc eax, 0x0");
											}
											if(_t51 + _t89 + 1 <= 0x105) {
												_t55 =  &_v1134 + _t89 + _t89;
												_t101 = _t112 - _t115;
												_t102 = _t101 >> 1;
												if(_t101 < 0) {
													asm("adc edx, 0x0");
												}
												E0040A34C(_t55, _t115, _t102 + 1);
												_v20 = FindFirstFileW( &_v1134,  &_v612);
												if(_v20 != 0xffffffff) {
													FindClose(_v20);
													if(lstrlenW( &(_v612.cFileName)) + _t89 + 1 + 1 <= 0x105) {
														 *((short*)(_t117 + _t89 * 2 - 0x46a)) = 0x5c;
														E0040A34C( &_v1134 + _t89 + _t89 + 2,  &(_v612.cFileName), 0x105 - _t89 - 1);
														_t89 = _t89 + lstrlenW( &(_v612.cFileName)) + 1;
														_t115 = _t112;
														continue;
													}
												}
											}
											goto L24;
										}
										E0040A34C(_v8,  &_v1134, _v12);
									}
								}
							}
						}
					}
				} else {
					_t90 = GetProcAddress(_t113, "GetLongPathNameW");
					if(_t90 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v1134);
						_push(_v8);
						if( *_t90() == 0) {
							goto L4;
						} else {
							E0040A34C(_v8,  &_v1134, _v12);
						}
					}
				}
				L24:
				return _v16;
			}

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,004162BC,?,?), ref: 0040A945
GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 0040A956
FindFirstFileW.KERNEL32(?,?,kernel32.dll,004162BC,?,?), ref: 0040AA56
FindClose.KERNEL32(?,?,?,kernel32.dll,004162BC,?,?), ref: 0040AA68
lstrlenW.KERNEL32(?,?,?,?,kernel32.dll,004162BC,?,?), ref: 0040AA74
lstrlenW.KERNEL32(?,?,?,?,?,kernel32.dll,004162BC,?,?), ref: 0040AAB9

Strings

kernel32.dll, xrefs: 0040A940
\, xrefs: 0040AA86
GetLongPathNameW, xrefs: 0040A950

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Findlstrlen$AddressCloseFileFirstHandleModuleProc
String ID: GetLongPathNameW$\$kernel32.dll
API String ID: 1930782624-3908791685
Opcode ID: 2e7747c66ca0daf9bf73dcf24122f514d4f35ae2d915a4be054088bbf24f0c4d
Instruction ID: 0568a8f2c4c85ac628058e700237ad117df8c3680498263a44950cac296231c5
Opcode Fuzzy Hash: 2e7747c66ca0daf9bf73dcf24122f514d4f35ae2d915a4be054088bbf24f0c4d
Instruction Fuzzy Hash: 7841A071B003189BCB20DE98CD85A9EB3B5AB44310F1485B69945F72C1EB7CAE51CF4A

Uniqueness

Uniqueness Score: -1.00%

Function 004AF100, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 42
shutdownCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E004AF100() {
				int _v4;
				struct _TOKEN_PRIVILEGES _v16;
				void* _v20;
				int _t7;

				if(E0041FF2C() != 2) {
					L5:
					_t7 = ExitWindowsEx(2, 0);
					asm("sbb eax, eax");
					return _t7 + 1;
				}
				if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v20) != 0) {
					LookupPrivilegeValueW(0, L"SeShutdownPrivilege",  &(_v16.Privileges));
					_v16.PrivilegeCount = 1;
					_v4 = 2;
					AdjustTokenPrivileges(_v20, 0,  &_v16, 0, 0, 0);
					if(GetLastError() == 0) {
						goto L5;
					}
					return 0;
				}
				return 0;
			}

0x004af10b
0x004af168
0x004af16c
0x004af174
0x00000000
0x004af176
0x004af11d
0x004af12f
0x004af134
0x004af13c
0x004af156
0x004af162
0x00000000
0x00000000
0x00000000
0x004af164
0x00000000

APIs

GetCurrentProcess.KERNEL32(00000028), ref: 004AF110
OpenProcessToken.ADVAPI32(00000000,00000028), ref: 004AF116
LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 004AF12F
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 004AF156
GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 004AF15B
ExitWindowsEx.USER32(00000002,00000000), ref: 004AF16C

Strings

SeShutdownPrivilege, xrefs: 004AF128

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
String ID: SeShutdownPrivilege
API String ID: 107509674-3733053543
Opcode ID: 8e5a84c14a70d88db4b642b50940ef19e8415a26a34c47856276ad77353cc172
Instruction ID: 7dac40d64cb4e9f407b68a4455ade4cde001687ddfd0dce28971008a8d09d756
Opcode Fuzzy Hash: 8e5a84c14a70d88db4b642b50940ef19e8415a26a34c47856276ad77353cc172
Instruction Fuzzy Hash: 51F06D70684301B6E610A6F28C07F6B21C89B56B58F500C3EF644E91C2D7BDD85D867B

Uniqueness

Uniqueness Score: -1.00%

Function 0042786C, Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0042786C() {
				struct HINSTANCE__* _v8;
				intOrPtr _t46;
				void* _t91;

				_v8 = GetModuleHandleW(L"oleaut32.dll");
				 *0x4c10ec = E00427840("VariantChangeTypeEx", E0042725C, _t91);
				 *0x4c10f0 = E00427840("VarNeg", E004272A4, _t91);
				 *0x4c10f4 = E00427840("VarNot", E004272A4, _t91);
				 *0x4c10f8 = E00427840("VarAdd", E004272B0, _t91);
				 *0x4c10fc = E00427840("VarSub", E004272B0, _t91);
				 *0x4c1100 = E00427840("VarMul", E004272B0, _t91);
				 *0x4c1104 = E00427840("VarDiv", E004272B0, _t91);
				 *0x4c1108 = E00427840("VarIdiv", E004272B0, _t91);
				 *0x4c110c = E00427840("VarMod", E004272B0, _t91);
				 *0x4c1110 = E00427840("VarAnd", E004272B0, _t91);
				 *0x4c1114 = E00427840("VarOr", E004272B0, _t91);
				 *0x4c1118 = E00427840("VarXor", E004272B0, _t91);
				 *0x4c111c = E00427840("VarCmp", E004272BC, _t91);
				 *0x4c1120 = E00427840("VarI4FromStr", E004272C8, _t91);
				 *0x4c1124 = E00427840("VarR4FromStr", E00427334, _t91);
				 *0x4c1128 = E00427840("VarR8FromStr", E004273A4, _t91);
				 *0x4c112c = E00427840("VarDateFromStr", E00427414, _t91);
				 *0x4c1130 = E00427840("VarCyFromStr", E00427484, _t91);
				 *0x4c1134 = E00427840("VarBoolFromStr", E004274F4, _t91);
				 *0x4c1138 = E00427840("VarBstrFromCy", E00427574, _t91);
				 *0x4c113c = E00427840("VarBstrFromDate", E0042761C, _t91);
				_t46 = E00427840("VarBstrFromBool", E004277AC, _t91);
				 *0x4c1140 = _t46;
				return _t46;
			}

APIs

GetModuleHandleW.KERNEL32(oleaut32.dll), ref: 00427875

Part of subcall function 00427840: GetProcAddress.KERNEL32(00000000), ref: 00427859

Strings

VarSub, xrefs: 004278DB
VarDiv, xrefs: 00427907
VarMod, xrefs: 00427933
VarNot, xrefs: 004278AF
VarCyFromStr, xrefs: 004279F9
VarNeg, xrefs: 00427899
VarOr, xrefs: 0042795F
VarXor, xrefs: 00427975
VarBstrFromBool, xrefs: 00427A51
oleaut32.dll, xrefs: 00427870
VarBoolFromStr, xrefs: 00427A0F
VarAnd, xrefs: 00427949
VarBstrFromDate, xrefs: 00427A3B
VariantChangeTypeEx, xrefs: 00427883
VarR4FromStr, xrefs: 004279B7
VarBstrFromCy, xrefs: 00427A25
VarCmp, xrefs: 0042798B
VarMul, xrefs: 004278F1
VarAdd, xrefs: 004278C5
VarR8FromStr, xrefs: 004279CD
VarDateFromStr, xrefs: 004279E3
VarIdiv, xrefs: 0042791D
VarI4FromStr, xrefs: 004279A1

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
API String ID: 1646373207-1918263038
Opcode ID: 5cf195724925289e6f2ad16803ad8370aec20d17f9d85d45225f6b1074e55d7c
Instruction ID: 96d943bac4208f5f805096c386a34d5aa5ef5e253b2f04d34a0c4787a29fadef
Opcode Fuzzy Hash: 5cf195724925289e6f2ad16803ad8370aec20d17f9d85d45225f6b1074e55d7c
Instruction Fuzzy Hash: 4141246074C2359A53047BAF780292B7AD8E6497243E0D0BFF5048B767DF7CA8818A7D

Uniqueness

Uniqueness Score: -1.00%

Function 0041E7CC, Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 194
threadCOMMON

Download Yara Rule

C-Code - Quality: 82%

			E0041E7CC(void* __eax, void* __ebx, signed int __edx, void* __edi, void* __esi, long long __fp0) {
				signed int _v8;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr* _t32;
				signed int _t53;
				signed int _t56;
				signed int _t71;
				signed int _t78;
				signed int* _t82;
				signed int _t85;
				void* _t93;
				signed int _t94;
				signed int _t95;
				signed int _t98;
				signed int _t99;
				void* _t105;
				intOrPtr _t106;
				signed int _t109;
				intOrPtr _t116;
				intOrPtr _t117;
				void* _t131;
				void* _t132;
				signed int _t134;
				void* _t136;
				void* _t137;
				void* _t139;
				void* _t140;
				intOrPtr _t141;
				void* _t142;
				long long _t161;

				_t161 = __fp0;
				_t126 = __edi;
				_t109 = __edx;
				_t139 = _t140;
				_t141 = _t140 + 0xfffffff0;
				_push(__edi);
				_v12 = 0;
				_v8 = __edx;
				_t93 = __eax;
				_push(_t139);
				_push(0x41ea61);
				_push( *[fs:eax]);
				 *[fs:eax] = _t141;
				_t32 =  *0x4ba590; // 0x4bb8f8
				_t144 =  *_t32;
				if( *_t32 == 0) {
					E0040554C(0x1a);
				}
				E00406688(E0040690C( *0x4be7e4, 0, _t126), _t109 | 0xffffffff, _t144);
				_push(_t139);
				_push(0x41ea44);
				_push( *[fs:edx]);
				 *[fs:edx] = _t141;
				 *0x4be7dc = 0;
				_push(0);
				E00409C00();
				_t142 = _t141 + 4;
				E0041E034(_t93, 0x41ea7c, 0x100b,  &_v12);
				_t127 = E0041A1C4(0x41ea7c, 1, _t144);
				if(_t127 + 0xfffffffd - 3 >= 0) {
					__eflags = _t127 - 0xffffffffffffffff;
					if(_t127 - 0xffffffffffffffff < 0) {
						 *0x4be7dc = 1;
						_push(1);
						E00409C00();
						_t142 = _t142 + 4;
						E00407E00( *0x4be7e0, L"B.C.");
						 *((intOrPtr*)( *0x4be7e0 + 4)) = 0;
						_t71 =  *0x4be7e0;
						 *((intOrPtr*)(_t71 + 8)) = 0xffc00000;
						 *((intOrPtr*)(_t71 + 0xc)) = 0xc1dfffff;
						E0041C1C4(1, 1, 1, __eflags, _t161);
						_v20 = E00405790();
						_v16 = 1;
						asm("fild qword [ebp-0x10]");
						 *((long long*)( *0x4be7e0 + 0x10)) = _t161;
						asm("wait");
						EnumCalendarInfoW(E0041E6A4, GetThreadLocale(), _t127, 4);
						_t78 =  *0x4be7e0;
						__eflags = _t78;
						if(_t78 != 0) {
							_t82 = _t78 - 4;
							__eflags = _t82;
							_t78 =  *_t82;
						}
						_t134 = _t78 - 1;
						__eflags = _t134;
						if(_t134 > 0) {
							_t98 = 1;
							do {
								 *((intOrPtr*)( *0x4be7e0 + 4 + (_t98 + _t98 * 2) * 8)) = 0xffffffff;
								_t98 = _t98 + 1;
								_t134 = _t134 - 1;
								__eflags = _t134;
							} while (_t134 != 0);
						}
						EnumCalendarInfoW(E0041E73C, GetThreadLocale(), _t127, 3);
					}
				} else {
					EnumCalendarInfoW(E0041E6A4, GetThreadLocale(), _t127, 4);
					_t85 =  *0x4be7e0;
					if(_t85 != 0) {
						_t85 =  *(_t85 - 4);
					}
					_t136 = _t85 - 1;
					if(_t136 >= 0) {
						_t137 = _t136 + 1;
						_t99 = 0;
						do {
							 *((intOrPtr*)( *0x4be7e0 + 4 + (_t99 + _t99 * 2) * 8)) = 0xffffffff;
							_t99 = _t99 + 1;
							_t137 = _t137 - 1;
						} while (_t137 != 0);
					}
					EnumCalendarInfoW(E0041E73C, GetThreadLocale(), _t127, 3);
				}
				_t94 =  *0x4be7e0;
				if(_t94 != 0) {
					_t94 =  *(_t94 - 4);
				}
				_push(_t94);
				E00409C00();
				_t53 =  *0x4be7e0;
				if(_t53 != 0) {
					_t53 =  *(_t53 - 4);
				}
				_t131 = _t53 - 1;
				if(_t131 >= 0) {
					_t132 = _t131 + 1;
					_t95 = 0;
					do {
						_t127 = _t95 + _t95 * 2;
						_t106 =  *0x416e18; // 0x416e1c
						E00408F5C( *((intOrPtr*)(_v8 + 0xbc)) + (_t95 + _t95 * 2) * 8, _t106,  *0x4be7e0 + (_t95 + _t95 * 2) * 8);
						_t95 = _t95 + 1;
						_t132 = _t132 - 1;
					} while (_t132 != 0);
				}
				_t116 =  *0x41e600; // 0x41e604
				E00409D24(0x4be7e0, _t116);
				_t56 =  *0x4be7e0;
				if(_t56 != 0) {
					_t56 =  *(_t56 - 4);
				}
				 *0x4be7dc = _t56;
				_pop(_t117);
				_pop(_t105);
				 *[fs:eax] = _t117;
				_push(0x41ea4b);
				return E00406868( *0x4be7e4, _t105, _t127);
			}

APIs

GetThreadLocale.KERNEL32(00000000,00000004), ref: 0041E870
EnumCalendarInfoW.KERNEL32(0041E6A4,00000000,00000000,00000004), ref: 0041E87B
GetThreadLocale.KERNEL32(00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E8B0
EnumCalendarInfoW.KERNEL32(0041E73C,00000000,00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E8BB
GetThreadLocale.KERNEL32(00000000,00000004), ref: 0041E94C
EnumCalendarInfoW.KERNEL32(0041E6A4,00000000,00000000,00000004), ref: 0041E957
GetThreadLocale.KERNEL32(00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E98E
EnumCalendarInfoW.KERNEL32(0041E73C,00000000,00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E999

Strings

B.C., xrefs: 0041E8FA
ToA, xrefs: 0041E9BC
K, xrefs: 0041E827
K, xrefs: 0041EA09
K, xrefs: 0041E8DD

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CalendarEnumInfoLocaleThread
String ID: B.C.$ToA$K$K$K
API String ID: 683597275-1724967715
Opcode ID: 1136ce8ed02fb4c729f57db85bea68eee7c8be852006698a4ed06655204c70de
Instruction ID: 5f9a2d1895d99171d8daf0119b8bb3b5d98f795b9e196a74a36fcd0882631485
Opcode Fuzzy Hash: 1136ce8ed02fb4c729f57db85bea68eee7c8be852006698a4ed06655204c70de
Instruction Fuzzy Hash: 3061D7786002009FD710EF2BCC85AD677A9FB84354B518A7AFC019B3A6CB78DC41CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0040A250, Relevance: 21.0, APIs: 8, Strings: 4, Instructions: 28
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040A250() {
				signed int _t2;
				_Unknown_base(*)()* _t8;

				InitializeCriticalSection(0x4bdc10);
				 *0x4bdc28 = 0x7f;
				_t2 = GetVersion() & 0x000000ff;
				 *0x4bdc0c = _t2 - 6 >= 0;
				if( *0x4bdc0c != 0) {
					 *0x4bdc00 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetThreadPreferredUILanguages");
					 *0x4bdc04 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "SetThreadPreferredUILanguages");
					_t8 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetThreadUILanguage");
					 *0x4bdc08 = _t8;
					return _t8;
				}
				return _t2;
			}

0x0040a255
0x0040a25a
0x0040a268
0x0040a270
0x0040a27e
0x0040a295
0x0040a2af
0x0040a2c4
0x0040a2c9
0x00000000
0x0040a2c9
0x0040a2ce

APIs

InitializeCriticalSection.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A255
GetVersion.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A263
GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A28A
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A290
GetModuleHandleW.KERNEL32(kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2A4
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A2AA
GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadUILanguage,00000000,kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2BE
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A2C4

Strings

GetThreadPreferredUILanguages, xrefs: 0040A280
GetThreadUILanguage, xrefs: 0040A2B4
kernel32.dll, xrefs: 0040A285, 0040A29F, 0040A2B9
SetThreadPreferredUILanguages, xrefs: 0040A29A

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressHandleModuleProc$CriticalInitializeSectionVersion
String ID: GetThreadPreferredUILanguages$GetThreadUILanguage$SetThreadPreferredUILanguages$kernel32.dll
API String ID: 74573329-1403180336
Opcode ID: 58d327082e64ef42c945ef42cd8e374577ec01c28157982806072b66866d47a0
Instruction ID: d84369935ce7e940d286def53580bf621e493dc20acbcc0033f4522394103be5
Opcode Fuzzy Hash: 58d327082e64ef42c945ef42cd8e374577ec01c28157982806072b66866d47a0
Instruction Fuzzy Hash: F9F098A49853413DD6207F769D07B292D685A0170AF644AFFB410763D3EEFE4190E71E

Uniqueness

Uniqueness Score: -1.00%

Function 0041E0AC, Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 216
threadCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E0041E0AC(int __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				int _t55;
				void* _t121;
				void* _t128;
				void* _t151;
				void* _t152;
				intOrPtr _t172;
				intOrPtr _t204;
				signed short _t212;
				int _t214;
				intOrPtr _t216;
				intOrPtr _t217;
				void* _t224;

				_t224 = __fp0;
				_t211 = __edi;
				_t216 = _t217;
				_t152 = 7;
				do {
					_push(0);
					_push(0);
					_t152 = _t152 - 1;
				} while (_t152 != 0);
				_push(__edi);
				_t151 = __edx;
				_t214 = __eax;
				_push(_t216);
				_push(0x41e391);
				_push( *[fs:eax]);
				 *[fs:eax] = _t217;
				_t55 = IsValidLocale(__eax, 1);
				_t219 = _t55;
				if(_t55 == 0) {
					_t214 = GetThreadLocale();
				}
				_t172 =  *0x416f50; // 0x416f54
				E00409D24(_t151 + 0xbc, _t172);
				E0041E7CC(_t214, _t151, _t151, _t211, _t214, _t224);
				E0041E4A0(_t214, _t151, _t151, _t211, _t214);
				E0041E55C(_t214, _t151, _t151, _t211, _t214);
				E0041E034(_t214, 0, 0x14,  &_v20);
				E00407E00(_t151, _v20);
				E0041E034(_t214, 0x41e3ac, 0x1b,  &_v24);
				 *((char*)(_t151 + 4)) = E0041A1C4(0x41e3ac, 0, _t219);
				E0041E034(_t214, 0x41e3ac, 0x1c,  &_v28);
				 *((char*)(_t151 + 0xc6)) = E0041A1C4(0x41e3ac, 0, _t219);
				 *((short*)(_t151 + 0xc0)) = E0041E080(_t214, 0x2c, 0xf);
				 *((short*)(_t151 + 0xc2)) = E0041E080(_t214, 0x2e, 0xe);
				E0041E034(_t214, 0x41e3ac, 0x19,  &_v32);
				 *((char*)(_t151 + 5)) = E0041A1C4(0x41e3ac, 0, _t219);
				_t212 = E0041E080(_t214, 0x2f, 0x1d);
				 *(_t151 + 6) = _t212;
				_push(_t212);
				E0041EB18(_t214, _t151, L"m/d/yy", 0x1f, _t212, _t214, _t219,  &_v36);
				E00407E00(_t151 + 0xc, _v36);
				_push( *(_t151 + 6) & 0x0000ffff);
				E0041EB18(_t214, _t151, L"mmmm d, yyyy", 0x20, _t212, _t214, _t219,  &_v40);
				E00407E00(_t151 + 0x10, _v40);
				 *((short*)(_t151 + 8)) = E0041E080(_t214, 0x3a, 0x1e);
				E0041E034(_t214, 0x41e400, 0x28,  &_v44);
				E00407E00(_t151 + 0x14, _v44);
				E0041E034(_t214, 0x41e414, 0x29,  &_v48);
				E00407E00(_t151 + 0x18, _v48);
				E00407A20( &_v12);
				E00407A20( &_v16);
				E0041E034(_t214, 0x41e3ac, 0x25,  &_v52);
				_t121 = E0041A1C4(0x41e3ac, 0, _t219);
				_t220 = _t121;
				if(_t121 != 0) {
					E00407E48( &_v8, 0x41e438);
				} else {
					E00407E48( &_v8, 0x41e428);
				}
				E0041E034(_t214, 0x41e3ac, 0x23,  &_v56);
				_t128 = E0041A1C4(0x41e3ac, 0, _t220);
				_t221 = _t128;
				if(_t128 == 0) {
					E0041E034(_t214, 0x41e3ac, 0x1005,  &_v60);
					if(E0041A1C4(0x41e3ac, 0, _t221) != 0) {
						E00407E48( &_v12, L"AMPM ");
					} else {
						E00407E48( &_v16, L" AMPM");
					}
				}
				_push(_v12);
				_push(_v8);
				_push(":mm");
				_push(_v16);
				E004087C4(_t151 + 0x1c, _t151, 4, _t212, _t214);
				_push(_v12);
				_push(_v8);
				_push(L":mm:ss");
				_push(_v16);
				E004087C4(_t151 + 0x20, _t151, 4, _t212, _t214);
				 *((short*)(_t151 + 0xa)) = E0041E080(_t214, 0x2c, 0xc);
				 *((short*)(_t151 + 0xc4)) = 0x32;
				_pop(_t204);
				 *[fs:eax] = _t204;
				_push(0x41e398);
				return E00407A80( &_v60, 0xe);
			}

APIs

IsValidLocale.KERNEL32(?,00000001,00000000,0041E391,?,?,?,?,00000000,00000000), ref: 0041E0D3
GetThreadLocale.KERNEL32(?,00000001,00000000,0041E391,?,?,?,?,00000000,00000000), ref: 0041E0DC

Part of subcall function 0041E080: GetLocaleInfoW.KERNEL32(?,0000000F,?,00000002,0000002C,?,?,?,0041E182,?,00000001,00000000,0041E391), ref: 0041E093

Part of subcall function 0041E034: GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 0041E052

Strings

2, xrefs: 0041E36D
ToA, xrefs: 0041E0E9
AMPM , xrefs: 0041E319
m/d/yy, xrefs: 0041E1DD
:mm, xrefs: 0041E329
AMPM, xrefs: 0041E30A
mmmm d, yyyy, xrefs: 0041E202
:mm:ss, xrefs: 0041E344

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Locale$Info$ThreadValid
String ID: AMPM$2$:mm$:mm:ss$AMPM $ToA$m/d/yy$mmmm d, yyyy
API String ID: 233154393-2808312488
Opcode ID: 89dbd54baef797781c63ab5ee0a362cfcea0ac090ff54d53303b749289e312d8
Instruction ID: 756c878950b08f5201d8436663b045c7a1b9734561897f0b9d621fb0846820d7
Opcode Fuzzy Hash: 89dbd54baef797781c63ab5ee0a362cfcea0ac090ff54d53303b749289e312d8
Instruction Fuzzy Hash: 887134387011199BDB05EB67C841BDE76AADF88304F50807BF904AB246DB3DDD82879E

Uniqueness

Uniqueness Score: -1.00%

Function 0040A7E4, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E0040A7E4(signed short __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				char _v8;
				void* _t18;
				signed short _t28;
				intOrPtr _t35;
				intOrPtr* _t44;
				intOrPtr _t47;

				_t42 = __edi;
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t44 = __edx;
				_t28 = __eax;
				_push(_t47);
				_push(0x40a8e8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t47;
				EnterCriticalSection(0x4bdc10);
				if(_t28 !=  *0x4bdc28) {
					LeaveCriticalSection(0x4bdc10);
					E00407A20(_t44);
					if(IsValidLocale(_t28 & 0x0000ffff, 2) != 0) {
						if( *0x4bdc0c == 0) {
							_t18 = E0040A4CC(_t28, _t28, _t44, __edi, _t44);
							L00403738();
							if(_t28 != _t18) {
								if( *_t44 != 0) {
									_t18 = E004086E4(_t44, E0040A900);
								}
								L00403738();
								E0040A4CC(_t18, _t28,  &_v8, _t42, _t44);
								E004086E4(_t44, _v8);
							}
						} else {
							E0040A6C8(_t28, _t44);
						}
					}
					EnterCriticalSection(0x4bdc10);
					 *0x4bdc28 = _t28;
					E0040A34C(0x4bdc2a, E004084EC( *_t44), 0xaa);
					LeaveCriticalSection(0x4bdc10);
				} else {
					E0040858C(_t44, 0x55, 0x4bdc2a);
					LeaveCriticalSection(0x4bdc10);
				}
				_pop(_t35);
				 *[fs:eax] = _t35;
				_push(E0040A8EF);
				return E00407A20( &_v8);
			}

APIs

EnterCriticalSection.KERNEL32(004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227,?,?,00000000,00000000,00000000), ref: 0040A802
LeaveCriticalSection.KERNEL32(004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227,?,?,00000000,00000000), ref: 0040A826
LeaveCriticalSection.KERNEL32(004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227,?,?,00000000,00000000), ref: 0040A835
IsValidLocale.KERNEL32(00000000,00000002,004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227), ref: 0040A847
EnterCriticalSection.KERNEL32(004BDC10,00000000,00000002,004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227), ref: 0040A8A4
LeaveCriticalSection.KERNEL32(004BDC10,004BDC10,00000000,00000002,004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227), ref: 0040A8CD

Strings

en-US,en,, xrefs: 0040A812, 0040A8B9

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$LocaleValid
String ID: en-US,en,
API String ID: 975949045-3579323720
Opcode ID: e3721d42ea745a9edd8ebaecb4ab5b2828546a05d0e92c0f55165f56426ca85b
Instruction ID: af4c48ae6f9d4b9345a2e7437780db60bfff4a38cfd5d6d0e3948ff18df55379
Opcode Fuzzy Hash: e3721d42ea745a9edd8ebaecb4ab5b2828546a05d0e92c0f55165f56426ca85b
Instruction Fuzzy Hash: 31218461B1031077DA11BB668C03B5E29A89B44705BA0887BB140B32D2EEBD8D52D66F

Uniqueness

Uniqueness Score: -1.00%

Function 0042301C, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 82
registryCOMMON

Download Yara Rule

C-Code - Quality: 61%

			E0042301C(void* __ebx, void* __esi, void* __eflags) {
				char _v8;
				void* _v12;
				char _v16;
				char _v20;
				intOrPtr* _t21;
				intOrPtr _t61;
				void* _t68;

				_push(__ebx);
				_v20 = 0;
				_v8 = 0;
				_push(_t68);
				_push(0x423116);
				_push( *[fs:eax]);
				 *[fs:eax] = _t68 + 0xfffffff0;
				_t21 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"GetUserDefaultUILanguage");
				if(_t21 == 0) {
					if(E0041FF2C() != 2) {
						if(E00422FF4(0, L"Control Panel\\Desktop\\ResourceLocale", 0x80000001,  &_v12, 1, 0) == 0) {
							E00422FE8();
							RegCloseKey(_v12);
						}
					} else {
						if(E00422FF4(0, L".DEFAULT\\Control Panel\\International", 0x80000003,  &_v12, 1, 0) == 0) {
							E00422FE8();
							RegCloseKey(_v12);
						}
					}
					E0040873C( &_v20, _v8, 0x42322c);
					E00405920(_v20,  &_v16);
					if(_v16 != 0) {
					}
				} else {
					 *_t21();
				}
				_pop(_t61);
				 *[fs:eax] = _t61;
				_push(E0042311D);
				E00407A20( &_v20);
				return E00407A20( &_v8);
			}

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,00423116), ref: 00423043

Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116), ref: 0040E1D2

RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,00423116), ref: 00423096

Strings

Locale, xrefs: 00423085
Control Panel\Desktop\ResourceLocale, xrefs: 004230A5
GetUserDefaultUILanguage, xrefs: 00423039
kernel32.dll, xrefs: 0042303E
.DEFAULT\Control Panel\International, xrefs: 0042306D

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressCloseHandleModuleProc
String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
API String ID: 4190037839-2401316094
Opcode ID: 0c53a133d6644a1b94ef3c959f72937b5652b11bdcaf1ce6cf384129006bdbe5
Instruction ID: 05790bdd6973bc135d390eb6e5b6569f0703c8ea8b4006eead18837270f0a894
Opcode Fuzzy Hash: 0c53a133d6644a1b94ef3c959f72937b5652b11bdcaf1ce6cf384129006bdbe5
Instruction Fuzzy Hash: 39217930B00228ABDB10EEB5DD42A9F73F4EB44345FA04477A500E3281DB7CAB41962D

Uniqueness

Uniqueness Score: -1.00%

Function 0040D218, Relevance: 13.8, APIs: 9, Instructions: 258
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E0040D218(void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				long _v8;
				signed int _v12;
				long _v16;
				void* _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				struct HINSTANCE__** _v48;
				CHAR* _v52;
				void _v56;
				long _v60;
				_Unknown_base(*)()* _v64;
				struct HINSTANCE__* _v68;
				CHAR* _v72;
				signed int _v76;
				CHAR* _v80;
				intOrPtr* _v84;
				void* _v88;
				void _v92;
				signed int _t104;
				signed int _t106;
				signed int _t108;
				long _t113;
				intOrPtr* _t119;
				void* _t124;
				void _t126;
				long _t128;
				struct HINSTANCE__* _t142;
				long _t166;
				signed int* _t190;
				_Unknown_base(*)()* _t191;
				void* _t194;
				intOrPtr _t196;

				_push(_a4);
				memcpy( &_v56, 0x4b7c40, 8 << 2);
				_pop(_t194);
				_v56 =  *0x4b7c40;
				_v52 = E0040D6C8( *0x004B7C44);
				_v48 = E0040D6D8( *0x004B7C48);
				_v44 = E0040D6E8( *0x004B7C4C);
				_v40 = E0040D6F8( *0x004B7C50);
				_v36 = E0040D6F8( *0x004B7C54);
				_v32 = E0040D6F8( *0x004B7C58);
				_v28 =  *0x004B7C5C;
				memcpy( &_v92, 0x4b7c60, 9 << 2);
				_t196 = _t194;
				_v88 = 0x4b7c60;
				_v84 = _a8;
				_v80 = _v52;
				if((_v56 & 0x00000001) == 0) {
					_t166 =  *0x4b7c84; // 0x0
					_v8 = _t166;
					_v8 =  &_v92;
					RaiseException(0xc06d0057, 0, 1,  &_v8);
					return 0;
				}
				_t104 = _a8 - _v44;
				_t142 =  *_v48;
				if(_t104 < 0) {
					_t104 = _t104 + 3;
				}
				_v12 = _t104 >> 2;
				_t106 = _v12;
				_t190 = (_t106 << 2) + _v40;
				_t108 = (_t106 & 0xffffff00 | (_t190[0] & 0x00000080) == 0x00000000) & 0x00000001;
				_v76 = _t108;
				if(_t108 == 0) {
					_v72 =  *_t190 & 0x0000ffff;
				} else {
					_v72 = E0040D708( *_t190) + 2;
				}
				_t191 = 0;
				if( *0x4be640 == 0) {
					L10:
					if(_t142 != 0) {
						L25:
						_v68 = _t142;
						if( *0x4be640 != 0) {
							_t191 =  *0x4be640(2,  &_v92);
						}
						if(_t191 != 0) {
							L36:
							if(_t191 == 0) {
								_v60 = GetLastError();
								if( *0x4be644 != 0) {
									_t191 =  *0x4be644(4,  &_v92);
								}
								if(_t191 == 0) {
									_t113 =  *0x4b7c8c; // 0x0
									_v24 = _t113;
									_v24 =  &_v92;
									RaiseException(0xc06d007f, 0, 1,  &_v24);
									_t191 = _v64;
								}
							}
							goto L41;
						} else {
							if( *((intOrPtr*)(_t196 + 0x14)) == 0 ||  *((intOrPtr*)(_t196 + 0x1c)) == 0) {
								L35:
								_t191 = GetProcAddress(_t142, _v72);
								goto L36;
							} else {
								_t119 =  *((intOrPtr*)(_t142 + 0x3c)) + _t142;
								if( *_t119 != 0x4550 ||  *((intOrPtr*)(_t119 + 8)) != _v28 || (( *(_t119 + 0x34) & 0xffffff00 |  *(_t119 + 0x34) == _t142) & 0x00000001) == 0) {
									goto L35;
								} else {
									_t191 =  *((intOrPtr*)(_v36 + _v12 * 4));
									if(_t191 == 0) {
										goto L35;
									}
									L41:
									 *_a8 = _t191;
									goto L42;
								}
							}
						}
					}
					if( *0x4be640 != 0) {
						_t142 =  *0x4be640(1,  &_v92);
					}
					if(_t142 == 0) {
						_t142 = LoadLibraryA(_v80);
					}
					if(_t142 != 0) {
						L20:
						if(_t142 == E0040CBA0(_v48, _t142)) {
							FreeLibrary(_t142);
						} else {
							if( *((intOrPtr*)(_t196 + 0x18)) != 0) {
								_t124 = LocalAlloc(0x40, 8);
								_v20 = _t124;
								if(_t124 != 0) {
									 *((intOrPtr*)(_v20 + 4)) = _t196;
									_t126 =  *0x4b7c3c; // 0x0
									 *_v20 = _t126;
									 *0x4b7c3c = _v20;
								}
							}
						}
						goto L25;
					} else {
						_v60 = GetLastError();
						if( *0x4be644 != 0) {
							_t142 =  *0x4be644(3,  &_v92);
						}
						if(_t142 != 0) {
							goto L20;
						} else {
							_t128 =  *0x4b7c88; // 0x0
							_v16 = _t128;
							_v16 =  &_v92;
							RaiseException(0xc06d007e, 0, 1,  &_v16);
							return _v64;
						}
					}
				} else {
					_t191 =  *0x4be640(0,  &_v92);
					if(_t191 == 0) {
						goto L10;
					} else {
						L42:
						if( *0x4be640 != 0) {
							_v60 = 0;
							_v68 = _t142;
							_v64 = _t191;
							 *0x4be640(5,  &_v92);
						}
						return _t191;
					}
				}
			}

APIs

RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0040D2D0

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 4fdbadfbff537c598349848257c7330453a14fb024132e1a583ffc8385a63ee1
Instruction ID: 6bdc8742f8c12d3c05e6aa795b4e0fa0c425ed74332de7fca684440f38d882f1
Opcode Fuzzy Hash: 4fdbadfbff537c598349848257c7330453a14fb024132e1a583ffc8385a63ee1
Instruction Fuzzy Hash: 7CA16F75D002089FDB14DFE9D881BAEB7B5BB88300F14423AE505B73C1DB78A949CB59

Uniqueness

Uniqueness Score: -1.00%

Function 004971A4, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 87
threadCOMMON

Download Yara Rule

C-Code - Quality: 81%

			E004971A4(void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v5;
				char _v12;
				char _v16;
				char _v20;
				void* _t23;
				char _t29;
				void* _t50;
				intOrPtr _t55;
				char _t57;
				intOrPtr _t59;
				void* _t64;
				void* _t66;
				void* _t68;
				void* _t69;
				intOrPtr _t70;

				_t64 = __edi;
				_t57 = __edx;
				_t50 = __ecx;
				_t68 = _t69;
				_t70 = _t69 + 0xfffffff0;
				_v20 = 0;
				if(__edx != 0) {
					_t70 = _t70 + 0xfffffff0;
					_t23 = E004062B0(_t23, _t68);
				}
				_t49 = _t50;
				_v5 = _t57;
				_t66 = _t23;
				_push(_t68);
				_push(0x49729d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t70;
				E00405CB8(0);
				_t3 = _t66 + 0x2c; // 0x266461
				 *(_t66 + 0xf) =  *_t3 & 0x000000ff ^ 0x00000001;
				if(_t50 == 0 ||  *(_t66 + 0x2c) != 0) {
					_t29 = 0;
				} else {
					_t29 = 1;
				}
				 *((char*)(_t66 + 0xd)) = _t29;
				if( *(_t66 + 0x2c) != 0) {
					 *((intOrPtr*)(_t66 + 8)) = GetCurrentThread();
					 *((intOrPtr*)(_t66 + 4)) = GetCurrentThreadId();
				} else {
					if(_a4 == 0) {
						_t12 = _t66 + 4; // 0x495540
						 *((intOrPtr*)(_t66 + 8)) = E004078E0(0, E004970B0, 0, _t12, 4, _t66);
					} else {
						_t9 = _t66 + 4; // 0x495540
						 *((intOrPtr*)(_t66 + 8)) = E004078E0(0, E004970B0, _a4, _t9, 0x10004, _t66);
					}
					if( *((intOrPtr*)(_t66 + 8)) == 0) {
						E0041DFB0(GetLastError(), _t49, 0, _t66);
						_t16 =  &_v20; // 0x496e7a
						_v16 =  *_t16;
						_v12 = 0x11;
						_t55 =  *0x4ba740; // 0x40ea6c
						E0041F35C(_t49, _t55, 1, _t64, _t66, 0,  &_v16);
						E0040711C();
					}
				}
				_pop(_t59);
				 *[fs:eax] = _t59;
				_push(0x4972a4);
				_t22 =  &_v20; // 0x496e7a
				return E00407A20(_t22);
			}

APIs

GetLastError.KERNEL32(00000000,0049729D,?,0049553C,00000000), ref: 0049723F

Part of subcall function 004078E0: CreateThread.KERNEL32 ref: 0040793A

GetCurrentThread.KERNEL32 ref: 00497277
GetCurrentThreadId.KERNEL32 ref: 0049727F

Strings

(@G, xrefs: 00497266
PtI, xrefs: 0049720C, 00497227
znI, xrefs: 00497294, 00497244, 0049724E
l@, xrefs: 0049725E

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Thread$Current$CreateErrorLast
String ID: (@G$PtI$l@$znI
API String ID: 3539746228-621852825
Opcode ID: a7e4a8aebe25124e8d0595e12a61be5ef0252cf7aeb6de1634f1522e85b4acf2
Instruction ID: a334f5ec06d329f573cfe1f9c66942b1aaa3fe6f3b899e982cac1d177ba8d10c
Opcode Fuzzy Hash: a7e4a8aebe25124e8d0595e12a61be5ef0252cf7aeb6de1634f1522e85b4acf2
Instruction Fuzzy Hash: AE31F4309287049EDB10EBB6884179B7FE4AF49304F04C87FE55597381DA3CA545CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 004047B0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51
fileCOMMON

Download Yara Rule

C-Code - Quality: 72%

			E004047B0(int __eax, void* __ecx, void* __edx) {
				long _v12;
				int _t4;
				long _t7;
				void* _t11;
				long _t12;
				void* _t13;
				long _t18;

				_t4 = __eax;
				_t24 = __edx;
				_t20 = __eax;
				if( *0x4bb058 == 0) {
					_push(0x2010);
					_push(__edx);
					_push(__eax);
					_push(0);
					L00403780();
				} else {
					_t7 = E00407EF0(__edx);
					WriteFile(GetStdHandle(0xfffffff4), _t24, _t7,  &_v12, 0);
					_t11 =  *0x4b7078; // 0x403920
					_t12 = E00407EF0(_t11);
					_t13 =  *0x4b7078; // 0x403920
					WriteFile(GetStdHandle(0xfffffff4), _t13, _t12,  &_v12, 0);
					_t18 = E00407EF0(_t20);
					_t4 = WriteFile(GetStdHandle(0xfffffff4), _t20, _t18,  &_v12, 0);
				}
				return _t4;
			}

APIs

GetStdHandle.KERNEL32(000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047D2
WriteFile.KERNEL32(00000000,000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047D8
GetStdHandle.KERNEL32(000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047F7
WriteFile.KERNEL32(00000000,000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047FD
GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000000,000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000,?), ref: 00404814
WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000000,000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000), ref: 0040481A

Strings

9@, xrefs: 004047E4, 004047EF

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileHandleWrite
String ID: 9@
API String ID: 3320372497-3209974744
Opcode ID: 5f8d133322f34133c732956f1222a9d0eafcb790ac979970e9ef56a2ae19cd1b
Instruction ID: 9b3b4e35e49a927b8991458b20a1a8ec0ccf5b925403b1971dfbe1b0899ab5f0
Opcode Fuzzy Hash: 5f8d133322f34133c732956f1222a9d0eafcb790ac979970e9ef56a2ae19cd1b
Instruction Fuzzy Hash: 2001AEE25492103DE110F7A69C85F57168C8B4472AF10467F7218F35D2C9395D44927E

Uniqueness

Uniqueness Score: -1.00%

Function 0041F0F4, Relevance: 12.1, APIs: 8, Instructions: 97
filewindowCOMMON

Download Yara Rule

C-Code - Quality: 62%

			E0041F0F4(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				char* _v8;
				long _v12;
				short _v140;
				short _v2188;
				void* _t15;
				char* _t17;
				intOrPtr _t19;
				intOrPtr _t30;
				long _t48;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t61;
				void* _t64;

				_push(__ebx);
				_push(__esi);
				_v8 = 0;
				_push(_t64);
				_push(0x41f219);
				_push( *[fs:ecx]);
				 *[fs:ecx] = _t64 + 0xfffff778;
				_t61 = E0041EEFC(_t15, __ebx,  &_v2188, __edx, __edi, __esi, 0x400);
				_t17 =  *0x4ba6c0; // 0x4bb058
				if( *_t17 == 0) {
					_t19 =  *0x4ba4f8; // 0x40e710
					_t11 = _t19 + 4; // 0xffed
					LoadStringW(E00409FF0( *0x4be634),  *_t11,  &_v140, 0x40);
					MessageBoxW(0,  &_v2188,  &_v140, 0x2010);
				} else {
					_t30 =  *0x4ba524; // 0x4bb340
					E00405564(E00405820(_t30));
					_t48 = WideCharToMultiByte(1, 0,  &_v2188, _t61, 0, 0, 0, 0);
					_push(_t48);
					E00409C00();
					WideCharToMultiByte(1, 0,  &_v2188, _t61, _v8, _t48, 0, 0);
					WriteFile(GetStdHandle(0xfffffff4), _v8, _t48,  &_v12, 0);
					WriteFile(GetStdHandle(0xfffffff4), 0x41f234, 2,  &_v12, 0);
				}
				_pop(_t56);
				 *[fs:eax] = _t56;
				_push(0x41f220);
				_t57 =  *0x41f0c4; // 0x41f0c8
				return E00409D24( &_v8, _t57);
			}

APIs

Part of subcall function 0041EEFC: VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041F0A8), ref: 0041EF2F
Part of subcall function 0041EEFC: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF53
Part of subcall function 0041EEFC: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF6E
Part of subcall function 0041EEFC: LoadStringW.USER32(00000000,0000FFEC,?,00000100), ref: 0041F009

WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,00000000,00000000,00000000,00000000,00000400,00000000,0041F219), ref: 0041F155
WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041F188
GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041F19A
WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041F1A0
GetStdHandle.KERNEL32(000000F4,0041F234,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?), ref: 0041F1B4
WriteFile.KERNEL32(00000000,000000F4,0041F234,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000), ref: 0041F1BA
LoadStringW.USER32(00000000,0000FFED,?,00000040), ref: 0041F1DE
MessageBoxW.USER32(00000000,?,?,00002010), ref: 0041F1F8

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: File$ByteCharHandleLoadModuleMultiNameStringWideWrite$MessageQueryVirtual
String ID:
API String ID: 135118572-0
Opcode ID: 3cdcb5557d7db432c5ec405d9028064b6f59d9e8a3e907aa72102c1fcc360919
Instruction ID: 441773961034998e17761d3334fa1b60ae8bad0ad03d42d5622a75f3c8f76c28
Opcode Fuzzy Hash: 3cdcb5557d7db432c5ec405d9028064b6f59d9e8a3e907aa72102c1fcc360919
Instruction Fuzzy Hash: 7D31CF75640204BFE714E796CC42FDA77ACEB08704F9044BABA04F71D2DA786E548B6D

Uniqueness

Uniqueness Score: -1.00%

Function 00404464, Relevance: 10.9, APIs: 7, Instructions: 406
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E00404464(signed int __eax, intOrPtr __edx, void* __edi) {
				signed int __ebx;
				void* __esi;
				signed int _t69;
				signed int _t78;
				signed int _t93;
				long _t94;
				void* _t100;
				signed int _t102;
				signed int _t109;
				signed int _t115;
				signed int _t123;
				signed int _t129;
				void* _t131;
				signed int _t140;
				unsigned int _t148;
				signed int _t150;
				long _t152;
				signed int _t156;
				intOrPtr _t161;
				signed int _t166;
				signed int _t170;
				unsigned int _t171;
				intOrPtr _t174;
				intOrPtr _t192;
				signed int _t195;
				signed int _t196;
				signed int _t197;
				void* _t205;
				unsigned int _t207;
				intOrPtr _t213;
				void* _t225;
				intOrPtr _t227;
				void* _t228;
				signed int _t230;
				void* _t232;
				signed int _t233;
				signed int _t234;
				signed int _t238;
				signed int _t241;
				void* _t243;
				intOrPtr* _t244;

				_t176 = __edx;
				_t66 = __eax;
				_t166 =  *(__eax - 4);
				_t217 = __eax;
				if((_t166 & 0x00000007) != 0) {
					__eflags = _t166 & 0x00000005;
					if((_t166 & 0x00000005) != 0) {
						_pop(_t217);
						_pop(_t145);
						__eflags = _t166 & 0x00000003;
						if((_t166 & 0x00000003) == 0) {
							_push(_t145);
							_push(__eax);
							_push(__edi);
							_push(_t225);
							_t244 = _t243 + 0xffffffe0;
							_t218 = __edx;
							_t202 = __eax;
							_t69 =  *(__eax - 4);
							_t148 = (0xfffffff0 & _t69) - 0x14;
							if(0xfffffff0 >= __edx) {
								__eflags = __edx - _t148 >> 1;
								if(__edx < _t148 >> 1) {
									_t150 = E00403EE8(__edx);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t218 - 0x40a2c;
										if(_t218 > 0x40a2c) {
											_t78 = _t202 - 0x10;
											__eflags = _t78;
											 *((intOrPtr*)(_t78 + 8)) = _t218;
										}
										E00403AA4(_t202, _t218, _t150);
										E0040426C(_t202, _t202, _t225);
									}
								} else {
									_t150 = __eax;
									 *((intOrPtr*)(__eax - 0x10 + 8)) = __edx;
								}
							} else {
								if(0xfffffff0 <= __edx) {
									_t227 = __edx;
								} else {
									_t227 = 0xbadb9d;
								}
								 *_t244 = _t202 - 0x10 + (_t69 & 0xfffffff0);
								VirtualQuery( *(_t244 + 8), _t244 + 8, 0x1c);
								if( *((intOrPtr*)(_t244 + 0x14)) != 0x10000) {
									L12:
									_t150 = E00403EE8(_t227);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t227 - 0x40a2c;
										if(_t227 > 0x40a2c) {
											_t93 = _t150 - 0x10;
											__eflags = _t93;
											 *((intOrPtr*)(_t93 + 8)) = _t218;
										}
										E00403A74(_t202,  *((intOrPtr*)(_t202 - 0x10 + 8)), _t150);
										E0040426C(_t202, _t202, _t227);
									}
								} else {
									 *(_t244 + 0x10) =  *(_t244 + 0x10) & 0xffff0000;
									_t94 =  *(_t244 + 0x10);
									if(_t218 - _t148 >= _t94) {
										goto L12;
									} else {
										_t152 = _t227 - _t148 + 0x00010000 - 0x00000001 & 0xffff0000;
										if(_t94 < _t152) {
											_t152 = _t94;
										}
										if(VirtualAlloc( *(_t244 + 0xc), _t152, 0x2000, 4) == 0 || VirtualAlloc( *(_t244 + 0xc), _t152, 0x1000, 4) == 0) {
											goto L12;
										} else {
											_t100 = _t202 - 0x10;
											 *((intOrPtr*)(_t100 + 8)) = _t218;
											 *(_t100 + 0xc) = _t152 +  *(_t100 + 0xc) | 0x00000008;
											_t150 = _t202;
										}
									}
								}
							}
							return _t150;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t170 = _t166 & 0xfffffff0;
						_push(__edi);
						_t205 = _t170 + __eax;
						_t171 = _t170 - 4;
						_t156 = _t166 & 0x0000000f;
						__eflags = __edx - _t171;
						_push(_t225);
						if(__edx > _t171) {
							_t102 =  *(_t205 - 4);
							__eflags = _t102 & 0x00000001;
							if((_t102 & 0x00000001) == 0) {
								L75:
								asm("adc edi, 0xffffffff");
								_t228 = ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176;
								_t207 = _t171;
								_t109 = E00403EE8(((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176);
								_t192 = _t176;
								__eflags = _t109;
								if(_t109 == 0) {
									goto L73;
								} else {
									__eflags = _t228 - 0x40a2c;
									if(_t228 > 0x40a2c) {
										 *((intOrPtr*)(_t109 - 8)) = _t192;
									}
									_t230 = _t109;
									E00403A74(_t217, _t207, _t109);
									E0040426C(_t217, _t207, _t230);
									return _t230;
								}
							} else {
								_t115 = _t102 & 0xfffffff0;
								_t232 = _t171 + _t115;
								__eflags = __edx - _t232;
								if(__edx > _t232) {
									goto L75;
								} else {
									__eflags =  *0x4bb059;
									if(__eflags == 0) {
										L66:
										__eflags = _t115 - 0xb30;
										if(_t115 >= 0xb30) {
											E00403AC0(_t205);
											_t176 = _t176;
											_t171 = _t171;
										}
										asm("adc edi, 0xffffffff");
										_t123 = (_t176 + ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + 0x000000d3 & 0xffffff00) + 0x30;
										_t195 = _t232 + 4 - _t123;
										__eflags = _t195;
										if(_t195 > 0) {
											 *(_t217 + _t232 - 4) = _t195;
											 *((intOrPtr*)(_t217 - 4 + _t123)) = _t195 + 3;
											_t233 = _t123;
											__eflags = _t195 - 0xb30;
											if(_t195 >= 0xb30) {
												__eflags = _t123 + _t217;
												E00403B00(_t123 + _t217, _t171, _t195);
											}
										} else {
											 *(_t217 + _t232) =  *(_t217 + _t232) & 0xfffffff7;
											_t233 = _t232 + 4;
										}
										_t234 = _t233 | _t156;
										__eflags = _t234;
										 *(_t217 - 4) = _t234;
										 *0x4bbae8 = 0;
										_t109 = _t217;
										L73:
										return _t109;
									} else {
										while(1) {
											asm("lock cmpxchg [0x4bbae8], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x4bb989;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t176 = _t176;
												_t171 = _t171;
												asm("lock cmpxchg [0x4bbae8], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t176 = _t176;
													_t171 = _t171;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t217 - 4);
										_t129 =  *(_t205 - 4);
										__eflags = _t129 & 0x00000001;
										if((_t129 & 0x00000001) == 0) {
											L74:
											 *0x4bbae8 = 0;
											goto L75;
										} else {
											_t115 = _t129 & 0xfffffff0;
											_t232 = _t171 + _t115;
											__eflags = _t176 - _t232;
											if(_t176 > _t232) {
												goto L74;
											} else {
												goto L66;
											}
										}
									}
								}
							}
						} else {
							__eflags = __edx + __edx - _t171;
							if(__edx + __edx < _t171) {
								__eflags = __edx - 0xb2c;
								if(__edx >= 0xb2c) {
									L41:
									_t32 = _t176 + 0xd3; // 0xbff
									_t238 = (_t32 & 0xffffff00) + 0x30;
									_t174 = _t171 + 4 - _t238;
									__eflags =  *0x4bb059;
									if(__eflags != 0) {
										while(1) {
											asm("lock cmpxchg [0x4bbae8], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x4bb989;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t174 = _t174;
												asm("lock cmpxchg [0x4bbae8], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t174 = _t174;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t217 - 4);
										__eflags = 0xf;
									}
									 *(_t217 - 4) = _t156 | _t238;
									_t161 = _t174;
									_t196 =  *(_t205 - 4);
									__eflags = _t196 & 0x00000001;
									if((_t196 & 0x00000001) != 0) {
										_t131 = _t205;
										_t197 = _t196 & 0xfffffff0;
										_t161 = _t161 + _t197;
										_t205 = _t205 + _t197;
										__eflags = _t197 - 0xb30;
										if(_t197 >= 0xb30) {
											E00403AC0(_t131);
										}
									} else {
										 *(_t205 - 4) = _t196 | 0x00000008;
									}
									 *((intOrPtr*)(_t205 - 8)) = _t161;
									 *((intOrPtr*)(_t217 + _t238 - 4)) = _t161 + 3;
									__eflags = _t161 - 0xb30;
									if(_t161 >= 0xb30) {
										E00403B00(_t217 + _t238, _t174, _t161);
									}
									 *0x4bbae8 = 0;
									return _t217;
								} else {
									__eflags = __edx - 0x2cc;
									if(__edx < 0x2cc) {
										_t213 = __edx;
										_t140 = E00403EE8(__edx);
										__eflags = _t140;
										if(_t140 != 0) {
											_t241 = _t140;
											E00403AA4(_t217, _t213, _t140);
											E0040426C(_t217, _t213, _t241);
											_t140 = _t241;
										}
										return _t140;
									} else {
										_t176 = 0xb2c;
										__eflags = _t171 - 0xb2c;
										if(_t171 <= 0xb2c) {
											goto L37;
										} else {
											goto L41;
										}
									}
								}
							} else {
								L37:
								return _t66;
							}
						}
					}
				} else {
					__ebx =  *__ecx;
					__ecx =  *(__ebx + 2) & 0x0000ffff;
					__ecx = ( *(__ebx + 2) & 0x0000ffff) - 4;
					__eflags = __ecx - __edx;
					if(__ecx < __edx) {
						__ecx = __ecx + __ecx + 0x20;
						_push(__edi);
						__edi = __edx;
						__eax = 0;
						__ecx = __ecx - __edx;
						asm("adc eax, 0xffffffff");
						__eax = 0 & __ecx;
						__eax = (0 & __ecx) + __edx;
						__eax = E00403EE8((0 & __ecx) + __edx);
						__eflags = __eax;
						if(__eax != 0) {
							__eflags = __edi - 0x40a2c;
							if(__edi > 0x40a2c) {
								 *(__eax - 8) = __edi;
							}
							 *(__ebx + 2) & 0x0000ffff = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__eflags = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__edx = __eax;
							__edi = __eax;
							 *((intOrPtr*)(__ebx + 0x1c))() = E0040426C(__esi, __edi, __ebp);
							__eax = __edi;
						}
						_pop(__edi);
						_pop(__esi);
						_pop(__ebx);
						return __eax;
					} else {
						__ebx = 0x40 + __edx * 4;
						__eflags = 0x40 + __edx * 4 - __ecx;
						if(0x40 + __edx * 4 < __ecx) {
							__ebx = __edx;
							__eax = __edx;
							__eax = E00403EE8(__edx);
							__eflags = __eax;
							if(__eax != 0) {
								__ecx = __ebx;
								__edx = __eax;
								__ebx = __eax;
								__esi = E0040426C(__esi, __edi, __ebp);
								__eax = __ebx;
							}
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						} else {
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec1625ffc2fe51f8c31513aba64e24c59fd6eccf0fed4d7fd9cb209259156b9f
Instruction ID: a6f3f7862a5743fd60f07ae337b35688b7a953487e66f12862dc3ba09d14b1d9
Opcode Fuzzy Hash: ec1625ffc2fe51f8c31513aba64e24c59fd6eccf0fed4d7fd9cb209259156b9f
Instruction Fuzzy Hash: 8CC115A27106000BD714AE7DDD8476AB68A9BC5716F28827FF244EB3D6DB7CCD418388

Uniqueness

Uniqueness Score: -1.00%

Function 0041F7A0, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 131
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E0041F7A0(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				struct _MEMORY_BASIC_INFORMATION _v36;
				short _v558;
				char _v564;
				intOrPtr _v568;
				char _v572;
				char _v576;
				char _v580;
				intOrPtr _v584;
				char _v588;
				void* _v592;
				char _v596;
				char _v600;
				char _v604;
				char _v608;
				intOrPtr _v612;
				char _v616;
				char _v620;
				char _v624;
				void* _v628;
				char _v632;
				void* _t64;
				intOrPtr _t65;
				long _t76;
				intOrPtr _t82;
				intOrPtr _t103;
				intOrPtr _t107;
				intOrPtr _t110;
				intOrPtr _t112;
				intOrPtr _t115;
				intOrPtr _t127;
				void* _t136;
				intOrPtr _t138;
				void* _t141;
				void* _t143;

				_t136 = __edi;
				_t140 = _t141;
				_v632 = 0;
				_v596 = 0;
				_v604 = 0;
				_v600 = 0;
				_v8 = 0;
				_push(_t141);
				_push(0x41f9a6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t141 + 0xfffffd8c;
				_t64 =  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x14)) - 1;
				_t143 = _t64;
				if(_t143 < 0) {
					_t65 =  *0x4ba798; // 0x40e730
					E0040C9F0(_t65,  &_v8, _t140);
				} else {
					if(_t143 == 0) {
						_t107 =  *0x4ba670; // 0x40e738
						E0040C9F0(_t107,  &_v8, _t140);
					} else {
						if(_t64 == 7) {
							_t110 =  *0x4ba4d0; // 0x40e740
							E0040C9F0(_t110,  &_v8, _t140);
						} else {
							_t112 =  *0x4ba5c8; // 0x40e748
							E0040C9F0(_t112,  &_v8, _t140);
						}
					}
				}
				_t115 =  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x18));
				VirtualQuery( *( *((intOrPtr*)(_a4 - 4)) + 0xc),  &_v36, 0x1c);
				_t138 = _v36.State;
				if(_t138 == 0x1000 || _t138 == 0x10000) {
					_t76 = GetModuleFileNameW(_v36.AllocationBase,  &_v558, 0x105);
					_t147 = _t76;
					if(_t76 == 0) {
						goto L12;
					} else {
						_v592 =  *( *((intOrPtr*)(_a4 - 4)) + 0xc);
						_v588 = 5;
						E0040858C( &_v600, 0x105,  &_v558);
						E0041A418(_v600, _t115,  &_v596, _t136, _t138, _t147);
						_v584 = _v596;
						_v580 = 0x11;
						_v576 = _v8;
						_v572 = 0x11;
						_v568 = _t115;
						_v564 = 5;
						_push( &_v592);
						_t103 =  *0x4ba6e0; // 0x40e810
						E0040C9F0(_t103,  &_v604, _t140, 3);
						E0041F2A0(_t115, _v604, 1, _t136, _t138);
					}
				} else {
					L12:
					_v628 =  *( *((intOrPtr*)(_a4 - 4)) + 0xc);
					_v624 = 5;
					_v620 = _v8;
					_v616 = 0x11;
					_v612 = _t115;
					_v608 = 5;
					_push( &_v628);
					_t82 =  *0x4ba67c; // 0x40e6d8
					E0040C9F0(_t82,  &_v632, _t140, 2);
					E0041F2A0(_t115, _v632, 1, _t136, _t138);
				}
				_pop(_t127);
				 *[fs:eax] = _t127;
				_push(0x41f9ad);
				E00407A20( &_v632);
				E00407A80( &_v604, 3);
				return E00407A20( &_v8);
			}

APIs

VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041F9A6), ref: 0041F840
GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,0000001C,00000000,0041F9A6), ref: 0041F86C

Part of subcall function 0040C9F0: LoadStringW.USER32(00000000,00010000,?,00001000), ref: 0040CA35

Strings

0@, xrefs: 0041F7F0
8@, xrefs: 0041F7FF
@@, xrefs: 0041F80E
H@, xrefs: 0041F81D

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileLoadModuleNameQueryStringVirtual
String ID: 0@$8@$@@$H@
API String ID: 902310565-4161625419
Opcode ID: e5cc989005bb72e091db962058e025b8f237f72c01cadb68ccbed73c9ec359ba
Instruction ID: bbc3c026f35d1d6bea3ad9012fddeafd4c483e803022796d8e8ef386e34d3195
Opcode Fuzzy Hash: e5cc989005bb72e091db962058e025b8f237f72c01cadb68ccbed73c9ec359ba
Instruction Fuzzy Hash: 69511874A04258DFCB10EF69CC89BCDB7F4AB48304F0042E6A808A7351D778AE85CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00406688, Relevance: 10.6, APIs: 7, Instructions: 130
threadCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E00406688(signed char* __eax, void* __edx, void* __eflags) {
				void* _t49;
				signed char _t56;
				intOrPtr _t57;
				signed char _t59;
				void* _t70;
				signed char* _t71;
				intOrPtr _t72;
				signed char* _t73;

				_t70 = __edx;
				_t71 = __eax;
				_t72 =  *((intOrPtr*)(__eax + 0x10));
				while(1) {
					L1:
					 *_t73 = E00406B30(_t71);
					if( *_t73 != 0 || _t70 == 0) {
						break;
					}
					_t73[1] = 0;
					if(_t72 <= 0) {
						while(1) {
							L17:
							_t56 =  *_t71;
							if(_t56 == 0) {
								goto L1;
							}
							asm("lock cmpxchg [esi], edx");
							if(_t56 != _t56) {
								continue;
							} else {
								goto L19;
							}
							do {
								L19:
								_t73[4] = GetTickCount();
								E0040688C(_t71);
								_t57 =  *0x4bb8f8; // 0x4b9284
								 *((intOrPtr*)(_t57 + 0x10))();
								 *_t73 = 0 == 0;
								if(_t70 != 0xffffffff) {
									_t73[8] = GetTickCount();
									if(_t70 <= _t73[8] - _t73[4]) {
										_t70 = 0;
									} else {
										_t70 = _t70 - _t73[8] - _t73[4];
									}
								}
								if( *_t73 == 0) {
									do {
										asm("lock cmpxchg [esi], edx");
									} while ( *_t71 !=  *_t71);
									_t73[1] = 1;
								} else {
									while(1) {
										_t59 =  *_t71;
										if((_t59 & 0x00000001) != 0) {
											goto L29;
										}
										asm("lock cmpxchg [esi], edx");
										if(_t59 != _t59) {
											continue;
										}
										_t73[1] = 1;
										goto L29;
									}
								}
								L29:
							} while (_t73[1] == 0);
							if( *_t73 != 0) {
								_t71[8] = GetCurrentThreadId();
								_t71[4] = 1;
							}
							goto L32;
						}
						continue;
					}
					_t73[4] = GetTickCount();
					_t73[0xc] = 0;
					if(_t72 <= 0) {
						L13:
						if(_t70 == 0xffffffff) {
							goto L17;
						}
						_t73[8] = GetTickCount();
						_t49 = _t73[8] - _t73[4];
						if(_t70 > _t49) {
							_t70 = _t70 - _t49;
							goto L17;
						}
						 *_t73 = 0;
						break;
					}
					L5:
					L5:
					if(_t70 == 0xffffffff || _t70 > GetTickCount() - _t73[4]) {
						goto L8;
					} else {
						 *_t73 = 0;
					}
					break;
					L8:
					if( *_t71 > 1) {
						goto L13;
					}
					if( *_t71 != 0) {
						L12:
						E00406368( &(_t73[0xc]));
						_t72 = _t72 - 1;
						if(_t72 > 0) {
							goto L5;
						}
						goto L13;
					}
					asm("lock cmpxchg [esi], edx");
					if(0 != 0) {
						goto L12;
					}
					_t71[8] = GetCurrentThreadId();
					_t71[4] = 1;
					 *_t73 = 1;
					break;
				}
				L32:
				return  *_t73 & 0x000000ff;
			}

APIs

Part of subcall function 00406B30: GetCurrentThreadId.KERNEL32 ref: 00406B33

GetTickCount.KERNEL32 ref: 004066BF
GetTickCount.KERNEL32 ref: 004066D7
GetCurrentThreadId.KERNEL32 ref: 00406706
GetTickCount.KERNEL32 ref: 00406731
GetTickCount.KERNEL32 ref: 00406768
GetTickCount.KERNEL32 ref: 00406792
GetCurrentThreadId.KERNEL32 ref: 00406802

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CountTick$CurrentThread
String ID:
API String ID: 3968769311-0
Opcode ID: d68569389b1874426944dbdaf855cb9de5dde29c2ee803ff208aff5c928e2b2c
Instruction ID: 4198438d609b3d92ee1caba3903e9c970ac06421e97b93dd9799f90313ce3de1
Opcode Fuzzy Hash: d68569389b1874426944dbdaf855cb9de5dde29c2ee803ff208aff5c928e2b2c
Instruction Fuzzy Hash: 664182712083419ED721AE3CC58431BBAD5AF80358F16C93ED4DA973C1EB7988958756

Uniqueness

Uniqueness Score: -1.00%

Function 00406424, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 36%

			E00406424(void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char* _t23;
				intOrPtr _t29;
				intOrPtr _t39;
				void* _t41;
				void* _t43;
				intOrPtr _t44;

				_t41 = _t43;
				_t44 = _t43 + 0xfffffff4;
				_v16 = 0;
				if(GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetLogicalProcessorInformation") == 0) {
					L10:
					_v8 = 0x40;
					goto L11;
				} else {
					_t23 =  &_v16;
					_push(_t23);
					_push(0);
					L00403808();
					if(_t23 != 0 || GetLastError() != 0x7a) {
						goto L10;
					} else {
						_v12 = E004053F0(_v16);
						_push(_t41);
						_push(E004064D2);
						_push( *[fs:edx]);
						 *[fs:edx] = _t44;
						_push( &_v16);
						_push(_v12);
						L00403808();
						_t29 = _v12;
						if(_v16 <= 0) {
							L8:
							_pop(_t39);
							 *[fs:eax] = _t39;
							_push(E004064D9);
							return E0040540C(_v12);
						} else {
							while( *((short*)(_t29 + 4)) != 2 ||  *((char*)(_t29 + 8)) != 1) {
								_t29 = _t29 + 0x18;
								_v16 = _v16 - 0x18;
								if(_v16 > 0) {
									continue;
								} else {
									goto L8;
								}
								goto L12;
							}
							_v8 =  *(_t29 + 0xa) & 0x0000ffff;
							E00407210();
							L11:
							return _v8;
						}
					}
				}
				L12:
			}

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 00406439
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040643F
GetLastError.KERNEL32(00000000,?,GetLogicalProcessorInformation), ref: 0040645B

Strings

kernel32.dll, xrefs: 00406434
GetLogicalProcessorInformation, xrefs: 0040642F
@, xrefs: 004064D9

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressErrorHandleLastModuleProc
String ID: @$GetLogicalProcessorInformation$kernel32.dll
API String ID: 4275029093-79381301
Opcode ID: 60cbd49ddd200d6d95d4e054eb85e0ada012a2fb0b751d352b1ba5f8ec496b5f
Instruction ID: 8f5f9a4eb212fab3c4852abc810e80ead921d34dcce11bc4c58bc7a6251dba94
Opcode Fuzzy Hash: 60cbd49ddd200d6d95d4e054eb85e0ada012a2fb0b751d352b1ba5f8ec496b5f
Instruction Fuzzy Hash: 52116371D00208BEDB20EFA5D84576EBBA8EB40705F1184BBF815F32C1D67D9A908B1D

Uniqueness

Uniqueness Score: -1.00%

Function 004076B8, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40
fileCOMMON

Download Yara Rule

C-Code - Quality: 43%

			E004076B8(void* __ecx) {
				long _v4;
				void* _t3;
				void* _t9;

				if( *0x4bb058 == 0) {
					if( *0x4b7032 == 0) {
						_push(0);
						_push("Error");
						_push("Runtime error     at 00000000");
						_push(0);
						L00403780();
					}
					return _t3;
				} else {
					if( *0x4bb344 == 0xd7b2 &&  *0x4bb34c > 0) {
						 *0x4bb35c();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1d,  &_v4, 0);
					_t9 = E00408240(0x40774c);
					return WriteFile(GetStdHandle(0xfffffff5), _t9, 2,  &_v4, 0);
				}
			}

0x004076c0
0x00407726
0x00407728
0x0040772a
0x0040772f
0x00407734
0x00407736
0x00407736
0x0040773c
0x004076c2
0x004076cb
0x004076db
0x004076db
0x004076f7
0x0040770a
0x0040771e
0x0040771e

APIs

GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?,0040555F), ref: 004076F1
WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?), ref: 004076F7
GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?), ref: 00407712
WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?), ref: 00407718

Strings

Error, xrefs: 0040772A
Runtime error at 00000000, xrefs: 004076EA, 0040772F

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileHandleWrite
String ID: Error$Runtime error at 00000000
API String ID: 3320372497-2970929446
Opcode ID: 06894f85802f1aca0c877f66b17294aabd6ee15dfccdef8be12070d3d0c4ead6
Instruction ID: db14fa18f2a627875cbdcf208ba1e0af1765c14dc112cf76e17f9611cef7a876
Opcode Fuzzy Hash: 06894f85802f1aca0c877f66b17294aabd6ee15dfccdef8be12070d3d0c4ead6
Instruction Fuzzy Hash: DFF0C2A1A8C24079FA2077A94C47F5A269C8740B16F108A3FF610B61D1C7FD6584937E

Uniqueness

Uniqueness Score: -1.00%

Function 00420524, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 20
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00420524(void* __ebx, void* __esi) {
				intOrPtr _t4;
				intOrPtr _t6;

				if(E0041FF68(6, 0) == 0) {
					_t4 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"NTDLL.DLL"), L"RtlCompareUnicodeString");
					 *0x4be914 = _t4;
					 *0x4be910 = E00420428;
					return _t4;
				} else {
					_t6 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"CompareStringOrdinal");
					 *0x4be910 = _t6;
					return _t6;
				}
			}

0x00420532
0x0042055f
0x00420564
0x00420569
0x00420573
0x00420534
0x00420544
0x00420549
0x0042054e
0x0042054e

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,CompareStringOrdinal,004B5A2E,00000000,004B5A41), ref: 0042053E

Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116), ref: 0040E1D2

GetModuleHandleW.KERNEL32(NTDLL.DLL,RtlCompareUnicodeString,004B5A2E,00000000,004B5A41), ref: 00420559

Strings

NTDLL.DLL, xrefs: 00420554
CompareStringOrdinal, xrefs: 00420534
kernel32.dll, xrefs: 00420539
RtlCompareUnicodeString, xrefs: 0042054F

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: HandleModule$AddressProc
String ID: CompareStringOrdinal$NTDLL.DLL$RtlCompareUnicodeString$kernel32.dll
API String ID: 1883125708-3870080525
Opcode ID: b7bf267469631706014ef5b6a976724c1e29590bd579973413919bb6c8384525
Instruction ID: 4ba185d4141586243d2650af69d43cb091b5da9faf927984522c9bbe9ad7037f
Opcode Fuzzy Hash: b7bf267469631706014ef5b6a976724c1e29590bd579973413919bb6c8384525
Instruction Fuzzy Hash: 04E08CF0B4232036E644FB672C0769929C51B85709BD04A3F7004BA1D7DBBE42659E2E

Uniqueness

Uniqueness Score: -1.00%

Function 00429314, Relevance: 9.1, APIs: 6, Instructions: 144
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E00429314(short* __eax, intOrPtr __ecx, signed short* __edx) {
				char _v260;
				char _v768;
				char _v772;
				short* _v776;
				intOrPtr _v780;
				char _v784;
				signed int _v788;
				signed short* _v792;
				char _v796;
				char _v800;
				intOrPtr* _v804;
				signed short* _v808;
				void* __ebp;
				signed char _t55;
				signed int _t64;
				void* _t72;
				intOrPtr* _t83;
				void* _t103;
				void* _t105;
				void* _t108;
				void* _t109;
				intOrPtr* _t118;
				void* _t122;
				intOrPtr _t123;
				char* _t124;
				void* _t125;

				_t110 = __ecx;
				_v780 = __ecx;
				_v808 = __edx;
				_v776 = __eax;
				if((_v808[0] & 0x00000020) == 0) {
					E00428FD4(0x80070057);
				}
				_t55 =  *_v808 & 0x0000ffff;
				if((_t55 & 0x00000fff) != 0xc) {
					_push(_v808);
					_push(_v776);
					L0042724C();
					return E00428FD4(_v776);
				} else {
					if((_t55 & 0x00000040) == 0) {
						_v792 = _v808[4];
					} else {
						_v792 =  *(_v808[4]);
					}
					_v788 =  *_v792 & 0x0000ffff;
					_t103 = _v788 - 1;
					if(_t103 < 0) {
						L9:
						_push( &_v772);
						_t64 = _v788;
						_push(_t64);
						_push(0xc);
						L00427820();
						_t123 = _t64;
						if(_t123 == 0) {
							E00428D2C(_t110);
						}
						E00429270(_v776);
						 *_v776 = 0x200c;
						 *((intOrPtr*)(_v776 + 8)) = _t123;
						_t105 = _v788 - 1;
						if(_t105 < 0) {
							L14:
							_t107 = _v788 - 1;
							if(E0042928C(_v788 - 1, _t125) != 0) {
								L00427838();
								E00428FD4(_v792);
								L00427838();
								E00428FD4( &_v260);
								_v780(_t123,  &_v260,  &_v800, _v792,  &_v260,  &_v796);
							}
							_t72 = E004292BC(_t107, _t125);
						} else {
							_t108 = _t105 + 1;
							_t83 =  &_v768;
							_t118 =  &_v260;
							do {
								 *_t118 =  *_t83;
								_t118 = _t118 + 4;
								_t83 = _t83 + 8;
								_t108 = _t108 - 1;
							} while (_t108 != 0);
							do {
								goto L14;
							} while (_t72 != 0);
							return _t72;
						}
					} else {
						_t109 = _t103 + 1;
						_t122 = 0;
						_t124 =  &_v772;
						do {
							_v804 = _t124;
							_push(_v804 + 4);
							_t23 = _t122 + 1; // 0x1
							_push(_v792);
							L00427828();
							E00428FD4(_v792);
							_push( &_v784);
							_t26 = _t122 + 1; // 0x1
							_push(_v792);
							L00427830();
							E00428FD4(_v792);
							 *_v804 = _v784 -  *((intOrPtr*)(_v804 + 4)) + 1;
							_t122 = _t122 + 1;
							_t124 = _t124 + 8;
							_t109 = _t109 - 1;
						} while (_t109 != 0);
						goto L9;
					}
				}
			}

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 004293C9
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 004293E5
SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 0042941E
SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0042949B
SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 004294B4
VariantCopy.OLEAUT32(?,?), ref: 004294EF

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ArraySafe$BoundIndex$CopyCreateVariant
String ID:
API String ID: 351091851-0
Opcode ID: 098dc979d013d57468a629589b458cb88fc05e19e5f0a5a7df6b54d31b1502c0
Instruction ID: 40907f15986e25785bf49cc45dc9858f4ae05cc6f5fe419918d11ca627fab012
Opcode Fuzzy Hash: 098dc979d013d57468a629589b458cb88fc05e19e5f0a5a7df6b54d31b1502c0
Instruction Fuzzy Hash: CD510C75A0522D9BCB66EB59D981ADAB3FCAF0C304F4041DAF508E7211DA34AF858F64

Uniqueness

Uniqueness Score: -1.00%

Function 004AFA2C, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 44
windowCOMMON

Download Yara Rule

C-Code - Quality: 34%

			E004AFA2C(void* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				void* _t24;
				intOrPtr _t28;
				void* _t31;
				void* _t32;
				intOrPtr _t35;

				_t32 = __esi;
				_t31 = __edi;
				_push(0);
				_push(0);
				_t24 = __eax;
				_push(_t35);
				_push(0x4afab6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t35;
				if(( *0x4c1d19 & 0x00000001) == 0) {
					E00407A20( &_v8);
				} else {
					E00407E48( &_v8, L"/ALLUSERS\r\nInstructs Setup to install in administrative install mode.\r\n/CURRENTUSER\r\nInstructs Setup to install in non administrative install mode.\r\n");
				}
				_push(L"The Setup program accepts optional command line parameters.\r\n\r\n/HELP, /?\r\nShows this information.\r\n/SP-\r\nDisables the This will install... Do you wish to continue? prompt at the beginning of Setup.\r\n/SILENT, /VERYSILENT\r\nInstructs Setup to be silent or very silent.\r\n/SUPPRESSMSGBOXES\r\nInstructs Setup to suppress message boxes.\r\n/LOG\r\nCauses Setup to create a log file in the user\'s TEMP directory.\r\n/LOG=\"filename\"\r\nSame as /LOG, except it allows you to specify a fixed path/filename to use for the log file.\r\n/NOCANCEL\r\nPrevents the user from cancelling during the installation process.\r\n/NORESTART\r\nPrevents Setup from restarting the system following a successful installation, or after a Preparing to Install failure that requests a restart.\r\n/RESTARTEXITCODE=exit code\r\nSpecifies a custom exit code that Setup is to return when the system needs to be restarted.\r\n/CLOSEAPPLICATIONS\r\nInstructs Setup to close applications using files that need to be updated.\r\n/NOCLOSEAPPLICATIONS\r\nPrevents Setup from closing applications using files that need to be updated.\r\n/FORCECLOSEAPPLICATIONS\r\nInstructs Setup to force close when closing applications.\r\n/FORCENOCLOSEAPPLICATIONS\r\nPrevents Setup from force closing when closing applications.\r\n/LOGCLOSEAPPLICATIONS\r\nInstructs Setup to create extra logging when closing applications for debugging purposes.\r\n/RESTARTAPPLICATIONS\r\nInstructs Setup to restart applications.\r\n/NORESTARTAPPLICATIONS\r\nPrevents Setup from restarting applications.\r\n/LOADINF=\"filename\"\r\nInstructs Setup to load the settings from the specified file after having checked the command line.\r\n/SAVEINF=\"filename\"\r\nInstructs Setup to save installation settings to the specified file.\r\n/LANG=language\r\nSpecifies the internal name of the language to use.\r\n/DIR=\"x:\\dirname\"\r\nOverrides the default directory name.\r\n/GROUP=\"folder name\"\r\nOverrides the default folder name.\r\n/NOICONS\r\nInstructs Setup to initially check the Don\'t create a Start Menu folder check box.\r\n/TYPE=type name\r\nOverrides the default setup type.\r\n/COMPONENTS=\"comma separated list of component names\"\r\nOverrides the default component settings.\r\n/TASKS=\"comma separated list of task names\"\r\nSpecifies a list of tasks that should be initially selected.\r\n/MERGETASKS=\"comma separated list of task names\"\r\nLike the /TASKS parameter, except the specified tasks will be merged with the set of tasks that would have otherwise been selected by default.\r\n/PASSWORD=password\r\nSpecifies the password to use.\r\n");
				_push(_v8);
				_push(_t24);
				_push(0x4b0f7c);
				_push(L"For more detailed information, please visit https://jrsoftware.org/ishelp/index.php?topic=setupcmdline");
				E004087C4( &_v12, _t24, 5, _t31, _t32);
				MessageBoxW(0, E004084EC(_v12), L"Setup", 0x10);
				_pop(_t28);
				 *[fs:eax] = _t28;
				_push(E004AFABD);
				return E00407A80( &_v12, 2);
			}

APIs

MessageBoxW.USER32(00000000,00000000,Setup,00000010), ref: 004AFA96

Strings

The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will in, xrefs: 004AFA64
Setup, xrefs: 004AFA86
For more detailed information, please visit https://jrsoftware.org/ishelp/index.php?topic=setupcmdline, xrefs: 004AFA72
/ALLUSERSInstructs Setup to install in administrative install mode./CURRENTUSERInstructs Setup to install in non administrat, xrefs: 004AFA50

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Message
String ID: /ALLUSERSInstructs Setup to install in administrative install mode./CURRENTUSERInstructs Setup to install in non administrat$For more detailed information, please visit https://jrsoftware.org/ishelp/index.php?topic=setupcmdline$Setup$The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will in
API String ID: 2030045667-3391638011
Opcode ID: 5fca6df1cc41c60226962d0d4d7f1ceda4c84f57996502a3869d04bad8e11af8
Instruction ID: d91db7adbe0e61d65693b83f686b77c7a2459b52af6881be4eb58bd45dae7278
Opcode Fuzzy Hash: 5fca6df1cc41c60226962d0d4d7f1ceda4c84f57996502a3869d04bad8e11af8
Instruction Fuzzy Hash: 5D018F30744308BAE310E691CC52F9E76ACD719B04FA0407BB904B26C2D6BC6E04842D

Uniqueness

Uniqueness Score: -1.00%

Function 0042F9B0, Relevance: 7.8, APIs: 5, Instructions: 335
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E0042F9B0(signed short* __eax, signed int __ecx, signed short* __edx, void* __edi, void* __fp0) {
				signed int _v8;
				signed char _v9;
				signed int _v12;
				signed int _v14;
				void* _v20;
				void* _v24;
				signed short* _v28;
				signed short* _v32;
				signed int _v48;
				void* __ebx;
				void* __ebp;
				signed int _t150;
				signed int _t272;
				intOrPtr _t328;
				intOrPtr _t331;
				intOrPtr _t339;
				intOrPtr _t347;
				intOrPtr _t355;
				void* _t360;
				void* _t362;
				intOrPtr _t363;

				_t367 = __fp0;
				_t358 = __edi;
				_t360 = _t362;
				_t363 = _t362 + 0xffffffd4;
				_v8 = __ecx;
				_v32 = __edx;
				_v28 = __eax;
				_v9 = 1;
				_t272 =  *_v28 & 0x0000ffff;
				if((_t272 & 0x00000fff) >= 0x10f) {
					_t150 =  *_v32 & 0x0000ffff;
					if(_t150 != 0) {
						if(_t150 != 1) {
							if(E00430858(_t272,  &_v20) != 0) {
								_push( &_v14);
								_t273 =  *_v20;
								if( *((intOrPtr*)( *_v20 + 8))() == 0) {
									_t275 =  *_v32 & 0x0000ffff;
									if(( *_v32 & 0xfff) >= 0x10f) {
										if(E00430858(_t275,  &_v24) != 0) {
											_push( &_v12);
											_t276 =  *_v24;
											if( *((intOrPtr*)( *_v24 + 4))() == 0) {
												E00428BE8(0xb);
												goto L41;
											} else {
												if(( *_v28 & 0x0000ffff) == _v12) {
													_t143 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
													_v9 =  *(0x4b93d2 + _v8 * 2 + _t143) & 0x000000ff;
													goto L41;
												} else {
													_push( &_v48);
													L0042723C();
													_push(_t360);
													_push(0x42fda8);
													_push( *[fs:eax]);
													 *[fs:eax] = _t363;
													_t289 = _v12 & 0x0000ffff;
													E0042999C( &_v48, _t276, _v12 & 0x0000ffff, _v28, __edi, __fp0);
													if((_v48 & 0x0000ffff) != _v12) {
														E00428AF0(_t289);
													}
													_t131 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
													_v9 =  *(0x4b93d2 + _v8 * 2 + _t131) & 0x000000ff;
													_pop(_t328);
													 *[fs:eax] = _t328;
													_push(0x42fddd);
													return E00429270( &_v48);
												}
											}
										} else {
											E00428BE8(0xb);
											goto L41;
										}
									} else {
										_push( &_v48);
										L0042723C();
										_push(_t360);
										_push(0x42fcef);
										_push( *[fs:eax]);
										 *[fs:eax] = _t363;
										_t294 =  *_v32 & 0x0000ffff;
										E0042999C( &_v48, _t275,  *_v32 & 0x0000ffff, _v28, __edi, __fp0);
										if(( *_v32 & 0x0000ffff) != _v48) {
											E00428AF0(_t294);
										}
										_v9 = E0042F7C8( &_v48, _v8, _v32, _t358, _t360, _t367);
										_pop(_t331);
										 *[fs:eax] = _t331;
										_push(0x42fddd);
										return E00429270( &_v48);
									}
								} else {
									if(( *_v32 & 0x0000ffff) == _v14) {
										_t95 = ( *((intOrPtr*)( *_v20 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t95) & 0x000000ff;
										goto L41;
									} else {
										_push( &_v48);
										L0042723C();
										_push(_t360);
										_push(0x42fc4a);
										_push( *[fs:eax]);
										 *[fs:eax] = _t363;
										_t299 = _v14 & 0x0000ffff;
										E0042999C( &_v48, _t273, _v14 & 0x0000ffff, _v32, __edi, __fp0);
										if((_v48 & 0x0000ffff) != _v14) {
											E00428AF0(_t299);
										}
										_t83 = ( *((intOrPtr*)( *_v20 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t83) & 0x000000ff;
										_pop(_t339);
										 *[fs:eax] = _t339;
										_push(0x42fddd);
										return E00429270( &_v48);
									}
								}
							} else {
								E00428BE8(__ecx);
								goto L41;
							}
						} else {
							_v9 = E0042F548(_v8, 2);
							goto L41;
						}
					} else {
						_v9 = E0042F534(0, 1);
						goto L41;
					}
				} else {
					if(_t272 != 0) {
						if(_t272 != 1) {
							if(E00430858( *_v32 & 0x0000ffff,  &_v24) != 0) {
								_push( &_v12);
								_t282 =  *_v24;
								if( *((intOrPtr*)( *_v24 + 4))() == 0) {
									_push( &_v48);
									L0042723C();
									_push(_t360);
									_push(0x42fb5b);
									_push( *[fs:eax]);
									 *[fs:eax] = _t363;
									_t306 =  *_v28 & 0x0000ffff;
									E0042999C( &_v48, _t282,  *_v28 & 0x0000ffff, _v32, __edi, __fp0);
									if((_v48 & 0xfff) !=  *_v28) {
										E00428AF0(_t306);
									}
									_v9 = E0042F7C8(_v28, _v8,  &_v48, _t358, _t360, _t367);
									_pop(_t347);
									 *[fs:eax] = _t347;
									_push(0x42fddd);
									return E00429270( &_v48);
								} else {
									if(( *_v28 & 0x0000ffff) == _v12) {
										_t44 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t44) & 0x000000ff;
										goto L41;
									} else {
										_push( &_v48);
										L0042723C();
										_push(_t360);
										_push(0x42fac4);
										_push( *[fs:eax]);
										 *[fs:eax] = _t363;
										_t311 = _v12 & 0x0000ffff;
										E0042999C( &_v48, _t282, _v12 & 0x0000ffff, _v28, __edi, __fp0);
										if((_v48 & 0xfff) != _v12) {
											E00428AF0(_t311);
										}
										_t32 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t32) & 0x000000ff;
										_pop(_t355);
										 *[fs:eax] = _t355;
										_push(0x42fddd);
										return E00429270( &_v48);
									}
								}
							} else {
								E00428BE8(__ecx);
								goto L41;
							}
						} else {
							_v9 = E0042F548(_v8, 0);
							goto L41;
						}
					} else {
						_v9 = E0042F534(1, 0);
						L41:
						return _v9 & 0x000000ff;
					}
				}
			}

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 513e5c88327bb7306b2ed8f9e2f39c2943af69bef8aea9c68306217106a7b0a1
Instruction ID: 336ab3be91245dbcb88afa50d39c96b555b7b4dd4c7b37a8d21c905a6355ac7c
Opcode Fuzzy Hash: 513e5c88327bb7306b2ed8f9e2f39c2943af69bef8aea9c68306217106a7b0a1
Instruction Fuzzy Hash: ACD16E75B00119DFCF00DFA5D4918FEB7B5EF49300BD084BBE801A7251D638A94ADB69

Uniqueness

Uniqueness Score: -1.00%

Function 0041C790, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77
threadCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E0041C790(void* __eax, void* __ebx, intOrPtr* __edx, void* __esi, intOrPtr _a4) {
				char _v8;
				short _v18;
				short _v22;
				struct _SYSTEMTIME _v24;
				short _v536;
				short* _t32;
				intOrPtr* _t47;
				intOrPtr _t56;
				void* _t61;
				intOrPtr _t63;
				void* _t67;

				_v8 = 0;
				_t47 = __edx;
				_t61 = __eax;
				_push(_t67);
				_push(0x41c873);
				_push( *[fs:eax]);
				 *[fs:eax] = _t67 + 0xfffffdec;
				E00407A20(__edx);
				_v24 =  *(_a4 - 2) & 0x0000ffff;
				_v22 =  *(_a4 - 4) & 0x0000ffff;
				_v18 =  *(_a4 - 6) & 0x0000ffff;
				if(_t61 > 2) {
					E00407E48( &_v8, L"yyyy");
				} else {
					E00407E48( &_v8, 0x41c88c);
				}
				_t32 = E004084EC(_v8);
				if(GetDateFormatW(GetThreadLocale(), 4,  &_v24, _t32,  &_v536, 0x200) != 0) {
					E0040858C(_t47, 0x100,  &_v536);
					if(_t61 == 1 &&  *((short*)( *_t47)) == 0x30) {
						_t63 =  *_t47;
						if(_t63 != 0) {
							_t63 =  *((intOrPtr*)(_t63 - 4));
						}
						E004088AC( *_t47, _t63 - 1, 2, _t47);
					}
				}
				_pop(_t56);
				 *[fs:eax] = _t56;
				_push(0x41c87a);
				return E00407A20( &_v8);
			}

APIs

GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000200,00000000,0041C873), ref: 0041C816
GetDateFormatW.KERNEL32(00000000,00000004,?,00000000,?,00000200,00000000,0041C873), ref: 0041C81C

Strings

yyyy, xrefs: 0041C7F1
, xrefs: 0041C7E2

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: DateFormatLocaleThread
String ID: $yyyy
API String ID: 3303714858-404527807
Opcode ID: 9b84cafd13c5b3a76178dd7a5deb0e6d63fe676c73d736d950a9ec0585647aa0
Instruction ID: d4c72dfe3e93bc103dd676e1b73ac12d517b544291048ec360f079cc1ca068dc
Opcode Fuzzy Hash: 9b84cafd13c5b3a76178dd7a5deb0e6d63fe676c73d736d950a9ec0585647aa0
Instruction Fuzzy Hash: 9A215335A442189BDB11EF95CDC1AAEB3B8EF08701F5144BBFC45E7281D7789E4087AA

Uniqueness

Uniqueness Score: -1.00%

Function 0041EEFC, Relevance: 6.1, APIs: 4, Instructions: 113
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E0041EEFC(intOrPtr* __eax, void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v534;
				short _v1056;
				short _v1568;
				struct _MEMORY_BASIC_INFORMATION _v1596;
				char _v1600;
				intOrPtr _v1604;
				char _v1608;
				intOrPtr _v1612;
				char _v1616;
				intOrPtr _v1620;
				char _v1624;
				char* _v1628;
				char _v1632;
				char _v1636;
				char _v1640;
				intOrPtr _t55;
				signed int _t76;
				void* _t82;
				intOrPtr _t83;
				intOrPtr _t95;
				intOrPtr _t98;
				intOrPtr _t100;
				intOrPtr* _t102;
				void* _t105;

				_v1640 = 0;
				_v8 = __ecx;
				_t82 = __edx;
				_t102 = __eax;
				_push(_t105);
				_push(0x41f0a8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t105 + 0xfffff99c;
				VirtualQuery(__edx,  &_v1596, 0x1c);
				if(_v1596.State != 0x1000 || GetModuleFileNameW(_v1596.AllocationBase,  &_v1056, 0x105) == 0) {
					GetModuleFileNameW( *0x4be634,  &_v1056, 0x105);
					_v12 = E0041EEF0(_t82);
				} else {
					_v12 = _t82 - _v1596.AllocationBase;
				}
				E0041A57C( &_v534, 0x104, E00420608() + 2);
				_t83 = 0x41f0bc;
				_t100 = 0x41f0bc;
				_t95 =  *0x414db8; // 0x414e10
				if(E00405F30(_t102, _t95) != 0) {
					_t83 = E004084EC( *((intOrPtr*)(_t102 + 4)));
					_t76 = E00407F04(_t83);
					if(_t76 != 0 &&  *((short*)(_t83 + _t76 * 2 - 2)) != 0x2e) {
						_t100 = 0x41f0c0;
					}
				}
				_t55 =  *0x4ba774; // 0x40e708
				_t18 = _t55 + 4; // 0xffec
				LoadStringW(E00409FF0( *0x4be634),  *_t18,  &_v1568, 0x100);
				E00405BE8( *_t102,  &_v1640);
				_v1636 = _v1640;
				_v1632 = 0x11;
				_v1628 =  &_v534;
				_v1624 = 0xa;
				_v1620 = _v12;
				_v1616 = 5;
				_v1612 = _t83;
				_v1608 = 0xa;
				_v1604 = _t100;
				_v1600 = 0xa;
				E0041A814(4,  &_v1636);
				E00407F04(_v8);
				_pop(_t98);
				 *[fs:eax] = _t98;
				_push(0x41f0af);
				return E00407A20( &_v1640);
			}

APIs

VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041F0A8), ref: 0041EF2F
GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF53
GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF6E
LoadStringW.USER32(00000000,0000FFEC,?,00000100), ref: 0041F009

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileModuleName$LoadQueryStringVirtual
String ID:
API String ID: 3990497365-0
Opcode ID: 9931a9cf3aed00deb4ee3acfb7e435b06dd993296f2c2e9735afe951396f5714
Instruction ID: 1578eb45e464442e6080653f6025888c356fcaddc808aab3f6789ba0ce71ce89
Opcode Fuzzy Hash: 9931a9cf3aed00deb4ee3acfb7e435b06dd993296f2c2e9735afe951396f5714
Instruction Fuzzy Hash: 3E412374A002589FDB20DF59CC81BCAB7F9AB58304F4044FAE508E7242D7799E95CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0040A6C8, Relevance: 6.1, APIs: 4, Instructions: 95
threadCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E0040A6C8(signed short __eax, void* __edx) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				signed int _v20;
				short _v22;
				short _v24;
				char _v26;
				char _v32;
				void* __ebp;
				void* _t39;
				void* _t55;
				void* _t59;
				short* _t62;
				signed short _t66;
				void* _t67;
				void* _t68;
				signed short _t79;
				void* _t81;

				_t81 = __edx;
				_t66 = __eax;
				_v16 = 0;
				if(__eax !=  *0x4bdc08()) {
					_v16 = E0040A684( &_v8);
					_t79 = _t66;
					_v20 = 3;
					_t62 =  &_v26;
					do {
						 *_t62 =  *(0xf + "0123456789ABCDEF") & 0x000000ff;
						_t79 = (_t79 & 0x0000ffff) >> 4;
						_v20 = _v20 - 1;
						_t62 = _t62 - 2;
					} while (_v20 != 0xffffffff);
					_v24 = 0;
					_v22 = 0;
					 *0x4bdc04(4,  &_v32,  &_v20);
				}
				_t39 = E0040A684( &_v12);
				_t67 = _t39;
				if(_t67 != 0) {
					_t55 = _v12 - 2;
					if(_t55 >= 0) {
						_t59 = _t55 + 1;
						_v20 = 0;
						do {
							if( *((short*)(_t67 + _v20 * 2)) == 0) {
								 *((short*)(_t67 + _v20 * 2)) = 0x2c;
							}
							_v20 = _v20 + 1;
							_t59 = _t59 - 1;
						} while (_t59 != 0);
					}
					E00408550(_t81, _t67);
					_t39 = E0040540C(_t67);
				}
				if(_v16 != 0) {
					 *0x4bdc04(0, 0,  &_v20);
					_t68 = E0040A684( &_v12);
					if(_v8 != _v12 || E0040A660(_v16, _v12, _t68) != 0) {
						 *0x4bdc04(8, _v16,  &_v20);
					}
					E0040540C(_t68);
					return E0040540C(_v16);
				}
				return _t39;
			}

APIs

GetThreadUILanguage.KERNEL32(?,00000000), ref: 0040A6D9
SetThreadPreferredUILanguages.KERNEL32(00000004,?,?), ref: 0040A737
SetThreadPreferredUILanguages.KERNEL32(00000000,00000000,?), ref: 0040A794
SetThreadPreferredUILanguages.KERNEL32(00000008,?,?), ref: 0040A7C7

Part of subcall function 0040A684: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,00000000,?,?,0040A745), ref: 0040A69B
Part of subcall function 0040A684: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,?,0040A745), ref: 0040A6B8

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Thread$LanguagesPreferred$Language
String ID:
API String ID: 2255706666-0
Opcode ID: 4c514f641868e752fd40307e4922e2f5a84495159d338bc2b006041d37f1dfb0
Instruction ID: 64ac70e7ec2a8712ea9b0e83aabe60772fb1db60419ab041f5eb1837937ee239
Opcode Fuzzy Hash: 4c514f641868e752fd40307e4922e2f5a84495159d338bc2b006041d37f1dfb0
Instruction Fuzzy Hash: 97317070E0021A9BDB10DFA9C884AAFB7B8EF04304F00867AE555E7291EB789E05CB55

Uniqueness

Uniqueness Score: -1.00%

Function 004AF9D8, Relevance: 6.0, APIs: 4, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004AF9D8() {
				struct HRSRC__* _t10;
				void* _t11;
				void* _t12;

				_t10 = FindResourceW(0, 0x2b67, 0xa);
				if(_t10 == 0) {
					E004AF81C();
				}
				if(SizeofResource(0, _t10) != 0x2c) {
					E004AF81C();
				}
				_t11 = LoadResource(0, _t10);
				if(_t11 == 0) {
					E004AF81C();
				}
				_t12 = LockResource(_t11);
				if(_t12 == 0) {
					E004AF81C();
				}
				return _t12;
			}

0x004af9e7
0x004af9eb
0x004af9ed
0x004af9ed
0x004af9fd
0x004af9ff
0x004af9ff
0x004afa0c
0x004afa10
0x004afa12
0x004afa12
0x004afa1d
0x004afa21
0x004afa23
0x004afa23
0x004afa2b

APIs

FindResourceW.KERNEL32(00000000,00002B67,0000000A,?,004B5F8E,00000000,004B6546,?,00000001,00000000,00000002,00000000,004B659A,?,00000000,004B65DE), ref: 004AF9E2
SizeofResource.KERNEL32(00000000,00000000,00000000,00002B67,0000000A,?,004B5F8E,00000000,004B6546,?,00000001,00000000,00000002,00000000,004B659A), ref: 004AF9F5
LoadResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,00002B67,0000000A,?,004B5F8E,00000000,004B6546,?,00000001,00000000,00000002,00000000), ref: 004AFA07
LockResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00002B67,0000000A,?,004B5F8E,00000000,004B6546,?,00000001,00000000,00000002), ref: 004AFA18

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Resource$FindLoadLockSizeof
String ID:
API String ID: 3473537107-0
Opcode ID: 02808190384345e6b6e95f370ea09fbbffea242a438a722aaaec786d6965ba00
Instruction ID: b4304edc7477ba19fc58783748d8fb6d5fb92d5907bfc8b650660916f3b2bd49
Opcode Fuzzy Hash: 02808190384345e6b6e95f370ea09fbbffea242a438a722aaaec786d6965ba00
Instruction Fuzzy Hash: D8E0758074530625F52436F728D7B6B040C5B37B4DF00453FB644A92C3DEAC8C5C022E

Uniqueness

Uniqueness Score: -1.00%

Function 00420BD8, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00420BD8() {
				void* __ebx;
				struct HINSTANCE__* _t1;
				void* _t4;

				_t1 = GetModuleHandleW(L"kernel32.dll");
				_t3 = _t1;
				if(_t1 != 0) {
					_t1 = E0040E1A8(_t3, _t4, _t3, L"GetDiskFreeSpaceExW");
					 *0x4b7e30 = _t1;
				}
				if( *0x4b7e30 == 0) {
					 *0x4b7e30 = E0041A4DC;
					return E0041A4DC;
				}
				return _t1;
			}

0x00420bde
0x00420be3
0x00420be7
0x00420bef
0x00420bf4
0x00420bf4
0x00420c00
0x00420c07
0x00000000
0x00420c07
0x00420c0d

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,?,00420CB4,00000000,00420CCC,?,?,00420C69), ref: 00420BDE

Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116), ref: 0040E1D2

Strings

kernel32.dll, xrefs: 00420BD9
GetDiskFreeSpaceExW, xrefs: 00420BE9

Memory Dump Source

Source File: 00000002.00000002.369140012.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.369107661.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369658316.00000000004B7000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369718008.00000000004C0000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.369733607.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.369754552.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetDiskFreeSpaceExW$kernel32.dll
API String ID: 1646373207-1127948838
Opcode ID: f76785e0005e833dd4a9f921d8d2e36157eed1af70da7a881872f52b203e86d0
Instruction ID: d69f2d486575a746b5ffe9d6a82661523d0842203aaa5c8b8dd0cb43f1f92830
Opcode Fuzzy Hash: f76785e0005e833dd4a9f921d8d2e36157eed1af70da7a881872f52b203e86d0
Instruction Fuzzy Hash: 31D05EB03143165FE7056BB2ACC561636C6AB86304B900B7BA5046A243CBFDDC50434C

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: Mario Deluxe InstaII.exe PID: 5312 Parent PID: 5644 Mario Deluxe InstaII.exeCOMMON

Executed Functions

Non-executed Functions

Function 0040A928, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140
stringlibraryfileCOMMON

Download Yara Rule

C-Code - Quality: 78%

			E0040A928(short* __eax, intOrPtr __edx) {
				short* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v20;
				struct _WIN32_FIND_DATAW _v612;
				short _v1134;
				signed int _t50;
				signed int _t51;
				void* _t55;
				signed int _t88;
				signed int _t89;
				intOrPtr* _t90;
				signed int _t101;
				signed int _t102;
				short* _t112;
				struct HINSTANCE__* _t113;
				short* _t115;
				short* _t116;
				void* _t117;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_t113 = GetModuleHandleW(L"kernel32.dll");
				if(_t113 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_t115 = _v8 + 4;
						goto L10;
					} else {
						if( *((short*)(_v8 + 2)) == 0x5c) {
							_t116 = E0040A904(_v8 + 4);
							if( *_t116 != 0) {
								_t14 = _t116 + 2; // 0x2
								_t115 = E0040A904(_t14);
								if( *_t115 != 0) {
									L10:
									_t88 = _t115 - _v8;
									_t89 = _t88 >> 1;
									if(_t88 < 0) {
										asm("adc ebx, 0x0");
									}
									_t43 = _t89 + 1;
									if(_t89 + 1 <= 0x105) {
										E0040A34C( &_v1134, _v8, _t43);
										while( *_t115 != 0) {
											_t112 = E0040A904(_t115 + 2);
											_t50 = _t112 - _t115;
											_t51 = _t50 >> 1;
											if(_t50 < 0) {
												asm("adc eax, 0x0");
											}
											if(_t51 + _t89 + 1 <= 0x105) {
												_t55 =  &_v1134 + _t89 + _t89;
												_t101 = _t112 - _t115;
												_t102 = _t101 >> 1;
												if(_t101 < 0) {
													asm("adc edx, 0x0");
												}
												E0040A34C(_t55, _t115, _t102 + 1);
												_v20 = FindFirstFileW( &_v1134,  &_v612);
												if(_v20 != 0xffffffff) {
													FindClose(_v20);
													if(lstrlenW( &(_v612.cFileName)) + _t89 + 1 + 1 <= 0x105) {
														 *((short*)(_t117 + _t89 * 2 - 0x46a)) = 0x5c;
														E0040A34C( &_v1134 + _t89 + _t89 + 2,  &(_v612.cFileName), 0x105 - _t89 - 1);
														_t89 = _t89 + lstrlenW( &(_v612.cFileName)) + 1;
														_t115 = _t112;
														continue;
													}
												}
											}
											goto L24;
										}
										E0040A34C(_v8,  &_v1134, _v12);
									}
								}
							}
						}
					}
				} else {
					_t90 = GetProcAddress(_t113, "GetLongPathNameW");
					if(_t90 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v1134);
						_push(_v8);
						if( *_t90() == 0) {
							goto L4;
						} else {
							E0040A34C(_v8,  &_v1134, _v12);
						}
					}
				}
				L24:
				return _v16;
			}

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,004162BC,?,?), ref: 0040A945
GetProcAddress.KERNEL32(00000000,GetLongPathNameW,kernel32.dll,004162BC,?,?), ref: 0040A956
FindFirstFileW.KERNEL32(?,?,kernel32.dll,004162BC,?,?), ref: 0040AA56
FindClose.KERNEL32(?,?,?,kernel32.dll,004162BC,?,?), ref: 0040AA68
lstrlenW.KERNEL32(?,?,?,?,kernel32.dll,004162BC,?,?), ref: 0040AA74
lstrlenW.KERNEL32(?,?,?,?,?,kernel32.dll,004162BC,?,?), ref: 0040AAB9

Strings

kernel32.dll, xrefs: 0040A940
\, xrefs: 0040AA86
GetLongPathNameW, xrefs: 0040A950

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Findlstrlen$AddressCloseFileFirstHandleModuleProc
String ID: GetLongPathNameW$\$kernel32.dll
API String ID: 1930782624-3908791685
Opcode ID: 183b95b3a51561f689afe97dee5c8a79c4fd8c96845b100509742c6ef22e5d48
Instruction ID: 0568a8f2c4c85ac628058e700237ad117df8c3680498263a44950cac296231c5
Opcode Fuzzy Hash: 183b95b3a51561f689afe97dee5c8a79c4fd8c96845b100509742c6ef22e5d48
Instruction Fuzzy Hash: 7841A071B003189BCB20DE98CD85A9EB3B5AB44310F1485B69945F72C1EB7CAE51CF4A

Uniqueness

Uniqueness Score: -1.00%

Function 004AF100, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 42
shutdownCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E004AF100() {
				int _v4;
				struct _TOKEN_PRIVILEGES _v16;
				void* _v20;
				int _t7;

				if(E0041FF2C() != 2) {
					L5:
					_t7 = ExitWindowsEx(2, 0);
					asm("sbb eax, eax");
					return _t7 + 1;
				}
				if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v20) != 0) {
					LookupPrivilegeValueW(0, L"SeShutdownPrivilege",  &(_v16.Privileges));
					_v16.PrivilegeCount = 1;
					_v4 = 2;
					AdjustTokenPrivileges(_v20, 0,  &_v16, 0, 0, 0);
					if(GetLastError() == 0) {
						goto L5;
					}
					return 0;
				}
				return 0;
			}

0x004af10b
0x004af168
0x004af16c
0x004af174
0x00000000
0x004af176
0x004af11d
0x004af12f
0x004af134
0x004af13c
0x004af156
0x004af162
0x00000000
0x00000000
0x00000000
0x004af164
0x00000000

APIs

GetCurrentProcess.KERNEL32(00000028), ref: 004AF110
OpenProcessToken.ADVAPI32(00000000,00000028), ref: 004AF116
LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,00000028,00000000,00000028), ref: 004AF12F
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000,00000000,SeShutdownPrivilege), ref: 004AF156
GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000,00000000,SeShutdownPrivilege), ref: 004AF15B
ExitWindowsEx.USER32(00000002,00000000), ref: 004AF16C

Strings

SeShutdownPrivilege, xrefs: 004AF128

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
String ID: SeShutdownPrivilege
API String ID: 107509674-3733053543
Opcode ID: 8e5a84c14a70d88db4b642b50940ef19e8415a26a34c47856276ad77353cc172
Instruction ID: 7dac40d64cb4e9f407b68a4455ade4cde001687ddfd0dce28971008a8d09d756
Opcode Fuzzy Hash: 8e5a84c14a70d88db4b642b50940ef19e8415a26a34c47856276ad77353cc172
Instruction Fuzzy Hash: 51F06D70684301B6E610A6F28C07F6B21C89B56B58F500C3EF644E91C2D7BDD85D867B

Uniqueness

Uniqueness Score: -1.00%

Function 004B5114, Relevance: 45.7, APIs: 6, Strings: 20, Instructions: 165
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 73%

			E004B5114(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				long _t39;
				_Unknown_base(*)()* _t42;
				_Unknown_base(*)()* _t43;
				_Unknown_base(*)()* _t46;
				signed int _t51;
				void* _t111;
				void* _t112;
				intOrPtr _t129;
				struct HINSTANCE__* _t148;
				intOrPtr* _t150;
				intOrPtr _t152;
				intOrPtr _t153;

				_t152 = _t153;
				_t112 = 7;
				do {
					_push(0);
					_push(0);
					_t112 = _t112 - 1;
				} while (_t112 != 0);
				_push(_t152);
				_push(0x4b5388);
				_push( *[fs:eax]);
				 *[fs:eax] = _t153;
				 *0x4be664 =  *0x4be664 - 1;
				if( *0x4be664 >= 0) {
					L19:
					_pop(_t129);
					 *[fs:eax] = _t129;
					_push(0x4b538f);
					return E00407A80( &_v60, 0xe);
				} else {
					_t148 = GetModuleHandleW(L"kernel32.dll");
					_t39 = GetVersion();
					_t111 = 0;
					if(_t39 != 0x600) {
						_t150 = GetProcAddress(_t148, "SetDefaultDllDirectories");
						if(_t150 != 0) {
							 *_t150(0x800);
							asm("sbb ebx, ebx");
							_t111 = 1;
						}
					}
					if(_t111 == 0) {
						_t46 = GetProcAddress(_t148, "SetDllDirectoryW");
						if(_t46 != 0) {
							 *_t46(0x4b53e4);
						}
						E0040E520( &_v8);
						E00407E00(0x4be668, _v8);
						if( *0x4be668 != 0) {
							_t51 =  *0x4be668;
							if(_t51 != 0) {
								_t51 =  *(_t51 - 4);
							}
							if( *((short*)( *0x4be668 + _t51 * 2 - 2)) != 0x5c) {
								E004086E4(0x4be668, 0x4b53f4);
							}
							E0040873C( &_v12, L"uxtheme.dll",  *0x4be668);
							E0040E54C(_v12, _t111);
							E0040873C( &_v16, L"userenv.dll",  *0x4be668);
							E0040E54C(_v16, _t111);
							E0040873C( &_v20, L"setupapi.dll",  *0x4be668);
							E0040E54C(_v20, _t111);
							E0040873C( &_v24, L"apphelp.dll",  *0x4be668);
							E0040E54C(_v24, _t111);
							E0040873C( &_v28, L"propsys.dll",  *0x4be668);
							E0040E54C(_v28, _t111);
							E0040873C( &_v32, L"dwmapi.dll",  *0x4be668);
							E0040E54C(_v32, _t111);
							E0040873C( &_v36, L"cryptbase.dll",  *0x4be668);
							E0040E54C(_v36, _t111);
							E0040873C( &_v40, L"oleacc.dll",  *0x4be668);
							E0040E54C(_v40, _t111);
							E0040873C( &_v44, L"version.dll",  *0x4be668);
							E0040E54C(_v44, _t111);
							E0040873C( &_v48, L"profapi.dll",  *0x4be668);
							E0040E54C(_v48, _t111);
							E0040873C( &_v52, L"comres.dll",  *0x4be668);
							E0040E54C(_v52, _t111);
							E0040873C( &_v56, L"clbcatq.dll",  *0x4be668);
							E0040E54C(_v56, _t111);
							E0040873C( &_v60, L"ntmarta.dll",  *0x4be668);
							E0040E54C(_v60, _t111);
						}
					}
					_t42 = GetProcAddress(_t148, "SetSearchPathMode");
					if(_t42 != 0) {
						 *_t42(0x8001);
					}
					_t43 = GetProcAddress(_t148, "SetProcessDEPPolicy");
					if(_t43 != 0) {
						 *_t43(1);
					}
					goto L19;
				}
			}

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,00000000,004B5388,?,?,?,?,00000000,00000000), ref: 004B5146
GetVersion.KERNEL32(kernel32.dll,00000000,004B5388,?,?,?,?,00000000,00000000), ref: 004B514D
GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories,kernel32.dll,00000000,004B5388,?,?,?,?,00000000,00000000), ref: 004B5162
GetProcAddress.KERNEL32(00000000,SetDllDirectoryW,kernel32.dll,00000000,004B5388,?,?,?,?,00000000,00000000), ref: 004B5188

Part of subcall function 0040E54C: SetErrorMode.KERNEL32(00008000), ref: 0040E55A
Part of subcall function 0040E54C: LoadLibraryW.KERNEL32(00000000,00000000,0040E5AE,?,00000000,0040E5CC,?,00008000), ref: 0040E58F

GetProcAddress.KERNEL32(00000000,SetSearchPathMode,kernel32.dll,00000000,004B5388,?,?,?,?,00000000,00000000), ref: 004B534A
GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,00000000,004B5388,?,?,?,?,00000000,00000000), ref: 004B5360

Strings

setupapi.dll, xrefs: 004B521E
SetProcessDEPPolicy, xrefs: 004B535A
SetDllDirectoryW, xrefs: 004B5182
kernel32.dll, xrefs: 004B5141
apphelp.dll, xrefs: 004B5239
cryptbase.dll, xrefs: 004B528A
SetDefaultDllDirectories, xrefs: 004B515C
oleacc.dll, xrefs: 004B52A5
hK, xrefs: 004B51D6
hK, xrefs: 004B51A3
dwmapi.dll, xrefs: 004B526F
profapi.dll, xrefs: 004B52DB
comres.dll, xrefs: 004B52F6
clbcatq.dll, xrefs: 004B5311
version.dll, xrefs: 004B52C0
SetSearchPathMode, xrefs: 004B5344
userenv.dll, xrefs: 004B5203
propsys.dll, xrefs: 004B5254
uxtheme.dll, xrefs: 004B51E8
ntmarta.dll, xrefs: 004B532C

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressProc$ErrorHandleLibraryLoadModeModuleVersion
String ID: SetDefaultDllDirectories$SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$apphelp.dll$clbcatq.dll$comres.dll$cryptbase.dll$dwmapi.dll$hK$hK$kernel32.dll$ntmarta.dll$oleacc.dll$profapi.dll$propsys.dll$setupapi.dll$userenv.dll$uxtheme.dll$version.dll
API String ID: 764398383-3182217745
Opcode ID: 68b2adb77f8f7151d30e1a894141e6e7486eaa9f98baa6450b00b79ea83e97ab
Instruction ID: 14362f36823de93a6bafc63c1bb5288ecf7b8ac372eee3bc1917329a49ba756d
Opcode Fuzzy Hash: 68b2adb77f8f7151d30e1a894141e6e7486eaa9f98baa6450b00b79ea83e97ab
Instruction Fuzzy Hash: 57513C34601504ABE701EBA6DC82FDEB3A5AB94348BA4493BE40077395DF7C9D428B6D

Uniqueness

Uniqueness Score: -1.00%

Function 0042786C, Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0042786C() {
				struct HINSTANCE__* _v8;
				intOrPtr _t46;
				void* _t91;

				_v8 = GetModuleHandleW(L"oleaut32.dll");
				 *0x4c10ec = E00427840("VariantChangeTypeEx", E0042725C, _t91);
				 *0x4c10f0 = E00427840("VarNeg", E004272A4, _t91);
				 *0x4c10f4 = E00427840("VarNot", E004272A4, _t91);
				 *0x4c10f8 = E00427840("VarAdd", E004272B0, _t91);
				 *0x4c10fc = E00427840("VarSub", E004272B0, _t91);
				 *0x4c1100 = E00427840("VarMul", E004272B0, _t91);
				 *0x4c1104 = E00427840("VarDiv", E004272B0, _t91);
				 *0x4c1108 = E00427840("VarIdiv", E004272B0, _t91);
				 *0x4c110c = E00427840("VarMod", E004272B0, _t91);
				 *0x4c1110 = E00427840("VarAnd", E004272B0, _t91);
				 *0x4c1114 = E00427840("VarOr", E004272B0, _t91);
				 *0x4c1118 = E00427840("VarXor", E004272B0, _t91);
				 *0x4c111c = E00427840("VarCmp", E004272BC, _t91);
				 *0x4c1120 = E00427840("VarI4FromStr", E004272C8, _t91);
				 *0x4c1124 = E00427840("VarR4FromStr", E00427334, _t91);
				 *0x4c1128 = E00427840("VarR8FromStr", E004273A4, _t91);
				 *0x4c112c = E00427840("VarDateFromStr", E00427414, _t91);
				 *0x4c1130 = E00427840("VarCyFromStr", E00427484, _t91);
				 *0x4c1134 = E00427840("VarBoolFromStr", E004274F4, _t91);
				 *0x4c1138 = E00427840("VarBstrFromCy", E00427574, _t91);
				 *0x4c113c = E00427840("VarBstrFromDate", E0042761C, _t91);
				_t46 = E00427840("VarBstrFromBool", E004277AC, _t91);
				 *0x4c1140 = _t46;
				return _t46;
			}

APIs

GetModuleHandleW.KERNEL32(oleaut32.dll), ref: 00427875

Part of subcall function 00427840: GetProcAddress.KERNEL32(00000000), ref: 00427859

Strings

VarOr, xrefs: 0042795F
VarXor, xrefs: 00427975
VarCyFromStr, xrefs: 004279F9
VarBstrFromDate, xrefs: 00427A3B
VarNeg, xrefs: 00427899
VarBoolFromStr, xrefs: 00427A0F
VarIdiv, xrefs: 0042791D
VarDiv, xrefs: 00427907
VarCmp, xrefs: 0042798B
VarR4FromStr, xrefs: 004279B7
VarSub, xrefs: 004278DB
VarI4FromStr, xrefs: 004279A1
VarMul, xrefs: 004278F1
VarBstrFromBool, xrefs: 00427A51
VarAnd, xrefs: 00427949
VarBstrFromCy, xrefs: 00427A25
VarR8FromStr, xrefs: 004279CD
VariantChangeTypeEx, xrefs: 00427883
oleaut32.dll, xrefs: 00427870
VarMod, xrefs: 00427933
VarNot, xrefs: 004278AF
VarAdd, xrefs: 004278C5
VarDateFromStr, xrefs: 004279E3

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
API String ID: 1646373207-1918263038
Opcode ID: 5cf195724925289e6f2ad16803ad8370aec20d17f9d85d45225f6b1074e55d7c
Instruction ID: 96d943bac4208f5f805096c386a34d5aa5ef5e253b2f04d34a0c4787a29fadef
Opcode Fuzzy Hash: 5cf195724925289e6f2ad16803ad8370aec20d17f9d85d45225f6b1074e55d7c
Instruction Fuzzy Hash: 4141246074C2359A53047BAF780292B7AD8E6497243E0D0BFF5048B767DF7CA8818A7D

Uniqueness

Uniqueness Score: -1.00%

Function 0040AB18, Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173
registryCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E0040AB18(char __eax, void* __ebx, void* __ecx, void* __edx) {
				char _v8;
				char* _v12;
				void* _v16;
				int _v20;
				short _v542;
				void* _t97;
				intOrPtr _t106;
				intOrPtr _t108;
				void* _t112;
				void* _t113;
				intOrPtr _t114;

				_t112 = _t113;
				_t114 = _t113 + 0xfffffde4;
				_t97 = __edx;
				_v8 = __eax;
				E00407B04(_v8);
				_push(_t112);
				_push(0x40ad3d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t114;
				if(_v8 != 0) {
					E0040A34C( &_v542, E004084EC(_v8), 0x105);
				} else {
					GetModuleFileNameW(0,  &_v542, 0x105);
				}
				if(_v542 == 0) {
					L18:
					_pop(_t106);
					 *[fs:eax] = _t106;
					_push(E0040AD44);
					return E00407A20( &_v8);
				} else {
					_v12 = 0;
					if(RegOpenKeyExW(0x80000001, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16) == 0 || RegOpenKeyExW(0x80000002, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16) == 0 || RegOpenKeyExW(0x80000001, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16) == 0 || RegOpenKeyExW(0x80000002, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16) == 0 || RegOpenKeyExW(0x80000001, L"Software\\Borland\\Locales", 0, 0xf0019,  &_v16) == 0 || RegOpenKeyExW(0x80000001, L"Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v16) == 0) {
						_push(_t112);
						_push(0x40ad20);
						_push( *[fs:eax]);
						 *[fs:eax] = _t114;
						E0040A928( &_v542, 0x105);
						if(RegQueryValueExW(_v16,  &_v542, 0, 0, 0,  &_v20) != 0) {
							if(RegQueryValueExW(_v16, E0040AE30, 0, 0, 0,  &_v20) == 0) {
								_v12 = E004053F0(_v20);
								RegQueryValueExW(_v16, E0040AE30, 0, 0, _v12,  &_v20);
								E00408550(_t97, _v12);
							}
						} else {
							_v12 = E004053F0(_v20);
							RegQueryValueExW(_v16,  &_v542, 0, 0, _v12,  &_v20);
							E00408550(_t97, _v12);
						}
						_pop(_t108);
						 *[fs:eax] = _t108;
						_push(E0040AD27);
						if(_v12 != 0) {
							E0040540C(_v12);
						}
						return RegCloseKey(_v16);
					} else {
						goto L18;
					}
				}
			}

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040AD3D,?,?), ref: 0040AB51
RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040AD3D,?,?), ref: 0040AB9A
RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040AD3D,?,?), ref: 0040ABBC
RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000), ref: 0040ABDA
RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001), ref: 0040ABF8
RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002), ref: 0040AC16
RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 0040AC34
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,0040AD20,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040AD3D), ref: 0040AC74
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,?,00000000,0040AD20,?,80000001), ref: 0040AC9F
RegCloseKey.ADVAPI32(?,0040AD27,00000000,00000000,?,?,?,00000000,00000000,00000000,?,00000000,0040AD20,?,80000001,Software\Embarcadero\Locales), ref: 0040AD1A

Strings

Software\Embarcadero\Locales, xrefs: 0040AB90, 0040ABB2
Software\CodeGear\Locales, xrefs: 0040ABD0, 0040ABEE
Software\Borland\Delphi\Locales, xrefs: 0040AC2A
Software\Borland\Locales, xrefs: 0040AC0C

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Open$QueryValue$CloseFileModuleName
String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
API String ID: 2701450724-3496071916
Opcode ID: f49ff1ef0f651f459905790da4d395ab4d2a90d827ccbaed7caf7851bec34916
Instruction ID: cdbeddac4db4dda9279672c2614f8dce2a18b15a4a55f9a64fe791b6da82c449
Opcode Fuzzy Hash: f49ff1ef0f651f459905790da4d395ab4d2a90d827ccbaed7caf7851bec34916
Instruction Fuzzy Hash: FB514371A80308BEEB10DA95CC46FAE77BCEB08709F504477BA04F75C1D6B8AA50975E

Uniqueness

Uniqueness Score: -1.00%

Function 0041E7CC, Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 194
threadCOMMON

Download Yara Rule

C-Code - Quality: 82%

			E0041E7CC(void* __eax, void* __ebx, signed int __edx, void* __edi, void* __esi, long long __fp0) {
				signed int _v8;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr* _t32;
				signed int _t53;
				signed int _t56;
				signed int _t71;
				signed int _t78;
				signed int* _t82;
				signed int _t85;
				void* _t93;
				signed int _t94;
				signed int _t95;
				signed int _t98;
				signed int _t99;
				void* _t105;
				intOrPtr _t106;
				signed int _t109;
				intOrPtr _t116;
				intOrPtr _t117;
				void* _t131;
				void* _t132;
				signed int _t134;
				void* _t136;
				void* _t137;
				void* _t139;
				void* _t140;
				intOrPtr _t141;
				void* _t142;
				long long _t161;

				_t161 = __fp0;
				_t126 = __edi;
				_t109 = __edx;
				_t139 = _t140;
				_t141 = _t140 + 0xfffffff0;
				_push(__edi);
				_v12 = 0;
				_v8 = __edx;
				_t93 = __eax;
				_push(_t139);
				_push(0x41ea61);
				_push( *[fs:eax]);
				 *[fs:eax] = _t141;
				_t32 =  *0x4ba590; // 0x4bb8f8
				_t144 =  *_t32;
				if( *_t32 == 0) {
					E0040554C(0x1a);
				}
				E00406688(E0040690C( *0x4be7e4, 0, _t126), _t109 | 0xffffffff, _t144);
				_push(_t139);
				_push(0x41ea44);
				_push( *[fs:edx]);
				 *[fs:edx] = _t141;
				 *0x4be7dc = 0;
				_push(0);
				E00409C00();
				_t142 = _t141 + 4;
				E0041E034(_t93, 0x41ea7c, 0x100b,  &_v12);
				_t127 = E0041A1C4(0x41ea7c, 1, _t144);
				if(_t127 + 0xfffffffd - 3 >= 0) {
					__eflags = _t127 - 0xffffffffffffffff;
					if(_t127 - 0xffffffffffffffff < 0) {
						 *0x4be7dc = 1;
						_push(1);
						E00409C00();
						_t142 = _t142 + 4;
						E00407E00( *0x4be7e0, L"B.C.");
						 *((intOrPtr*)( *0x4be7e0 + 4)) = 0;
						_t71 =  *0x4be7e0;
						 *((intOrPtr*)(_t71 + 8)) = 0xffc00000;
						 *((intOrPtr*)(_t71 + 0xc)) = 0xc1dfffff;
						E0041C1C4(1, 1, 1, __eflags, _t161);
						_v20 = E00405790();
						_v16 = 1;
						asm("fild qword [ebp-0x10]");
						 *((long long*)( *0x4be7e0 + 0x10)) = _t161;
						asm("wait");
						EnumCalendarInfoW(E0041E6A4, GetThreadLocale(), _t127, 4);
						_t78 =  *0x4be7e0;
						__eflags = _t78;
						if(_t78 != 0) {
							_t82 = _t78 - 4;
							__eflags = _t82;
							_t78 =  *_t82;
						}
						_t134 = _t78 - 1;
						__eflags = _t134;
						if(_t134 > 0) {
							_t98 = 1;
							do {
								 *((intOrPtr*)( *0x4be7e0 + 4 + (_t98 + _t98 * 2) * 8)) = 0xffffffff;
								_t98 = _t98 + 1;
								_t134 = _t134 - 1;
								__eflags = _t134;
							} while (_t134 != 0);
						}
						EnumCalendarInfoW(E0041E73C, GetThreadLocale(), _t127, 3);
					}
				} else {
					EnumCalendarInfoW(E0041E6A4, GetThreadLocale(), _t127, 4);
					_t85 =  *0x4be7e0;
					if(_t85 != 0) {
						_t85 =  *(_t85 - 4);
					}
					_t136 = _t85 - 1;
					if(_t136 >= 0) {
						_t137 = _t136 + 1;
						_t99 = 0;
						do {
							 *((intOrPtr*)( *0x4be7e0 + 4 + (_t99 + _t99 * 2) * 8)) = 0xffffffff;
							_t99 = _t99 + 1;
							_t137 = _t137 - 1;
						} while (_t137 != 0);
					}
					EnumCalendarInfoW(E0041E73C, GetThreadLocale(), _t127, 3);
				}
				_t94 =  *0x4be7e0;
				if(_t94 != 0) {
					_t94 =  *(_t94 - 4);
				}
				_push(_t94);
				E00409C00();
				_t53 =  *0x4be7e0;
				if(_t53 != 0) {
					_t53 =  *(_t53 - 4);
				}
				_t131 = _t53 - 1;
				if(_t131 >= 0) {
					_t132 = _t131 + 1;
					_t95 = 0;
					do {
						_t127 = _t95 + _t95 * 2;
						_t106 =  *0x416e18; // 0x416e1c
						E00408F5C( *((intOrPtr*)(_v8 + 0xbc)) + (_t95 + _t95 * 2) * 8, _t106,  *0x4be7e0 + (_t95 + _t95 * 2) * 8);
						_t95 = _t95 + 1;
						_t132 = _t132 - 1;
					} while (_t132 != 0);
				}
				_t116 =  *0x41e600; // 0x41e604
				E00409D24(0x4be7e0, _t116);
				_t56 =  *0x4be7e0;
				if(_t56 != 0) {
					_t56 =  *(_t56 - 4);
				}
				 *0x4be7dc = _t56;
				_pop(_t117);
				_pop(_t105);
				 *[fs:eax] = _t117;
				_push(0x41ea4b);
				return E00406868( *0x4be7e4, _t105, _t127);
			}

APIs

GetThreadLocale.KERNEL32(00000000,00000004), ref: 0041E870
EnumCalendarInfoW.KERNEL32(0041E6A4,00000000,00000000,00000004), ref: 0041E87B
GetThreadLocale.KERNEL32(00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E8B0
EnumCalendarInfoW.KERNEL32(0041E73C,00000000,00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E8BB
GetThreadLocale.KERNEL32(00000000,00000004), ref: 0041E94C
EnumCalendarInfoW.KERNEL32(0041E6A4,00000000,00000000,00000004), ref: 0041E957
GetThreadLocale.KERNEL32(00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E98E
EnumCalendarInfoW.KERNEL32(0041E73C,00000000,00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E999

Strings

K, xrefs: 0041EA09
B.C., xrefs: 0041E8FA
K, xrefs: 0041E827
ToA, xrefs: 0041E9BC
K, xrefs: 0041E8DD

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CalendarEnumInfoLocaleThread
String ID: B.C.$ToA$K$K$K
API String ID: 683597275-1724967715
Opcode ID: afcdf5e2c623002f5b2615bb2bba3f77cfd1b61179fdf6f5ad42a4ff8dfbe769
Instruction ID: 5f9a2d1895d99171d8daf0119b8bb3b5d98f795b9e196a74a36fcd0882631485
Opcode Fuzzy Hash: afcdf5e2c623002f5b2615bb2bba3f77cfd1b61179fdf6f5ad42a4ff8dfbe769
Instruction Fuzzy Hash: 3061D7786002009FD710EF2BCC85AD677A9FB84354B518A7AFC019B3A6CB78DC41CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0040A250, Relevance: 21.0, APIs: 8, Strings: 4, Instructions: 28
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040A250() {
				signed int _t2;
				_Unknown_base(*)()* _t8;

				InitializeCriticalSection(0x4bdc10);
				 *0x4bdc28 = 0x7f;
				_t2 = GetVersion() & 0x000000ff;
				 *0x4bdc0c = _t2 - 6 >= 0;
				if( *0x4bdc0c != 0) {
					 *0x4bdc00 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetThreadPreferredUILanguages");
					 *0x4bdc04 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "SetThreadPreferredUILanguages");
					_t8 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetThreadUILanguage");
					 *0x4bdc08 = _t8;
					return _t8;
				}
				return _t2;
			}

0x0040a255
0x0040a25a
0x0040a268
0x0040a270
0x0040a27e
0x0040a295
0x0040a2af
0x0040a2c4
0x0040a2c9
0x00000000
0x0040a2c9
0x0040a2ce

APIs

InitializeCriticalSection.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A255
GetVersion.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A263
GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A28A
GetProcAddress.KERNEL32(00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A290
GetModuleHandleW.KERNEL32(kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2A4
GetProcAddress.KERNEL32(00000000,kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2AA
GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadUILanguage,00000000,kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2BE
GetProcAddress.KERNEL32(00000000,kernel32.dll,GetThreadUILanguage,00000000,kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2C4

Strings

GetThreadUILanguage, xrefs: 0040A2B4
kernel32.dll, xrefs: 0040A285, 0040A29F, 0040A2B9
GetThreadPreferredUILanguages, xrefs: 0040A280
SetThreadPreferredUILanguages, xrefs: 0040A29A

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressHandleModuleProc$CriticalInitializeSectionVersion
String ID: GetThreadPreferredUILanguages$GetThreadUILanguage$SetThreadPreferredUILanguages$kernel32.dll
API String ID: 74573329-1403180336
Opcode ID: 58d327082e64ef42c945ef42cd8e374577ec01c28157982806072b66866d47a0
Instruction ID: d84369935ce7e940d286def53580bf621e493dc20acbcc0033f4522394103be5
Opcode Fuzzy Hash: 58d327082e64ef42c945ef42cd8e374577ec01c28157982806072b66866d47a0
Instruction Fuzzy Hash: F9F098A49853413DD6207F769D07B292D685A0170AF644AFFB410763D3EEFE4190E71E

Uniqueness

Uniqueness Score: -1.00%

Function 0040D218, Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 258
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E0040D218(void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				long _v8;
				signed int _v12;
				long _v16;
				void* _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				struct HINSTANCE__** _v48;
				CHAR* _v52;
				void _v56;
				long _v60;
				_Unknown_base(*)()* _v64;
				struct HINSTANCE__* _v68;
				CHAR* _v72;
				signed int _v76;
				CHAR* _v80;
				intOrPtr* _v84;
				void* _v88;
				void _v92;
				signed int _t104;
				signed int _t106;
				signed int _t108;
				long _t113;
				intOrPtr* _t119;
				void* _t124;
				void _t126;
				long _t128;
				struct HINSTANCE__* _t142;
				long _t166;
				signed int* _t190;
				_Unknown_base(*)()* _t191;
				void* _t194;
				intOrPtr _t196;

				_push(_a4);
				memcpy( &_v56, 0x4b7c40, 8 << 2);
				_pop(_t194);
				_v56 =  *0x4b7c40;
				_v52 = E0040D6C8( *0x004B7C44);
				_v48 = E0040D6D8( *0x004B7C48);
				_v44 = E0040D6E8( *0x004B7C4C);
				_v40 = E0040D6F8( *0x004B7C50);
				_v36 = E0040D6F8( *0x004B7C54);
				_v32 = E0040D6F8( *0x004B7C58);
				_v28 =  *0x004B7C5C;
				memcpy( &_v92, 0x4b7c60, 9 << 2);
				_t196 = _t194;
				_v88 = 0x4b7c60;
				_v84 = _a8;
				_v80 = _v52;
				if((_v56 & 0x00000001) == 0) {
					_t166 =  *0x4b7c84; // 0x0
					_v8 = _t166;
					_v8 =  &_v92;
					RaiseException(0xc06d0057, 0, 1,  &_v8);
					return 0;
				}
				_t104 = _a8 - _v44;
				_t142 =  *_v48;
				if(_t104 < 0) {
					_t104 = _t104 + 3;
				}
				_v12 = _t104 >> 2;
				_t106 = _v12;
				_t190 = (_t106 << 2) + _v40;
				_t108 = (_t106 & 0xffffff00 | (_t190[0] & 0x00000080) == 0x00000000) & 0x00000001;
				_v76 = _t108;
				if(_t108 == 0) {
					_v72 =  *_t190 & 0x0000ffff;
				} else {
					_v72 = E0040D708( *_t190) + 2;
				}
				_t191 = 0;
				if( *0x4be640 == 0) {
					L10:
					if(_t142 != 0) {
						L25:
						_v68 = _t142;
						if( *0x4be640 != 0) {
							_t191 =  *0x4be640(2,  &_v92);
						}
						if(_t191 != 0) {
							L36:
							if(_t191 == 0) {
								_v60 = GetLastError();
								if( *0x4be644 != 0) {
									_t191 =  *0x4be644(4,  &_v92);
								}
								if(_t191 == 0) {
									_t113 =  *0x4b7c8c; // 0x0
									_v24 = _t113;
									_v24 =  &_v92;
									RaiseException(0xc06d007f, 0, 1,  &_v24);
									_t191 = _v64;
								}
							}
							goto L41;
						} else {
							if( *((intOrPtr*)(_t196 + 0x14)) == 0 ||  *((intOrPtr*)(_t196 + 0x1c)) == 0) {
								L35:
								_t191 = GetProcAddress(_t142, _v72);
								goto L36;
							} else {
								_t119 =  *((intOrPtr*)(_t142 + 0x3c)) + _t142;
								if( *_t119 != 0x4550 ||  *((intOrPtr*)(_t119 + 8)) != _v28 || (( *(_t119 + 0x34) & 0xffffff00 |  *(_t119 + 0x34) == _t142) & 0x00000001) == 0) {
									goto L35;
								} else {
									_t191 =  *((intOrPtr*)(_v36 + _v12 * 4));
									if(_t191 == 0) {
										goto L35;
									}
									L41:
									 *_a8 = _t191;
									goto L42;
								}
							}
						}
					}
					if( *0x4be640 != 0) {
						_t142 =  *0x4be640(1,  &_v92);
					}
					if(_t142 == 0) {
						_t142 = LoadLibraryA(_v80);
					}
					if(_t142 != 0) {
						L20:
						if(_t142 == E0040CBA0(_v48, _t142)) {
							FreeLibrary(_t142);
						} else {
							if( *((intOrPtr*)(_t196 + 0x18)) != 0) {
								_t124 = LocalAlloc(0x40, 8);
								_v20 = _t124;
								if(_t124 != 0) {
									 *((intOrPtr*)(_v20 + 4)) = _t196;
									_t126 =  *0x4b7c3c; // 0x0
									 *_v20 = _t126;
									 *0x4b7c3c = _v20;
								}
							}
						}
						goto L25;
					} else {
						_v60 = GetLastError();
						if( *0x4be644 != 0) {
							_t142 =  *0x4be644(3,  &_v92);
						}
						if(_t142 != 0) {
							goto L20;
						} else {
							_t128 =  *0x4b7c88; // 0x0
							_v16 = _t128;
							_v16 =  &_v92;
							RaiseException(0xc06d007e, 0, 1,  &_v16);
							return _v64;
						}
					}
				} else {
					_t191 =  *0x4be640(0,  &_v92);
					if(_t191 == 0) {
						goto L10;
					} else {
						L42:
						if( *0x4be640 != 0) {
							_v60 = 0;
							_v68 = _t142;
							_v64 = _t191;
							 *0x4be640(5,  &_v92);
						}
						return _t191;
					}
				}
			}

APIs

RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0040D2D0

Strings

`|K, xrefs: 0040D292
@|K, xrefs: 0040D22D

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ExceptionRaise
String ID: @|K$`|K
API String ID: 3997070919-2410107726
Opcode ID: 4fdbadfbff537c598349848257c7330453a14fb024132e1a583ffc8385a63ee1
Instruction ID: 6bdc8742f8c12d3c05e6aa795b4e0fa0c425ed74332de7fca684440f38d882f1
Opcode Fuzzy Hash: 4fdbadfbff537c598349848257c7330453a14fb024132e1a583ffc8385a63ee1
Instruction Fuzzy Hash: 7CA16F75D002089FDB14DFE9D881BAEB7B5BB88300F14423AE505B73C1DB78A949CB59

Uniqueness

Uniqueness Score: -1.00%

Function 0041E0AC, Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 216
threadCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E0041E0AC(int __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				int _t55;
				void* _t121;
				void* _t128;
				void* _t151;
				void* _t152;
				intOrPtr _t172;
				intOrPtr _t204;
				signed short _t212;
				int _t214;
				intOrPtr _t216;
				intOrPtr _t217;
				void* _t224;

				_t224 = __fp0;
				_t211 = __edi;
				_t216 = _t217;
				_t152 = 7;
				do {
					_push(0);
					_push(0);
					_t152 = _t152 - 1;
				} while (_t152 != 0);
				_push(__edi);
				_t151 = __edx;
				_t214 = __eax;
				_push(_t216);
				_push(0x41e391);
				_push( *[fs:eax]);
				 *[fs:eax] = _t217;
				_t55 = IsValidLocale(__eax, 1);
				_t219 = _t55;
				if(_t55 == 0) {
					_t214 = GetThreadLocale();
				}
				_t172 =  *0x416f50; // 0x416f54
				E00409D24(_t151 + 0xbc, _t172);
				E0041E7CC(_t214, _t151, _t151, _t211, _t214, _t224);
				E0041E4A0(_t214, _t151, _t151, _t211, _t214);
				E0041E55C(_t214, _t151, _t151, _t211, _t214);
				E0041E034(_t214, 0, 0x14,  &_v20);
				E00407E00(_t151, _v20);
				E0041E034(_t214, 0x41e3ac, 0x1b,  &_v24);
				 *((char*)(_t151 + 4)) = E0041A1C4(0x41e3ac, 0, _t219);
				E0041E034(_t214, 0x41e3ac, 0x1c,  &_v28);
				 *((char*)(_t151 + 0xc6)) = E0041A1C4(0x41e3ac, 0, _t219);
				 *((short*)(_t151 + 0xc0)) = E0041E080(_t214, 0x2c, 0xf);
				 *((short*)(_t151 + 0xc2)) = E0041E080(_t214, 0x2e, 0xe);
				E0041E034(_t214, 0x41e3ac, 0x19,  &_v32);
				 *((char*)(_t151 + 5)) = E0041A1C4(0x41e3ac, 0, _t219);
				_t212 = E0041E080(_t214, 0x2f, 0x1d);
				 *(_t151 + 6) = _t212;
				_push(_t212);
				E0041EB18(_t214, _t151, L"m/d/yy", 0x1f, _t212, _t214, _t219,  &_v36);
				E00407E00(_t151 + 0xc, _v36);
				_push( *(_t151 + 6) & 0x0000ffff);
				E0041EB18(_t214, _t151, L"mmmm d, yyyy", 0x20, _t212, _t214, _t219,  &_v40);
				E00407E00(_t151 + 0x10, _v40);
				 *((short*)(_t151 + 8)) = E0041E080(_t214, 0x3a, 0x1e);
				E0041E034(_t214, 0x41e400, 0x28,  &_v44);
				E00407E00(_t151 + 0x14, _v44);
				E0041E034(_t214, 0x41e414, 0x29,  &_v48);
				E00407E00(_t151 + 0x18, _v48);
				E00407A20( &_v12);
				E00407A20( &_v16);
				E0041E034(_t214, 0x41e3ac, 0x25,  &_v52);
				_t121 = E0041A1C4(0x41e3ac, 0, _t219);
				_t220 = _t121;
				if(_t121 != 0) {
					E00407E48( &_v8, 0x41e438);
				} else {
					E00407E48( &_v8, 0x41e428);
				}
				E0041E034(_t214, 0x41e3ac, 0x23,  &_v56);
				_t128 = E0041A1C4(0x41e3ac, 0, _t220);
				_t221 = _t128;
				if(_t128 == 0) {
					E0041E034(_t214, 0x41e3ac, 0x1005,  &_v60);
					if(E0041A1C4(0x41e3ac, 0, _t221) != 0) {
						E00407E48( &_v12, L"AMPM ");
					} else {
						E00407E48( &_v16, L" AMPM");
					}
				}
				_push(_v12);
				_push(_v8);
				_push(":mm");
				_push(_v16);
				E004087C4(_t151 + 0x1c, _t151, 4, _t212, _t214);
				_push(_v12);
				_push(_v8);
				_push(L":mm:ss");
				_push(_v16);
				E004087C4(_t151 + 0x20, _t151, 4, _t212, _t214);
				 *((short*)(_t151 + 0xa)) = E0041E080(_t214, 0x2c, 0xc);
				 *((short*)(_t151 + 0xc4)) = 0x32;
				_pop(_t204);
				 *[fs:eax] = _t204;
				_push(0x41e398);
				return E00407A80( &_v60, 0xe);
			}

APIs

IsValidLocale.KERNEL32(?,00000001,00000000,0041E391,?,?,?,?,00000000,00000000), ref: 0041E0D3
GetThreadLocale.KERNEL32(?,00000001,00000000,0041E391,?,?,?,?,00000000,00000000), ref: 0041E0DC

Part of subcall function 0041E080: GetLocaleInfoW.KERNEL32(?,0000000F,?,00000002,0000002C,?,?,?,0041E182,?,00000001,00000000,0041E391), ref: 0041E093

Part of subcall function 0041E034: GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 0041E052

Strings

:mm:ss, xrefs: 0041E344
AMPM , xrefs: 0041E319
m/d/yy, xrefs: 0041E1DD
ToA, xrefs: 0041E0E9
AMPM, xrefs: 0041E30A
:mm, xrefs: 0041E329
mmmm d, yyyy, xrefs: 0041E202
2, xrefs: 0041E36D

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Locale$Info$ThreadValid
String ID: AMPM$2$:mm$:mm:ss$AMPM $ToA$m/d/yy$mmmm d, yyyy
API String ID: 233154393-2808312488
Opcode ID: 89dbd54baef797781c63ab5ee0a362cfcea0ac090ff54d53303b749289e312d8
Instruction ID: 756c878950b08f5201d8436663b045c7a1b9734561897f0b9d621fb0846820d7
Opcode Fuzzy Hash: 89dbd54baef797781c63ab5ee0a362cfcea0ac090ff54d53303b749289e312d8
Instruction Fuzzy Hash: 887134387011199BDB05EB67C841BDE76AADF88304F50807BF904AB246DB3DDD82879E

Uniqueness

Uniqueness Score: -1.00%

Function 0042301C, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 82
registryCOMMON

Download Yara Rule

C-Code - Quality: 61%

			E0042301C(void* __ebx, void* __esi, void* __eflags) {
				char _v8;
				void* _v12;
				char _v16;
				char _v20;
				intOrPtr* _t21;
				intOrPtr _t61;
				void* _t68;

				_push(__ebx);
				_v20 = 0;
				_v8 = 0;
				_push(_t68);
				_push(0x423116);
				_push( *[fs:eax]);
				 *[fs:eax] = _t68 + 0xfffffff0;
				_t21 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"GetUserDefaultUILanguage");
				if(_t21 == 0) {
					if(E0041FF2C() != 2) {
						if(E00422FF4(0, L"Control Panel\\Desktop\\ResourceLocale", 0x80000001,  &_v12, 1, 0) == 0) {
							E00422FE8();
							RegCloseKey(_v12);
						}
					} else {
						if(E00422FF4(0, L".DEFAULT\\Control Panel\\International", 0x80000003,  &_v12, 1, 0) == 0) {
							E00422FE8();
							RegCloseKey(_v12);
						}
					}
					E0040873C( &_v20, _v8, 0x42322c);
					E00405920(_v20,  &_v16);
					if(_v16 != 0) {
					}
				} else {
					 *_t21();
				}
				_pop(_t61);
				 *[fs:eax] = _t61;
				_push(E0042311D);
				E00407A20( &_v20);
				return E00407A20( &_v8);
			}

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,00423116), ref: 00423043

Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116,00000000,0040E246,?,?), ref: 0040E1D2

RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,00423116), ref: 00423096

Strings

GetUserDefaultUILanguage, xrefs: 00423039
kernel32.dll, xrefs: 0042303E
.DEFAULT\Control Panel\International, xrefs: 0042306D
Locale, xrefs: 00423085
Control Panel\Desktop\ResourceLocale, xrefs: 004230A5

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressCloseHandleModuleProc
String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
API String ID: 4190037839-2401316094
Opcode ID: 0c53a133d6644a1b94ef3c959f72937b5652b11bdcaf1ce6cf384129006bdbe5
Instruction ID: 05790bdd6973bc135d390eb6e5b6569f0703c8ea8b4006eead18837270f0a894
Opcode Fuzzy Hash: 0c53a133d6644a1b94ef3c959f72937b5652b11bdcaf1ce6cf384129006bdbe5
Instruction Fuzzy Hash: 39217930B00228ABDB10EEB5DD42A9F73F4EB44345FA04477A500E3281DB7CAB41962D

Uniqueness

Uniqueness Score: -1.00%

Function 004971A4, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 87
threadCOMMON

Download Yara Rule

C-Code - Quality: 81%

			E004971A4(void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v5;
				char _v12;
				char _v16;
				char _v20;
				void* _t23;
				char _t29;
				void* _t50;
				intOrPtr _t55;
				char _t57;
				intOrPtr _t59;
				void* _t64;
				void* _t66;
				void* _t68;
				void* _t69;
				intOrPtr _t70;

				_t64 = __edi;
				_t57 = __edx;
				_t50 = __ecx;
				_t68 = _t69;
				_t70 = _t69 + 0xfffffff0;
				_v20 = 0;
				if(__edx != 0) {
					_t70 = _t70 + 0xfffffff0;
					_t23 = E004062B0(_t23, _t68);
				}
				_t49 = _t50;
				_v5 = _t57;
				_t66 = _t23;
				_push(_t68);
				_push(0x49729d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t70;
				E00405CB8(0);
				_t3 = _t66 + 0x2c; // 0x266461
				 *(_t66 + 0xf) =  *_t3 & 0x000000ff ^ 0x00000001;
				if(_t50 == 0 ||  *(_t66 + 0x2c) != 0) {
					_t29 = 0;
				} else {
					_t29 = 1;
				}
				 *((char*)(_t66 + 0xd)) = _t29;
				if( *(_t66 + 0x2c) != 0) {
					 *((intOrPtr*)(_t66 + 8)) = GetCurrentThread();
					 *((intOrPtr*)(_t66 + 4)) = GetCurrentThreadId();
				} else {
					if(_a4 == 0) {
						_t12 = _t66 + 4; // 0x495540
						 *((intOrPtr*)(_t66 + 8)) = E004078E0(0, E004970B0, 0, _t12, 4, _t66);
					} else {
						_t9 = _t66 + 4; // 0x495540
						 *((intOrPtr*)(_t66 + 8)) = E004078E0(0, E004970B0, _a4, _t9, 0x10004, _t66);
					}
					if( *((intOrPtr*)(_t66 + 8)) == 0) {
						E0041DFB0(GetLastError(), _t49, 0, _t66);
						_t16 =  &_v20; // 0x496e7a
						_v16 =  *_t16;
						_v12 = 0x11;
						_t55 =  *0x4ba740; // 0x40ea6c
						E0041F35C(_t49, _t55, 1, _t64, _t66, 0,  &_v16);
						E0040711C();
					}
				}
				_pop(_t59);
				 *[fs:eax] = _t59;
				_push(0x4972a4);
				_t22 =  &_v20; // 0x496e7a
				return E00407A20(_t22);
			}

APIs

GetLastError.KERNEL32(00000000,0049729D,?,0049553C,00000000), ref: 0049723F

Part of subcall function 004078E0: CreateThread.KERNEL32(?,?,Function_000078A8,00000000,?,?), ref: 0040793A

GetCurrentThread.KERNEL32(00000000,0049729D,?,0049553C,00000000), ref: 00497277
GetCurrentThreadId.KERNEL32(00000000,0049729D,?,0049553C,00000000), ref: 0049727F

Strings

l@, xrefs: 0049725E
(@G, xrefs: 00497266
PtI, xrefs: 0049720C, 00497227
znI, xrefs: 00497294, 00497244, 0049724E

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Thread$Current$CreateErrorLast
String ID: (@G$PtI$l@$znI
API String ID: 3539746228-621852825
Opcode ID: 6bab18de1a48fdeccb7f3f6020c79c4d4d28c66e89eef76126fd7be7aa105347
Instruction ID: a334f5ec06d329f573cfe1f9c66942b1aaa3fe6f3b899e982cac1d177ba8d10c
Opcode Fuzzy Hash: 6bab18de1a48fdeccb7f3f6020c79c4d4d28c66e89eef76126fd7be7aa105347
Instruction Fuzzy Hash: AE31F4309287049EDB10EBB6884179B7FE4AF49304F04C87FE55597381DA3CA545CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 004047B0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51
fileCOMMON

Download Yara Rule

C-Code - Quality: 72%

			E004047B0(int __eax, void* __ecx, void* __edx) {
				long _v12;
				int _t4;
				long _t7;
				void* _t11;
				long _t12;
				void* _t13;
				long _t18;

				_t4 = __eax;
				_t24 = __edx;
				_t20 = __eax;
				if( *0x4bb058 == 0) {
					_push(0x2010);
					_push(__edx);
					_push(__eax);
					_push(0);
					L00403780();
				} else {
					_t7 = E00407EF0(__edx);
					WriteFile(GetStdHandle(0xfffffff4), _t24, _t7,  &_v12, 0);
					_t11 =  *0x4b7078; // 0x403920
					_t12 = E00407EF0(_t11);
					_t13 =  *0x4b7078; // 0x403920
					WriteFile(GetStdHandle(0xfffffff4), _t13, _t12,  &_v12, 0);
					_t18 = E00407EF0(_t20);
					_t4 = WriteFile(GetStdHandle(0xfffffff4), _t20, _t18,  &_v12, 0);
				}
				return _t4;
			}

APIs

GetStdHandle.KERNEL32(000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047D2
WriteFile.KERNEL32(00000000,000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047D8
GetStdHandle.KERNEL32(000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047F7
WriteFile.KERNEL32(00000000,000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047FD
GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000000,000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000,?), ref: 00404814
WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000000,000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000), ref: 0040481A

Strings

9@, xrefs: 004047E4, 004047EF

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileHandleWrite
String ID: 9@
API String ID: 3320372497-3209974744
Opcode ID: 5f8d133322f34133c732956f1222a9d0eafcb790ac979970e9ef56a2ae19cd1b
Instruction ID: 9b3b4e35e49a927b8991458b20a1a8ec0ccf5b925403b1971dfbe1b0899ab5f0
Opcode Fuzzy Hash: 5f8d133322f34133c732956f1222a9d0eafcb790ac979970e9ef56a2ae19cd1b
Instruction Fuzzy Hash: 2001AEE25492103DE110F7A69C85F57168C8B4472AF10467F7218F35D2C9395D44927E

Uniqueness

Uniqueness Score: -1.00%

Function 0040426C, Relevance: 12.2, APIs: 8, Instructions: 221
sleepCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E0040426C(void* __eax, signed int __edi, void* __ebp) {
				struct _MEMORY_BASIC_INFORMATION _v44;
				void* _v48;
				signed int __ebx;
				void* _t58;
				signed int _t61;
				signed int _t67;
				void _t70;
				int _t71;
				signed int _t78;
				void* _t79;
				signed int _t81;
				intOrPtr _t82;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				signed int _t92;
				void* _t96;
				signed int _t99;
				void* _t103;
				intOrPtr _t104;
				void* _t106;
				void* _t108;
				signed int _t113;
				void* _t115;
				void* _t116;

				_t56 = __eax;
				_t89 =  *(__eax - 4);
				_t78 =  *0x4bb059;
				if((_t89 & 0x00000007) != 0) {
					__eflags = _t89 & 0x00000005;
					if((_t89 & 0x00000005) != 0) {
						_pop(_t78);
						__eflags = _t89 & 0x00000003;
						if((_t89 & 0x00000003) == 0) {
							_push(_t78);
							_push(__edi);
							_t116 = _t115 + 0xffffffdc;
							_t103 = __eax - 0x10;
							E00403C48();
							_t58 = _t103;
							 *_t116 =  *_t58;
							_v48 =  *((intOrPtr*)(_t58 + 4));
							_t92 =  *(_t58 + 0xc);
							if((_t92 & 0x00000008) != 0) {
								_t79 = _t103;
								_t113 = _t92 & 0xfffffff0;
								_t99 = 0;
								__eflags = 0;
								while(1) {
									VirtualQuery(_t79,  &_v44, 0x1c);
									_t61 = VirtualFree(_t79, 0, 0x8000);
									__eflags = _t61;
									if(_t61 == 0) {
										_t99 = _t99 | 0xffffffff;
										goto L10;
									}
									_t104 = _v44.RegionSize;
									__eflags = _t113 - _t104;
									if(_t113 > _t104) {
										_t113 = _t113 - _t104;
										_t79 = _t79 + _t104;
										continue;
									}
									goto L10;
								}
							} else {
								if(VirtualFree(_t103, 0, 0x8000) == 0) {
									_t99 = __edi | 0xffffffff;
								} else {
									_t99 = 0;
								}
							}
							L10:
							if(_t99 == 0) {
								 *_v48 =  *_t116;
								 *( *_t116 + 4) = _v48;
							}
							 *0x4bdb78 = 0;
							return _t99;
						} else {
							return 0xffffffff;
						}
					} else {
						goto L31;
					}
				} else {
					__eflags = __bl;
					__ebx =  *__edx;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L14;
							}
							asm("pause");
							__eflags =  *0x4bb989;
							if(__eflags != 0) {
								continue;
							} else {
								Sleep(0);
								__edx = __edx;
								__ecx = __ecx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__eflags != 0) {
									Sleep(0xa);
									__edx = __edx;
									__ecx = __ecx;
									continue;
								}
							}
							goto L14;
						}
					}
					L14:
					_t14 = __edx + 0x14;
					 *_t14 =  *(__edx + 0x14) - 1;
					__eflags =  *_t14;
					__eax =  *(__edx + 0x10);
					if( *_t14 == 0) {
						__eflags = __eax;
						if(__eax == 0) {
							L20:
							 *(__ebx + 0x14) = __eax;
						} else {
							__eax =  *(__edx + 0xc);
							__ecx =  *(__edx + 8);
							 *(__eax + 8) = __ecx;
							 *(__ecx + 0xc) = __eax;
							__eax = 0;
							__eflags =  *((intOrPtr*)(__ebx + 0x18)) - __edx;
							if( *((intOrPtr*)(__ebx + 0x18)) == __edx) {
								goto L20;
							}
						}
						 *__ebx = __al;
						__eax = __edx;
						__edx =  *(__edx - 4);
						__bl =  *0x4bb059;
						L31:
						__eflags = _t78;
						_t81 = _t89 & 0xfffffff0;
						_push(_t101);
						_t106 = _t56;
						if(__eflags != 0) {
							while(1) {
								_t67 = 0x100;
								asm("lock cmpxchg [0x4bbae8], ah");
								if(__eflags == 0) {
									goto L32;
								}
								asm("pause");
								__eflags =  *0x4bb989;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									_t67 = 0x100;
									asm("lock cmpxchg [0x4bbae8], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L32;
							}
						}
						L32:
						__eflags = (_t106 - 4)[_t81] & 0x00000001;
						_t87 = (_t106 - 4)[_t81];
						if(((_t106 - 4)[_t81] & 0x00000001) != 0) {
							_t67 = _t81 + _t106;
							_t88 = _t87 & 0xfffffff0;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E00403AC0(_t67);
							}
						} else {
							_t88 = _t87 | 0x00000008;
							__eflags = _t88;
							(_t106 - 4)[_t81] = _t88;
						}
						__eflags =  *(_t106 - 4) & 0x00000008;
						if(( *(_t106 - 4) & 0x00000008) != 0) {
							_t88 =  *(_t106 - 8);
							_t106 = _t106 - _t88;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E00403AC0(_t106);
							}
						}
						__eflags = _t81 - 0x13ffe0;
						if(_t81 == 0x13ffe0) {
							__eflags =  *0x4bbaf0 - 0x13ffe0;
							if( *0x4bbaf0 != 0x13ffe0) {
								_t82 = _t106 + 0x13ffe0;
								E00403B60(_t67);
								 *((intOrPtr*)(_t82 - 4)) = 2;
								 *0x4bbaf0 = 0x13ffe0;
								 *0x4bbaec = _t82;
								 *0x4bbae8 = 0;
								__eflags = 0;
								return 0;
							} else {
								_t108 = _t106 - 0x10;
								_t70 =  *_t108;
								_t96 =  *(_t108 + 4);
								 *(_t70 + 4) = _t96;
								 *_t96 = _t70;
								 *0x4bbae8 = 0;
								_t71 = VirtualFree(_t108, 0, 0x8000);
								__eflags = _t71 - 1;
								asm("sbb eax, eax");
								return _t71;
							}
						} else {
							 *(_t106 - 4) = _t81 + 3;
							 *(_t106 - 8 + _t81) = _t81;
							E00403B00(_t106, _t88, _t81);
							 *0x4bbae8 = 0;
							__eflags = 0;
							return 0;
						}
					} else {
						__eflags = __eax;
						 *(__edx + 0x10) = __ecx;
						 *(__ecx - 4) = __eax;
						if(__eflags == 0) {
							__ecx =  *(__ebx + 8);
							 *(__edx + 0xc) = __ebx;
							 *(__edx + 8) = __ecx;
							 *(__ecx + 0xc) = __edx;
							 *(__ebx + 8) = __edx;
							 *__ebx = 0;
							__eax = 0;
							__eflags = 0;
							_pop(__ebx);
							return 0;
						} else {
							__eax = 0;
							__eflags = 0;
							 *__ebx = __al;
							_pop(__ebx);
							return 0;
						}
					}
				}
			}

0x0040426c
0x0040426c
0x00404275
0x0040427b
0x00404364
0x00404367
0x00404454
0x00404455
0x00404458
0x00403cf8
0x00403cfa
0x00403cfc
0x00403d01
0x00403d04
0x00403d09
0x00403d0d
0x00403d13
0x00403d17
0x00403d1d
0x00403d39
0x00403d3d
0x00403d40
0x00403d40
0x00403d42
0x00403d4a
0x00403d57
0x00403d5c
0x00403d5e
0x00403d60
0x00403d63
0x00403d63
0x00403d65
0x00403d69
0x00403d6b
0x00403d6d
0x00403d6f
0x00000000
0x00403d6f
0x00000000
0x00403d6b
0x00403d1f
0x00403d2e
0x00403d34
0x00403d30
0x00403d30
0x00403d30
0x00403d2e
0x00403d73
0x00403d75
0x00403d7e
0x00403d87
0x00403d87
0x00403d8a
0x00403d9a
0x0040445e
0x00404463
0x00404463
0x00000000
0x00000000
0x00000000
0x00404281
0x00404281
0x00404283
0x00404285
0x004042e8
0x004042e8
0x004042ed
0x004042f1
0x00000000
0x00000000
0x004042f3
0x004042f5
0x004042fc
0x00000000
0x004042fe
0x00404302
0x00404307
0x00404308
0x00404309
0x0040430e
0x00404312
0x0040431c
0x00404321
0x00404322
0x00000000
0x00404322
0x00404312
0x00000000
0x004042fc
0x004042e8
0x00404287
0x00404287
0x00404287
0x00404287
0x0040428b
0x0040428e
0x004042bc
0x004042be
0x004042d3
0x004042d3
0x004042c0
0x004042c0
0x004042c3
0x004042c6
0x004042c9
0x004042cc
0x004042ce
0x004042d1
0x00000000
0x00000000
0x004042d1
0x004042d6
0x004042d8
0x004042da
0x004042dd
0x0040436d
0x00404370
0x00404372
0x00404374
0x00404375
0x00404377
0x00404328
0x00404328
0x0040432d
0x00404335
0x00000000
0x00000000
0x00404337
0x00404339
0x00404340
0x00000000
0x00404342
0x00404344
0x00404349
0x0040434e
0x00404356
0x0040435a
0x00000000
0x0040435a
0x00404356
0x00000000
0x00404340
0x00404328
0x00404379
0x00404379
0x00404381
0x00404385
0x004043bc
0x004043bf
0x004043c2
0x004043c4
0x004043ca
0x004043cc
0x004043cc
0x00404387
0x00404387
0x00404387
0x0040438a
0x0040438a
0x0040438e
0x00404392
0x004043d4
0x004043d7
0x004043d9
0x004043db
0x004043e1
0x004043e5
0x004043e5
0x004043e1
0x00404394
0x0040439a
0x004043ec
0x004043f6
0x00404424
0x0040442a
0x0040442f
0x00404436
0x00404440
0x00404446
0x0040444d
0x00404451
0x004043f8
0x004043f8
0x004043fb
0x004043fd
0x00404400
0x00404403
0x00404405
0x00404414
0x00404419
0x0040441c
0x00404420
0x00404420
0x0040439c
0x0040439f
0x004043a2
0x004043aa
0x004043af
0x004043b6
0x004043ba
0x004043ba
0x00404290
0x00404290
0x00404292
0x00404298
0x0040429b
0x004042a4
0x004042a7
0x004042aa
0x004042ad
0x004042b0
0x004042b3
0x004042b6
0x004042b6
0x004042b8
0x004042b9
0x0040429d
0x0040429d
0x0040429d
0x0040429f
0x004042a1
0x004042a2
0x004042a2
0x0040429b
0x0040428e

APIs

Sleep.KERNEL32(00000000,?,?,00000000,0040BB40,0040BBA6,?,00000000,?,?,0040BEC9,00000000,?,00000000,0040C3CA,00000000), ref: 00404302
Sleep.KERNEL32(0000000A,00000000,?,?,00000000,0040BB40,0040BBA6,?,00000000,?,?,0040BEC9,00000000,?,00000000,0040C3CA), ref: 0040431C

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: bf5d6a962c0d3dbea9486e1e7f995394bb02ad2ed4733a679cec2a16309399d5
Instruction ID: daf3465a9571387f72e828d046180f4ce70f3b260d456b91f151aa63c4646fa2
Opcode Fuzzy Hash: bf5d6a962c0d3dbea9486e1e7f995394bb02ad2ed4733a679cec2a16309399d5
Instruction Fuzzy Hash: AA71E2B17042008BD715DF29CC84B16BBD8AF85715F2482BFE984AB3D2D7B899418789

Uniqueness

Uniqueness Score: -1.00%

Function 0041F0F4, Relevance: 12.1, APIs: 8, Instructions: 97
filewindowCOMMON

Download Yara Rule

C-Code - Quality: 62%

			E0041F0F4(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				char* _v8;
				long _v12;
				short _v140;
				short _v2188;
				void* _t15;
				char* _t17;
				intOrPtr _t19;
				intOrPtr _t30;
				long _t48;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t61;
				void* _t64;

				_push(__ebx);
				_push(__esi);
				_v8 = 0;
				_push(_t64);
				_push(0x41f219);
				_push( *[fs:ecx]);
				 *[fs:ecx] = _t64 + 0xfffff778;
				_t61 = E0041EEFC(_t15, __ebx,  &_v2188, __edx, __edi, __esi, 0x400);
				_t17 =  *0x4ba6c0; // 0x4bb058
				if( *_t17 == 0) {
					_t19 =  *0x4ba4f8; // 0x40e710
					_t11 = _t19 + 4; // 0xffed
					LoadStringW(E00409FF0( *0x4be634),  *_t11,  &_v140, 0x40);
					MessageBoxW(0,  &_v2188,  &_v140, 0x2010);
				} else {
					_t30 =  *0x4ba524; // 0x4bb340
					E00405564(E00405820(_t30));
					_t48 = WideCharToMultiByte(1, 0,  &_v2188, _t61, 0, 0, 0, 0);
					_push(_t48);
					E00409C00();
					WideCharToMultiByte(1, 0,  &_v2188, _t61, _v8, _t48, 0, 0);
					WriteFile(GetStdHandle(0xfffffff4), _v8, _t48,  &_v12, 0);
					WriteFile(GetStdHandle(0xfffffff4), 0x41f234, 2,  &_v12, 0);
				}
				_pop(_t56);
				 *[fs:eax] = _t56;
				_push(0x41f220);
				_t57 =  *0x41f0c4; // 0x41f0c8
				return E00409D24( &_v8, _t57);
			}

APIs

Part of subcall function 0041EEFC: VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041F0A8), ref: 0041EF2F
Part of subcall function 0041EEFC: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF53
Part of subcall function 0041EEFC: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF6E
Part of subcall function 0041EEFC: LoadStringW.USER32(00000000,0000FFEC,?,00000100,?,?,00000105), ref: 0041F009

WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,00000000,00000000,00000000,00000000,00000400,00000000,0041F219), ref: 0041F155
WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041F188
GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041F19A
WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041F1A0
GetStdHandle.KERNEL32(000000F4,0041F234,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?), ref: 0041F1B4
WriteFile.KERNEL32(00000000,000000F4,0041F234,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000), ref: 0041F1BA
LoadStringW.USER32(00000000,0000FFED,?,00000040,00000400,00000000,0041F219), ref: 0041F1DE
MessageBoxW.USER32(00000000,?,?,00002010,00000000,0000FFED,?,00000040,00000400,00000000,0041F219), ref: 0041F1F8

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: File$ByteCharHandleLoadModuleMultiNameStringWideWrite$MessageQueryVirtual
String ID:
API String ID: 135118572-0
Opcode ID: 6bb88a83eab938424b46ca49fdc85c49c2db5dd3af710b7b9054c642cebd5110
Instruction ID: 441773961034998e17761d3334fa1b60ae8bad0ad03d42d5622a75f3c8f76c28
Opcode Fuzzy Hash: 6bb88a83eab938424b46ca49fdc85c49c2db5dd3af710b7b9054c642cebd5110
Instruction Fuzzy Hash: 7D31CF75640204BFE714E796CC42FDA77ACEB08704F9044BABA04F71D2DA786E548B6D

Uniqueness

Uniqueness Score: -1.00%

Function 0040A7E4, Relevance: 12.1, APIs: 8, Instructions: 76
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E0040A7E4(signed short __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				char _v8;
				void* _t18;
				signed short _t28;
				intOrPtr _t35;
				intOrPtr* _t44;
				intOrPtr _t47;

				_t42 = __edi;
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t44 = __edx;
				_t28 = __eax;
				_push(_t47);
				_push(0x40a8e8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t47;
				EnterCriticalSection(0x4bdc10);
				if(_t28 !=  *0x4bdc28) {
					LeaveCriticalSection(0x4bdc10);
					E00407A20(_t44);
					if(IsValidLocale(_t28 & 0x0000ffff, 2) != 0) {
						if( *0x4bdc0c == 0) {
							_t18 = E0040A4CC(_t28, _t28, _t44, __edi, _t44);
							L00403738();
							if(_t28 != _t18) {
								if( *_t44 != 0) {
									_t18 = E004086E4(_t44, E0040A900);
								}
								L00403738();
								E0040A4CC(_t18, _t28,  &_v8, _t42, _t44);
								E004086E4(_t44, _v8);
							}
						} else {
							E0040A6C8(_t28, _t44);
						}
					}
					EnterCriticalSection(0x4bdc10);
					 *0x4bdc28 = _t28;
					E0040A34C(0x4bdc2a, E004084EC( *_t44), 0xaa);
					LeaveCriticalSection(0x4bdc10);
				} else {
					E0040858C(_t44, 0x55, 0x4bdc2a);
					LeaveCriticalSection(0x4bdc10);
				}
				_pop(_t35);
				 *[fs:eax] = _t35;
				_push(E0040A8EF);
				return E00407A20( &_v8);
			}

APIs

EnterCriticalSection.KERNEL32(004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227,?,?,00000000,00000000,00000000), ref: 0040A802
LeaveCriticalSection.KERNEL32(004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227,?,?,00000000,00000000), ref: 0040A826
LeaveCriticalSection.KERNEL32(004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227,?,?,00000000,00000000), ref: 0040A835
IsValidLocale.KERNEL32(00000000,00000002,004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227), ref: 0040A847
EnterCriticalSection.KERNEL32(004BDC10,00000000,00000002,004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227), ref: 0040A8A4
LeaveCriticalSection.KERNEL32(004BDC10,004BDC10,00000000,00000002,004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227), ref: 0040A8CD

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$LocaleValid
String ID:
API String ID: 975949045-0
Opcode ID: e3721d42ea745a9edd8ebaecb4ab5b2828546a05d0e92c0f55165f56426ca85b
Instruction ID: af4c48ae6f9d4b9345a2e7437780db60bfff4a38cfd5d6d0e3948ff18df55379
Opcode Fuzzy Hash: e3721d42ea745a9edd8ebaecb4ab5b2828546a05d0e92c0f55165f56426ca85b
Instruction Fuzzy Hash: 31218461B1031077DA11BB668C03B5E29A89B44705BA0887BB140B32D2EEBD8D52D66F

Uniqueness

Uniqueness Score: -1.00%

Function 00404464, Relevance: 10.9, APIs: 7, Instructions: 406
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E00404464(signed int __eax, intOrPtr __edx, void* __edi) {
				signed int __ebx;
				void* __esi;
				signed int _t69;
				signed int _t78;
				signed int _t93;
				long _t94;
				void* _t100;
				signed int _t102;
				signed int _t109;
				signed int _t115;
				signed int _t123;
				signed int _t129;
				void* _t131;
				signed int _t140;
				unsigned int _t148;
				signed int _t150;
				long _t152;
				signed int _t156;
				intOrPtr _t161;
				signed int _t166;
				signed int _t170;
				unsigned int _t171;
				intOrPtr _t174;
				intOrPtr _t192;
				signed int _t195;
				signed int _t196;
				signed int _t197;
				void* _t205;
				unsigned int _t207;
				intOrPtr _t213;
				void* _t225;
				intOrPtr _t227;
				void* _t228;
				signed int _t230;
				void* _t232;
				signed int _t233;
				signed int _t234;
				signed int _t238;
				signed int _t241;
				void* _t243;
				intOrPtr* _t244;

				_t176 = __edx;
				_t66 = __eax;
				_t166 =  *(__eax - 4);
				_t217 = __eax;
				if((_t166 & 0x00000007) != 0) {
					__eflags = _t166 & 0x00000005;
					if((_t166 & 0x00000005) != 0) {
						_pop(_t217);
						_pop(_t145);
						__eflags = _t166 & 0x00000003;
						if((_t166 & 0x00000003) == 0) {
							_push(_t145);
							_push(__eax);
							_push(__edi);
							_push(_t225);
							_t244 = _t243 + 0xffffffe0;
							_t218 = __edx;
							_t202 = __eax;
							_t69 =  *(__eax - 4);
							_t148 = (0xfffffff0 & _t69) - 0x14;
							if(0xfffffff0 >= __edx) {
								__eflags = __edx - _t148 >> 1;
								if(__edx < _t148 >> 1) {
									_t150 = E00403EE8(__edx);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t218 - 0x40a2c;
										if(_t218 > 0x40a2c) {
											_t78 = _t202 - 0x10;
											__eflags = _t78;
											 *((intOrPtr*)(_t78 + 8)) = _t218;
										}
										E00403AA4(_t202, _t218, _t150);
										E0040426C(_t202, _t202, _t225);
									}
								} else {
									_t150 = __eax;
									 *((intOrPtr*)(__eax - 0x10 + 8)) = __edx;
								}
							} else {
								if(0xfffffff0 <= __edx) {
									_t227 = __edx;
								} else {
									_t227 = 0xbadb9d;
								}
								 *_t244 = _t202 - 0x10 + (_t69 & 0xfffffff0);
								VirtualQuery( *(_t244 + 8), _t244 + 8, 0x1c);
								if( *((intOrPtr*)(_t244 + 0x14)) != 0x10000) {
									L12:
									_t150 = E00403EE8(_t227);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t227 - 0x40a2c;
										if(_t227 > 0x40a2c) {
											_t93 = _t150 - 0x10;
											__eflags = _t93;
											 *((intOrPtr*)(_t93 + 8)) = _t218;
										}
										E00403A74(_t202,  *((intOrPtr*)(_t202 - 0x10 + 8)), _t150);
										E0040426C(_t202, _t202, _t227);
									}
								} else {
									 *(_t244 + 0x10) =  *(_t244 + 0x10) & 0xffff0000;
									_t94 =  *(_t244 + 0x10);
									if(_t218 - _t148 >= _t94) {
										goto L12;
									} else {
										_t152 = _t227 - _t148 + 0x00010000 - 0x00000001 & 0xffff0000;
										if(_t94 < _t152) {
											_t152 = _t94;
										}
										if(VirtualAlloc( *(_t244 + 0xc), _t152, 0x2000, 4) == 0 || VirtualAlloc( *(_t244 + 0xc), _t152, 0x1000, 4) == 0) {
											goto L12;
										} else {
											_t100 = _t202 - 0x10;
											 *((intOrPtr*)(_t100 + 8)) = _t218;
											 *(_t100 + 0xc) = _t152 +  *(_t100 + 0xc) | 0x00000008;
											_t150 = _t202;
										}
									}
								}
							}
							return _t150;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t170 = _t166 & 0xfffffff0;
						_push(__edi);
						_t205 = _t170 + __eax;
						_t171 = _t170 - 4;
						_t156 = _t166 & 0x0000000f;
						__eflags = __edx - _t171;
						_push(_t225);
						if(__edx > _t171) {
							_t102 =  *(_t205 - 4);
							__eflags = _t102 & 0x00000001;
							if((_t102 & 0x00000001) == 0) {
								L75:
								asm("adc edi, 0xffffffff");
								_t228 = ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176;
								_t207 = _t171;
								_t109 = E00403EE8(((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176);
								_t192 = _t176;
								__eflags = _t109;
								if(_t109 == 0) {
									goto L73;
								} else {
									__eflags = _t228 - 0x40a2c;
									if(_t228 > 0x40a2c) {
										 *((intOrPtr*)(_t109 - 8)) = _t192;
									}
									_t230 = _t109;
									E00403A74(_t217, _t207, _t109);
									E0040426C(_t217, _t207, _t230);
									return _t230;
								}
							} else {
								_t115 = _t102 & 0xfffffff0;
								_t232 = _t171 + _t115;
								__eflags = __edx - _t232;
								if(__edx > _t232) {
									goto L75;
								} else {
									__eflags =  *0x4bb059;
									if(__eflags == 0) {
										L66:
										__eflags = _t115 - 0xb30;
										if(_t115 >= 0xb30) {
											E00403AC0(_t205);
											_t176 = _t176;
											_t171 = _t171;
										}
										asm("adc edi, 0xffffffff");
										_t123 = (_t176 + ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + 0x000000d3 & 0xffffff00) + 0x30;
										_t195 = _t232 + 4 - _t123;
										__eflags = _t195;
										if(_t195 > 0) {
											 *(_t217 + _t232 - 4) = _t195;
											 *((intOrPtr*)(_t217 - 4 + _t123)) = _t195 + 3;
											_t233 = _t123;
											__eflags = _t195 - 0xb30;
											if(_t195 >= 0xb30) {
												__eflags = _t123 + _t217;
												E00403B00(_t123 + _t217, _t171, _t195);
											}
										} else {
											 *(_t217 + _t232) =  *(_t217 + _t232) & 0xfffffff7;
											_t233 = _t232 + 4;
										}
										_t234 = _t233 | _t156;
										__eflags = _t234;
										 *(_t217 - 4) = _t234;
										 *0x4bbae8 = 0;
										_t109 = _t217;
										L73:
										return _t109;
									} else {
										while(1) {
											asm("lock cmpxchg [0x4bbae8], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x4bb989;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t176 = _t176;
												_t171 = _t171;
												asm("lock cmpxchg [0x4bbae8], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t176 = _t176;
													_t171 = _t171;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t217 - 4);
										_t129 =  *(_t205 - 4);
										__eflags = _t129 & 0x00000001;
										if((_t129 & 0x00000001) == 0) {
											L74:
											 *0x4bbae8 = 0;
											goto L75;
										} else {
											_t115 = _t129 & 0xfffffff0;
											_t232 = _t171 + _t115;
											__eflags = _t176 - _t232;
											if(_t176 > _t232) {
												goto L74;
											} else {
												goto L66;
											}
										}
									}
								}
							}
						} else {
							__eflags = __edx + __edx - _t171;
							if(__edx + __edx < _t171) {
								__eflags = __edx - 0xb2c;
								if(__edx >= 0xb2c) {
									L41:
									_t32 = _t176 + 0xd3; // 0xbff
									_t238 = (_t32 & 0xffffff00) + 0x30;
									_t174 = _t171 + 4 - _t238;
									__eflags =  *0x4bb059;
									if(__eflags != 0) {
										while(1) {
											asm("lock cmpxchg [0x4bbae8], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x4bb989;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t174 = _t174;
												asm("lock cmpxchg [0x4bbae8], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t174 = _t174;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t217 - 4);
										__eflags = 0xf;
									}
									 *(_t217 - 4) = _t156 | _t238;
									_t161 = _t174;
									_t196 =  *(_t205 - 4);
									__eflags = _t196 & 0x00000001;
									if((_t196 & 0x00000001) != 0) {
										_t131 = _t205;
										_t197 = _t196 & 0xfffffff0;
										_t161 = _t161 + _t197;
										_t205 = _t205 + _t197;
										__eflags = _t197 - 0xb30;
										if(_t197 >= 0xb30) {
											E00403AC0(_t131);
										}
									} else {
										 *(_t205 - 4) = _t196 | 0x00000008;
									}
									 *((intOrPtr*)(_t205 - 8)) = _t161;
									 *((intOrPtr*)(_t217 + _t238 - 4)) = _t161 + 3;
									__eflags = _t161 - 0xb30;
									if(_t161 >= 0xb30) {
										E00403B00(_t217 + _t238, _t174, _t161);
									}
									 *0x4bbae8 = 0;
									return _t217;
								} else {
									__eflags = __edx - 0x2cc;
									if(__edx < 0x2cc) {
										_t213 = __edx;
										_t140 = E00403EE8(__edx);
										__eflags = _t140;
										if(_t140 != 0) {
											_t241 = _t140;
											E00403AA4(_t217, _t213, _t140);
											E0040426C(_t217, _t213, _t241);
											_t140 = _t241;
										}
										return _t140;
									} else {
										_t176 = 0xb2c;
										__eflags = _t171 - 0xb2c;
										if(_t171 <= 0xb2c) {
											goto L37;
										} else {
											goto L41;
										}
									}
								}
							} else {
								L37:
								return _t66;
							}
						}
					}
				} else {
					__ebx =  *__ecx;
					__ecx =  *(__ebx + 2) & 0x0000ffff;
					__ecx = ( *(__ebx + 2) & 0x0000ffff) - 4;
					__eflags = __ecx - __edx;
					if(__ecx < __edx) {
						__ecx = __ecx + __ecx + 0x20;
						_push(__edi);
						__edi = __edx;
						__eax = 0;
						__ecx = __ecx - __edx;
						asm("adc eax, 0xffffffff");
						__eax = 0 & __ecx;
						__eax = (0 & __ecx) + __edx;
						__eax = E00403EE8((0 & __ecx) + __edx);
						__eflags = __eax;
						if(__eax != 0) {
							__eflags = __edi - 0x40a2c;
							if(__edi > 0x40a2c) {
								 *(__eax - 8) = __edi;
							}
							 *(__ebx + 2) & 0x0000ffff = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__eflags = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__edx = __eax;
							__edi = __eax;
							 *((intOrPtr*)(__ebx + 0x1c))() = E0040426C(__esi, __edi, __ebp);
							__eax = __edi;
						}
						_pop(__edi);
						_pop(__esi);
						_pop(__ebx);
						return __eax;
					} else {
						__ebx = 0x40 + __edx * 4;
						__eflags = 0x40 + __edx * 4 - __ecx;
						if(0x40 + __edx * 4 < __ecx) {
							__ebx = __edx;
							__eax = __edx;
							__eax = E00403EE8(__edx);
							__eflags = __eax;
							if(__eax != 0) {
								__ecx = __ebx;
								__edx = __eax;
								__ebx = __eax;
								__esi = E0040426C(__esi, __edi, __ebp);
								__eax = __ebx;
							}
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						} else {
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56f9bd4de39e22a430619481543439248999e510ceea34a7212b6fd3f64a6c01
Instruction ID: a6f3f7862a5743fd60f07ae337b35688b7a953487e66f12862dc3ba09d14b1d9
Opcode Fuzzy Hash: 56f9bd4de39e22a430619481543439248999e510ceea34a7212b6fd3f64a6c01
Instruction Fuzzy Hash: 8CC115A27106000BD714AE7DDD8476AB68A9BC5716F28827FF244EB3D6DB7CCD418388

Uniqueness

Uniqueness Score: -1.00%

Function 0041F7A0, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 131
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E0041F7A0(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				struct _MEMORY_BASIC_INFORMATION _v36;
				short _v558;
				char _v564;
				intOrPtr _v568;
				char _v572;
				char _v576;
				char _v580;
				intOrPtr _v584;
				char _v588;
				void* _v592;
				char _v596;
				char _v600;
				char _v604;
				char _v608;
				intOrPtr _v612;
				char _v616;
				char _v620;
				char _v624;
				void* _v628;
				char _v632;
				void* _t64;
				intOrPtr _t65;
				long _t76;
				intOrPtr _t82;
				intOrPtr _t103;
				intOrPtr _t107;
				intOrPtr _t110;
				intOrPtr _t112;
				intOrPtr _t115;
				intOrPtr _t127;
				void* _t136;
				intOrPtr _t138;
				void* _t141;
				void* _t143;

				_t136 = __edi;
				_t140 = _t141;
				_v632 = 0;
				_v596 = 0;
				_v604 = 0;
				_v600 = 0;
				_v8 = 0;
				_push(_t141);
				_push(0x41f9a6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t141 + 0xfffffd8c;
				_t64 =  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x14)) - 1;
				_t143 = _t64;
				if(_t143 < 0) {
					_t65 =  *0x4ba798; // 0x40e730
					E0040C9F0(_t65,  &_v8, _t140);
				} else {
					if(_t143 == 0) {
						_t107 =  *0x4ba670; // 0x40e738
						E0040C9F0(_t107,  &_v8, _t140);
					} else {
						if(_t64 == 7) {
							_t110 =  *0x4ba4d0; // 0x40e740
							E0040C9F0(_t110,  &_v8, _t140);
						} else {
							_t112 =  *0x4ba5c8; // 0x40e748
							E0040C9F0(_t112,  &_v8, _t140);
						}
					}
				}
				_t115 =  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x18));
				VirtualQuery( *( *((intOrPtr*)(_a4 - 4)) + 0xc),  &_v36, 0x1c);
				_t138 = _v36.State;
				if(_t138 == 0x1000 || _t138 == 0x10000) {
					_t76 = GetModuleFileNameW(_v36.AllocationBase,  &_v558, 0x105);
					_t147 = _t76;
					if(_t76 == 0) {
						goto L12;
					} else {
						_v592 =  *( *((intOrPtr*)(_a4 - 4)) + 0xc);
						_v588 = 5;
						E0040858C( &_v600, 0x105,  &_v558);
						E0041A418(_v600, _t115,  &_v596, _t136, _t138, _t147);
						_v584 = _v596;
						_v580 = 0x11;
						_v576 = _v8;
						_v572 = 0x11;
						_v568 = _t115;
						_v564 = 5;
						_push( &_v592);
						_t103 =  *0x4ba6e0; // 0x40e810
						E0040C9F0(_t103,  &_v604, _t140, 3);
						E0041F2A0(_t115, _v604, 1, _t136, _t138);
					}
				} else {
					L12:
					_v628 =  *( *((intOrPtr*)(_a4 - 4)) + 0xc);
					_v624 = 5;
					_v620 = _v8;
					_v616 = 0x11;
					_v612 = _t115;
					_v608 = 5;
					_push( &_v628);
					_t82 =  *0x4ba67c; // 0x40e6d8
					E0040C9F0(_t82,  &_v632, _t140, 2);
					E0041F2A0(_t115, _v632, 1, _t136, _t138);
				}
				_pop(_t127);
				 *[fs:eax] = _t127;
				_push(0x41f9ad);
				E00407A20( &_v632);
				E00407A80( &_v604, 3);
				return E00407A20( &_v8);
			}

APIs

VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041F9A6), ref: 0041F840
GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,0000001C,00000000,0041F9A6), ref: 0041F86C

Part of subcall function 0040C9F0: LoadStringW.USER32(00000000,00010000,?,00001000), ref: 0040CA35

Strings

H@, xrefs: 0041F81D
0@, xrefs: 0041F7F0
@@, xrefs: 0041F80E
8@, xrefs: 0041F7FF

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileLoadModuleNameQueryStringVirtual
String ID: 0@$8@$@@$H@
API String ID: 902310565-4161625419
Opcode ID: eff81ea375221a6eebc7b3a6676be8273dd95e4fe1b631e5b0ce7586ba2773f1
Instruction ID: bbc3c026f35d1d6bea3ad9012fddeafd4c483e803022796d8e8ef386e34d3195
Opcode Fuzzy Hash: eff81ea375221a6eebc7b3a6676be8273dd95e4fe1b631e5b0ce7586ba2773f1
Instruction Fuzzy Hash: 69511874A04258DFCB10EF69CC89BCDB7F4AB48304F0042E6A808A7351D778AE85CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00406688, Relevance: 10.6, APIs: 7, Instructions: 130
threadCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E00406688(signed char* __eax, void* __edx, void* __eflags) {
				void* _t49;
				signed char _t56;
				signed char _t59;
				void* _t70;
				signed char* _t71;
				intOrPtr _t72;
				signed char* _t73;

				_t70 = __edx;
				_t71 = __eax;
				_t72 =  *((intOrPtr*)(__eax + 0x10));
				while(1) {
					L1:
					 *_t73 = E00406B30(_t71);
					if( *_t73 != 0 || _t70 == 0) {
						break;
					}
					_t73[1] = 0;
					if(_t72 <= 0) {
						while(1) {
							L17:
							_t56 =  *_t71;
							if(_t56 == 0) {
								goto L1;
							}
							asm("lock cmpxchg [esi], edx");
							if(_t56 != _t56) {
								continue;
							} else {
								goto L19;
							}
							do {
								L19:
								_t73[4] = GetTickCount();
								E0040688C(_t71);
								 *((intOrPtr*)( *0x4bb8f8 + 0x10))();
								 *_t73 = 0 == 0;
								if(_t70 != 0xffffffff) {
									_t73[8] = GetTickCount();
									if(_t70 <= _t73[8] - _t73[4]) {
										_t70 = 0;
									} else {
										_t70 = _t70 - _t73[8] - _t73[4];
									}
								}
								if( *_t73 == 0) {
									do {
										asm("lock cmpxchg [esi], edx");
									} while ( *_t71 !=  *_t71);
									_t73[1] = 1;
								} else {
									while(1) {
										_t59 =  *_t71;
										if((_t59 & 0x00000001) != 0) {
											goto L29;
										}
										asm("lock cmpxchg [esi], edx");
										if(_t59 != _t59) {
											continue;
										}
										_t73[1] = 1;
										goto L29;
									}
								}
								L29:
							} while (_t73[1] == 0);
							if( *_t73 != 0) {
								_t71[8] = GetCurrentThreadId();
								_t71[4] = 1;
							}
							goto L32;
						}
						continue;
					}
					_t73[4] = GetTickCount();
					_t73[0xc] = 0;
					if(_t72 <= 0) {
						L13:
						if(_t70 == 0xffffffff) {
							goto L17;
						}
						_t73[8] = GetTickCount();
						_t49 = _t73[8] - _t73[4];
						if(_t70 > _t49) {
							_t70 = _t70 - _t49;
							goto L17;
						}
						 *_t73 = 0;
						break;
					}
					L5:
					L5:
					if(_t70 == 0xffffffff || _t70 > GetTickCount() - _t73[4]) {
						goto L8;
					} else {
						 *_t73 = 0;
					}
					break;
					L8:
					if( *_t71 > 1) {
						goto L13;
					}
					if( *_t71 != 0) {
						L12:
						E00406368( &(_t73[0xc]));
						_t72 = _t72 - 1;
						if(_t72 > 0) {
							goto L5;
						}
						goto L13;
					}
					asm("lock cmpxchg [esi], edx");
					if(0 != 0) {
						goto L12;
					}
					_t71[8] = GetCurrentThreadId();
					_t71[4] = 1;
					 *_t73 = 1;
					break;
				}
				L32:
				return  *_t73 & 0x000000ff;
			}

0x0040668f
0x00406691
0x00406693
0x00406696
0x00406696
0x0040669d
0x004066a4
0x00000000
0x00000000
0x004066b2
0x004066b9
0x00406751
0x00406751
0x00406751
0x00406755
0x00000000
0x00000000
0x00406760
0x00406766
0x00000000
0x00000000
0x00000000
0x00000000
0x00406768
0x00406768
0x0040676d
0x00406773
0x00406784
0x00406789
0x00406790
0x00406797
0x004067a5
0x004067b3
0x004067a7
0x004067af
0x004067af
0x004067a5
0x004067b9
0x004067db
0x004067e4
0x004067e8
0x004067ec
0x00000000
0x004067bb
0x004067bb
0x004067c0
0x00000000
0x00000000
0x004067cc
0x004067d2
0x00000000
0x00000000
0x004067d4
0x00000000
0x004067d4
0x004067bb
0x004067f1
0x004067f1
0x00406800
0x00406807
0x0040680a
0x0040680a
0x00000000
0x00406800
0x00000000
0x00406751
0x004066c4
0x004066ca
0x004066d0
0x0040672c
0x0040672f
0x00000000
0x00000000
0x00406736
0x0040673e
0x00406744
0x0040674f
0x00000000
0x0040674f
0x00406746
0x00000000
0x00406746
0x00000000
0x004066d2
0x004066d5
0x00000000
0x004066e4
0x004066e4
0x004066e4
0x00000000
0x004066ed
0x004066f0
0x00000000
0x00000000
0x004066f5
0x0040671e
0x00406722
0x00406727
0x0040672a
0x00000000
0x00000000
0x00000000
0x0040672a
0x004066fe
0x00406704
0x00000000
0x00000000
0x0040670b
0x0040670e
0x00406715
0x00000000
0x00406715
0x00406811
0x0040681c

APIs

Part of subcall function 00406B30: GetCurrentThreadId.KERNEL32(004BDCD8,0040669D), ref: 00406B33

GetTickCount.KERNEL32 ref: 004066BF
GetTickCount.KERNEL32 ref: 004066D7
GetCurrentThreadId.KERNEL32 ref: 00406706
GetTickCount.KERNEL32 ref: 00406731
GetTickCount.KERNEL32 ref: 00406768
GetTickCount.KERNEL32 ref: 00406792
GetCurrentThreadId.KERNEL32 ref: 00406802

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CountTick$CurrentThread
String ID:
API String ID: 3968769311-0
Opcode ID: d68569389b1874426944dbdaf855cb9de5dde29c2ee803ff208aff5c928e2b2c
Instruction ID: 4198438d609b3d92ee1caba3903e9c970ac06421e97b93dd9799f90313ce3de1
Opcode Fuzzy Hash: d68569389b1874426944dbdaf855cb9de5dde29c2ee803ff208aff5c928e2b2c
Instruction Fuzzy Hash: 664182712083419ED721AE3CC58431BBAD5AF80358F16C93ED4DA973C1EB7988958756

Uniqueness

Uniqueness Score: -1.00%

Function 004B639F, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 103
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E004B639F(void* __ebx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				struct HWND__* _t22;
				struct HWND__* _t25;
				int _t40;
				struct HWND__* _t46;
				intOrPtr _t50;
				intOrPtr _t62;
				intOrPtr _t68;
				intOrPtr _t69;
				void* _t73;
				void* _t74;

				_t74 = __eflags;
				_t71 = __edi;
				_t52 = __ebx;
				_pop(_t62);
				 *[fs:eax] = _t62;
				 *0x4c1d40 = 0;
				E00405CE8( *0x4c1d40);
				 *0x4ba450 = E0040E450(0, L"STATIC", 0,  *0x4be634, 0, 0, 0, 0, 0, 0, 0);
				_t22 =  *0x4ba450; // 0x0
				 *0x4c1d38 = SetWindowLongW(_t22, 0xfffffffc, E004AF688);
				_t25 =  *0x4ba450; // 0x0
				 *(_t73 - 0x58) = _t25;
				 *((char*)(_t73 - 0x54)) = 0;
				 *((intOrPtr*)(_t73 - 0x50)) =  *((intOrPtr*)( *0x4c1d48 + 0x20));
				 *((char*)(_t73 - 0x4c)) = 0;
				 *((intOrPtr*)(_t73 - 0x48)) =  *((intOrPtr*)( *0x4c1d48 + 0x24));
				 *((char*)(_t73 - 0x44)) = 0;
				E0041A87C(L"/SL5=\"$%x,%d,%d,", 2, _t73 - 0x58, _t73 - 0x40);
				_push( *((intOrPtr*)(_t73 - 0x40)));
				_push( *0x4c1d3c);
				_push(0x4b667c);
				E00422BC4(_t73 - 0x5c, __ebx, __esi, _t74);
				_push( *((intOrPtr*)(_t73 - 0x5c)));
				E004087C4(_t73 - 0x3c, __ebx, 4, __edi, __esi);
				E004AF714( *0x4c1d54, _t52, 0x4ba44c,  *((intOrPtr*)(_t73 - 0x3c)), _t71, __esi, __fp0);
				if( *0x4ba448 != 0xffffffff) {
					_t50 =  *0x4ba448; // 0xffffffff
					E004AF5F8(_t50);
				}
				_pop(_t68);
				 *[fs:eax] = _t68;
				_push(E004B6550);
				_t40 = E00405CE8( *0x4c1d40);
				if( *0x4c1d54 != 0) {
					_t40 = E004AF1A4(0,  *0x4c1d54, 0xfa, 0x32);
				}
				if( *0x4c1d4c != 0) {
					_t40 = RemoveDirectoryW(E004084EC( *0x4c1d4c));
				}
				if( *0x4ba450 != 0) {
					_t46 =  *0x4ba450; // 0x0
					_t40 = DestroyWindow(_t46);
				}
				if( *0x4c1d30 != 0) {
					_t69 =  *0x426bb0; // 0x426bb4
					E00408D08( *0x4c1d30,  *0x4c1d34, _t69);
					E0040540C( *0x4c1d30);
					 *0x4c1d30 = 0;
					return 0;
				}
				return _t40;
			}

0x004b639f
0x004b639f
0x004b639f
0x004b63a1
0x004b63a4
0x004b63d6
0x004b63dc
0x004b6408
0x004b6414
0x004b641f
0x004b6428
0x004b642d
0x004b6430
0x004b643c
0x004b643f
0x004b644b
0x004b644e
0x004b645f
0x004b6464
0x004b6467
0x004b646d
0x004b6475
0x004b647a
0x004b6485
0x004b6497
0x004b64a3
0x004b64a5
0x004b64aa
0x004b64aa
0x004b64b1
0x004b64b4
0x004b64b7
0x004b64c1
0x004b64cd
0x004b64e3
0x004b64e3
0x004b64ef
0x004b64fc
0x004b64fc
0x004b6508
0x004b650a
0x004b6510
0x004b6510
0x004b651c
0x004b6529
0x004b652f
0x004b6539
0x004b6540
0x00000000
0x004b6540
0x004b6545

APIs

Part of subcall function 0040E450: CreateWindowExW.USER32(00000000,STATIC,?,?,?,?,?,?,?,?,?,?,?,?,?,InnoSetupLdrWindow), ref: 0040E48F

SetWindowLongW.USER32(00000000,000000FC,004AF688,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004B641A

Part of subcall function 00422BC4: GetCommandLineW.KERNEL32(00000000,00422C06,?,?,00000000,?,004B647A,004B667C,?), ref: 00422BDA

Part of subcall function 004AF714: CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004AF814,?,004AF804,00000000,004AF7E9), ref: 004AF784
Part of subcall function 004AF714: CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004AF814,?,004AF804,00000000), ref: 004AF798
Part of subcall function 004AF714: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 004AF7B1
Part of subcall function 004AF714: GetExitCodeProcess.KERNEL32(?,004BA44C,00000001,?,00000000,000000FF,000004FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004AF7C5
Part of subcall function 004AF714: CloseHandle.KERNEL32(?,?,004BA44C,00000001,?,00000000,000000FF,000004FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004AF7CE

RemoveDirectoryW.KERNEL32(00000000,004B6550), ref: 004B64FC
DestroyWindow.USER32(00000000,004B6550), ref: 004B6510

Strings

/SL5="$%x,%d,%d,, xrefs: 004B645A
InnoSetupLdrWindow, xrefs: 004B63F7
STATIC, xrefs: 004B63FC

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Window$CloseCreateHandleProcess$CodeCommandDestroyDirectoryExitLineLongMultipleObjectsRemoveWait
String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
API String ID: 3586484885-3001827809
Opcode ID: 3336f65c966fe36ad7587ac9acf267b8e8210ce6e91d17542745454ea8e171b3
Instruction ID: b7eaecffb53aa05ddf1cf37d982a6b9f715e6a16dd8061e16f501f9384e95f83
Opcode Fuzzy Hash: 3336f65c966fe36ad7587ac9acf267b8e8210ce6e91d17542745454ea8e171b3
Instruction Fuzzy Hash: 74413974600240DFD764EBA9EC45B9A37B4FB89308F51463BE4019B2B2DB7CA855CB2D

Uniqueness

Uniqueness Score: -1.00%

Function 004AF714, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77
processCOMMON

Download Yara Rule

C-Code - Quality: 61%

			E004AF714(void* __eax, void* __ebx, DWORD* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				struct _STARTUPINFOW _v76;
				void* _v88;
				void* _v92;
				int _t23;
				intOrPtr _t49;
				DWORD* _t51;
				void* _t56;

				_v8 = 0;
				_t51 = __ecx;
				_t53 = __edx;
				_t41 = __eax;
				_push(_t56);
				_push(0x4af7e9);
				_push( *[fs:eax]);
				 *[fs:eax] = _t56 + 0xffffffa8;
				_push(0x4af804);
				_push(__eax);
				_push(0x4af814);
				_push(__edx);
				E004087C4( &_v8, __eax, 4, __ecx, __edx);
				E00405884( &_v76, 0x44);
				_v76.cb = 0x44;
				_t23 = CreateProcessW(0, E004084EC(_v8), 0, 0, 0, 0, 0, 0,  &_v76,  &_v92);
				_t58 = _t23;
				if(_t23 == 0) {
					E004AF33C(0x72, _t41, 0, _t53, _t58);
				}
				CloseHandle(_v88);
				do {
					E004AF6E8();
				} while (MsgWaitForMultipleObjects(1,  &_v92, 0, 0xffffffff, 0x4ff) == 1);
				E004AF6E8();
				GetExitCodeProcess(_v92, _t51);
				CloseHandle(_v92);
				_pop(_t49);
				 *[fs:eax] = _t49;
				_push(0x4af7f0);
				return E00407A20( &_v8);
			}

APIs

CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004AF814,?,004AF804,00000000,004AF7E9), ref: 004AF784
CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004AF814,?,004AF804,00000000), ref: 004AF798
MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 004AF7B1
GetExitCodeProcess.KERNEL32(?,004BA44C,00000001,?,00000000,000000FF,000004FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004AF7C5
CloseHandle.KERNEL32(?,?,004BA44C,00000001,?,00000000,000000FF,000004FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004AF7CE

Part of subcall function 004AF33C: GetLastError.KERNEL32(00000000,004AF3E3,?,?,?), ref: 004AF35F

Strings

D, xrefs: 004AF75E

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CloseHandleProcess$CodeCreateErrorExitLastMultipleObjectsWait
String ID: D
API String ID: 3356880605-2746444292
Opcode ID: 6032a9ca68773795775918048ce99a735a5b18240c587f91ab3d141b433486a4
Instruction ID: aed82a99fc7c4294e21d4a72de24efe39242c504942d712e9f968ed89c43dfc9
Opcode Fuzzy Hash: 6032a9ca68773795775918048ce99a735a5b18240c587f91ab3d141b433486a4
Instruction Fuzzy Hash: EB1172756442086BDB10EBE6CC82F9FB7ACDF15714F60043BF604E72C1DA789905866D

Uniqueness

Uniqueness Score: -1.00%

Function 00406424, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 36%

			E00406424(void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char* _t23;
				intOrPtr _t29;
				intOrPtr _t39;
				void* _t41;
				void* _t43;
				intOrPtr _t44;

				_t41 = _t43;
				_t44 = _t43 + 0xfffffff4;
				_v16 = 0;
				if(GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetLogicalProcessorInformation") == 0) {
					L10:
					_v8 = 0x40;
					goto L11;
				} else {
					_t23 =  &_v16;
					_push(_t23);
					_push(0);
					L00403808();
					if(_t23 != 0 || GetLastError() != 0x7a) {
						goto L10;
					} else {
						_v12 = E004053F0(_v16);
						_push(_t41);
						_push(E004064D2);
						_push( *[fs:edx]);
						 *[fs:edx] = _t44;
						_push( &_v16);
						_push(_v12);
						L00403808();
						_t29 = _v12;
						if(_v16 <= 0) {
							L8:
							_pop(_t39);
							 *[fs:eax] = _t39;
							_push(E004064D9);
							return E0040540C(_v12);
						} else {
							while( *((short*)(_t29 + 4)) != 2 ||  *((char*)(_t29 + 8)) != 1) {
								_t29 = _t29 + 0x18;
								_v16 = _v16 - 0x18;
								if(_v16 > 0) {
									continue;
								} else {
									goto L8;
								}
								goto L12;
							}
							_v8 =  *(_t29 + 0xa) & 0x0000ffff;
							E00407210();
							L11:
							return _v8;
						}
					}
				}
				L12:
			}

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 00406439
GetProcAddress.KERNEL32(00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 0040643F
GetLastError.KERNEL32(00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 0040645B

Strings

kernel32.dll, xrefs: 00406434
GetLogicalProcessorInformation, xrefs: 0040642F
@, xrefs: 004064D9

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressErrorHandleLastModuleProc
String ID: @$GetLogicalProcessorInformation$kernel32.dll
API String ID: 4275029093-79381301
Opcode ID: 60cbd49ddd200d6d95d4e054eb85e0ada012a2fb0b751d352b1ba5f8ec496b5f
Instruction ID: 8f5f9a4eb212fab3c4852abc810e80ead921d34dcce11bc4c58bc7a6251dba94
Opcode Fuzzy Hash: 60cbd49ddd200d6d95d4e054eb85e0ada012a2fb0b751d352b1ba5f8ec496b5f
Instruction Fuzzy Hash: 52116371D00208BEDB20EFA5D84576EBBA8EB40705F1184BBF815F32C1D67D9A908B1D

Uniqueness

Uniqueness Score: -1.00%

Function 004B5A90, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 56
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E004B5A90(void* __ebx, void* __ecx, void* __edx, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _t16;
				intOrPtr _t32;
				intOrPtr _t41;

				_t27 = __ebx;
				_push(0);
				_push(0);
				_push(0);
				_push(_t41);
				_push(0x4b5b5a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t41;
				 *0x4c10dc =  *0x4c10dc - 1;
				if( *0x4c10dc < 0) {
					 *0x4c10e0 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"Wow64DisableWow64FsRedirection");
					 *0x4c10e4 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"Wow64RevertWow64FsRedirection");
					if( *0x4c10e0 == 0 ||  *0x4c10e4 == 0) {
						_t16 = 0;
					} else {
						_t16 = 1;
					}
					 *0x4c10e8 = _t16;
					E00422D44( &_v12);
					E00422660(_v12,  &_v8);
					E004086E4( &_v8, L"shell32.dll");
					E00421230(_v8, _t27, 0x8000);
					E004232EC(0x4c783afb,  &_v16);
				}
				_pop(_t32);
				 *[fs:eax] = _t32;
				_push(0x4b5b61);
				return E00407A80( &_v16, 3);
			}

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004B5B5A,?,00000000,00000000,00000000), ref: 004B5ABE

Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116,00000000,0040E246,?,?), ref: 0040E1D2

GetModuleHandleW.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004B5B5A,?,00000000,00000000,00000000), ref: 004B5AD8

Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00000000,00000000,0040E229,?,00000000,0040E246,?,?), ref: 0040E20B

Strings

kernel32.dll, xrefs: 004B5AB9, 004B5AD3
Wow64DisableWow64FsRedirection, xrefs: 004B5AB4
shell32.dll, xrefs: 004B5B1B
Wow64RevertWow64FsRedirection, xrefs: 004B5ACE

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
API String ID: 1646373207-2130885113
Opcode ID: d3436a8aef5dc403501eca62794627bf535e37fb620941cc2275c971991e602d
Instruction ID: 6ea4a141a574a621f9963068001d000fcf1dfb25abde6d391abeb26bafe3dfd6
Opcode Fuzzy Hash: d3436a8aef5dc403501eca62794627bf535e37fb620941cc2275c971991e602d
Instruction Fuzzy Hash: 89119430604744AED744EBA7DD42FDDB764EB45704F60447BF401A6591CABC6A44C63D

Uniqueness

Uniqueness Score: -1.00%

Function 004076B8, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40
fileCOMMON

Download Yara Rule

C-Code - Quality: 43%

			E004076B8(void* __ecx) {
				long _v4;
				void* _t3;
				void* _t9;

				if( *0x4bb058 == 0) {
					if( *0x4b7032 == 0) {
						_push(0);
						_push("Error");
						_push("Runtime error     at 00000000");
						_push(0);
						L00403780();
					}
					return _t3;
				} else {
					if( *0x4bb344 == 0xd7b2 &&  *0x4bb34c > 0) {
						 *0x4bb35c();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1d,  &_v4, 0);
					_t9 = E00408240(0x40774c);
					return WriteFile(GetStdHandle(0xfffffff5), _t9, 2,  &_v4, 0);
				}
			}

0x004076c0
0x00407726
0x00407728
0x0040772a
0x0040772f
0x00407734
0x00407736
0x00407736
0x0040773c
0x004076c2
0x004076cb
0x004076db
0x004076db
0x004076f7
0x0040770a
0x0040771e
0x0040771e

APIs

GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?,0040555F), ref: 004076F1
WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?), ref: 004076F7
GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?), ref: 00407712
WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?), ref: 00407718

Strings

Error, xrefs: 0040772A
Runtime error at 00000000, xrefs: 004076EA, 0040772F

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileHandleWrite
String ID: Error$Runtime error at 00000000
API String ID: 3320372497-2970929446
Opcode ID: 06894f85802f1aca0c877f66b17294aabd6ee15dfccdef8be12070d3d0c4ead6
Instruction ID: db14fa18f2a627875cbdcf208ba1e0af1765c14dc112cf76e17f9611cef7a876
Opcode Fuzzy Hash: 06894f85802f1aca0c877f66b17294aabd6ee15dfccdef8be12070d3d0c4ead6
Instruction Fuzzy Hash: DFF0C2A1A8C24079FA2077A94C47F5A269C8740B16F108A3FF610B61D1C7FD6584937E

Uniqueness

Uniqueness Score: -1.00%

Function 00420524, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 20
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00420524(void* __ebx, void* __esi) {
				intOrPtr _t4;
				intOrPtr _t6;

				if(E0041FF68(6, 0) == 0) {
					_t4 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"NTDLL.DLL"), L"RtlCompareUnicodeString");
					 *0x4be914 = _t4;
					 *0x4be910 = E00420428;
					return _t4;
				} else {
					_t6 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"CompareStringOrdinal");
					 *0x4be910 = _t6;
					return _t6;
				}
			}

0x00420532
0x0042055f
0x00420564
0x00420569
0x00420573
0x00420534
0x00420544
0x00420549
0x0042054e
0x0042054e

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,CompareStringOrdinal,004B5A2E,00000000,004B5A41), ref: 0042053E

Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116,00000000,0040E246,?,?), ref: 0040E1D2

GetModuleHandleW.KERNEL32(NTDLL.DLL,RtlCompareUnicodeString,004B5A2E,00000000,004B5A41), ref: 00420559

Strings

kernel32.dll, xrefs: 00420539
RtlCompareUnicodeString, xrefs: 0042054F
CompareStringOrdinal, xrefs: 00420534
NTDLL.DLL, xrefs: 00420554

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: HandleModule$AddressProc
String ID: CompareStringOrdinal$NTDLL.DLL$RtlCompareUnicodeString$kernel32.dll
API String ID: 1883125708-3870080525
Opcode ID: b7bf267469631706014ef5b6a976724c1e29590bd579973413919bb6c8384525
Instruction ID: 4ba185d4141586243d2650af69d43cb091b5da9faf927984522c9bbe9ad7037f
Opcode Fuzzy Hash: b7bf267469631706014ef5b6a976724c1e29590bd579973413919bb6c8384525
Instruction Fuzzy Hash: 04E08CF0B4232036E644FB672C0769929C51B85709BD04A3F7004BA1D7DBBE42659E2E

Uniqueness

Uniqueness Score: -1.00%

Function 00429314, Relevance: 9.1, APIs: 6, Instructions: 144
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E00429314(short* __eax, intOrPtr __ecx, signed short* __edx) {
				char _v260;
				char _v768;
				char _v772;
				short* _v776;
				intOrPtr _v780;
				char _v784;
				signed int _v788;
				signed short* _v792;
				char _v796;
				char _v800;
				intOrPtr* _v804;
				signed short* _v808;
				void* __ebp;
				signed char _t55;
				signed int _t64;
				void* _t72;
				intOrPtr* _t83;
				void* _t103;
				void* _t105;
				void* _t108;
				void* _t109;
				intOrPtr* _t118;
				void* _t122;
				intOrPtr _t123;
				char* _t124;
				void* _t125;

				_t110 = __ecx;
				_v780 = __ecx;
				_v808 = __edx;
				_v776 = __eax;
				if((_v808[0] & 0x00000020) == 0) {
					E00428FD4(0x80070057);
				}
				_t55 =  *_v808 & 0x0000ffff;
				if((_t55 & 0x00000fff) != 0xc) {
					_push(_v808);
					_push(_v776);
					L0042724C();
					return E00428FD4(_v776);
				} else {
					if((_t55 & 0x00000040) == 0) {
						_v792 = _v808[4];
					} else {
						_v792 =  *(_v808[4]);
					}
					_v788 =  *_v792 & 0x0000ffff;
					_t103 = _v788 - 1;
					if(_t103 < 0) {
						L9:
						_push( &_v772);
						_t64 = _v788;
						_push(_t64);
						_push(0xc);
						L00427820();
						_t123 = _t64;
						if(_t123 == 0) {
							E00428D2C(_t110);
						}
						E00429270(_v776);
						 *_v776 = 0x200c;
						 *((intOrPtr*)(_v776 + 8)) = _t123;
						_t105 = _v788 - 1;
						if(_t105 < 0) {
							L14:
							_t107 = _v788 - 1;
							if(E0042928C(_v788 - 1, _t125) != 0) {
								L00427838();
								E00428FD4(_v792);
								L00427838();
								E00428FD4( &_v260);
								_v780(_t123,  &_v260,  &_v800, _v792,  &_v260,  &_v796);
							}
							_t72 = E004292BC(_t107, _t125);
						} else {
							_t108 = _t105 + 1;
							_t83 =  &_v768;
							_t118 =  &_v260;
							do {
								 *_t118 =  *_t83;
								_t118 = _t118 + 4;
								_t83 = _t83 + 8;
								_t108 = _t108 - 1;
							} while (_t108 != 0);
							do {
								goto L14;
							} while (_t72 != 0);
							return _t72;
						}
					} else {
						_t109 = _t103 + 1;
						_t122 = 0;
						_t124 =  &_v772;
						do {
							_v804 = _t124;
							_push(_v804 + 4);
							_t23 = _t122 + 1; // 0x1
							_push(_v792);
							L00427828();
							E00428FD4(_v792);
							_push( &_v784);
							_t26 = _t122 + 1; // 0x1
							_push(_v792);
							L00427830();
							E00428FD4(_v792);
							 *_v804 = _v784 -  *((intOrPtr*)(_v804 + 4)) + 1;
							_t122 = _t122 + 1;
							_t124 = _t124 + 8;
							_t109 = _t109 - 1;
						} while (_t109 != 0);
						goto L9;
					}
				}
			}

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 004293C9
SafeArrayGetUBound.OLEAUT32(?,00000001,?,?,00000001,?), ref: 004293E5
SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 0042941E
SafeArrayPtrOfIndex.OLEAUT32(?,?,?,0000000C,?,?), ref: 0042949B
SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?,?,?,?,0000000C,?,?), ref: 004294B4
VariantCopy.OLEAUT32(?,?), ref: 004294EF

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ArraySafe$BoundIndex$CopyCreateVariant
String ID:
API String ID: 351091851-0
Opcode ID: 6f00898c9aed2b6a7f29acfc8da8bf4acfd6cfadbfadc68992a421c789b839ea
Instruction ID: 40907f15986e25785bf49cc45dc9858f4ae05cc6f5fe419918d11ca627fab012
Opcode Fuzzy Hash: 6f00898c9aed2b6a7f29acfc8da8bf4acfd6cfadbfadc68992a421c789b839ea
Instruction Fuzzy Hash: CD510C75A0522D9BCB66EB59D981ADAB3FCAF0C304F4041DAF508E7211DA34AF858F64

Uniqueness

Uniqueness Score: -1.00%

Function 00403EE8, Relevance: 9.0, APIs: 7, Instructions: 298
sleepCOMMON

Download Yara Rule

C-Code - Quality: 67%

			E00403EE8(signed int __eax) {
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				intOrPtr* _t99;
				signed int _t104;
				signed int _t109;
				intOrPtr* _t114;
				void* _t116;
				intOrPtr* _t121;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t132;
				signed int _t134;
				signed int _t135;
				unsigned int _t141;
				signed int _t142;
				void* _t144;
				intOrPtr* _t147;
				intOrPtr _t148;
				signed int _t150;
				long _t156;
				intOrPtr _t159;
				signed int _t162;

				_t95 = __eax;
				_t129 =  *0x4bb059;
				if(__eax > 0xa2c) {
					__eflags = __eax - 0x40a2c;
					if(__eax > 0x40a2c) {
						_pop(_t120);
						__eflags = __eax;
						if(__eax >= 0) {
							_push(_t120);
							_t162 = __eax;
							_t2 = _t162 + 0x10010; // 0x10110
							_t156 = _t2 - 0x00000001 + 0x00000004 & 0xffff0000;
							_t121 = VirtualAlloc(0, _t156, 0x101000, 4);
							if(_t121 != 0) {
								_t147 = _t121;
								 *((intOrPtr*)(_t147 + 8)) = _t162;
								 *(_t147 + 0xc) = _t156 | 0x00000004;
								E00403C48();
								_t99 =  *0x4bdb80;
								 *_t147 = 0x4bdb7c;
								 *0x4bdb80 = _t121;
								 *((intOrPtr*)(_t147 + 4)) = _t99;
								 *_t99 = _t121;
								 *0x4bdb78 = 0;
								_t121 = _t121 + 0x10;
							}
							return _t121;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t67 = _t95 + 0xd3; // 0x1d3
						_t125 = (_t67 & 0xffffff00) + 0x30;
						__eflags = _t129;
						if(__eflags != 0) {
							while(1) {
								asm("lock cmpxchg [0x4bbae8], ah");
								if(__eflags == 0) {
									goto L42;
								}
								asm("pause");
								__eflags =  *0x4bb989;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									asm("lock cmpxchg [0x4bbae8], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L42;
							}
						}
						L42:
						_t68 = _t125 - 0xb30; // -2445
						_t141 = _t68;
						_t142 = _t141 >> 0xd;
						_t131 = _t141 >> 8;
						_t104 = 0xffffffff << _t131 &  *(0x4bbaf8 + _t142 * 4);
						__eflags = 0xffffffff;
						if(0xffffffff == 0) {
							_t132 = _t142;
							__eflags = 0xfffffffe << _t132 &  *0x4bbaf4;
							if((0xfffffffe << _t132 &  *0x4bbaf4) == 0) {
								_t134 =  *0x4bbaf0 - _t125;
								__eflags = _t134;
								if(_t134 < 0) {
									_t109 = E00403BCC(_t125);
								} else {
									_t109 =  *0x4bbaec - _t125;
									 *0x4bbaec = _t109;
									 *0x4bbaf0 = _t134;
									 *(_t109 - 4) = _t125 | 0x00000002;
								}
								 *0x4bbae8 = 0;
								return _t109;
							} else {
								asm("bsf edx, eax");
								asm("bsf ecx, eax");
								_t135 = _t132 | _t142 << 0x00000005;
								goto L50;
							}
						} else {
							asm("bsf eax, eax");
							_t135 = _t131 & 0xffffffe0 | _t104;
							L50:
							_push(_t152);
							_push(_t145);
							_t148 = 0x4bbb78 + _t135 * 8;
							_t159 =  *((intOrPtr*)(_t148 + 4));
							_t114 =  *((intOrPtr*)(_t159 + 4));
							 *((intOrPtr*)(_t148 + 4)) = _t114;
							 *_t114 = _t148;
							__eflags = _t148 - _t114;
							if(_t148 == _t114) {
								asm("rol eax, cl");
								_t80 = 0x4bbaf8 + _t142 * 4;
								 *_t80 =  *(0x4bbaf8 + _t142 * 4) & 0xfffffffe;
								__eflags =  *_t80;
								if( *_t80 == 0) {
									asm("btr [0x4bbaf4], edx");
								}
							}
							_t150 = 0xfffffff0 &  *(_t159 - 4);
							_t144 = 0xfffffff0 - _t125;
							__eflags = 0xfffffff0;
							if(0xfffffff0 == 0) {
								_t89 =  &((_t159 - 4)[0xfffffffffffffffc]);
								 *_t89 =  *(_t159 - 4 + _t150) & 0x000000f7;
								__eflags =  *_t89;
							} else {
								_t116 = _t125 + _t159;
								 *((intOrPtr*)(_t116 - 4)) = 0xfffffffffffffff3;
								 *(0xfffffff0 + _t116 - 8) = 0xfffffff0;
								__eflags = 0xfffffff0 - 0xb30;
								if(0xfffffff0 >= 0xb30) {
									E00403B00(_t116, 0xfffffffffffffff3, _t144);
								}
							}
							_t93 = _t125 + 2; // 0x1a5
							 *(_t159 - 4) = _t93;
							 *0x4bbae8 = 0;
							return _t159;
						}
					}
				} else {
					__eflags = __cl;
					__eax =  *(__edx + 0x4bb990) & 0x000000ff;
					__ebx = 0x4b7080 + ( *(__edx + 0x4bb990) & 0x000000ff) * 8;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L5;
							}
							__ebx = __ebx + 0x20;
							__eflags = __ebx;
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__ebx != 0) {
								__ebx = __ebx + 0x20;
								__eflags = __ebx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__ebx != 0) {
									__ebx = __ebx - 0x40;
									asm("pause");
									__eflags =  *0x4bb989;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [ebx], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
								}
							}
							goto L5;
						}
					}
					L5:
					__edx =  *(__ebx + 8);
					__eax =  *(__edx + 0x10);
					__ecx = 0xfffffff8;
					__eflags = __edx - __ebx;
					if(__edx == __ebx) {
						__edx =  *(__ebx + 0x18);
						__ecx =  *(__ebx + 2) & 0x0000ffff;
						__ecx = ( *(__ebx + 2) & 0x0000ffff) + __eax;
						__eflags = __eax -  *(__ebx + 0x14);
						if(__eax >  *(__ebx + 0x14)) {
							_push(__esi);
							_push(__edi);
							__eflags =  *0x4bb059;
							if(__eflags != 0) {
								while(1) {
									__eax = 0x100;
									asm("lock cmpxchg [0x4bbae8], ah");
									if(__eflags == 0) {
										goto L22;
									}
									asm("pause");
									__eflags =  *0x4bb989;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [0x4bbae8], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
									goto L22;
								}
							}
							L22:
							 *(__ebx + 1) =  *(__ebx + 1) &  *0x4bbaf4;
							__eflags =  *(__ebx + 1) &  *0x4bbaf4;
							if(( *(__ebx + 1) &  *0x4bbaf4) == 0) {
								__ecx =  *(__ebx + 4) & 0x0000ffff;
								__edi =  *0x4bbaf0;
								__eflags = __edi - ( *(__ebx + 4) & 0x0000ffff);
								if(__edi < ( *(__ebx + 4) & 0x0000ffff)) {
									__eax =  *(__ebx + 6) & 0x0000ffff;
									__edi = __eax;
									__eax = E00403BCC(__eax);
									__esi = __eax;
									__eflags = __eax;
									if(__eax != 0) {
										goto L35;
									} else {
										 *0x4bbae8 = __al;
										 *__ebx = __al;
										_pop(__edi);
										_pop(__esi);
										_pop(__ebx);
										return __eax;
									}
								} else {
									__esi =  *0x4bbaec;
									__ecx =  *(__ebx + 6) & 0x0000ffff;
									__edx = __ecx + 0xb30;
									__eflags = __edi - __ecx + 0xb30;
									if(__edi >= __ecx + 0xb30) {
										__edi = __ecx;
									}
									__esi = __esi - __edi;
									 *0x4bbaf0 =  *0x4bbaf0 - __edi;
									 *0x4bbaec = __esi;
									goto L35;
								}
							} else {
								asm("bsf eax, esi");
								__esi = __eax * 8;
								__ecx =  *(0x4bbaf8 + __eax * 4);
								asm("bsf ecx, ecx");
								__ecx =  *(0x4bbaf8 + __eax * 4) + __eax * 8 * 4;
								__edi = 0x4bbb78 + ( *(0x4bbaf8 + __eax * 4) + __eax * 8 * 4) * 8;
								__esi =  *(__edi + 4);
								__edx =  *(__esi + 4);
								 *(__edi + 4) = __edx;
								 *__edx = __edi;
								__eflags = __edi - __edx;
								if(__edi == __edx) {
									__edx = 0xfffffffe;
									asm("rol edx, cl");
									_t38 = 0x4bbaf8 + __eax * 4;
									 *_t38 =  *(0x4bbaf8 + __eax * 4) & 0xfffffffe;
									__eflags =  *_t38;
									if( *_t38 == 0) {
										asm("btr [0x4bbaf4], eax");
									}
								}
								__edi = 0xfffffff0;
								__edi = 0xfffffff0 &  *(__esi - 4);
								__eflags = 0xfffffff0 - 0x10a60;
								if(0xfffffff0 < 0x10a60) {
									_t52 =  &((__esi - 4)[0xfffffffffffffffc]);
									 *_t52 = (__esi - 4)[0xfffffffffffffffc] & 0x000000f7;
									__eflags =  *_t52;
								} else {
									__edx = __edi;
									__edi =  *(__ebx + 6) & 0x0000ffff;
									__edx = __edx - __edi;
									__eax = __edi + __esi;
									__ecx = __edx + 3;
									 *(__eax - 4) = __ecx;
									 *(__edx + __eax - 8) = __edx;
									__eax = E00403B00(__eax, __ecx, __edx);
								}
								L35:
								__ecx = __edi + 6;
								 *(__esi - 4) = __edi + 6;
								__eax = 0;
								 *0x4bbae8 = __al;
								 *__esi = __ebx;
								 *((intOrPtr*)(__esi + 0x10)) = 0;
								 *((intOrPtr*)(__esi + 0x14)) = 1;
								 *(__ebx + 0x18) = __esi;
								_t61 = __esi + 0x20; // 0x20
								__eax = _t61;
								__ecx =  *(__ebx + 2) & 0x0000ffff;
								__edx = __ecx + __eax;
								 *(__ebx + 0x10) = __ecx + __eax;
								__edi = __edi + __esi;
								__edi = __edi - __ecx;
								__eflags = __edi;
								 *(__ebx + 0x14) = __edi;
								 *__ebx = 0;
								 *(__eax - 4) = __esi;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return __eax;
							}
						} else {
							_t19 = __edx + 0x14;
							 *_t19 =  *(__edx + 0x14) + 1;
							__eflags =  *_t19;
							 *(__ebx + 0x10) = __ecx;
							 *__ebx = 0;
							 *(__eax - 4) = __edx;
							_pop(__ebx);
							return __eax;
						}
					} else {
						 *(__edx + 0x14) =  *(__edx + 0x14) + 1;
						__ecx = 0xfffffff8 &  *(__eax - 4);
						__eflags = 0xfffffff8;
						 *(__edx + 0x10) = 0xfffffff8 &  *(__eax - 4);
						 *(__eax - 4) = __edx;
						if(0xfffffff8 == 0) {
							__ecx =  *(__edx + 8);
							 *(__ecx + 0xc) = __ebx;
							 *(__ebx + 8) = __ecx;
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						} else {
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}

0x00403ee8
0x00403ef4
0x00403efa
0x00404148
0x0040414d
0x00404260
0x00404261
0x00404263
0x00403c94
0x00403c98
0x00403c9a
0x00403ca4
0x00403cb9
0x00403cbd
0x00403cbf
0x00403cc1
0x00403cc7
0x00403cca
0x00403ccf
0x00403cd4
0x00403cda
0x00403ce0
0x00403ce3
0x00403ce5
0x00403cec
0x00403cec
0x00403cf5
0x00404269
0x00404269
0x0040426b
0x0040426b
0x00404153
0x00404153
0x0040415f
0x00404162
0x00404164
0x0040410c
0x00404111
0x00404119
0x00000000
0x00000000
0x0040411b
0x0040411d
0x00404124
0x00000000
0x00404126
0x00404128
0x00404132
0x0040413a
0x0040413e
0x00000000
0x0040413e
0x0040413a
0x00000000
0x00404124
0x0040410c
0x00404166
0x00404166
0x00404166
0x0040416e
0x00404171
0x0040417b
0x0040417b
0x00404182
0x00404195
0x00404199
0x0040419f
0x004041be
0x004041be
0x004041c0
0x004041de
0x004041c2
0x004041c7
0x004041c9
0x004041ce
0x004041d7
0x004041d7
0x004041e3
0x004041eb
0x004041a1
0x004041a1
0x004041ab
0x004041b3
0x00000000
0x004041b3
0x00404184
0x00404187
0x0040418a
0x004041ec
0x004041ec
0x004041ed
0x004041ee
0x004041f5
0x004041f8
0x004041fb
0x004041fe
0x00404200
0x00404202
0x00404209
0x0040420b
0x0040420b
0x0040420b
0x00404212
0x00404214
0x00404214
0x00404212
0x00404220
0x00404225
0x00404225
0x00404227
0x00404248
0x00404248
0x00404248
0x00404229
0x00404229
0x0040422f
0x00404232
0x00404236
0x0040423c
0x0040423e
0x0040423e
0x0040423c
0x0040424d
0x00404250
0x00404253
0x0040425f
0x0040425f
0x00404182
0x00403f00
0x00403f00
0x00403f02
0x00403f09
0x00403f10
0x00403f68
0x00403f68
0x00403f6d
0x00403f71
0x00000000
0x00000000
0x00403f73
0x00403f73
0x00403f76
0x00403f7b
0x00403f7f
0x00403f81
0x00403f81
0x00403f84
0x00403f89
0x00403f8d
0x00403f8f
0x00403f92
0x00403f94
0x00403f9b
0x00000000
0x00403f9d
0x00403f9f
0x00403fa4
0x00403fa9
0x00403fad
0x00403fb5
0x00000000
0x00403fb5
0x00403fad
0x00403f9b
0x00403f8d
0x00000000
0x00403f7f
0x00403f68
0x00403f12
0x00403f12
0x00403f15
0x00403f18
0x00403f1d
0x00403f1f
0x00403f38
0x00403f3b
0x00403f3f
0x00403f41
0x00403f44
0x00403fbc
0x00403fbd
0x00403fbe
0x00403fc5
0x00403fc7
0x00403fc7
0x00403fcc
0x00403fd4
0x00000000
0x00000000
0x00403fd6
0x00403fd8
0x00403fdf
0x00000000
0x00403fe1
0x00403fe3
0x00403fe8
0x00403fed
0x00403ff5
0x00403ff9
0x00000000
0x00403ff9
0x00403ff5
0x00000000
0x00403fdf
0x00403fc7
0x00404000
0x00404004
0x00404004
0x0040400a
0x0040407c
0x00404080
0x00404086
0x00404088
0x004040b0
0x004040b4
0x004040b6
0x004040bb
0x004040bd
0x004040bf
0x00000000
0x004040c1
0x004040c1
0x004040c6
0x004040c8
0x004040c9
0x004040ca
0x004040cb
0x004040cb
0x0040408a
0x0040408a
0x00404090
0x00404094
0x0040409a
0x0040409c
0x0040409e
0x0040409e
0x004040a0
0x004040a2
0x004040a8
0x00000000
0x004040a8
0x0040400c
0x0040400c
0x0040400f
0x00404016
0x0040401d
0x00404020
0x00404023
0x0040402a
0x0040402d
0x00404030
0x00404033
0x00404035
0x00404037
0x00404039
0x0040403e
0x00404040
0x00404040
0x00404040
0x00404047
0x00404049
0x00404049
0x00404047
0x00404050
0x00404055
0x00404058
0x0040405e
0x004040cc
0x004040cc
0x004040cc
0x00404060
0x00404060
0x00404062
0x00404066
0x00404068
0x0040406b
0x0040406e
0x00404071
0x00404075
0x00404075
0x004040d1
0x004040d1
0x004040d4
0x004040d7
0x004040d9
0x004040de
0x004040e0
0x004040e3
0x004040ea
0x004040ed
0x004040ed
0x004040f0
0x004040f4
0x004040f7
0x004040fa
0x004040fc
0x004040fc
0x004040fe
0x00404101
0x00404104
0x00404107
0x00404108
0x00404109
0x0040410a
0x0040410a
0x00403f46
0x00403f46
0x00403f46
0x00403f46
0x00403f4a
0x00403f4d
0x00403f50
0x00403f53
0x00403f54
0x00403f54
0x00403f21
0x00403f21
0x00403f25
0x00403f25
0x00403f28
0x00403f2b
0x00403f2e
0x00403f58
0x00403f5b
0x00403f5e
0x00403f61
0x00403f64
0x00403f65
0x00403f30
0x00403f30
0x00403f33
0x00403f34
0x00403f34
0x00403f2e
0x00403f1f

APIs

Sleep.KERNEL32(00000000,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403F9F
Sleep.KERNEL32(0000000A,00000000,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403FB5
Sleep.KERNEL32(00000000,00000000,?,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403FE3
Sleep.KERNEL32(0000000A,00000000,00000000,?,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403FF9

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: c8a502eaa8f3cf537c68f2b24e4f985e217719fcc7af7ea96ad2adec4d15fc30
Instruction ID: d98b69cfe0522def9def3360e9182a2a8bb24ce33fa39324cc86f3a67812f259
Opcode Fuzzy Hash: c8a502eaa8f3cf537c68f2b24e4f985e217719fcc7af7ea96ad2adec4d15fc30
Instruction Fuzzy Hash: 99C123B2A002018BCB15CF69EC84356BFE4EB89311F1882BFE514AB3D5D7B89941C7D8

Uniqueness

Uniqueness Score: -1.00%

Function 004B60E8, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 165
windowCOMMON

Download Yara Rule

C-Code - Quality: 67%

			E004B60E8(void* __ebx, void* __edi, void* __esi, void* __fp0) {
				intOrPtr _t51;
				intOrPtr _t61;
				WCHAR* _t63;
				intOrPtr _t69;
				int _t75;
				struct HWND__* _t81;
				void* _t90;
				intOrPtr _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				void* _t120;
				intOrPtr _t121;

				_t119 = __esi;
				_t118 = __edi;
				_t85 = __ebx;
				_pop(_t101);
				_pop(_t88);
				 *[fs:eax] = _t101;
				E004AF664(_t88);
				if( *0x4ba440 == 0) {
					if(( *0x4c1d29 & 0x00000001) == 0 &&  *0x4ba441 == 0) {
						_t61 =  *0x4ba674; // 0x4c0d0c
						_t63 = E004084EC( *((intOrPtr*)(_t61 + 0x2b4)));
						_t88 = _t120 - 0x28;
						_t101 =  *0x4c1c00;
						E00426F08(0xb1, _t120 - 0x28,  *0x4c1c00);
						if(MessageBoxW(0, E004084EC( *((intOrPtr*)(_t120 - 0x28))), _t63, 0x24) != 6) {
							 *0x4ba44c = 2;
							E0041F238();
						}
					}
					E004056D0();
					E004AEFDC(_t120 - 0x2c, _t85, _t101, _t118, _t119);
					E00407E00(0x4c1d4c,  *((intOrPtr*)(_t120 - 0x2c)));
					E00422954( *0x4c1d3c, _t88, _t120 - 0x34);
					E004226C8( *((intOrPtr*)(_t120 - 0x34)), _t85, _t120 - 0x30, L".tmp", _t118, _t119);
					_push( *((intOrPtr*)(_t120 - 0x30)));
					E00422660( *0x4c1d4c, _t120 - 0x38);
					_pop(_t90);
					E0040873C(0x4c1d50, _t90,  *((intOrPtr*)(_t120 - 0x38)));
					E00407E00(0x4c1d54,  *0x4c1d50);
					E00423CE8( *0x4c1d40,  *((intOrPtr*)( *0x4c1d48 + 0x14)));
					_push(_t120);
					_push(0x4b63a9);
					_push( *[fs:edx]);
					 *[fs:edx] = _t121;
					 *0x4c1d98 = 0;
					 *0x4c1d44 = E00423D00(1, 0, 1, 0);
					_push(_t120);
					_push(0x4b6398);
					_push( *[fs:eax]);
					 *[fs:eax] = _t121;
					 *0x4c1d98 = E004053F0( *((intOrPtr*)( *0x4c1d48 + 0x18)));
					E00405884( *0x4c1d98,  *((intOrPtr*)( *0x4c1d48 + 0x18)));
					_push(_t120);
					_push(0x4b62e7);
					_push( *[fs:eax]);
					 *[fs:eax] = _t121;
					_t51 =  *0x424cd8; // 0x424d30
					 *0x4c1d9c = E00424748( *0x4c1d40, 1, _t51);
					_push(_t120);
					_push(0x4b62d6);
					_push( *[fs:eax]);
					 *[fs:eax] = _t121;
					E00424A24( *0x4c1d9c,  *((intOrPtr*)( *0x4c1d48 + 0x18)),  *0x4c1d98);
					_pop(_t114);
					 *[fs:eax] = _t114;
					_push(E004B62DD);
					return E00405CE8( *0x4c1d9c);
				} else {
					_t69 =  *0x4ba674; // 0x4c0d0c
					E004AFA2C( *((intOrPtr*)(_t69 + 0x18c)), __ebx, __edi, __esi);
					 *0x4ba44c = 0;
					_pop(_t115);
					 *[fs:eax] = _t115;
					_push(E004B6550);
					_t75 = E00405CE8( *0x4c1d40);
					if( *0x4c1d54 != 0) {
						_t75 = E004AF1A4(0,  *0x4c1d54, 0xfa, 0x32);
					}
					if( *0x4c1d4c != 0) {
						_t75 = RemoveDirectoryW(E004084EC( *0x4c1d4c));
					}
					if( *0x4ba450 != 0) {
						_t81 =  *0x4ba450; // 0x0
						_t75 = DestroyWindow(_t81);
					}
					if( *0x4c1d30 != 0) {
						_t116 =  *0x426bb0; // 0x426bb4
						E00408D08( *0x4c1d30,  *0x4c1d34, _t116);
						E0040540C( *0x4c1d30);
						 *0x4c1d30 = 0;
						return 0;
					}
					return _t75;
				}
			}

0x004b60e8
0x004b60e8
0x004b60e8
0x004b60ea
0x004b60ec
0x004b60ed
0x004b610d
0x004b6119
0x004b613e
0x004b614b
0x004b6156
0x004b615c
0x004b615f
0x004b6167
0x004b617f
0x004b6181
0x004b618b
0x004b618b
0x004b617f
0x004b6190
0x004b6198
0x004b61a5
0x004b61b2
0x004b61c2
0x004b61ca
0x004b61d3
0x004b61e0
0x004b61e1
0x004b61f1
0x004b6203
0x004b620a
0x004b620b
0x004b6210
0x004b6213
0x004b6218
0x004b6235
0x004b623c
0x004b623d
0x004b6242
0x004b6245
0x004b6255
0x004b626c
0x004b6273
0x004b6274
0x004b6279
0x004b627c
0x004b627f
0x004b6297
0x004b629e
0x004b629f
0x004b62a4
0x004b62a7
0x004b62b9
0x004b62c0
0x004b62c3
0x004b62c6
0x004b62d5
0x004b611b
0x004b611b
0x004b6126
0x004b612d
0x004b64b1
0x004b64b4
0x004b64b7
0x004b64c1
0x004b64cd
0x004b64e3
0x004b64e3
0x004b64ef
0x004b64fc
0x004b64fc
0x004b6508
0x004b650a
0x004b6510
0x004b6510
0x004b651c
0x004b6529
0x004b652f
0x004b6539
0x004b6540
0x00000000
0x004b6540
0x004b6545
0x004b6545

APIs

MessageBoxW.USER32(00000000,00000000,00000000,00000024), ref: 004B6177

Part of subcall function 004AFA2C: MessageBoxW.USER32(00000000,00000000,Setup,00000010,For more detailed information, please visit https://jrsoftware.org/ishelp/index.php?topic=setupcmdline,004B0F7C,?,?,The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will in,00000000,004AFAB6,?,?,00000000,00000000), ref: 004AFA96

RemoveDirectoryW.KERNEL32(00000000,004B6550), ref: 004B64FC
DestroyWindow.USER32(00000000,004B6550), ref: 004B6510

Part of subcall function 004AF1A4: Sleep.KERNEL32(?,?,?,?,0000000D,?,004B64E8,000000FA,00000032,004B6550), ref: 004AF1C3
Part of subcall function 004AF1A4: GetLastError.KERNEL32(?,?,?,0000000D,?,004B64E8,000000FA,00000032,004B6550), ref: 004AF1E6
Part of subcall function 004AF1A4: GetLastError.KERNEL32(?,?,?,0000000D,?,004B64E8,000000FA,00000032,004B6550), ref: 004AF1F0

Strings

.tmp, xrefs: 004B61BD
0MB, xrefs: 004B627F

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ErrorLastMessage$DestroyDirectoryRemoveSleepWindow
String ID: .tmp$0MB
API String ID: 3858953238-176122739
Opcode ID: 49bb2c6a9c73819bf38b0408f75c5998ac5a4fe3dc91767e8802c4c52ac23ce7
Instruction ID: dd8228bb87b5c3f826920660d5879d0b5443f76f7ba5c686a8b7b1af545f285c
Opcode Fuzzy Hash: 49bb2c6a9c73819bf38b0408f75c5998ac5a4fe3dc91767e8802c4c52ac23ce7
Instruction Fuzzy Hash: F6615B746102009FD765EF69EC85E9A37A5EB4A308F51443AF802976B2DA3CBC51CB2D

Uniqueness

Uniqueness Score: -1.00%

Function 004AFA2C, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 44
windowCOMMON

Download Yara Rule

C-Code - Quality: 34%

			E004AFA2C(void* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				void* _t24;
				intOrPtr _t28;
				void* _t31;
				void* _t32;
				intOrPtr _t35;

				_t32 = __esi;
				_t31 = __edi;
				_push(0);
				_push(0);
				_t24 = __eax;
				_push(_t35);
				_push(0x4afab6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t35;
				if(( *0x4c1d19 & 0x00000001) == 0) {
					E00407A20( &_v8);
				} else {
					E00407E48( &_v8, L"/ALLUSERS\r\nInstructs Setup to install in administrative install mode.\r\n/CURRENTUSER\r\nInstructs Setup to install in non administrative install mode.\r\n");
				}
				_push(L"The Setup program accepts optional command line parameters.\r\n\r\n/HELP, /?\r\nShows this information.\r\n/SP-\r\nDisables the This will install... Do you wish to continue? prompt at the beginning of Setup.\r\n/SILENT, /VERYSILENT\r\nInstructs Setup to be silent or very silent.\r\n/SUPPRESSMSGBOXES\r\nInstructs Setup to suppress message boxes.\r\n/LOG\r\nCauses Setup to create a log file in the user\'s TEMP directory.\r\n/LOG=\"filename\"\r\nSame as /LOG, except it allows you to specify a fixed path/filename to use for the log file.\r\n/NOCANCEL\r\nPrevents the user from cancelling during the installation process.\r\n/NORESTART\r\nPrevents Setup from restarting the system following a successful installation, or after a Preparing to Install failure that requests a restart.\r\n/RESTARTEXITCODE=exit code\r\nSpecifies a custom exit code that Setup is to return when the system needs to be restarted.\r\n/CLOSEAPPLICATIONS\r\nInstructs Setup to close applications using files that need to be updated.\r\n/NOCLOSEAPPLICATIONS\r\nPrevents Setup from closing applications using files that need to be updated.\r\n/FORCECLOSEAPPLICATIONS\r\nInstructs Setup to force close when closing applications.\r\n/FORCENOCLOSEAPPLICATIONS\r\nPrevents Setup from force closing when closing applications.\r\n/LOGCLOSEAPPLICATIONS\r\nInstructs Setup to create extra logging when closing applications for debugging purposes.\r\n/RESTARTAPPLICATIONS\r\nInstructs Setup to restart applications.\r\n/NORESTARTAPPLICATIONS\r\nPrevents Setup from restarting applications.\r\n/LOADINF=\"filename\"\r\nInstructs Setup to load the settings from the specified file after having checked the command line.\r\n/SAVEINF=\"filename\"\r\nInstructs Setup to save installation settings to the specified file.\r\n/LANG=language\r\nSpecifies the internal name of the language to use.\r\n/DIR=\"x:\\dirname\"\r\nOverrides the default directory name.\r\n/GROUP=\"folder name\"\r\nOverrides the default folder name.\r\n/NOICONS\r\nInstructs Setup to initially check the Don\'t create a Start Menu folder check box.\r\n/TYPE=type name\r\nOverrides the default setup type.\r\n/COMPONENTS=\"comma separated list of component names\"\r\nOverrides the default component settings.\r\n/TASKS=\"comma separated list of task names\"\r\nSpecifies a list of tasks that should be initially selected.\r\n/MERGETASKS=\"comma separated list of task names\"\r\nLike the /TASKS parameter, except the specified tasks will be merged with the set of tasks that would have otherwise been selected by default.\r\n/PASSWORD=password\r\nSpecifies the password to use.\r\n");
				_push(_v8);
				_push(_t24);
				_push(0x4b0f7c);
				_push(L"For more detailed information, please visit https://jrsoftware.org/ishelp/index.php?topic=setupcmdline");
				E004087C4( &_v12, _t24, 5, _t31, _t32);
				MessageBoxW(0, E004084EC(_v12), L"Setup", 0x10);
				_pop(_t28);
				 *[fs:eax] = _t28;
				_push(E004AFABD);
				return E00407A80( &_v12, 2);
			}

APIs

MessageBoxW.USER32(00000000,00000000,Setup,00000010,For more detailed information, please visit https://jrsoftware.org/ishelp/index.php?topic=setupcmdline,004B0F7C,?,?,The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will in,00000000,004AFAB6,?,?,00000000,00000000), ref: 004AFA96

Strings

For more detailed information, please visit https://jrsoftware.org/ishelp/index.php?topic=setupcmdline, xrefs: 004AFA72
The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will in, xrefs: 004AFA64
Setup, xrefs: 004AFA86
/ALLUSERSInstructs Setup to install in administrative install mode./CURRENTUSERInstructs Setup to install in non administrat, xrefs: 004AFA50

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Message
String ID: /ALLUSERSInstructs Setup to install in administrative install mode./CURRENTUSERInstructs Setup to install in non administrat$For more detailed information, please visit https://jrsoftware.org/ishelp/index.php?topic=setupcmdline$Setup$The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will in
API String ID: 2030045667-3391638011
Opcode ID: 5fca6df1cc41c60226962d0d4d7f1ceda4c84f57996502a3869d04bad8e11af8
Instruction ID: d91db7adbe0e61d65693b83f686b77c7a2459b52af6881be4eb58bd45dae7278
Opcode Fuzzy Hash: 5fca6df1cc41c60226962d0d4d7f1ceda4c84f57996502a3869d04bad8e11af8
Instruction Fuzzy Hash: 5D018F30744308BAE310E691CC52F9E76ACD719B04FA0407BB904B26C2D6BC6E04842D

Uniqueness

Uniqueness Score: -1.00%

Function 0042F9B0, Relevance: 7.8, APIs: 5, Instructions: 335
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E0042F9B0(signed short* __eax, signed int __ecx, signed short* __edx, void* __edi, void* __fp0) {
				signed int _v8;
				signed char _v9;
				signed int _v12;
				signed int _v14;
				void* _v20;
				void* _v24;
				signed short* _v28;
				signed short* _v32;
				signed int _v48;
				void* __ebx;
				void* __ebp;
				signed int _t150;
				signed int _t272;
				intOrPtr _t328;
				intOrPtr _t331;
				intOrPtr _t339;
				intOrPtr _t347;
				intOrPtr _t355;
				void* _t360;
				void* _t362;
				intOrPtr _t363;

				_t367 = __fp0;
				_t358 = __edi;
				_t360 = _t362;
				_t363 = _t362 + 0xffffffd4;
				_v8 = __ecx;
				_v32 = __edx;
				_v28 = __eax;
				_v9 = 1;
				_t272 =  *_v28 & 0x0000ffff;
				if((_t272 & 0x00000fff) >= 0x10f) {
					_t150 =  *_v32 & 0x0000ffff;
					if(_t150 != 0) {
						if(_t150 != 1) {
							if(E00430858(_t272,  &_v20) != 0) {
								_push( &_v14);
								_t273 =  *_v20;
								if( *((intOrPtr*)( *_v20 + 8))() == 0) {
									_t275 =  *_v32 & 0x0000ffff;
									if(( *_v32 & 0xfff) >= 0x10f) {
										if(E00430858(_t275,  &_v24) != 0) {
											_push( &_v12);
											_t276 =  *_v24;
											if( *((intOrPtr*)( *_v24 + 4))() == 0) {
												E00428BE8(0xb);
												goto L41;
											} else {
												if(( *_v28 & 0x0000ffff) == _v12) {
													_t143 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
													_v9 =  *(0x4b93d2 + _v8 * 2 + _t143) & 0x000000ff;
													goto L41;
												} else {
													_push( &_v48);
													L0042723C();
													_push(_t360);
													_push(0x42fda8);
													_push( *[fs:eax]);
													 *[fs:eax] = _t363;
													_t289 = _v12 & 0x0000ffff;
													E0042999C( &_v48, _t276, _v12 & 0x0000ffff, _v28, __edi, __fp0);
													if((_v48 & 0x0000ffff) != _v12) {
														E00428AF0(_t289);
													}
													_t131 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
													_v9 =  *(0x4b93d2 + _v8 * 2 + _t131) & 0x000000ff;
													_pop(_t328);
													 *[fs:eax] = _t328;
													_push(0x42fddd);
													return E00429270( &_v48);
												}
											}
										} else {
											E00428BE8(0xb);
											goto L41;
										}
									} else {
										_push( &_v48);
										L0042723C();
										_push(_t360);
										_push(0x42fcef);
										_push( *[fs:eax]);
										 *[fs:eax] = _t363;
										_t294 =  *_v32 & 0x0000ffff;
										E0042999C( &_v48, _t275,  *_v32 & 0x0000ffff, _v28, __edi, __fp0);
										if(( *_v32 & 0x0000ffff) != _v48) {
											E00428AF0(_t294);
										}
										_v9 = E0042F7C8( &_v48, _v8, _v32, _t358, _t360, _t367);
										_pop(_t331);
										 *[fs:eax] = _t331;
										_push(0x42fddd);
										return E00429270( &_v48);
									}
								} else {
									if(( *_v32 & 0x0000ffff) == _v14) {
										_t95 = ( *((intOrPtr*)( *_v20 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t95) & 0x000000ff;
										goto L41;
									} else {
										_push( &_v48);
										L0042723C();
										_push(_t360);
										_push(0x42fc4a);
										_push( *[fs:eax]);
										 *[fs:eax] = _t363;
										_t299 = _v14 & 0x0000ffff;
										E0042999C( &_v48, _t273, _v14 & 0x0000ffff, _v32, __edi, __fp0);
										if((_v48 & 0x0000ffff) != _v14) {
											E00428AF0(_t299);
										}
										_t83 = ( *((intOrPtr*)( *_v20 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t83) & 0x000000ff;
										_pop(_t339);
										 *[fs:eax] = _t339;
										_push(0x42fddd);
										return E00429270( &_v48);
									}
								}
							} else {
								E00428BE8(__ecx);
								goto L41;
							}
						} else {
							_v9 = E0042F548(_v8, 2);
							goto L41;
						}
					} else {
						_v9 = E0042F534(0, 1);
						goto L41;
					}
				} else {
					if(_t272 != 0) {
						if(_t272 != 1) {
							if(E00430858( *_v32 & 0x0000ffff,  &_v24) != 0) {
								_push( &_v12);
								_t282 =  *_v24;
								if( *((intOrPtr*)( *_v24 + 4))() == 0) {
									_push( &_v48);
									L0042723C();
									_push(_t360);
									_push(0x42fb5b);
									_push( *[fs:eax]);
									 *[fs:eax] = _t363;
									_t306 =  *_v28 & 0x0000ffff;
									E0042999C( &_v48, _t282,  *_v28 & 0x0000ffff, _v32, __edi, __fp0);
									if((_v48 & 0xfff) !=  *_v28) {
										E00428AF0(_t306);
									}
									_v9 = E0042F7C8(_v28, _v8,  &_v48, _t358, _t360, _t367);
									_pop(_t347);
									 *[fs:eax] = _t347;
									_push(0x42fddd);
									return E00429270( &_v48);
								} else {
									if(( *_v28 & 0x0000ffff) == _v12) {
										_t44 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t44) & 0x000000ff;
										goto L41;
									} else {
										_push( &_v48);
										L0042723C();
										_push(_t360);
										_push(0x42fac4);
										_push( *[fs:eax]);
										 *[fs:eax] = _t363;
										_t311 = _v12 & 0x0000ffff;
										E0042999C( &_v48, _t282, _v12 & 0x0000ffff, _v28, __edi, __fp0);
										if((_v48 & 0xfff) != _v12) {
											E00428AF0(_t311);
										}
										_t32 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t32) & 0x000000ff;
										_pop(_t355);
										 *[fs:eax] = _t355;
										_push(0x42fddd);
										return E00429270( &_v48);
									}
								}
							} else {
								E00428BE8(__ecx);
								goto L41;
							}
						} else {
							_v9 = E0042F548(_v8, 0);
							goto L41;
						}
					} else {
						_v9 = E0042F534(1, 0);
						L41:
						return _v9 & 0x000000ff;
					}
				}
			}

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 159d17326751bcc4429ea4d4391f5d76f4ff936cf82bf7456c3c1ebee9a0f2e4
Instruction ID: 336ab3be91245dbcb88afa50d39c96b555b7b4dd4c7b37a8d21c905a6355ac7c
Opcode Fuzzy Hash: 159d17326751bcc4429ea4d4391f5d76f4ff936cf82bf7456c3c1ebee9a0f2e4
Instruction Fuzzy Hash: ACD16E75B00119DFCF00DFA5D4918FEB7B5EF49300BD084BBE801A7251D638A94ADB69

Uniqueness

Uniqueness Score: -1.00%

Function 00430108, Relevance: 7.6, Strings: 6, Instructions: 88
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E00430108(signed int __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				void* _v8;
				char _v12;
				char _v16;
				signed char _t43;
				intOrPtr* _t54;
				intOrPtr _t56;
				signed short _t69;
				intOrPtr* _t71;
				intOrPtr _t74;

				_push(0);
				_push(0);
				_push(0);
				_t71 = __edx;
				_t43 = __eax;
				_push(_t74);
				_push(0x43021b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t74;
				_t69 = 0x00000fff & __eax;
				if(0xfff > 0x15) {
					if(__eax != 0x100) {
						if(__eax != 0x102) {
							if(__eax != 0x101) {
								if(E00430858(__eax,  &_v8) == 0) {
									E0041A150(_t69 & 0x0000ffff,  &_v16, 4);
									_t54 =  *0x4ba74c; // 0x4b7e2c
									E0040873C(_t71, _v16,  *_t54);
								} else {
									E00405BE8( *_v8,  &_v12);
									E004088AC(_v12, 0x7fffffff, 2, __edx);
								}
							} else {
								E00407E00(__edx, 0x43027c);
							}
						} else {
							E00407E00(__edx, L"UnicodeString");
						}
					} else {
						E00407E00(__edx, L"String");
					}
				} else {
					E00407E00(__edx,  *((intOrPtr*)(0x4b9470 + (_t69 & 0x0000ffff) * 4)));
				}
				if((_t43 & 0x00000020) != 0) {
					E0040873C(_t71,  *_t71, L"Array ");
				}
				if((_t43 & 0x00000040) != 0) {
					E0040873C(_t71,  *_t71, L"ByRef ");
				}
				_pop(_t56);
				 *[fs:eax] = _t56;
				_push(0x430222);
				return E00407A80( &_v16, 2);
			}

0x0043010b
0x0043010d
0x0043010f
0x00430114
0x00430116
0x0043011a
0x0043011b
0x00430120
0x00430123
0x0043012a
0x00430131
0x0043014e
0x00430163
0x00430178
0x00430194
0x004301c3
0x004301cb
0x004301d5
0x00430196
0x0043019f
0x004301b1
0x004301b1
0x0043017a
0x00430181
0x00430181
0x00430165
0x0043016c
0x0043016c
0x00430150
0x00430157
0x00430157
0x00430133
0x0043013f
0x0043013f
0x004301dd
0x004301e8
0x004301e8
0x004301f0
0x004301fb
0x004301fb
0x00430202
0x00430205
0x00430208
0x0043021a

Strings

,~K, xrefs: 004301CB
String, xrefs: 00430152
Array , xrefs: 004301E3
UnicodeString, xrefs: 00430167
Any, xrefs: 0043017C
ByRef , xrefs: 004301F6

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID:
String ID: ,~K$Any$Array $ByRef $String$UnicodeString
API String ID: 0-4250746425
Opcode ID: 5a815ab9b5c56c37baefb2e482af7805e4cb3dae4e66c6f3d8fb93a16b8ef7fe
Instruction ID: d18eff35f2d65af8573790d465628f163b54ecb0f9697398d4f6cf6d1622d84b
Opcode Fuzzy Hash: 5a815ab9b5c56c37baefb2e482af7805e4cb3dae4e66c6f3d8fb93a16b8ef7fe
Instruction Fuzzy Hash: 1821F730B041049BDB10EA59CC2176BB3A6DB8D700F6092BBBD40A77C5CA7DAC0187DE

Uniqueness

Uniqueness Score: -1.00%

Function 004AF904, Relevance: 7.6, APIs: 5, Instructions: 80
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004AF904(void* __eax) {
				char _v44;
				struct _SYSTEM_INFO _v80;
				long _v84;
				char _v88;
				long _t22;
				void* _t37;
				struct _MEMORY_BASIC_INFORMATION* _t40;
				long _t41;
				void** _t42;

				_t42 =  &(_v80.dwPageSize);
				 *_t42 = __eax;
				_t40 =  &_v44;
				GetSystemInfo( &_v80);
				_t22 = VirtualQuery( *_t42, _t40, 0x1c);
				if(_t22 == 0) {
					L17:
					return _t22;
				} else {
					while(1) {
						_t22 = _t40->AllocationBase;
						if(_t22 !=  *_t42) {
							goto L17;
						}
						if(_t40->State != 0x1000 || (_t40->Protect & 0x00000001) != 0) {
							L15:
							_t22 = VirtualQuery(_t40->BaseAddress + _t40->RegionSize, _t40, 0x1c);
							if(_t22 == 0) {
								goto L17;
							}
							continue;
						} else {
							_v88 = 0;
							_t41 = _t40->Protect;
							if(_t41 == 1 || _t41 == 2 || _t41 == 0x10 || _t41 == 0x20) {
								if(VirtualProtect(_t40->BaseAddress, _t40->RegionSize, 0x40,  &_v84) != 0) {
									_v88 = 1;
								}
							}
							_t37 = 0;
							while(_t37 < _t40->RegionSize) {
								E004AF8FC(_t40->BaseAddress + _t37);
								_t37 = _t37 + _v80.dwPageSize;
							}
							if(_v88 != 0) {
								VirtualProtect( *_t40, _t40->RegionSize, _v84,  &_v84);
							}
							goto L15;
						}
					}
					goto L17;
				}
			}

0x004af908
0x004af90b
0x004af90e
0x004af917
0x004af923
0x004af92a
0x004af9d6
0x004af9d6
0x004af930
0x004af9c3
0x004af9c3
0x004af9c9
0x00000000
0x00000000
0x004af93c
0x004af9af
0x004af9ba
0x004af9c1
0x00000000
0x00000000
0x00000000
0x004af944
0x004af944
0x004af949
0x004af94f
0x004af975
0x004af977
0x004af977
0x004af975
0x004af97c
0x004af98d
0x004af984
0x004af989
0x004af989
0x004af997
0x004af9aa
0x004af9aa
0x00000000
0x004af997
0x004af93c
0x00000000
0x004af9c3

APIs

GetSystemInfo.KERNEL32(?), ref: 004AF917
VirtualQuery.KERNEL32(?,?,0000001C,?), ref: 004AF923
VirtualProtect.KERNEL32(?,?,00000040,0000001C,?,?,0000001C), ref: 004AF96E
VirtualProtect.KERNEL32(?,?,?,0000001C,?,?,00000040,0000001C,?,?,0000001C), ref: 004AF9AA
VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C,?), ref: 004AF9BA

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Virtual$ProtectQuery$InfoSystem
String ID:
API String ID: 2441996862-0
Opcode ID: 9f7787049e468a5f18debe52421e9e6cdf0c574af4885d60206e685c39788fad
Instruction ID: 9e45b338133956b17b8a8ad54cf185b01de6f5181235357074ed8b47fe3ad323
Opcode Fuzzy Hash: 9f7787049e468a5f18debe52421e9e6cdf0c574af4885d60206e685c39788fad
Instruction Fuzzy Hash: 96216DB1104304BED720EA95C884F6BB7EC9F56354F04482EF5C4C3681D338E949CB66

Uniqueness

Uniqueness Score: -1.00%

Function 0041C790, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77
threadCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E0041C790(void* __eax, void* __ebx, intOrPtr* __edx, void* __esi, intOrPtr _a4) {
				char _v8;
				short _v18;
				short _v22;
				struct _SYSTEMTIME _v24;
				short _v536;
				short* _t32;
				intOrPtr* _t47;
				intOrPtr _t56;
				void* _t61;
				intOrPtr _t63;
				void* _t67;

				_v8 = 0;
				_t47 = __edx;
				_t61 = __eax;
				_push(_t67);
				_push(0x41c873);
				_push( *[fs:eax]);
				 *[fs:eax] = _t67 + 0xfffffdec;
				E00407A20(__edx);
				_v24 =  *(_a4 - 2) & 0x0000ffff;
				_v22 =  *(_a4 - 4) & 0x0000ffff;
				_v18 =  *(_a4 - 6) & 0x0000ffff;
				if(_t61 > 2) {
					E00407E48( &_v8, L"yyyy");
				} else {
					E00407E48( &_v8, 0x41c88c);
				}
				_t32 = E004084EC(_v8);
				if(GetDateFormatW(GetThreadLocale(), 4,  &_v24, _t32,  &_v536, 0x200) != 0) {
					E0040858C(_t47, 0x100,  &_v536);
					if(_t61 == 1 &&  *((short*)( *_t47)) == 0x30) {
						_t63 =  *_t47;
						if(_t63 != 0) {
							_t63 =  *((intOrPtr*)(_t63 - 4));
						}
						E004088AC( *_t47, _t63 - 1, 2, _t47);
					}
				}
				_pop(_t56);
				 *[fs:eax] = _t56;
				_push(0x41c87a);
				return E00407A20( &_v8);
			}

APIs

GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000200,00000000,0041C873), ref: 0041C816
GetDateFormatW.KERNEL32(00000000,00000004,?,00000000,?,00000200,00000000,0041C873), ref: 0041C81C

Strings

yyyy, xrefs: 0041C7F1
, xrefs: 0041C7E2

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: DateFormatLocaleThread
String ID: $yyyy
API String ID: 3303714858-404527807
Opcode ID: 9b84cafd13c5b3a76178dd7a5deb0e6d63fe676c73d736d950a9ec0585647aa0
Instruction ID: d4c72dfe3e93bc103dd676e1b73ac12d517b544291048ec360f079cc1ca068dc
Opcode Fuzzy Hash: 9b84cafd13c5b3a76178dd7a5deb0e6d63fe676c73d736d950a9ec0585647aa0
Instruction Fuzzy Hash: 9A215335A442189BDB11EF95CDC1AAEB3B8EF08701F5144BBFC45E7281D7789E4087AA

Uniqueness

Uniqueness Score: -1.00%

Function 00404D58, Relevance: 6.5, Strings: 5, Instructions: 285
COMMON

Download Yara Rule

C-Code - Quality: 98%

			E00404D58(void* __eax, void* __fp0) {
				void* _v8;
				char _v110600;
				char _v112644;
				char _v112645;
				signed int _v112652;
				char _v112653;
				char _v112654;
				char _v112660;
				intOrPtr _v112664;
				intOrPtr _v112668;
				intOrPtr _v112672;
				signed short* _v112676;
				void* _v112680;
				char _v129064;
				char _v131113;
				char _v161832;
				void* _t75;
				signed int _t83;
				intOrPtr _t86;
				intOrPtr _t97;
				intOrPtr _t102;
				void* _t114;
				intOrPtr _t115;
				intOrPtr _t121;
				intOrPtr _t126;
				void* _t136;
				intOrPtr _t137;
				intOrPtr _t141;
				signed int _t151;
				signed int _t156;
				intOrPtr _t157;
				char* _t159;
				char* _t160;
				char* _t161;
				char* _t162;
				char* _t163;
				char* _t164;
				char* _t166;
				char* _t167;
				char* _t172;
				char* _t173;
				intOrPtr _t196;
				intOrPtr _t208;
				void* _t210;
				void* _t211;
				intOrPtr* _t214;
				void* _t216;
				void* _t217;
				signed int _t222;
				void* _t225;
				void* _t226;
				void* _t239;

				_push(__eax);
				_t75 = 0x27;
				goto L1;
				L12:
				while(_t208 != 0x4bbad8) {
					_t83 = E00404858(_t208);
					_t156 = _t83;
					__eflags = _t156;
					if(_t156 == 0) {
						L11:
						_t208 =  *((intOrPtr*)(_t208 + 4));
						continue;
					} else {
						goto L4;
					}
					do {
						L4:
						_t222 =  *(_t156 - 4);
						__eflags = _t222 & 0x00000001;
						if((_t222 & 0x00000001) == 0) {
							__eflags = _t222 & 0x00000004;
							if(__eflags == 0) {
								__eflags = _v112652 - 0x1000;
								if(_v112652 < 0x1000) {
									_v112664 = (_t222 & 0xfffffff0) - 4;
									_t151 = E00404B44(_t156);
									__eflags = _t151;
									if(_t151 == 0) {
										_v112645 = 0;
										 *((intOrPtr*)(_t225 + _v112652 * 4 - 0x1f824)) = _v112664;
										_t19 =  &_v112652;
										 *_t19 = _v112652 + 1;
										__eflags =  *_t19;
									}
								}
							} else {
								E00404B9C(_t156, __eflags, _t225);
							}
						}
						_t83 = E00404834(_t156);
						_t156 = _t83;
						__eflags = _t156;
					} while (_t156 != 0);
					goto L11;
				}
				_t157 =  *0x4bdb80;
				while(_t157 != 0x4bdb7c && _v112652 < 0x1000) {
					_t83 = E00404B44(_t157 + 0x10);
					__eflags = _t83;
					if(_t83 == 0) {
						_v112645 = 0;
						_t83 = _v112652;
						 *((intOrPtr*)(_t225 + _t83 * 4 - 0x1f824)) = ( *(_t157 + 0xc) & 0xfffffff0) - 0xfffffffffffffff4;
						_t28 =  &_v112652;
						 *_t28 = _v112652 + 1;
						__eflags =  *_t28;
					}
					_t157 =  *((intOrPtr*)(_t157 + 4));
				}
				if(_v112645 != 0) {
					L54:
					return _t83;
				}
				_v112653 = 0;
				_v112668 = 0;
				_t86 =  *0x4b705c; // 0x40385c
				_t159 = E00404924(E00407EF0(_t86),  &_v161832);
				_v112660 = 0x37;
				_v112676 = 0x4b7082;
				_v112680 =  &_v110600;
				do {
					_v112672 = ( *_v112676 & 0x0000ffff) - 4;
					_v112654 = 0;
					_t210 = 0xff;
					_t214 = _v112680;
					while(_t159 <=  &_v131113) {
						if( *_t214 > 0) {
							if(_v112653 == 0) {
								_t141 =  *0x4b7060; // 0x403888
								_t159 = E00404924(E00407EF0(_t141), _t159);
								_v112653 = 1;
							}
							if(_v112654 != 0) {
								 *_t159 = 0x2c;
								_t164 = _t159 + 1;
								 *_t164 = 0x20;
								_t165 = _t164 + 1;
								__eflags = _t164 + 1;
							} else {
								 *_t159 = 0xd;
								 *((char*)(_t159 + 1)) = 0xa;
								_t172 = E004048D4(_v112668 + 1, _t159 + 2);
								 *_t172 = 0x20;
								_t173 = _t172 + 1;
								 *_t173 = 0x2d;
								 *((char*)(_t173 + 1)) = 0x20;
								_t136 = E004048D4(_v112672, _t173 + 2);
								_t137 =  *0x4b7068; // 0x4038f0
								_t165 = E00404924(E00407EF0(_t137), _t136);
								_v112654 = 1;
							}
							_t114 = _t210 - 1;
							_t239 = _t114;
							if(_t239 < 0) {
								_t115 =  *0x4b706c; // 0x4038fc
								_t166 = E00404924(E00407EF0(_t115), _t165);
							} else {
								if(_t239 == 0) {
									_t121 =  *0x4b7070; // 0x403904
									_t166 = E00404924(E00407EF0(_t121), _t165);
								} else {
									if(_t114 == 1) {
										_t126 =  *0x4b7074; // 0x403910
										_t166 = E00404924(E00407EF0(_t126), _t165);
									} else {
										_t166 = E0040493C( *((intOrPtr*)(_t214 - 4)), _t165);
									}
								}
							}
							 *_t166 = 0x20;
							_t167 = _t166 + 1;
							 *_t167 = 0x78;
							 *((char*)(_t167 + 1)) = 0x20;
							_t159 = E004048D4( *_t214, _t167 + 2);
						}
						_t210 = _t210 - 1;
						_t214 = _t214 - 8;
						if(_t210 != 0xffffffff) {
							continue;
						} else {
							goto L39;
						}
					}
					L39:
					if(_v112654 != 0 ||  *0x4bbad6 == 0 || (_v112672 + 0x00000004 & 0x0000000f) == 0) {
						_v112668 = _v112672;
					}
					_v112680 = _v112680 + 0x800;
					_v112676 =  &(_v112676[0x10]);
					_t62 =  &_v112660;
					 *_t62 = _v112660 - 1;
				} while ( *_t62 != 0);
				if(_v112652 <= 0) {
					L53:
					_t97 =  *0x4b7078; // 0x403920
					E00404924(E00407EF0(_t97), _t159);
					_t196 =  *0x4b707c; // 0x403924
					_t83 = E004047B0( &_v161832, _t98, _t196);
					goto L54;
				}
				if(_v112653 != 0) {
					 *_t159 = 0xd;
					_t161 = _t159 + 1;
					 *_t161 = 0xa;
					_t162 = _t161 + 1;
					 *_t162 = 0xd;
					_t163 = _t162 + 1;
					 *_t163 = 0xa;
					_t159 = _t163 + 1;
				}
				_t102 =  *0x4b7064; // 0x4038b0
				_t159 = E00404924(E00407EF0(_t102), _t159);
				_t216 = _v112652 - 1;
				if(_t216 >= 0) {
					_t217 = _t216 + 1;
					_t211 = 0;
					_v112680 =  &_v129064;
					L49:
					L49:
					if(_t211 != 0) {
						 *_t159 = 0x2c;
						_t160 = _t159 + 1;
						 *_t160 = 0x20;
						_t159 = _t160 + 1;
					}
					_t159 = E004048D4( *_v112680, _t159);
					if(_t159 >  &_v131113) {
						goto L53;
					}
					_t211 = _t211 + 1;
					_v112680 = _v112680 + 4;
					_t217 = _t217 - 1;
					if(_t217 != 0) {
						goto L49;
					}
				}
				L1:
				_t226 = _t226 + 0xfffff004;
				_push(_t75);
				_t75 = _t75 - 1;
				if(_t75 != 0) {
					goto L1;
				} else {
					E00405884( &_v161832, 0x8000);
					E00405884( &_v112644, 0x1b800);
					E00405884( &_v129064, 0x4000);
					_t83 = 0;
					_v112652 = 0;
					_v112645 = 1;
					_t208 =  *0x4bbadc;
					goto L12;
				}
			}

0x00404d5b
0x00404d5c
0x00404d5c
0x00000000
0x00404e49
0x00404dc9
0x00404dce
0x00404dd0
0x00404dd2
0x00404e46
0x00404e46
0x00000000
0x00000000
0x00000000
0x00000000
0x00404dd4
0x00404dd4
0x00404dd9
0x00404ddb
0x00404de1
0x00404de3
0x00404de9
0x00404df6
0x00404e00
0x00404e08
0x00404e10
0x00404e15
0x00404e17
0x00404e19
0x00404e2c
0x00404e33
0x00404e33
0x00404e33
0x00404e33
0x00404e17
0x00404deb
0x00404dee
0x00404df3
0x00404de9
0x00404e3b
0x00404e40
0x00404e42
0x00404e42
0x00000000
0x00404dd4
0x00404e55
0x00404e94
0x00404e62
0x00404e67
0x00404e69
0x00404e6b
0x00404e7e
0x00404e84
0x00404e8b
0x00404e8b
0x00404e8b
0x00404e8b
0x00404e91
0x00404e91
0x00404eaf
0x0040515b
0x00405161
0x00405161
0x00404eb5
0x00404ebe
0x00404ec4
0x00404ee0
0x00404ee2
0x00404eec
0x00404efc
0x00404f02
0x00404f0e
0x00404f14
0x00404f1b
0x00404f26
0x00404f28
0x00404f39
0x00404f46
0x00404f48
0x00404f60
0x00404f62
0x00404f62
0x00404f70
0x00404fc8
0x00404fcb
0x00404fcc
0x00404fcf
0x00404fcf
0x00404f72
0x00404f72
0x00404f76
0x00404f88
0x00404f8a
0x00404f8d
0x00404f8e
0x00404f92
0x00404f9e
0x00404fa5
0x00404fbd
0x00404fbf
0x00404fbf
0x00404fd2
0x00404fd2
0x00404fd5
0x00404fde
0x00404ff6
0x00404fd7
0x00404fd7
0x00404ffa
0x00405012
0x00404fd9
0x00404fda
0x00405016
0x0040502e
0x00404fdc
0x0040503c
0x0040503c
0x00404fda
0x00404fd7
0x0040503e
0x00405041
0x00405042
0x00405046
0x00405053
0x00405053
0x00405055
0x00405056
0x0040505c
0x00000000
0x00000000
0x00000000
0x00000000
0x0040505c
0x00405062
0x00405069
0x00405087
0x00405087
0x0040508d
0x00405097
0x0040509e
0x0040509e
0x0040509e
0x004050b1
0x00405132
0x00405132
0x00405145
0x00405150
0x00405156
0x00000000
0x00405156
0x004050ba
0x004050bc
0x004050bf
0x004050c0
0x004050c3
0x004050c4
0x004050c7
0x004050c8
0x004050cb
0x004050cb
0x004050cc
0x004050e4
0x004050ec
0x004050ef
0x004050f1
0x004050f2
0x004050fa
0x00000000
0x00405100
0x00405102
0x00405104
0x00405107
0x00405108
0x0040510b
0x0040510b
0x0040511b
0x00405125
0x00000000
0x00000000
0x00405127
0x00405128
0x0040512f
0x00405130
0x00000000
0x00000000
0x00405130
0x00404d61
0x00404d61
0x00404d67
0x00404d68
0x00404d69
0x00000000
0x00404d6b
0x00404d84
0x00404d96
0x00404da8
0x00404dad
0x00404daf
0x00404db5
0x00404dbc
0x00000000
0x00404dbc

Strings

7, xrefs: 00404EE2
\8@, xrefs: 00404EC4, 00404ED6
$9@, xrefs: 00405150
, xrefs: 00405097
9@, xrefs: 00405132, 00405140

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID:
String ID: $ 9@$$9@$7$\8@
API String ID: 0-2227431551
Opcode ID: 7969f500345c91e017eaa2e503cc38f8b230a4fef70c73b9e7c52adf5753eb77
Instruction ID: 38bfbe5b9adaf62520304bd95c58c6398793e5c4917e0a813314b7cf8cdf845a
Opcode Fuzzy Hash: 7969f500345c91e017eaa2e503cc38f8b230a4fef70c73b9e7c52adf5753eb77
Instruction Fuzzy Hash: ABB1A370A042548BDB21EB2DC880B9A77E5EB89704F1441F6E549FB3C2CB789D85CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00404D56, Relevance: 6.5, Strings: 5, Instructions: 207
COMMON

Download Yara Rule

C-Code - Quality: 98%

			E00404D56(void* __eax) {
				void* _v8;
				char _v110600;
				char _v112644;
				char _v112645;
				signed int _v112652;
				char _v112653;
				char _v112654;
				char _v112660;
				intOrPtr _v112664;
				intOrPtr _v112668;
				intOrPtr _v112672;
				signed short* _v112676;
				void* _v112680;
				char _v129064;
				char _v131113;
				char _v161832;
				void* _t75;
				signed int _t83;
				intOrPtr _t86;
				intOrPtr _t97;
				intOrPtr _t102;
				void* _t114;
				intOrPtr _t115;
				intOrPtr _t121;
				intOrPtr _t126;
				void* _t136;
				intOrPtr _t137;
				intOrPtr _t141;
				signed int _t151;
				signed int _t156;
				intOrPtr _t157;
				char* _t159;
				char* _t160;
				char* _t161;
				char* _t162;
				char* _t163;
				char* _t164;
				char* _t166;
				char* _t167;
				char* _t172;
				char* _t173;
				intOrPtr _t196;
				intOrPtr _t208;
				void* _t210;
				void* _t211;
				intOrPtr* _t214;
				void* _t216;
				void* _t217;
				signed int _t222;
				void* _t226;
				void* _t228;
				void* _t242;

				_t226 = _t228;
				_push(__eax);
				_t75 = 0x27;
				goto L2;
				L13:
				while(_t208 != 0x4bbad8) {
					_t83 = E00404858(_t208);
					_t156 = _t83;
					__eflags = _t156;
					if(_t156 == 0) {
						L12:
						_t208 =  *((intOrPtr*)(_t208 + 4));
						continue;
					} else {
						goto L5;
					}
					do {
						L5:
						_t222 =  *(_t156 - 4);
						__eflags = _t222 & 0x00000001;
						if((_t222 & 0x00000001) == 0) {
							__eflags = _t222 & 0x00000004;
							if(__eflags == 0) {
								__eflags = _v112652 - 0x1000;
								if(_v112652 < 0x1000) {
									_v112664 = (_t222 & 0xfffffff0) - 4;
									_t151 = E00404B44(_t156);
									__eflags = _t151;
									if(_t151 == 0) {
										_v112645 = 0;
										 *((intOrPtr*)(_t226 + _v112652 * 4 - 0x1f824)) = _v112664;
										_t19 =  &_v112652;
										 *_t19 = _v112652 + 1;
										__eflags =  *_t19;
									}
								}
							} else {
								E00404B9C(_t156, __eflags, _t226);
							}
						}
						_t83 = E00404834(_t156);
						_t156 = _t83;
						__eflags = _t156;
					} while (_t156 != 0);
					goto L12;
				}
				_t157 =  *0x4bdb80;
				while(_t157 != 0x4bdb7c && _v112652 < 0x1000) {
					_t83 = E00404B44(_t157 + 0x10);
					__eflags = _t83;
					if(_t83 == 0) {
						_v112645 = 0;
						_t83 = _v112652;
						 *((intOrPtr*)(_t226 + _t83 * 4 - 0x1f824)) = ( *(_t157 + 0xc) & 0xfffffff0) - 0xfffffffffffffff4;
						_t28 =  &_v112652;
						 *_t28 = _v112652 + 1;
						__eflags =  *_t28;
					}
					_t157 =  *((intOrPtr*)(_t157 + 4));
				}
				if(_v112645 != 0) {
					L55:
					return _t83;
				}
				_v112653 = 0;
				_v112668 = 0;
				_t86 =  *0x4b705c; // 0x40385c
				_t159 = E00404924(E00407EF0(_t86),  &_v161832);
				_v112660 = 0x37;
				_v112676 = 0x4b7082;
				_v112680 =  &_v110600;
				do {
					_v112672 = ( *_v112676 & 0x0000ffff) - 4;
					_v112654 = 0;
					_t210 = 0xff;
					_t214 = _v112680;
					while(_t159 <=  &_v131113) {
						if( *_t214 > 0) {
							if(_v112653 == 0) {
								_t141 =  *0x4b7060; // 0x403888
								_t159 = E00404924(E00407EF0(_t141), _t159);
								_v112653 = 1;
							}
							if(_v112654 != 0) {
								 *_t159 = 0x2c;
								_t164 = _t159 + 1;
								 *_t164 = 0x20;
								_t165 = _t164 + 1;
								__eflags = _t164 + 1;
							} else {
								 *_t159 = 0xd;
								 *((char*)(_t159 + 1)) = 0xa;
								_t172 = E004048D4(_v112668 + 1, _t159 + 2);
								 *_t172 = 0x20;
								_t173 = _t172 + 1;
								 *_t173 = 0x2d;
								 *((char*)(_t173 + 1)) = 0x20;
								_t136 = E004048D4(_v112672, _t173 + 2);
								_t137 =  *0x4b7068; // 0x4038f0
								_t165 = E00404924(E00407EF0(_t137), _t136);
								_v112654 = 1;
							}
							_t114 = _t210 - 1;
							_t242 = _t114;
							if(_t242 < 0) {
								_t115 =  *0x4b706c; // 0x4038fc
								_t166 = E00404924(E00407EF0(_t115), _t165);
							} else {
								if(_t242 == 0) {
									_t121 =  *0x4b7070; // 0x403904
									_t166 = E00404924(E00407EF0(_t121), _t165);
								} else {
									if(_t114 == 1) {
										_t126 =  *0x4b7074; // 0x403910
										_t166 = E00404924(E00407EF0(_t126), _t165);
									} else {
										_t166 = E0040493C( *((intOrPtr*)(_t214 - 4)), _t165);
									}
								}
							}
							 *_t166 = 0x20;
							_t167 = _t166 + 1;
							 *_t167 = 0x78;
							 *((char*)(_t167 + 1)) = 0x20;
							_t159 = E004048D4( *_t214, _t167 + 2);
						}
						_t210 = _t210 - 1;
						_t214 = _t214 - 8;
						if(_t210 != 0xffffffff) {
							continue;
						} else {
							goto L40;
						}
					}
					L40:
					if(_v112654 != 0 ||  *0x4bbad6 == 0 || (_v112672 + 0x00000004 & 0x0000000f) == 0) {
						_v112668 = _v112672;
					}
					_v112680 = _v112680 + 0x800;
					_v112676 =  &(_v112676[0x10]);
					_t62 =  &_v112660;
					 *_t62 = _v112660 - 1;
				} while ( *_t62 != 0);
				if(_v112652 <= 0) {
					L54:
					_t97 =  *0x4b7078; // 0x403920
					E00404924(E00407EF0(_t97), _t159);
					_t196 =  *0x4b707c; // 0x403924
					_t83 = E004047B0( &_v161832, _t98, _t196);
					goto L55;
				}
				if(_v112653 != 0) {
					 *_t159 = 0xd;
					_t161 = _t159 + 1;
					 *_t161 = 0xa;
					_t162 = _t161 + 1;
					 *_t162 = 0xd;
					_t163 = _t162 + 1;
					 *_t163 = 0xa;
					_t159 = _t163 + 1;
				}
				_t102 =  *0x4b7064; // 0x4038b0
				_t159 = E00404924(E00407EF0(_t102), _t159);
				_t216 = _v112652 - 1;
				if(_t216 >= 0) {
					_t217 = _t216 + 1;
					_t211 = 0;
					_v112680 =  &_v129064;
					L50:
					L50:
					if(_t211 != 0) {
						 *_t159 = 0x2c;
						_t160 = _t159 + 1;
						 *_t160 = 0x20;
						_t159 = _t160 + 1;
					}
					_t159 = E004048D4( *_v112680, _t159);
					if(_t159 >  &_v131113) {
						goto L54;
					}
					_t211 = _t211 + 1;
					_v112680 = _v112680 + 4;
					_t217 = _t217 - 1;
					if(_t217 != 0) {
						goto L50;
					}
				}
				L2:
				_t228 = _t228 + 0xfffff004;
				_push(_t75);
				_t75 = _t75 - 1;
				if(_t75 != 0) {
					goto L2;
				} else {
					E00405884( &_v161832, 0x8000);
					E00405884( &_v112644, 0x1b800);
					E00405884( &_v129064, 0x4000);
					_t83 = 0;
					_v112652 = 0;
					_v112645 = 1;
					_t208 =  *0x4bbadc;
					goto L13;
				}
			}

0x00404d59
0x00404d5b
0x00404d5c
0x00404d5c
0x00000000
0x00404e49
0x00404dc9
0x00404dce
0x00404dd0
0x00404dd2
0x00404e46
0x00404e46
0x00000000
0x00000000
0x00000000
0x00000000
0x00404dd4
0x00404dd4
0x00404dd9
0x00404ddb
0x00404de1
0x00404de3
0x00404de9
0x00404df6
0x00404e00
0x00404e08
0x00404e10
0x00404e15
0x00404e17
0x00404e19
0x00404e2c
0x00404e33
0x00404e33
0x00404e33
0x00404e33
0x00404e17
0x00404deb
0x00404dee
0x00404df3
0x00404de9
0x00404e3b
0x00404e40
0x00404e42
0x00404e42
0x00000000
0x00404dd4
0x00404e55
0x00404e94
0x00404e62
0x00404e67
0x00404e69
0x00404e6b
0x00404e7e
0x00404e84
0x00404e8b
0x00404e8b
0x00404e8b
0x00404e8b
0x00404e91
0x00404e91
0x00404eaf
0x0040515b
0x00405161
0x00405161
0x00404eb5
0x00404ebe
0x00404ec4
0x00404ee0
0x00404ee2
0x00404eec
0x00404efc
0x00404f02
0x00404f0e
0x00404f14
0x00404f1b
0x00404f26
0x00404f28
0x00404f39
0x00404f46
0x00404f48
0x00404f60
0x00404f62
0x00404f62
0x00404f70
0x00404fc8
0x00404fcb
0x00404fcc
0x00404fcf
0x00404fcf
0x00404f72
0x00404f72
0x00404f76
0x00404f88
0x00404f8a
0x00404f8d
0x00404f8e
0x00404f92
0x00404f9e
0x00404fa5
0x00404fbd
0x00404fbf
0x00404fbf
0x00404fd2
0x00404fd2
0x00404fd5
0x00404fde
0x00404ff6
0x00404fd7
0x00404fd7
0x00404ffa
0x00405012
0x00404fd9
0x00404fda
0x00405016
0x0040502e
0x00404fdc
0x0040503c
0x0040503c
0x00404fda
0x00404fd7
0x0040503e
0x00405041
0x00405042
0x00405046
0x00405053
0x00405053
0x00405055
0x00405056
0x0040505c
0x00000000
0x00000000
0x00000000
0x00000000
0x0040505c
0x00405062
0x00405069
0x00405087
0x00405087
0x0040508d
0x00405097
0x0040509e
0x0040509e
0x0040509e
0x004050b1
0x00405132
0x00405132
0x00405145
0x00405150
0x00405156
0x00000000
0x00405156
0x004050ba
0x004050bc
0x004050bf
0x004050c0
0x004050c3
0x004050c4
0x004050c7
0x004050c8
0x004050cb
0x004050cb
0x004050cc
0x004050e4
0x004050ec
0x004050ef
0x004050f1
0x004050f2
0x004050fa
0x00000000
0x00405100
0x00405102
0x00405104
0x00405107
0x00405108
0x0040510b
0x0040510b
0x0040511b
0x00405125
0x00000000
0x00000000
0x00405127
0x00405128
0x0040512f
0x00405130
0x00000000
0x00000000
0x00405130
0x00404d61
0x00404d61
0x00404d67
0x00404d68
0x00404d69
0x00000000
0x00404d6b
0x00404d84
0x00404d96
0x00404da8
0x00404dad
0x00404daf
0x00404db5
0x00404dbc
0x00000000
0x00404dbc

Strings

7, xrefs: 00404EE2
\8@, xrefs: 00404EC4, 00404ED6
$9@, xrefs: 00405150
, xrefs: 00405097
9@, xrefs: 00405132, 00405140

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID:
String ID: $ 9@$$9@$7$\8@
API String ID: 0-2227431551
Opcode ID: 4cdb579aa024b3b49749cddf2325589ba63c10914bcd25135e1ab541659f1af2
Instruction ID: d9e7504335f98ee1a768429944a09deb21c13269055f6f0d7257e813d24d58b4
Opcode Fuzzy Hash: 4cdb579aa024b3b49749cddf2325589ba63c10914bcd25135e1ab541659f1af2
Instruction Fuzzy Hash: 5081B470A082948FDB21EB2CC880B9AB7E5EB49704F1441F6E549E7382DB789D85CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00451FC8, Relevance: 6.4, Strings: 5, Instructions: 186
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E00451FC8(intOrPtr* __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				intOrPtr _t80;
				intOrPtr _t81;
				char _t82;
				intOrPtr* _t128;
				void* _t129;
				intOrPtr _t150;
				intOrPtr _t152;
				void* _t172;
				void* _t173;
				char _t175;
				signed int _t176;
				intOrPtr _t178;
				intOrPtr _t179;

				_t174 = __esi;
				_t170 = __edi;
				_t178 = _t179;
				_t129 = 4;
				do {
					_push(0);
					_push(0);
					_t129 = _t129 - 1;
				} while (_t129 != 0);
				_push(_t129);
				_push(__esi);
				_push(__edi);
				_t128 = __edx;
				_v12 = __eax;
				_push(_t178);
				_push(0x4521dc);
				_push( *[fs:eax]);
				 *[fs:eax] = _t179;
				E00407A20(__edx);
				if( *((intOrPtr*)( *_v12 + 0x20))() != 0) {
					if( *((intOrPtr*)( *_v12 + 0x2c))() != 0) {
						E004086E4(_t128, L"class ");
					}
					if(E00451E4C(_v12) == 0) {
						if(E00451E70(_v12) == 0) {
							if( *((intOrPtr*)( *_v12 + 0x10))() != 8) {
								 *((intOrPtr*)( *_v12 + 8))( *((intOrPtr*)(0x4b9dcc + (( *((intOrPtr*)( *_v12 + 0x18))( *_t128) & 0xffffff00 | _t71 == 0x00000000) & 0x0000007f) * 4)));
								_push(_v32);
								E004087C4(_t128, _t128, 3, _t170, _t174);
							} else {
								 *((intOrPtr*)( *_v12 + 8))(L"operator ",  *_t128);
								_push(_v28);
								E004087C4(_t128, _t128, 3, _t170, _t174);
							}
						} else {
							 *((intOrPtr*)( *_v12 + 8))(L"destructor ",  *_t128);
							_push(_v24);
							E004087C4(_t128, _t128, 3, _t170, _t174);
						}
					} else {
						 *((intOrPtr*)( *_v12 + 8))(L"constructor ",  *_t128);
						_push(_v20);
						E004087C4(_t128, _t128, 3, _t170, _t174);
					}
					 *((intOrPtr*)( *_v12 + 0x38))();
					_t175 = _v8;
					_t80 = _t175;
					if(_t80 != 0) {
						_t80 =  *((intOrPtr*)(_t80 - 4));
					}
					if(_t80 > 0) {
						E004086E4(_t128, 0x4522b4);
					}
					_t81 = _t175;
					if(_t81 != 0) {
						_t81 =  *((intOrPtr*)(_t81 - 4));
					}
					_t172 = _t81 - 1;
					if(_t172 < 0) {
						L24:
						_t82 = _v8;
						if(_t82 != 0) {
							_t82 =  *((intOrPtr*)(_t82 - 4));
						}
						if(_t82 > 0) {
							E004086E4(_t128, 0x4522d8);
						}
						if( *((intOrPtr*)( *_v12 + 0x18))() != 0) {
							 *((intOrPtr*)( *( *((intOrPtr*)( *_v12 + 0x18))()) + 8))(0x4522e8,  *_t128);
							_push(_v40);
							E004087C4(_t128, _t128, 3, _t172, _t175);
						}
						goto L30;
					} else {
						_t173 = _t172 + 1;
						_t176 = 0;
						do {
							if(_t176 > 0) {
								E004086E4(_t128, 0x4522c4);
							}
							 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + _t176 * 4)))) - 0x24))();
							E004086E4(_t128, _v36);
							_t176 = _t176 + 1;
							_t173 = _t173 - 1;
						} while (_t173 != 0);
						goto L24;
					}
				} else {
					 *((intOrPtr*)( *_v12 + 8))();
					E0040873C(_t128, _v16, L"(basic) procedure ");
					L30:
					_pop(_t150);
					 *[fs:eax] = _t150;
					_push(0x4521e3);
					E00407A80( &_v40, 7);
					_t152 =  *0x439610; // 0x439614
					return E00409D24( &_v8, _t152);
				}
			}

0x00451fc8
0x00451fc8
0x00451fc9
0x00451fcb
0x00451fd0
0x00451fd0
0x00451fd2
0x00451fd4
0x00451fd4
0x00451fd7
0x00451fd9
0x00451fda
0x00451fdb
0x00451fdd
0x00451fe2
0x00451fe3
0x00451fe8
0x00451feb
0x00451ff0
0x00451fff
0x0045202a
0x00452033
0x00452033
0x00452042
0x00452074
0x004520a3
0x004520e9
0x004520ec
0x004520f6
0x004520a5
0x004520b4
0x004520b7
0x004520c1
0x004520c1
0x00452076
0x00452085
0x00452088
0x00452092
0x00452092
0x00452044
0x00452053
0x00452056
0x00452060
0x00452060
0x00452103
0x00452106
0x00452109
0x0045210d
0x00452112
0x00452112
0x00452116
0x0045211f
0x0045211f
0x00452124
0x00452128
0x0045212d
0x0045212d
0x00452131
0x00452134
0x00452165
0x00452165
0x0045216a
0x0045216f
0x0045216f
0x00452173
0x0045217c
0x0045217c
0x0045218b
0x004521a1
0x004521a4
0x004521ae
0x004521ae
0x00000000
0x00452136
0x00452136
0x00452137
0x00452139
0x0045213b
0x00452144
0x00452144
0x00452154
0x0045215c
0x00452161
0x00452162
0x00452162
0x00000000
0x00452139
0x00452001
0x00452009
0x00452016
0x004521b3
0x004521b5
0x004521b8
0x004521bb
0x004521c8
0x004521d0
0x004521db
0x004521db

Strings

(basic) procedure , xrefs: 00452011
destructor , xrefs: 00452078
operator , xrefs: 004520A7
class , xrefs: 0045202E
constructor , xrefs: 00452046

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID:
String ID: (basic) procedure $class $constructor $destructor $operator
API String ID: 0-1628623062
Opcode ID: 31ed40838c405962f56e374987cd73df10ce287157df03208ef913c12e193d2d
Instruction ID: e9c86aa6918804e7eccd47881d89a493340ae2352fa93d43136a4ef8ee38fd61
Opcode Fuzzy Hash: 31ed40838c405962f56e374987cd73df10ce287157df03208ef913c12e193d2d
Instruction Fuzzy Hash: 53615F347005059FDB00DF65CA80A5EB7B1FF4A701F2040AAFD45AB3A6CB79DD4ACA59

Uniqueness

Uniqueness Score: -1.00%

Function 0041EEFC, Relevance: 6.1, APIs: 4, Instructions: 113
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E0041EEFC(intOrPtr* __eax, void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v534;
				short _v1056;
				short _v1568;
				struct _MEMORY_BASIC_INFORMATION _v1596;
				char _v1600;
				intOrPtr _v1604;
				char _v1608;
				intOrPtr _v1612;
				char _v1616;
				intOrPtr _v1620;
				char _v1624;
				char* _v1628;
				char _v1632;
				char _v1636;
				char _v1640;
				intOrPtr _t55;
				signed int _t76;
				void* _t82;
				intOrPtr _t83;
				intOrPtr _t95;
				intOrPtr _t98;
				intOrPtr _t100;
				intOrPtr* _t102;
				void* _t105;

				_v1640 = 0;
				_v8 = __ecx;
				_t82 = __edx;
				_t102 = __eax;
				_push(_t105);
				_push(0x41f0a8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t105 + 0xfffff99c;
				VirtualQuery(__edx,  &_v1596, 0x1c);
				if(_v1596.State != 0x1000 || GetModuleFileNameW(_v1596.AllocationBase,  &_v1056, 0x105) == 0) {
					GetModuleFileNameW( *0x4be634,  &_v1056, 0x105);
					_v12 = E0041EEF0(_t82);
				} else {
					_v12 = _t82 - _v1596.AllocationBase;
				}
				E0041A57C( &_v534, 0x104, E00420608() + 2);
				_t83 = 0x41f0bc;
				_t100 = 0x41f0bc;
				_t95 =  *0x414db8; // 0x414e10
				if(E00405F30(_t102, _t95) != 0) {
					_t83 = E004084EC( *((intOrPtr*)(_t102 + 4)));
					_t76 = E00407F04(_t83);
					if(_t76 != 0 &&  *((short*)(_t83 + _t76 * 2 - 2)) != 0x2e) {
						_t100 = 0x41f0c0;
					}
				}
				_t55 =  *0x4ba774; // 0x40e708
				_t18 = _t55 + 4; // 0xffec
				LoadStringW(E00409FF0( *0x4be634),  *_t18,  &_v1568, 0x100);
				E00405BE8( *_t102,  &_v1640);
				_v1636 = _v1640;
				_v1632 = 0x11;
				_v1628 =  &_v534;
				_v1624 = 0xa;
				_v1620 = _v12;
				_v1616 = 5;
				_v1612 = _t83;
				_v1608 = 0xa;
				_v1604 = _t100;
				_v1600 = 0xa;
				E0041A814(4,  &_v1636);
				E00407F04(_v8);
				_pop(_t98);
				 *[fs:eax] = _t98;
				_push(0x41f0af);
				return E00407A20( &_v1640);
			}

APIs

VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041F0A8), ref: 0041EF2F
GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF53
GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF6E
LoadStringW.USER32(00000000,0000FFEC,?,00000100,?,?,00000105), ref: 0041F009

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: FileModuleName$LoadQueryStringVirtual
String ID:
API String ID: 3990497365-0
Opcode ID: 9931a9cf3aed00deb4ee3acfb7e435b06dd993296f2c2e9735afe951396f5714
Instruction ID: 1578eb45e464442e6080653f6025888c356fcaddc808aab3f6789ba0ce71ce89
Opcode Fuzzy Hash: 9931a9cf3aed00deb4ee3acfb7e435b06dd993296f2c2e9735afe951396f5714
Instruction Fuzzy Hash: 3E412374A002589FDB20DF59CC81BCAB7F9AB58304F4044FAE508E7242D7799E95CF59

Uniqueness

Uniqueness Score: -1.00%

Function 004B5000, Relevance: 6.0, APIs: 4, Instructions: 43
threadCOMMON

Download Yara Rule

C-Code - Quality: 79%

			E004B5000(void* __ecx, void* __edx) {
				intOrPtr _t19;
				intOrPtr _t22;

				_push(_t22);
				_push(0x4b50d7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t22;
				 *0x4bb98c =  *0x4bb98c - 1;
				if( *0x4bb98c < 0) {
					E00405B74();
					E004051A8();
					SetThreadLocale(0x400);
					E0040A250();
					 *0x4b700c = 2;
					 *0x4bb01c = 0x4036b0;
					 *0x4bb020 = 0x4036b8;
					 *0x4bb05a = 2;
					 *0x4bb060 = E0040CAA4();
					 *0x4bb008 = 0x4095a0;
					E00405BCC(E00405BB0());
					 *0x4bb068 = 0xd7b0;
					 *0x4bb344 = 0xd7b0;
					 *0x4bb620 = 0xd7b0;
					 *0x4bb050 = GetCommandLineW();
					 *0x4bb04c = E00403810();
					 *0x4bb97c = GetACP();
					 *0x4bb980 = 0x4b0;
					 *0x4bb044 = GetCurrentThreadId();
					E0040CAB8();
				}
				_pop(_t19);
				 *[fs:eax] = _t19;
				_push(0x4b50de);
				return 0;
			}

APIs

SetThreadLocale.KERNEL32(00000400,00000000,004B50D7), ref: 004B502D

Part of subcall function 0040A250: InitializeCriticalSection.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A255
Part of subcall function 0040A250: GetVersion.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A263
Part of subcall function 0040A250: GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A28A
Part of subcall function 0040A250: GetProcAddress.KERNEL32(00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A290
Part of subcall function 0040A250: GetModuleHandleW.KERNEL32(kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2A4
Part of subcall function 0040A250: GetProcAddress.KERNEL32(00000000,kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2AA
Part of subcall function 0040A250: GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadUILanguage,00000000,kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2BE
Part of subcall function 0040A250: GetProcAddress.KERNEL32(00000000,kernel32.dll,GetThreadUILanguage,00000000,kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2C4

Part of subcall function 0040CAA4: GetSystemInfo.KERNEL32 ref: 0040CAA8

GetCommandLineW.KERNEL32(00000400,00000000,004B50D7), ref: 004B5092

Part of subcall function 00403810: GetStartupInfoW.KERNEL32 ref: 00403821

GetACP.KERNEL32(00000400,00000000,004B50D7), ref: 004B50A6
GetCurrentThreadId.KERNEL32(00000400,00000000,004B50D7), ref: 004B50BA

Part of subcall function 0040CAB8: GetVersion.KERNEL32(004B50C9,00000400,00000000,004B50D7), ref: 0040CAB8

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressHandleModuleProc$InfoThreadVersion$CommandCriticalCurrentInitializeLineLocaleSectionStartupSystem
String ID:
API String ID: 2740004594-0
Opcode ID: aeeb1ef19c021384e5e919f33d2f1f63d534ea4b25bb20b8f726cabb6b9d9f22
Instruction ID: 4c04e7183c3d5c6504f231a905193e891933426fc174ea8e71756e1f90614aff
Opcode Fuzzy Hash: aeeb1ef19c021384e5e919f33d2f1f63d534ea4b25bb20b8f726cabb6b9d9f22
Instruction Fuzzy Hash: 46111CB04047449FE311BF76A8062267BA8EB05309B508A7FE110662E2EBFD15048FEE

Uniqueness

Uniqueness Score: -1.00%

Function 004AF9D8, Relevance: 6.0, APIs: 4, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004AF9D8() {
				struct HRSRC__* _t10;
				void* _t11;
				void* _t12;

				_t10 = FindResourceW(0, 0x2b67, 0xa);
				if(_t10 == 0) {
					E004AF81C();
				}
				if(SizeofResource(0, _t10) != 0x2c) {
					E004AF81C();
				}
				_t11 = LoadResource(0, _t10);
				if(_t11 == 0) {
					E004AF81C();
				}
				_t12 = LockResource(_t11);
				if(_t12 == 0) {
					E004AF81C();
				}
				return _t12;
			}

0x004af9e7
0x004af9eb
0x004af9ed
0x004af9ed
0x004af9fd
0x004af9ff
0x004af9ff
0x004afa0c
0x004afa10
0x004afa12
0x004afa12
0x004afa1d
0x004afa21
0x004afa23
0x004afa23
0x004afa2b

APIs

FindResourceW.KERNEL32(00000000,00002B67,0000000A,?,004B5F8E,00000000,004B6546,?,00000001,00000000,00000002,00000000,004B659A,?,00000000,004B65DE), ref: 004AF9E2
SizeofResource.KERNEL32(00000000,00000000,00000000,00002B67,0000000A,?,004B5F8E,00000000,004B6546,?,00000001,00000000,00000002,00000000,004B659A), ref: 004AF9F5
LoadResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,00002B67,0000000A,?,004B5F8E,00000000,004B6546,?,00000001,00000000,00000002,00000000), ref: 004AFA07
LockResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00002B67,0000000A,?,004B5F8E,00000000,004B6546,?,00000001,00000000,00000002), ref: 004AFA18

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: Resource$FindLoadLockSizeof
String ID:
API String ID: 3473537107-0
Opcode ID: 02808190384345e6b6e95f370ea09fbbffea242a438a722aaaec786d6965ba00
Instruction ID: b4304edc7477ba19fc58783748d8fb6d5fb92d5907bfc8b650660916f3b2bd49
Opcode Fuzzy Hash: 02808190384345e6b6e95f370ea09fbbffea242a438a722aaaec786d6965ba00
Instruction Fuzzy Hash: D8E0758074530625F52436F728D7B6B040C5B37B4DF00453FB644A92C3DEAC8C5C022E

Uniqueness

Uniqueness Score: -1.00%

Function 004AEFDC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E004AEFDC(void* __eax, long __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char* _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				intOrPtr _t63;
				void* _t71;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t76;

				_t71 = __edi;
				_t54 = __ebx;
				_t75 = _t76;
				_t55 = 4;
				do {
					_push(0);
					_push(0);
					_t55 = _t55 - 1;
				} while (_t55 != 0);
				_push(_t55);
				_push(__ebx);
				_t73 = __eax;
				_t78 = 0;
				_push(_t75);
				_push(0x4af0d1);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				while(1) {
					E00422D70( &_v12, _t54, _t55, _t78);
					_t55 = L".tmp";
					E004AEEC0(0, _t54, L".tmp", _v12, _t71, _t73,  &_v8);
					if(CreateDirectoryW(E004084EC(_v8), 0) != 0) {
						break;
					}
					_t54 = GetLastError();
					_t78 = _t54 - 0xb7;
					if(_t54 != 0xb7) {
						E00426F08(0x3b,  &_v32, _v8);
						_v28 = _v32;
						E00419E18( &_v36, _t54, 0);
						_v24 = _v36;
						E004232EC(_t54,  &_v40);
						_v20 = _v40;
						E00426ED8(0x70, 2,  &_v28,  &_v16);
						_t55 = _v16;
						E0041F264(_v16, 1);
						E0040711C();
					}
				}
				E00407E00(_t73, _v8);
				__eflags = 0;
				_pop(_t63);
				 *[fs:eax] = _t63;
				_push(E004AF0D8);
				E00407A80( &_v40, 3);
				return E00407A80( &_v16, 3);
			}

0x004aefdc
0x004aefdc
0x004aefdd
0x004aefdf
0x004aefe4
0x004aefe4
0x004aefe6
0x004aefe8
0x004aefe8
0x004aefeb
0x004aefec
0x004aefee
0x004aeff0
0x004aeff2
0x004aeff3
0x004aeff8
0x004aeffb
0x004aeffe
0x004af005
0x004af00d
0x004af014
0x004af02b
0x00000000
0x00000000
0x004af032
0x004af034
0x004af03a
0x004af048
0x004af050
0x004af05c
0x004af064
0x004af06c
0x004af074
0x004af081
0x004af086
0x004af090
0x004af095
0x004af095
0x004af03a
0x004af0a4
0x004af0a9
0x004af0ab
0x004af0ae
0x004af0b1
0x004af0be
0x004af0d0

APIs

CreateDirectoryW.KERNEL32(00000000,00000000,?,00000000,004AF0D1,?,?,?,00000003,00000000,00000000,?,004B619D), ref: 004AF024
GetLastError.KERNEL32(00000000,00000000,?,00000000,004AF0D1,?,?,?,00000003,00000000,00000000,?,004B619D), ref: 004AF02D

Strings

.tmp, xrefs: 004AF00D

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID: .tmp
API String ID: 1375471231-2986845003
Opcode ID: c75eac645f26e3426e01610e57b4024922a873173148b92a04778a5a1a6e5061
Instruction ID: b7596c477a5c5600326e1223ca3cfb4fcc6b3a27470c234041d6d6c97c1718c4
Opcode Fuzzy Hash: c75eac645f26e3426e01610e57b4024922a873173148b92a04778a5a1a6e5061
Instruction Fuzzy Hash: EB217675A042189FDB10EBA5C842ADFB3B9EB49304F51447BF901B7381DA3C6E058BA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040E450, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040E450(long __eax, WCHAR* __edx, void* _a4, struct HINSTANCE__* _a8, struct HMENU__* _a12, struct HWND__* _a16, int _a20, int _a24, int _a28, int _a32, long _a36) {
				WCHAR* _v8;
				void* _t13;
				struct HWND__* _t24;
				WCHAR* _t29;
				long _t32;

				_v8 = _t29;
				_t32 = __eax;
				_t13 = E00405740();
				_t24 = CreateWindowExW(_t32, __edx, _v8, _a36, _a32, _a28, _a24, _a20, _a16, _a12, _a8, _a4);
				E00405730(_t13);
				return _t24;
			}

0x0040e457
0x0040e45c
0x0040e45e
0x0040e48f
0x0040e498
0x0040e4a4

APIs

CreateWindowExW.USER32(00000000,STATIC,?,?,?,?,?,?,?,?,?,?,?,?,?,InnoSetupLdrWindow), ref: 0040E48F

Strings

InnoSetupLdrWindow, xrefs: 0040E453
STATIC, xrefs: 0040E48D

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CreateWindow
String ID: InnoSetupLdrWindow$STATIC
API String ID: 716092398-2209255943
Opcode ID: 4ba199ab3c1e041c72a50ebd66c3ee798d5f8225e8fee486b5eb3d70e3749009
Instruction ID: 770f17d29583ffea265d4876c6cd55b491c436ce5e2cc0b006eebdc9bc405b2a
Opcode Fuzzy Hash: 4ba199ab3c1e041c72a50ebd66c3ee798d5f8225e8fee486b5eb3d70e3749009
Instruction Fuzzy Hash: 73F07FB6600118AF9B84DE9EDC85E9B77ECEB4D264B05412ABA08E7201D634ED118BA4

Uniqueness

Uniqueness Score: -1.00%

Function 00420BD8, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00420BD8() {
				void* __ebx;
				struct HINSTANCE__* _t1;
				void* _t4;

				_t1 = GetModuleHandleW(L"kernel32.dll");
				_t3 = _t1;
				if(_t1 != 0) {
					_t1 = E0040E1A8(_t3, _t4, _t3, L"GetDiskFreeSpaceExW");
					 *0x4b7e30 = _t1;
				}
				if( *0x4b7e30 == 0) {
					 *0x4b7e30 = E0041A4DC;
					return E0041A4DC;
				}
				return _t1;
			}

0x00420bde
0x00420be3
0x00420be7
0x00420bef
0x00420bf4
0x00420bf4
0x00420c00
0x00420c07
0x00000000
0x00420c07
0x00420c0d

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,?,00420CB4,00000000,00420CCC,?,?,00420C69), ref: 00420BDE

Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116,00000000,0040E246,?,?), ref: 0040E1D2

Strings

kernel32.dll, xrefs: 00420BD9
GetDiskFreeSpaceExW, xrefs: 00420BE9

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetDiskFreeSpaceExW$kernel32.dll
API String ID: 1646373207-1127948838
Opcode ID: f76785e0005e833dd4a9f921d8d2e36157eed1af70da7a881872f52b203e86d0
Instruction ID: d69f2d486575a746b5ffe9d6a82661523d0842203aaa5c8b8dd0cb43f1f92830
Opcode Fuzzy Hash: f76785e0005e833dd4a9f921d8d2e36157eed1af70da7a881872f52b203e86d0
Instruction Fuzzy Hash: 31D05EB03143165FE7056BB2ACC561636C6AB86304B900B7BA5046A243CBFDDC50434C

Uniqueness

Uniqueness Score: -1.00%

Function 00428D80, Relevance: 5.2, Strings: 4, Instructions: 153
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E00428D80(intOrPtr __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				intOrPtr _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				intOrPtr _v64;
				char _v68;
				void* _t33;
				intOrPtr _t34;
				void* _t43;
				intOrPtr _t44;
				void* _t48;
				intOrPtr _t49;
				intOrPtr _t54;
				intOrPtr* _t58;
				intOrPtr _t64;
				intOrPtr _t68;
				void* _t72;
				intOrPtr _t73;
				void* _t80;
				intOrPtr _t81;
				intOrPtr _t86;
				intOrPtr _t91;
				void* _t92;
				intOrPtr _t107;
				void* _t127;
				void* _t128;
				intOrPtr _t130;
				intOrPtr _t131;
				void* _t133;
				void* _t134;

				_t128 = __esi;
				_t127 = __edi;
				_t130 = _t131;
				_t92 = 8;
				do {
					_push(0);
					_push(0);
					_t92 = _t92 - 1;
				} while (_t92 != 0);
				_t91 = __eax;
				_push(_t130);
				_push(0x428fc7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t131;
				_t133 = __eax - 0x8002000a;
				if(_t133 > 0) {
					_t33 = __eax - 0x8002000b;
					if(_t33 == 0) {
						_t34 =  *0x4ba6c4; // 0x40e758
						E0040C9F0(_t34,  &_v16, _t130);
						E0041F264(_v16, 1);
						E0040711C();
					} else {
						_t43 = _t33 - 2;
						if(_t43 == 0) {
							_t44 =  *0x4ba77c; // 0x40e760
							E0040C9F0(_t44,  &_v20, _t130);
							E0041F264(_v20, 1);
							E0040711C();
						} else {
							_t48 = _t43 - 0x50001;
							if(_t48 == 0) {
								_t49 =  *0x4ba4fc; // 0x40e648
								E0040C9F0(_t49,  &_v28, _t130);
								E0041F264(_v28, 1);
								E0040711C();
							} else {
								if(_t48 == 0x49) {
									_t54 =  *0x4ba518; // 0x40e7a0
									E0040C9F0(_t54,  &_v32, _t130);
									E0041F264(_v32, 1);
									E0040711C();
								} else {
									goto L27;
								}
							}
						}
					}
				} else {
					if(_t133 == 0) {
						_t68 =  *0x4ba4c8; // 0x40e798
						E0040C9F0(_t68,  &_v12, _t130);
						E0041F264(_v12, 1);
						E0040711C();
					} else {
						_t134 = __eax - 0x80020005;
						if(_t134 > 0) {
							_t72 = __eax - 0x80020008;
							if(_t72 == 0) {
								_t73 =  *0x4ba738; // 0x40e7a8
								E0040C9F0(_t73,  &_v8, _t130);
								E0041F264(_v8, 1);
								E0040711C();
							} else {
								if(_t72 == 1) {
									E00428BE8(_t92);
								} else {
									goto L27;
								}
							}
						} else {
							if(_t134 == 0) {
								E00428AF0(_t92);
							} else {
								_t80 = __eax - 0x80004001;
								if(_t80 == 0) {
									_t81 =  *0x4ba624; // 0x40e7b0
									E0040C9F0(_t81,  &_v24, _t130);
									E0041F264(_v24, 1);
									E0040711C();
								} else {
									if(_t80 == 0xbffe) {
										_t86 =  *0x4ba4c4; // 0x40e7b8
										E0040C9F0(_t86,  &_v36, _t130);
										E0041F264(_v36, 1);
										E0040711C();
									} else {
										L27:
										_t58 =  *0x4ba74c; // 0x4b7e2c
										_v60 =  *_t58;
										_v56 = 0x11;
										_v52 = _t91;
										_v48 = 0;
										E0041DFB0(_t91, _t91, 0, _t128);
										_v44 = _v64;
										_v40 = 0x11;
										_push( &_v60);
										_t64 =  *0x4ba584; // 0x40e780
										E0040C9F0(_t64,  &_v68, _t130, 2);
										E0041F2A0(_t91, _v68, 1, _t127, _t128);
										E0040711C();
									}
								}
							}
						}
					}
				}
				_pop(_t107);
				 *[fs:eax] = _t107;
				_push(0x428fce);
				E00407A80( &_v68, 2);
				return E00407A80( &_v36, 8);
			}

0x00428d80
0x00428d80
0x00428d81
0x00428d83
0x00428d88
0x00428d88
0x00428d8a
0x00428d8c
0x00428d8c
0x00428d90
0x00428d94
0x00428d95
0x00428d9a
0x00428d9d
0x00428da2
0x00428da7
0x00428de2
0x00428de7
0x00428e72
0x00428e77
0x00428e86
0x00428e8b
0x00428ded
0x00428ded
0x00428df0
0x00428e98
0x00428e9d
0x00428eac
0x00428eb1
0x00428df6
0x00428df6
0x00428dfb
0x00428ee4
0x00428ee9
0x00428ef8
0x00428efd
0x00428e01
0x00428e04
0x00428f0a
0x00428f0f
0x00428f1e
0x00428f23
0x00428e0a
0x00000000
0x00428e0a
0x00428e04
0x00428dfb
0x00428df0
0x00428da9
0x00428da9
0x00428e4c
0x00428e51
0x00428e60
0x00428e65
0x00428daf
0x00428daf
0x00428db4
0x00428dd3
0x00428dd8
0x00428e1c
0x00428e21
0x00428e30
0x00428e35
0x00428dda
0x00428ddb
0x00428e3f
0x00428ddd
0x00000000
0x00428ddd
0x00428ddb
0x00428db6
0x00428db6
0x00428e0f
0x00428db8
0x00428db8
0x00428dbd
0x00428ebe
0x00428ec3
0x00428ed2
0x00428ed7
0x00428dc3
0x00428dc8
0x00428f2d
0x00428f32
0x00428f41
0x00428f46
0x00428dce
0x00428f4d
0x00428f4d
0x00428f54
0x00428f57
0x00428f5b
0x00428f5e
0x00428f69
0x00428f71
0x00428f74
0x00428f7b
0x00428f81
0x00428f86
0x00428f95
0x00428f9a
0x00428f9a
0x00428dc8
0x00428dbd
0x00428db6
0x00428db4
0x00428da9
0x00428fa1
0x00428fa4
0x00428fa7
0x00428fb4
0x00428fc6

Strings

,~K, xrefs: 00428F4D
X@, xrefs: 00428E72
H@, xrefs: 00428EE4
`@, xrefs: 00428E98

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID:
String ID: ,~K$H@$X@$`@
API String ID: 0-3249957523
Opcode ID: af9e29ebaa23bc3868b0ebbea356d70a0b9a91b7d8ca0f34ff58d51d96201946
Instruction ID: c58d77999305e68ac0ee7177940362e2c01d9182c6eb1276dbb0dd8502117cdc
Opcode Fuzzy Hash: af9e29ebaa23bc3868b0ebbea356d70a0b9a91b7d8ca0f34ff58d51d96201946
Instruction Fuzzy Hash: 2C51A534B05215CFC714EF69E98259DB3A2EB44308F91453FE800A73A2DF3D6D469A6E

Uniqueness

Uniqueness Score: -1.00%

Function 004217CC, Relevance: 5.1, Strings: 4, Instructions: 142
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E004217CC(intOrPtr* __eax, signed int __ecx, intOrPtr __edx, signed int _a4, signed int _a8, intOrPtr _a12, signed int _a16) {
				intOrPtr* _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t48;
				intOrPtr _t50;
				signed int _t89;
				intOrPtr _t92;
				intOrPtr _t95;
				intOrPtr _t96;
				intOrPtr _t97;
				intOrPtr _t98;
				intOrPtr _t99;
				intOrPtr _t100;
				signed int _t115;
				signed int _t117;

				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_t115 = _a4;
				_t117 = _a8;
				_t89 = _a16;
				if( !_t115 - 2 < 0) {
					_v32 = _t115;
					_v28 = 0;
					_t100 =  *0x4ba5ac; // 0x40e998
					E0041F35C(_t89, _t100, 1, _t115, _t117, 0,  &_v32);
					E0040711C();
				}
				_v24 = _v16 - _t115;
				if(_a12 == 0 && _t89 != 0) {
					_t99 =  *0x4ba520; // 0x40e958
					E0041F320(_t99, 1);
					E0040711C();
				}
				if(_v24 < 0) {
					_v32 = _v16;
					_v28 = 0;
					_t98 =  *0x4ba6b4; // 0x40e968
					E0041F35C(_t89, _t98, 1, _t115, _t117, 0,  &_v32);
					E0040711C();
				}
				if(_t89 < 0) {
					_v32 = _t89;
					_v28 = 0;
					_t97 =  *0x4ba5a0; // 0x40e978
					E0041F35C(_t89, _t97, 1, _t115, _t117, 0,  &_v32);
					E0040711C();
				}
				_t48 = _v12;
				if(_t48 != 0) {
					_t48 =  *((intOrPtr*)(_t48 - 4));
				}
				if(_t89 > _t48 - _v24) {
					_v32 = _t89;
					_v28 = 0;
					_t96 =  *0x4ba5a0; // 0x40e978
					E0041F35C(_t89, _t96, 1, _t115, _t117, 0,  &_v32);
					E0040711C();
				}
				_t50 = _a12;
				if(_t50 != 0) {
					_t50 =  *((intOrPtr*)(_t50 - 4));
				}
				_v20 = _t50;
				if(_t117 < 0 || _t117 > _v20) {
					_v32 = _t117;
					_v28 = 0;
					_t92 =  *0x4ba630; // 0x40e980
					E0041F35C(_t89, _t92, 1, _t115, _t117, 0,  &_v32);
					E0040711C();
				}
				E004084EC(_v12);
				if( *((intOrPtr*)( *_v8))() > _v20 - _t117) {
					_t95 =  *0x4ba4a4; // 0x40e960
					E0041F320(_t95, 1);
					E0040711C();
				}
				E004084EC(_v12);
				return  *((intOrPtr*)( *_v8 + 4))(_v20 - _t117, _a12 + _t117);
			}

0x004217d5
0x004217d8
0x004217db
0x004217de
0x004217e1
0x004217e4
0x004217ee
0x004217f0
0x004217f3
0x004217fd
0x0042180a
0x0042180f
0x0042180f
0x00421819
0x00421820
0x00421826
0x00421833
0x00421838
0x00421838
0x00421841
0x00421846
0x00421849
0x00421853
0x00421860
0x00421865
0x00421865
0x0042186c
0x0042186e
0x00421871
0x0042187b
0x00421888
0x0042188d
0x0042188d
0x00421892
0x00421897
0x0042189c
0x0042189c
0x004218a3
0x004218a5
0x004218a8
0x004218b2
0x004218bf
0x004218c4
0x004218c4
0x004218c9
0x004218ce
0x004218d3
0x004218d3
0x004218d5
0x004218da
0x004218e1
0x004218e4
0x004218ee
0x004218fb
0x00421900
0x00421900
0x00421908
0x00421926
0x00421928
0x00421935
0x0042193a
0x0042193a
0x0042194e
0x0042196c

Strings

h@, xrefs: 00421853
X@, xrefs: 00421826
`@, xrefs: 00421928
x@, xrefs: 0042187B, 004218B2

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID:
String ID: X@$`@$h@$x@
API String ID: 0-3470945990
Opcode ID: b6c8945edab73c63cd6ead97c4bc63d6dcc221964e5e48833cae4df7aace5550
Instruction ID: fdae679c2447b725b465be6d24b9746589606ac4ad0baca812abb124d77e3a68
Opcode Fuzzy Hash: b6c8945edab73c63cd6ead97c4bc63d6dcc221964e5e48833cae4df7aace5550
Instruction Fuzzy Hash: DE510370E0015A9FDB00DFA9D981BAEBBF5AF54308F44413AE810EB351DB34A945CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 004933FC, Relevance: 5.1, Strings: 4, Instructions: 103
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004933FC(void* __eax, void* __edx) {
				signed int _t10;
				signed int _t11;
				signed int _t12;
				signed int _t13;
				void* _t38;
				void* _t39;
				void* _t51;

				_t38 = __edx;
				_t51 = __eax;
				if(__edx != L"False") {
					if(__edx == 0 || L"False" == 0) {
						_t10 = 0;
					} else {
						_t10 = E00419768(__edx, _t39, L"False") & 0xffffff00 | _t37 == 0x00000000;
					}
				} else {
					_t10 = 1;
				}
				if(_t10 == 0) {
					if(_t38 != L"True") {
						if(_t38 == 0 || L"True" == 0) {
							_t11 = 0;
						} else {
							_t11 = E00419768(_t38, _t39, L"True") & 0xffffff00 | _t32 == 0x00000000;
						}
					} else {
						_t11 = 1;
					}
					if(_t11 == 0) {
						if(_t38 != L"Null") {
							if(_t38 == 0 || L"Null" == 0) {
								_t12 = 0;
							} else {
								_t12 = E00419768(_t38, _t39, L"Null") & 0xffffff00 | _t27 == 0x00000000;
							}
						} else {
							_t12 = 1;
						}
						if(_t12 == 0) {
							if(_t38 != 0x493564) {
								if(_t38 == 0 || 0x493564 == 0) {
									_t13 = 0;
								} else {
									_t13 = E00419768(_t38, _t39, 0x493564) & 0xffffff00 | _t22 == 0x00000000;
								}
							} else {
								_t13 = 1;
							}
							if(_t13 == 0) {
								E004954AC(_t39, 7);
								return E00495420(_t51, _t38);
							} else {
								return E004954AC(_t39, 0xd);
							}
						} else {
							return E004954AC(_t39, 0);
						}
					} else {
						return E004954AC(_t39, 9);
					}
				} else {
					return E004954AC(_t39, 8);
				}
			}

0x004933fe
0x00493400
0x00493408
0x00493410
0x0049341b
0x0049341f
0x0049342d
0x0049342d
0x0049340a
0x0049340a
0x0049340a
0x00493432
0x00493446
0x0049344e
0x00493459
0x0049345d
0x0049346b
0x0049346b
0x00493448
0x00493448
0x00493448
0x00493470
0x00493486
0x0049348e
0x00493499
0x0049349d
0x004934ab
0x004934ab
0x00493488
0x00493488
0x00493488
0x004934b0
0x004934c3
0x004934cb
0x004934d6
0x004934da
0x004934e8
0x004934e8
0x004934c5
0x004934c5
0x004934c5
0x004934ed
0x004934fe
0x00000000
0x004934ef
0x00000000
0x004934f3
0x004934b2
0x00000000
0x004934b6
0x00493472
0x00000000
0x00493476
0x00493434
0x0049343f
0x0049343f

Strings

nil, xrefs: 004934BD, 004934CD, 004934DA
Null, xrefs: 00493480, 00493490, 0049349D
False, xrefs: 00493402, 00493412, 0049341F
True, xrefs: 00493440, 00493450, 0049345D

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID:
String ID: False$Null$True$nil
API String ID: 0-1063864068
Opcode ID: a339f51c3cc8fdf34807861d0c3e5007baa278e3578306c1f2e8bd05001a3048
Instruction ID: b83a124d1c696178f004c99167f8f1fb0c4bfd6f3ae50858d092ad497f9eea85
Opcode Fuzzy Hash: a339f51c3cc8fdf34807861d0c3e5007baa278e3578306c1f2e8bd05001a3048
Instruction Fuzzy Hash: 3A215054315651621F636D7A1A802AB0E894E5B7BF727843BEC12CF306EB1ECF47164E

Uniqueness

Uniqueness Score: -1.00%

Function 00490F1C, Relevance: 5.1, Strings: 4, Instructions: 99
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E00490F1C(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				signed char _v13;
				signed int _t21;
				void* _t49;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t76;

				_t75 = _t76;
				_push(0);
				_push(0);
				_push(0);
				_t73 = __edx;
				_t49 = __eax;
				_push(_t75);
				_push(0x49107b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				_t21 = E00491EE8(__ecx) & 0x0000007f;
				if(_t21 > 0xd) {
					L9:
					E0048FC98();
					goto L10;
				} else {
					_t1 = _t21 + 0x490f5b; // 0x5
					switch( *((intOrPtr*)(( *_t1 & 0x000000ff) * 4 +  &M00490F69))) {
						case 0:
							goto L9;
						case 1:
							E004902EC(_t49, 1,  &_v13);
							_push(_v13 & 0x000000ff);
							E00409C00();
							E004903E0(_t49, _t49, _v8, __edi, _t73, _t78);
							_push(_t75);
							_push(0x491013);
							_push( *[fs:eax]);
							 *[fs:eax] = _t76 + 4;
							E00407A20( &_v12);
							_t71 = E00421BC8();
							_t50 = _v8;
							if(_t50 != 0) {
								_t50 =  *((intOrPtr*)(_t50 - 4));
							}
							E00421A70(_t71, 0, _v8,  &_v12, _t50);
							E00407E00(_t73, _v12);
							_pop(_t69);
							 *[fs:eax] = _t69;
							_push(0x491057);
							return E00407A20( &_v12);
							goto L11;
						case 2:
							__eax = __esi;
							__edx = L"False";
							__eax = E00407E00(__esi, L"False");
							goto L10;
						case 3:
							__eax = __esi;
							__edx = L"True";
							__eax = E00407E00(__esi, L"True");
							goto L10;
						case 4:
							__eax = __esi;
							__edx = 0x4910c8;
							__eax = E00407E00(__esi, 0x4910c8);
							goto L10;
						case 5:
							__eax = __esi;
							__edx = L"Null";
							__eax = E00407E00(__esi, L"Null");
							L10:
							__eflags = 0;
							_pop(_t62);
							 *[fs:eax] = _t62;
							_push(0x491082);
							E00407A20( &_v12);
							_t63 =  *0x4031a4; // 0x4031a8
							return E00409D24( &_v8, _t63);
							goto L11;
					}
				}
				L11:
			}

0x00490f1d
0x00490f1f
0x00490f21
0x00490f23
0x00490f28
0x00490f2a
0x00490f2e
0x00490f2f
0x00490f34
0x00490f37
0x00490f41
0x00490f47
0x00491052
0x00491052
0x00000000
0x00490f4d
0x00490f4d
0x00490f54
0x00000000
0x00000000
0x00000000
0x00490f8b
0x00490f94
0x00490fa3
0x00490fb4
0x00490fbb
0x00490fbc
0x00490fc1
0x00490fc4
0x00490fca
0x00490fd4
0x00490fd6
0x00490fdb
0x00490fe0
0x00490fe0
0x00490fee
0x00490ff8
0x00490fff
0x00491002
0x00491005
0x00491012
0x00000000
0x00000000
0x0049101a
0x0049101c
0x00491021
0x00000000
0x00000000
0x00491028
0x0049102a
0x0049102f
0x00000000
0x00000000
0x00491036
0x00491038
0x0049103d
0x00000000
0x00000000
0x00491044
0x00491046
0x0049104b
0x00491057
0x00491057
0x00491059
0x0049105c
0x0049105f
0x00491067
0x0049106f
0x0049107a
0x00000000
0x00000000
0x00490f54
0x00000000

Strings

False, xrefs: 0049101C
nil, xrefs: 00491038
Null, xrefs: 00491046
True, xrefs: 0049102A

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID:
String ID: False$Null$True$nil
API String ID: 0-1063864068
Opcode ID: f8a87ec4154904b8765b563956a302a1bed20603bc7b64378a0c21e45fe2c587
Instruction ID: 6326cdcc3d012db05bd0d0c4576f8b9a8beb56749a8a27ed831fd6c9585bbab2
Opcode Fuzzy Hash: f8a87ec4154904b8765b563956a302a1bed20603bc7b64378a0c21e45fe2c587
Instruction Fuzzy Hash: C4313930704184AFDF01EB66CC42A5EBBA9DB49304F6040B7F401E7AA2D67DAE41969E

Uniqueness

Uniqueness Score: -1.00%

Function 0048F9F0, Relevance: 5.1, Strings: 4, Instructions: 92
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E0048F9F0(char* __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char* _v8;
				char* _v12;
				char* _v16;
				char _v17;
				signed int _t27;
				char* _t36;
				char* _t41;
				signed int _t46;
				signed int _t47;
				intOrPtr _t49;
				char* _t54;
				char* _t57;
				void* _t60;
				void* _t65;

				_v8 = 0;
				_push(_t60);
				_push(0x48faf5);
				_push( *[fs:eax]);
				 *[fs:eax] = _t60 + 0xfffffff0;
				_v12 = 0;
				if(__edx == 0) {
					L27:
					_pop(_t49);
					 *[fs:eax] = _t49;
					_push(0x48fafc);
					return E00407A20( &_v8);
				}
				_v16 = __eax;
				_t41 = E004084EC(__edx);
				while( *_t41 != 0) {
					_t54 = _t41;
					while(1) {
						_t27 =  *_t41 & 0x0000ffff;
						__eflags = _t27;
						if(_t27 == 0) {
							break;
						}
						__eflags = _t27 + 0xffffffd3 - 2;
						if(_t27 + 0xffffffd3 - 2 >= 0) {
							_t41 =  &(_t41[2]);
							__eflags = _t41;
							continue;
						}
						break;
					}
					_t46 = _t41 - _t54;
					__eflags = _t46;
					_t47 = _t46 >> 1;
					if(__eflags < 0) {
						asm("adc ecx, 0x0");
					}
					E00407BA8( &_v8, _t47, _t54, __eflags);
					_t57 = E00498808(_v16, _t47, _v8, _t65);
					__eflags = _t57;
					if(_t57 != 0) {
						L17:
						__eflags = _t57;
						if(_t57 == 0) {
							goto L27;
						}
						__eflags =  *_t41 - 0x2e;
						if( *_t41 == 0x2e) {
							_t41 =  &(_t41[2]);
							__eflags = _t41;
						}
						__eflags =  *_t41 - 0x2d;
						if( *_t41 == 0x2d) {
							_t41 =  &(_t41[2]);
							__eflags = _t41;
						}
						__eflags =  *_t41 - 0x3e;
						if( *_t41 == 0x3e) {
							_t41 =  &(_t41[2]);
							__eflags = _t41;
						}
						_v16 = _t57;
						continue;
					} else {
						__eflags = _v8 - L"Owner";
						if(_v8 != L"Owner") {
							__eflags = _v8;
							if(_v8 == 0) {
								L13:
								_v17 = 0;
								L15:
								__eflags = _v17;
								if(_v17 != 0) {
									_t57 = _v16;
								}
								goto L17;
							}
							__eflags = L"Owner";
							if(L"Owner" != 0) {
								_t36 = E00419768(_v8, _t47, L"Owner");
								__eflags = _t36;
								_t12 =  &_v17;
								 *_t12 = _t36 == 0;
								__eflags =  *_t12;
								goto L15;
							}
							goto L13;
						}
						_v17 = 1;
						goto L15;
					}
				}
				_v12 = _v16;
				goto L27;
			}

0x0048f9fb
0x0048fa04
0x0048fa05
0x0048fa0a
0x0048fa0d
0x0048fa12
0x0048fa17
0x0048fadf
0x0048fae1
0x0048fae4
0x0048fae7
0x0048faf4
0x0048faf4
0x0048fa1d
0x0048fa27
0x0048facf
0x0048fa2e
0x0048fa35
0x0048fa35
0x0048fa38
0x0048fa3b
0x00000000
0x00000000
0x0048fa40
0x0048fa44
0x0048fa32
0x0048fa32
0x00000000
0x0048fa32
0x00000000
0x0048fa44
0x0048fa48
0x0048fa48
0x0048fa4a
0x0048fa4c
0x0048fa4e
0x0048fa4e
0x0048fa56
0x0048fa66
0x0048fa68
0x0048fa6a
0x0048faad
0x0048faad
0x0048faaf
0x00000000
0x00000000
0x0048fab1
0x0048fab5
0x0048fab7
0x0048fab7
0x0048fab7
0x0048faba
0x0048fabe
0x0048fac0
0x0048fac0
0x0048fac0
0x0048fac3
0x0048fac7
0x0048fac9
0x0048fac9
0x0048fac9
0x0048facc
0x00000000
0x0048fa6c
0x0048fa6f
0x0048fa74
0x0048fa7c
0x0048fa80
0x0048fa8b
0x0048fa8b
0x0048faa4
0x0048faa4
0x0048faa8
0x0048faaa
0x0048faaa
0x00000000
0x0048faa8
0x0048fa87
0x0048fa89
0x0048fa99
0x0048fa9e
0x0048faa0
0x0048faa0
0x0048faa0
0x00000000
0x0048faa0
0x00000000
0x0048fa89
0x0048fa76
0x00000000
0x0048fa76
0x0048fa6a
0x0048fadc
0x00000000

Strings

-, xrefs: 0048FABA
>, xrefs: 0048FAC3
Owner, xrefs: 0048FA6F, 0048FA82, 0048FA91
., xrefs: 0048FAB1

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID:
String ID: -$.$>$Owner
API String ID: 0-4224991809
Opcode ID: b09b1c9733a1cc103af26e555e19f0cfd036a037c21fce6678de88258684467a
Instruction ID: 751b71dbba0f49f02f0a1dbc656c72718aae324bba9dd510e5daf28a8389584f
Opcode Fuzzy Hash: b09b1c9733a1cc103af26e555e19f0cfd036a037c21fce6678de88258684467a
Instruction Fuzzy Hash: AD319531E142149BCF29BA69C8913AE77B4DB45320F5488BBD804A7381E77C9D898759

Uniqueness

Uniqueness Score: -1.00%

Function 004AF460, Relevance: 5.1, Strings: 4, Instructions: 79
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E004AF460(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				char _v12;
				char _v16;
				void* _t31;
				void* _t33;
				void* _t35;
				void* _t39;
				intOrPtr _t43;
				void* _t54;
				char _t56;
				intOrPtr _t59;

				_t54 = __edi;
				_t40 = __ecx;
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_push(_t59);
				_push(0x4af564);
				_push( *[fs:eax]);
				 *[fs:eax] = _t59;
				_t39 = E00422C14(__ebx, __esi, __eflags);
				if(_t39 > 0) {
					_t56 = 1;
					do {
						E00422C74(_t56, _t39,  &_v8, _t54, _t56);
						if(E00419768(_v8, _t40, L"/SP-") == 0) {
							L4:
							 *0x4ba441 = 1;
						} else {
							_t40 = 0xa;
							E004088AC(_v8, 0xa, 1,  &_v12);
							if(E00419768(_v12, 0xa, L"/SPAWNWND=") != 0) {
								_t40 = 6;
								E004088AC(_v8, 6, 1,  &_v16);
								_t31 = E00419768(_v16, 6, L"/Lang=");
								__eflags = _t31;
								if(_t31 != 0) {
									_t33 = E00419768(_v8, 6, L"/HELP");
									__eflags = _t33;
									if(_t33 == 0) {
										L9:
										 *0x4ba440 = 1;
									} else {
										_t35 = E00419768(_v8, _t40, 0x4af5f0);
										__eflags = _t35;
										if(_t35 == 0) {
											goto L9;
										}
									}
								} else {
									_t40 = 0x7fffffff;
									E004088AC(_v8, 0x7fffffff, 7, 0x4c1bfc);
								}
							} else {
								goto L4;
							}
						}
						_t56 = _t56 + 1;
						_t39 = _t39 - 1;
					} while (_t39 != 0);
				}
				_pop(_t43);
				 *[fs:eax] = _t43;
				_push(E004AF56B);
				return E00407A80( &_v16, 3);
			}

0x004af460
0x004af460
0x004af463
0x004af465
0x004af467
0x004af469
0x004af46a
0x004af46d
0x004af46e
0x004af473
0x004af476
0x004af47e
0x004af482
0x004af488
0x004af48d
0x004af492
0x004af4a6
0x004af4cf
0x004af4cf
0x004af4a8
0x004af4ac
0x004af4b9
0x004af4cd
0x004af4dc
0x004af4e9
0x004af4f6
0x004af4fb
0x004af4fd
0x004af520
0x004af525
0x004af527
0x004af53a
0x004af53a
0x004af529
0x004af531
0x004af536
0x004af538
0x00000000
0x00000000
0x004af538
0x004af4ff
0x004af504
0x004af511
0x004af511
0x00000000
0x00000000
0x00000000
0x004af4cd
0x004af541
0x004af542
0x004af542
0x004af48d
0x004af54b
0x004af54e
0x004af551
0x004af563

Strings

/SPAWNWND=, xrefs: 004AF4C1
/SP-, xrefs: 004AF497
/Lang=, xrefs: 004AF4F1
/HELP, xrefs: 004AF518

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: CommandFileLineModuleName
String ID: /HELP$/Lang=$/SP-$/SPAWNWND=
API String ID: 2151003578-1192942096
Opcode ID: 3cd43d829436cff4b23e8364676233876203bf61e475b0e211db91df6b317e4b
Instruction ID: 402016ade75399a1dcdc53493b2ac267c543dc2da58d6e415acb775b3a15e07e
Opcode Fuzzy Hash: 3cd43d829436cff4b23e8364676233876203bf61e475b0e211db91df6b317e4b
Instruction Fuzzy Hash: 1A216230B00204BBE710EF95C952BDE72A9DB66308F60807BE800976C2EB7CEE05875D

Uniqueness

Uniqueness Score: -1.00%

Function 004AF1A4, Relevance: 5.0, APIs: 4, Instructions: 45
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004AF1A4(long __eax, intOrPtr __edx, long _a4, long _a8) {
				intOrPtr _v8;
				long _t5;
				long _t9;
				void* _t10;
				void* _t13;
				void* _t15;
				void* _t16;

				_t5 = __eax;
				_v8 = __edx;
				_t9 = __eax;
				_t15 = _t10 - 1;
				if(_t15 < 0) {
					L10:
					return _t5;
				}
				_t16 = _t15 + 1;
				_t13 = 0;
				while(1) {
					_t19 = _t13 - 1;
					if(_t13 != 1) {
						__eflags = _t13 - 1;
						if(__eflags > 0) {
							Sleep(_a4);
						}
					} else {
						Sleep(_a8);
					}
					_t5 = E0042714C(_t9, _v8, _t19);
					if(_t5 != 0) {
						goto L10;
					}
					_t5 = GetLastError();
					if(_t5 == 2) {
						goto L10;
					}
					_t5 = GetLastError();
					if(_t5 == 3) {
						goto L10;
					}
					_t13 = _t13 + 1;
					_t16 = _t16 - 1;
					if(_t16 != 0) {
						continue;
					}
					goto L10;
				}
				goto L10;
			}

APIs

Sleep.KERNEL32(?,?,?,?,0000000D,?,004B64E8,000000FA,00000032,004B6550), ref: 004AF1C3
Sleep.KERNEL32(?,?,?,?,0000000D,?,004B64E8,000000FA,00000032,004B6550), ref: 004AF1D3
GetLastError.KERNEL32(?,?,?,0000000D,?,004B64E8,000000FA,00000032,004B6550), ref: 004AF1E6
GetLastError.KERNEL32(?,?,?,0000000D,?,004B64E8,000000FA,00000032,004B6550), ref: 004AF1F0

Memory Dump Source

Source File: 00000003.00000002.254887444.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.254876395.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255259377.00000000004B7000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255267189.00000000004C2000.00000008.00020000.sdmp Download File
Associated: 00000003.00000002.255272388.00000000004C4000.00000002.00020000.sdmp Download File
Associated: 00000003.00000002.255281430.00000000004C6000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_Mario Deluxe InstaII.jbxd

Similarity

API ID: ErrorLastSleep
String ID:
API String ID: 1458359878-0
Opcode ID: c1e87398912020d40a8f3f3fc67c7cd229e5b3e9e72c69b22c238851739674ee
Instruction ID: 41f2dccd4b5f7aab24c83a5e2e8d9b15ebe3d7cab8471b1031266df413ad678e
Opcode Fuzzy Hash: c1e87398912020d40a8f3f3fc67c7cd229e5b3e9e72c69b22c238851739674ee
Instruction Fuzzy Hash: F0F09632705224E65624A5EEDC46D6FB298DEB2364720463BE904D7341D438CC4543A9

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to collect elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Application logs, Process monitoring, Windows Error Reporting
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report Mario Deluxe InstaII.exe

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Cryptography:

Compliance:

Spreading:

Networking:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Exports

Version Infos

Possible Origin

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Code Manipulations

Statistics

CPU Usage

Function 004B5114, Relevance: 47.4, APIs: 7, Strings: 20, Instructions: 165
libraryloaderCOMMON

Function 004AF904, Relevance: 7.6, APIs: 5, Instructions: 80
memoryCOMMON

Function 0040B044, Relevance: 3.1, APIs: 2, Instructions: 63
COMMON

Function 0040AEF4, Relevance: 3.0, APIs: 2, Instructions: 33
fileCOMMON

Function 0040AB18, Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173
registryCOMMON

Function 0040426C, Relevance: 12.2, APIs: 8, Instructions: 221
sleepCOMMON

Function 004B639F, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 103
COMMON

Function 004AF714, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77
processCOMMON

Function 004B5A90, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 56
COMMON

Function 00403EE8, Relevance: 9.0, APIs: 7, Instructions: 298
sleepCOMMON

Function 004B60E8, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 165
windowCOMMON

Function 00407750, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93
threadCOMMON

Function 00407748, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86
threadCOMMON

Function 004B5000, Relevance: 6.0, APIs: 4, Instructions: 43
threadCOMMON

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a connection proxy to direct network traffic between systems or act as an intermediary for network communications to a command and control server to avoid direct connections to their infrastructure. Many tools exist that enable traffic redirection through proxies or port redirection, including HTRAN , ZXProxy, and ZXPortMap. Adversaries use these types of proxies to manage command and control communications, reduce the number of simultaneous outbound network connections, provide resiliency in the face of connection loss, or to ride over existing trusted communications paths between victims to avoid suspicion. Adversaries may chain together multiple proxies to further disguise the source of malicious traffic.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer.Shutting down or rebooting systems may disrupt access to computer resources for legitimate users.
Tactics:	Impact
Data Sources:	Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre