Play interactive tour

Edit tour

Windows Analysis Report cMXrP6YXvo.exe

Overview

General Information

Sample Name:	cMXrP6YXvo.exe
Analysis ID:	535503
MD5:	32eb10c12a29b38f13730cd1f5dcad4d
SHA1:	4d0eb488a01fed1720483dfa270423bea593ca14
SHA256:	06550442678fb92b0273b83f349d47d3654fb72a7d98398ce3b63e3635b8e8f1
Tags:	exeHawkEye
Infos:
Most interesting Screenshot:

Detection

HawkEye AgentTesla MailPassView SpyEx

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Potential malicious icon found

Yara detected MailPassView

Yara detected HawkEye Keylogger

Yara detected AgentTesla

Detected unpacking (creates a PE file in dynamic memory)

Yara detected Generic Dropper

Multi AV Scanner detection for submitted file

Yara detected SpyEx stealer

Malicious sample detected (through community Yara rule)

Antivirus / Scanner detection for submitted sample

Detected HawkEye Rat

Tries to steal Mail credentials (via file / registry access)

Creates multiple autostart registry keys

Writes or reads registry keys via WMI

Machine Learning detection for sample

Allocates memory in foreign processes

May check the online IP address of the machine

.NET source code contains potential unpacker

Injects a PE file into a foreign processes

.NET source code contains very large array initializations

Found many strings related to Crypto-Wallets (likely being stolen)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Sample uses process hollowing technique

Installs a global keyboard hook

Writes to foreign memory regions

Tries to steal Crypto Currency Wallets

Tries to harvest and steal ftp login credentials

.NET source code references suspicious native API functions

Contains functionality to log keystrokes (.Net Source)

Changes the view of files in windows explorer (hidden files and folders)

Found evasive API chain (trying to detect sleep duration tampering with parallel thread)

Yara detected WebBrowserPassView password recovery tool

Machine Learning detection for dropped file

Tries to steal Instant Messenger accounts or passwords

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Antivirus or Machine Learning detection for unpacked file

One or more processes crash

May sleep (evasive loops) to hinder dynamic analysis

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality to dynamically determine API calls

HTTP GET or POST without a user agent

Contains long sleeps (>= 3 min)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

PE file contains strange resources

Drops PE files

Contains functionality to read the PEB

Checks if the current process is being debugged

PE file contains more sections than normal

Launches processes in debugging mode, may be used to hinder debugging

Creates a process in suspended mode (likely to inject code)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Contains functionality for read data from the clipboard

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to shutdown / reboot the system

May infect USB drives

PE file contains sections with non-standard names

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Yara detected Credential Stealer

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Found dropped PE file which has not been started or loaded

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Enables debug privileges

Creates a DirectInput object (often for capturing keystrokes)

Found inlined nop instructions (likely shell or obfuscated code)

Sample file is different than original file name gathered from version info

PE file contains an invalid checksum

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Detected TCP or UDP traffic on non-standard ports

Contains capabilities to detect virtual machines

Contains functionality to detect virtual machines (SLDT)

Uses SMTP (mail sending)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Classification

Process Tree

System is w10x64

cMXrP6YXvo.exe (PID: 4616 cmdline: "C:\Users\user\Desktop\cMXrP6YXvo.exe" MD5: 32EB10C12A29B38F13730CD1F5DCAD4D)

21.exe (PID: 6992 cmdline: "C:\Users\user\AppData\Local\Temp\21.exe" 0 MD5: 6C9447A6F1B04C75D95594338AE61E06)

21.exe (PID: 5340 cmdline: "C:\Users\user\AppData\Local\Temp\21.exe" 0 MD5: 6C9447A6F1B04C75D95594338AE61E06)

5.exe (PID: 6508 cmdline: "C:\Users\user\AppData\Local\Temp\5.exe" 0 MD5: 3F332B62EEE0970F3189C689D5BD042A)

5.exe (PID: 5396 cmdline: "C:\Users\user\AppData\Local\Temp\5.exe" 0 MD5: 3F332B62EEE0970F3189C689D5BD042A)

Windows Update.exe (PID: 5368 cmdline: "C:\Users\user\AppData\Roaming\Windows Update.exe" MD5: 3F332B62EEE0970F3189C689D5BD042A)

Windows Update.exe (PID: 7160 cmdline: "C:\Users\user\AppData\Roaming\Windows Update.exe" MD5: 3F332B62EEE0970F3189C689D5BD042A)

dw20.exe (PID: 6892 cmdline: dw20.exe -x -s 2108 MD5: 8D10DA8A3E11747E51F23C882C22BBC3)

vbc.exe (PID: 4544 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\user\AppData\Local\Temp\holdermail.txt" MD5: C63ED21D5706A527419C9FBD730FFB2E)

vbc.exe (PID: 7112 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\user\AppData\Local\Temp\holderwb.txt" MD5: C63ED21D5706A527419C9FBD730FFB2E)

WerFault.exe (PID: 5320 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 864 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

WerFault.exe (PID: 5332 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 864 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

4.exe (PID: 5616 cmdline: "C:\Users\user\AppData\Local\Temp\4.exe" 0 MD5: 78EDE0254C66FA9E667E4CEB88754E1C)

4.exe (PID: 5312 cmdline: "C:\Users\user\AppData\Local\Temp\4.exe" 0 MD5: 78EDE0254C66FA9E667E4CEB88754E1C)

WindowsUpdate.exe (PID: 3568 cmdline: "C:\Users\user\AppData\Roaming\WindowsUpdate.exe" MD5: 3F332B62EEE0970F3189C689D5BD042A)

WindowsUpdate.exe (PID: 7012 cmdline: "C:\Users\user\AppData\Roaming\WindowsUpdate.exe" MD5: 3F332B62EEE0970F3189C689D5BD042A)

WindowsUpdate.exe (PID: 4776 cmdline: "C:\Users\user\AppData\Roaming\WindowsUpdate.exe" MD5: 3F332B62EEE0970F3189C689D5BD042A)

WindowsUpdate.exe (PID: 6436 cmdline: "C:\Users\user\AppData\Roaming\WindowsUpdate.exe" MD5: 3F332B62EEE0970F3189C689D5BD042A)

Windows Update.exe (PID: 4964 cmdline: "C:\Users\user\AppData\Roaming\Windows Update.exe" MD5: 3F332B62EEE0970F3189C689D5BD042A)

Windows Update.exe (PID: 4960 cmdline: "C:\Users\user\AppData\Roaming\Windows Update.exe" MD5: 3F332B62EEE0970F3189C689D5BD042A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
00000009.00000000.335717991.0000000000414000.00000040.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000009.00000000.335717991.0000000000414000.00000040.00000001.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
0000001F.00000000.487258333.0000000000414000.00000040.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7c8ca:$key: HawkEyeKeylogger 0x7eb2c:$salt: 099u787978786 0x7cf0b:$string1: HawkEye_Keylogger 0x7dd5e:$string1: HawkEye_Keylogger 0x7ea8c:$string1: HawkEye_Keylogger 0x7d2f4:$string2: holdermail.txt 0x7d314:$string2: holdermail.txt 0x7d236:$string3: wallet.dat 0x7d24e:$string3: wallet.dat 0x7d264:$string3: wallet.dat 0x7e650:$string4: Keylog Records 0x7e968:$string4: Keylog Records 0x7eb84:$string5: do not script --> 0x7c8b2:$string6: \pidloc.txt 0x7c940:$string7: BSPLIT 0x7c950:$string7: BSPLIT
0000001F.00000000.487258333.0000000000414000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000001F.00000000.487258333.0000000000414000.00000040.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000001F.00000000.487258333.0000000000414000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000001F.00000000.487258333.0000000000414000.00000040.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7cf63:$hawkstr1: HawkEye Keylogger 0x7dda4:$hawkstr1: HawkEye Keylogger 0x7e0d3:$hawkstr1: HawkEye Keylogger 0x7e22e:$hawkstr1: HawkEye Keylogger 0x7e391:$hawkstr1: HawkEye Keylogger 0x7e628:$hawkstr1: HawkEye Keylogger 0x7caf1:$hawkstr2: Dear HawkEye Customers! 0x7e126:$hawkstr2: Dear HawkEye Customers! 0x7e27d:$hawkstr2: Dear HawkEye Customers! 0x7e3e4:$hawkstr2: Dear HawkEye Customers! 0x7cc12:$hawkstr3: HawkEye Logger Details:
00000006.00000002.343005223.00000000147A0000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000006.00000002.343005223.00000000147A0000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
00000025.00000001.540146334.0000000000414000.00000040.00020000.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7c8ca:$key: HawkEyeKeylogger 0x7eb2c:$salt: 099u787978786 0x7cf0b:$string1: HawkEye_Keylogger 0x7dd5e:$string1: HawkEye_Keylogger 0x7ea8c:$string1: HawkEye_Keylogger 0x7d2f4:$string2: holdermail.txt 0x7d314:$string2: holdermail.txt 0x7d236:$string3: wallet.dat 0x7d24e:$string3: wallet.dat 0x7d264:$string3: wallet.dat 0x7e650:$string4: Keylog Records 0x7e968:$string4: Keylog Records 0x7eb84:$string5: do not script --> 0x7c8b2:$string6: \pidloc.txt 0x7c940:$string7: BSPLIT 0x7c950:$string7: BSPLIT
00000025.00000001.540146334.0000000000414000.00000040.00020000.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000025.00000001.540146334.0000000000414000.00000040.00020000.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000025.00000001.540146334.0000000000414000.00000040.00020000.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000025.00000001.540146334.0000000000414000.00000040.00020000.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7cf63:$hawkstr1: HawkEye Keylogger 0x7dda4:$hawkstr1: HawkEye Keylogger 0x7e0d3:$hawkstr1: HawkEye Keylogger 0x7e22e:$hawkstr1: HawkEye Keylogger 0x7e391:$hawkstr1: HawkEye Keylogger 0x7e628:$hawkstr1: HawkEye Keylogger 0x7caf1:$hawkstr2: Dear HawkEye Customers! 0x7e126:$hawkstr2: Dear HawkEye Customers! 0x7e27d:$hawkstr2: Dear HawkEye Customers! 0x7e3e4:$hawkstr2: Dear HawkEye Customers! 0x7cc12:$hawkstr3: HawkEye Logger Details:
00000013.00000002.435531825.0000000000400000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000000E.00000000.424853508.0000000002529000.00000004.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b892:$key: HawkEyeKeylogger 0x7daf4:$salt: 099u787978786 0x7bed3:$string1: HawkEye_Keylogger 0x7cd26:$string1: HawkEye_Keylogger 0x7da54:$string1: HawkEye_Keylogger 0x7c2bc:$string2: holdermail.txt 0x7c2dc:$string2: holdermail.txt 0x7c1fe:$string3: wallet.dat 0x7c216:$string3: wallet.dat 0x7c22c:$string3: wallet.dat 0x7d618:$string4: Keylog Records 0x7d930:$string4: Keylog Records 0x7db4c:$string5: do not script --> 0x7b87a:$string6: \pidloc.txt 0x7b908:$string7: BSPLIT 0x7b918:$string7: BSPLIT
0000000E.00000000.424853508.0000000002529000.00000004.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000000E.00000000.424853508.0000000002529000.00000004.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000000E.00000000.424853508.0000000002529000.00000004.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000000E.00000000.424853508.0000000002529000.00000004.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf2b:$hawkstr1: HawkEye Keylogger 0x7cd6c:$hawkstr1: HawkEye Keylogger 0x7d09b:$hawkstr1: HawkEye Keylogger 0x7d1f6:$hawkstr1: HawkEye Keylogger 0x7d359:$hawkstr1: HawkEye Keylogger 0x7d5f0:$hawkstr1: HawkEye Keylogger 0x7bab9:$hawkstr2: Dear HawkEye Customers! 0x7d0ee:$hawkstr2: Dear HawkEye Customers! 0x7d245:$hawkstr2: Dear HawkEye Customers! 0x7d3ac:$hawkstr2: Dear HawkEye Customers! 0x7bbda:$hawkstr3: HawkEye Logger Details:
0000000E.00000000.446748931.0000000007700000.00000004.00020000.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
0000000E.00000002.474741013.00000000076B0000.00000004.00020000.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
00000013.00000000.416858714.0000000000400000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x908ca:$key: HawkEyeKeylogger 0x92b2c:$salt: 099u787978786 0x90f0b:$string1: HawkEye_Keylogger 0x91d5e:$string1: HawkEye_Keylogger 0x92a8c:$string1: HawkEye_Keylogger 0x912f4:$string2: holdermail.txt 0x91314:$string2: holdermail.txt 0x91236:$string3: wallet.dat 0x9124e:$string3: wallet.dat 0x91264:$string3: wallet.dat 0x92650:$string4: Keylog Records 0x92968:$string4: Keylog Records 0x92b84:$string5: do not script --> 0x908b2:$string6: \pidloc.txt 0x90940:$string7: BSPLIT 0x90950:$string7: BSPLIT
00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1c47b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x90f63:$hawkstr1: HawkEye Keylogger 0x91da4:$hawkstr1: HawkEye Keylogger 0x920d3:$hawkstr1: HawkEye Keylogger 0x9222e:$hawkstr1: HawkEye Keylogger 0x92391:$hawkstr1: HawkEye Keylogger 0x92628:$hawkstr1: HawkEye Keylogger 0x90af1:$hawkstr2: Dear HawkEye Customers! 0x92126:$hawkstr2: Dear HawkEye Customers! 0x9227d:$hawkstr2: Dear HawkEye Customers! 0x923e4:$hawkstr2: Dear HawkEye Customers! 0x90c12:$hawkstr3: HawkEye Logger Details:
00000018.00000000.458447354.0000000000414000.00000040.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7c8ca:$key: HawkEyeKeylogger 0x7eb2c:$salt: 099u787978786 0x7cf0b:$string1: HawkEye_Keylogger 0x7dd5e:$string1: HawkEye_Keylogger 0x7ea8c:$string1: HawkEye_Keylogger 0x7d2f4:$string2: holdermail.txt 0x7d314:$string2: holdermail.txt 0x7d236:$string3: wallet.dat 0x7d24e:$string3: wallet.dat 0x7d264:$string3: wallet.dat 0x7e650:$string4: Keylog Records 0x7e968:$string4: Keylog Records 0x7eb84:$string5: do not script --> 0x7c8b2:$string6: \pidloc.txt 0x7c940:$string7: BSPLIT 0x7c950:$string7: BSPLIT
00000018.00000000.458447354.0000000000414000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000018.00000000.458447354.0000000000414000.00000040.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000018.00000000.458447354.0000000000414000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000018.00000000.458447354.0000000000414000.00000040.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7cf63:$hawkstr1: HawkEye Keylogger 0x7dda4:$hawkstr1: HawkEye Keylogger 0x7e0d3:$hawkstr1: HawkEye Keylogger 0x7e22e:$hawkstr1: HawkEye Keylogger 0x7e391:$hawkstr1: HawkEye Keylogger 0x7e628:$hawkstr1: HawkEye Keylogger 0x7caf1:$hawkstr2: Dear HawkEye Customers! 0x7e126:$hawkstr2: Dear HawkEye Customers! 0x7e27d:$hawkstr2: Dear HawkEye Customers! 0x7e3e4:$hawkstr2: Dear HawkEye Customers! 0x7cc12:$hawkstr3: HawkEye Logger Details:
00000012.00000000.410455143.0000000000400000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000007.00000000.314241953.0000000000400000.00000040.00000001.sdmp	JoeSecurity_SpyEx_1	Yara detected SpyEx stealer	Joe Security
00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7daca:$key: HawkEyeKeylogger 0x7fd2c:$salt: 099u787978786 0x7e10b:$string1: HawkEye_Keylogger 0x7ef5e:$string1: HawkEye_Keylogger 0x7fc8c:$string1: HawkEye_Keylogger 0x7e4f4:$string2: holdermail.txt 0x7e514:$string2: holdermail.txt 0x7e436:$string3: wallet.dat 0x7e44e:$string3: wallet.dat 0x7e464:$string3: wallet.dat 0x7f850:$string4: Keylog Records 0x7fb68:$string4: Keylog Records 0x7fd84:$string5: do not script --> 0x7dab2:$string6: \pidloc.txt 0x7db40:$string7: BSPLIT 0x7db50:$string7: BSPLIT
00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7e163:$hawkstr1: HawkEye Keylogger 0x7efa4:$hawkstr1: HawkEye Keylogger 0x7f2d3:$hawkstr1: HawkEye Keylogger 0x7f42e:$hawkstr1: HawkEye Keylogger 0x7f591:$hawkstr1: HawkEye Keylogger 0x7f828:$hawkstr1: HawkEye Keylogger 0x7dcf1:$hawkstr2: Dear HawkEye Customers! 0x7f326:$hawkstr2: Dear HawkEye Customers! 0x7f47d:$hawkstr2: Dear HawkEye Customers! 0x7f5e4:$hawkstr2: Dear HawkEye Customers! 0x7de12:$hawkstr3: HawkEye Logger Details:
0000000E.00000000.435620946.0000000007700000.00000004.00020000.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
0000001E.00000002.496758993.00000000147E0000.00000004.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
0000001E.00000002.496758993.00000000147E0000.00000004.00000001.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
0000001E.00000002.496758993.00000000147E0000.00000004.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000001E.00000002.496758993.00000000147E0000.00000004.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000001E.00000002.496758993.00000000147E0000.00000004.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000001E.00000002.496758993.00000000147E0000.00000004.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
00000018.00000002.487065045.00000000036F1000.00000004.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7daca:$key: HawkEyeKeylogger 0x7fd2c:$salt: 099u787978786 0x7e10b:$string1: HawkEye_Keylogger 0x7ef5e:$string1: HawkEye_Keylogger 0x7fc8c:$string1: HawkEye_Keylogger 0x7e4f4:$string2: holdermail.txt 0x7e514:$string2: holdermail.txt 0x7e436:$string3: wallet.dat 0x7e44e:$string3: wallet.dat 0x7e464:$string3: wallet.dat 0x7f850:$string4: Keylog Records 0x7fb68:$string4: Keylog Records 0x7fd84:$string5: do not script --> 0x7dab2:$string6: \pidloc.txt 0x7db40:$string7: BSPLIT 0x7db50:$string7: BSPLIT
00000018.00000002.487065045.00000000036F1000.00000004.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000018.00000002.487065045.00000000036F1000.00000004.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000018.00000002.487065045.00000000036F1000.00000004.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000018.00000002.487065045.00000000036F1000.00000004.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7e163:$hawkstr1: HawkEye Keylogger 0x7efa4:$hawkstr1: HawkEye Keylogger 0x7f2d3:$hawkstr1: HawkEye Keylogger 0x7f42e:$hawkstr1: HawkEye Keylogger 0x7f591:$hawkstr1: HawkEye Keylogger 0x7f828:$hawkstr1: HawkEye Keylogger 0x7dcf1:$hawkstr2: Dear HawkEye Customers! 0x7f326:$hawkstr2: Dear HawkEye Customers! 0x7f47d:$hawkstr2: Dear HawkEye Customers! 0x7f5e4:$hawkstr2: Dear HawkEye Customers! 0x7de12:$hawkstr3: HawkEye Logger Details:
00000021.00000002.544269268.00000000147A0000.00000004.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
00000021.00000002.544269268.00000000147A0000.00000004.00000001.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
00000021.00000002.544269268.00000000147A0000.00000004.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000021.00000002.544269268.00000000147A0000.00000004.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000021.00000002.544269268.00000000147A0000.00000004.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000021.00000002.544269268.00000000147A0000.00000004.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
0000000E.00000002.471556569.0000000004AA2000.00000040.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b672:$key: HawkEyeKeylogger 0x7d8d4:$salt: 099u787978786 0x7bcb3:$string1: HawkEye_Keylogger 0x7cb06:$string1: HawkEye_Keylogger 0x7d834:$string1: HawkEye_Keylogger 0x7c09c:$string2: holdermail.txt 0x7c0bc:$string2: holdermail.txt 0x7bfde:$string3: wallet.dat 0x7bff6:$string3: wallet.dat 0x7c00c:$string3: wallet.dat 0x7d3f8:$string4: Keylog Records 0x7d710:$string4: Keylog Records 0x7d92c:$string5: do not script --> 0x7b65a:$string6: \pidloc.txt 0x7b6e8:$string7: BSPLIT 0x7b6f8:$string7: BSPLIT
0000000E.00000002.471556569.0000000004AA2000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000000E.00000002.471556569.0000000004AA2000.00000040.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000000E.00000002.471556569.0000000004AA2000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000000E.00000002.471556569.0000000004AA2000.00000040.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bd0b:$hawkstr1: HawkEye Keylogger 0x7cb4c:$hawkstr1: HawkEye Keylogger 0x7ce7b:$hawkstr1: HawkEye Keylogger 0x7cfd6:$hawkstr1: HawkEye Keylogger 0x7d139:$hawkstr1: HawkEye Keylogger 0x7d3d0:$hawkstr1: HawkEye Keylogger 0x7b899:$hawkstr2: Dear HawkEye Customers! 0x7cece:$hawkstr2: Dear HawkEye Customers! 0x7d025:$hawkstr2: Dear HawkEye Customers! 0x7d18c:$hawkstr2: Dear HawkEye Customers! 0x7b9ba:$hawkstr3: HawkEye Logger Details:
00000009.00000000.337735216.0000000000414000.00000040.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000009.00000000.337735216.0000000000414000.00000040.00000001.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
0000000E.00000000.443459685.0000000004A10000.00000004.00020000.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
0000000E.00000000.443459685.0000000004A10000.00000004.00020000.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
0000000E.00000000.443459685.0000000004A10000.00000004.00020000.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000000E.00000000.443459685.0000000004A10000.00000004.00020000.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000000E.00000000.443459685.0000000004A10000.00000004.00020000.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000000E.00000000.443459685.0000000004A10000.00000004.00020000.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
00000012.00000002.418568724.0000000000400000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000009.00000002.576398424.00000000027E1000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000009.00000002.576398424.00000000027E1000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000E.00000001.387071526.0000000000414000.00000040.00020000.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7c8ca:$key: HawkEyeKeylogger 0x7eb2c:$salt: 099u787978786 0x7cf0b:$string1: HawkEye_Keylogger 0x7dd5e:$string1: HawkEye_Keylogger 0x7ea8c:$string1: HawkEye_Keylogger 0x7d2f4:$string2: holdermail.txt 0x7d314:$string2: holdermail.txt 0x7d236:$string3: wallet.dat 0x7d24e:$string3: wallet.dat 0x7d264:$string3: wallet.dat 0x7e650:$string4: Keylog Records 0x7e968:$string4: Keylog Records 0x7eb84:$string5: do not script --> 0x7c8b2:$string6: \pidloc.txt 0x7c940:$string7: BSPLIT 0x7c950:$string7: BSPLIT
0000000E.00000001.387071526.0000000000414000.00000040.00020000.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000000E.00000001.387071526.0000000000414000.00000040.00020000.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000000E.00000001.387071526.0000000000414000.00000040.00020000.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000000E.00000001.387071526.0000000000414000.00000040.00020000.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7cf63:$hawkstr1: HawkEye Keylogger 0x7dda4:$hawkstr1: HawkEye Keylogger 0x7e0d3:$hawkstr1: HawkEye Keylogger 0x7e22e:$hawkstr1: HawkEye Keylogger 0x7e391:$hawkstr1: HawkEye Keylogger 0x7e628:$hawkstr1: HawkEye Keylogger 0x7caf1:$hawkstr2: Dear HawkEye Customers! 0x7e126:$hawkstr2: Dear HawkEye Customers! 0x7e27d:$hawkstr2: Dear HawkEye Customers! 0x7e3e4:$hawkstr2: Dear HawkEye Customers! 0x7cc12:$hawkstr3: HawkEye Logger Details:
00000012.00000000.406966405.0000000000400000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000000E.00000000.435586498.00000000076B0000.00000004.00020000.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
0000000E.00000000.386135625.0000000000414000.00000040.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7c8ca:$key: HawkEyeKeylogger 0x7eb2c:$salt: 099u787978786 0x7cf0b:$string1: HawkEye_Keylogger 0x7dd5e:$string1: HawkEye_Keylogger 0x7ea8c:$string1: HawkEye_Keylogger 0x7d2f4:$string2: holdermail.txt 0x7d314:$string2: holdermail.txt 0x7d236:$string3: wallet.dat 0x7d24e:$string3: wallet.dat 0x7d264:$string3: wallet.dat 0x7e650:$string4: Keylog Records 0x7e968:$string4: Keylog Records 0x7eb84:$string5: do not script --> 0x7c8b2:$string6: \pidloc.txt 0x7c940:$string7: BSPLIT 0x7c950:$string7: BSPLIT
0000000E.00000000.386135625.0000000000414000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000000E.00000000.386135625.0000000000414000.00000040.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000000E.00000000.386135625.0000000000414000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000000E.00000000.386135625.0000000000414000.00000040.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7cf63:$hawkstr1: HawkEye Keylogger 0x7dda4:$hawkstr1: HawkEye Keylogger 0x7e0d3:$hawkstr1: HawkEye Keylogger 0x7e22e:$hawkstr1: HawkEye Keylogger 0x7e391:$hawkstr1: HawkEye Keylogger 0x7e628:$hawkstr1: HawkEye Keylogger 0x7caf1:$hawkstr2: Dear HawkEye Customers! 0x7e126:$hawkstr2: Dear HawkEye Customers! 0x7e27d:$hawkstr2: Dear HawkEye Customers! 0x7e3e4:$hawkstr2: Dear HawkEye Customers! 0x7cc12:$hawkstr3: HawkEye Logger Details:
00000018.00000002.487659906.0000000004952000.00000040.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b672:$key: HawkEyeKeylogger 0x7d8d4:$salt: 099u787978786 0x7bcb3:$string1: HawkEye_Keylogger 0x7cb06:$string1: HawkEye_Keylogger 0x7d834:$string1: HawkEye_Keylogger 0x7c09c:$string2: holdermail.txt 0x7c0bc:$string2: holdermail.txt 0x7bfde:$string3: wallet.dat 0x7bff6:$string3: wallet.dat 0x7c00c:$string3: wallet.dat 0x7d3f8:$string4: Keylog Records 0x7d710:$string4: Keylog Records 0x7d92c:$string5: do not script --> 0x7b65a:$string6: \pidloc.txt 0x7b6e8:$string7: BSPLIT 0x7b6f8:$string7: BSPLIT
00000018.00000002.487659906.0000000004952000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000018.00000002.487659906.0000000004952000.00000040.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000018.00000002.487659906.0000000004952000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000018.00000002.487659906.0000000004952000.00000040.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bd0b:$hawkstr1: HawkEye Keylogger 0x7cb4c:$hawkstr1: HawkEye Keylogger 0x7ce7b:$hawkstr1: HawkEye Keylogger 0x7cfd6:$hawkstr1: HawkEye Keylogger 0x7d139:$hawkstr1: HawkEye Keylogger 0x7d3d0:$hawkstr1: HawkEye Keylogger 0x7b899:$hawkstr2: Dear HawkEye Customers! 0x7cece:$hawkstr2: Dear HawkEye Customers! 0x7d025:$hawkstr2: Dear HawkEye Customers! 0x7d18c:$hawkstr2: Dear HawkEye Customers! 0x7b9ba:$hawkstr3: HawkEye Logger Details:
0000001F.00000002.508401661.00000000037D1000.00000004.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7daca:$key: HawkEyeKeylogger 0x7fd2c:$salt: 099u787978786 0x7e10b:$string1: HawkEye_Keylogger 0x7ef5e:$string1: HawkEye_Keylogger 0x7fc8c:$string1: HawkEye_Keylogger 0x7e4f4:$string2: holdermail.txt 0x7e514:$string2: holdermail.txt 0x7e436:$string3: wallet.dat 0x7e44e:$string3: wallet.dat 0x7e464:$string3: wallet.dat 0x7f850:$string4: Keylog Records 0x7fb68:$string4: Keylog Records 0x7fd84:$string5: do not script --> 0x7dab2:$string6: \pidloc.txt 0x7db40:$string7: BSPLIT 0x7db50:$string7: BSPLIT
0000001F.00000002.508401661.00000000037D1000.00000004.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000001F.00000002.508401661.00000000037D1000.00000004.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000001F.00000002.508401661.00000000037D1000.00000004.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000001F.00000002.508401661.00000000037D1000.00000004.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7e163:$hawkstr1: HawkEye Keylogger 0x7efa4:$hawkstr1: HawkEye Keylogger 0x7f2d3:$hawkstr1: HawkEye Keylogger 0x7f42e:$hawkstr1: HawkEye Keylogger 0x7f591:$hawkstr1: HawkEye Keylogger 0x7f828:$hawkstr1: HawkEye Keylogger 0x7dcf1:$hawkstr2: Dear HawkEye Customers! 0x7f326:$hawkstr2: Dear HawkEye Customers! 0x7f47d:$hawkstr2: Dear HawkEye Customers! 0x7f5e4:$hawkstr2: Dear HawkEye Customers! 0x7de12:$hawkstr3: HawkEye Logger Details:
0000000D.00000002.392123032.0000000014670000.00000004.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
0000000D.00000002.392123032.0000000014670000.00000004.00000001.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
0000000D.00000002.392123032.0000000014670000.00000004.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000000D.00000002.392123032.0000000014670000.00000004.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000000D.00000002.392123032.0000000014670000.00000004.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000000D.00000002.392123032.0000000014670000.00000004.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
0000000E.00000000.431782544.0000000004A10000.00000004.00020000.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
0000000E.00000000.431782544.0000000004A10000.00000004.00020000.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
0000000E.00000000.431782544.0000000004A10000.00000004.00020000.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000000E.00000000.431782544.0000000004A10000.00000004.00020000.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000000E.00000000.431782544.0000000004A10000.00000004.00020000.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000000E.00000000.431782544.0000000004A10000.00000004.00020000.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
00000013.00000000.413302341.0000000000400000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b892:$key: HawkEyeKeylogger 0x7daf4:$salt: 099u787978786 0x7bed3:$string1: HawkEye_Keylogger 0x7cd26:$string1: HawkEye_Keylogger 0x7da54:$string1: HawkEye_Keylogger 0x7c2bc:$string2: holdermail.txt 0x7c2dc:$string2: holdermail.txt 0x7c1fe:$string3: wallet.dat 0x7c216:$string3: wallet.dat 0x7c22c:$string3: wallet.dat 0x7d618:$string4: Keylog Records 0x7d930:$string4: Keylog Records 0x7db4c:$string5: do not script --> 0x7b87a:$string6: \pidloc.txt 0x7b908:$string7: BSPLIT 0x7b918:$string7: BSPLIT
00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf2b:$hawkstr1: HawkEye Keylogger 0x7cd6c:$hawkstr1: HawkEye Keylogger 0x7d09b:$hawkstr1: HawkEye Keylogger 0x7d1f6:$hawkstr1: HawkEye Keylogger 0x7d359:$hawkstr1: HawkEye Keylogger 0x7d5f0:$hawkstr1: HawkEye Keylogger 0x7bab9:$hawkstr2: Dear HawkEye Customers! 0x7d0ee:$hawkstr2: Dear HawkEye Customers! 0x7d245:$hawkstr2: Dear HawkEye Customers! 0x7d3ac:$hawkstr2: Dear HawkEye Customers! 0x7bbda:$hawkstr3: HawkEye Logger Details:
00000025.00000000.532110592.0000000000414000.00000040.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7c8ca:$key: HawkEyeKeylogger 0x7eb2c:$salt: 099u787978786 0x7cf0b:$string1: HawkEye_Keylogger 0x7dd5e:$string1: HawkEye_Keylogger 0x7ea8c:$string1: HawkEye_Keylogger 0x7d2f4:$string2: holdermail.txt 0x7d314:$string2: holdermail.txt 0x7d236:$string3: wallet.dat 0x7d24e:$string3: wallet.dat 0x7d264:$string3: wallet.dat 0x7e650:$string4: Keylog Records 0x7e968:$string4: Keylog Records 0x7eb84:$string5: do not script --> 0x7c8b2:$string6: \pidloc.txt 0x7c940:$string7: BSPLIT 0x7c950:$string7: BSPLIT
00000025.00000000.532110592.0000000000414000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000025.00000000.532110592.0000000000414000.00000040.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000025.00000000.532110592.0000000000414000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000025.00000000.532110592.0000000000414000.00000040.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7cf63:$hawkstr1: HawkEye Keylogger 0x7dda4:$hawkstr1: HawkEye Keylogger 0x7e0d3:$hawkstr1: HawkEye Keylogger 0x7e22e:$hawkstr1: HawkEye Keylogger 0x7e391:$hawkstr1: HawkEye Keylogger 0x7e628:$hawkstr1: HawkEye Keylogger 0x7caf1:$hawkstr2: Dear HawkEye Customers! 0x7e126:$hawkstr2: Dear HawkEye Customers! 0x7e27d:$hawkstr2: Dear HawkEye Customers! 0x7e3e4:$hawkstr2: Dear HawkEye Customers! 0x7cc12:$hawkstr3: HawkEye Logger Details:
00000003.00000002.327402234.00000000147A0000.00000004.00000001.sdmp	JoeSecurity_SpyEx_1	Yara detected SpyEx stealer	Joe Security
0000000E.00000000.432437087.0000000004AA2000.00000040.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b672:$key: HawkEyeKeylogger 0x7d8d4:$salt: 099u787978786 0x7bcb3:$string1: HawkEye_Keylogger 0x7cb06:$string1: HawkEye_Keylogger 0x7d834:$string1: HawkEye_Keylogger 0x7c09c:$string2: holdermail.txt 0x7c0bc:$string2: holdermail.txt 0x7bfde:$string3: wallet.dat 0x7bff6:$string3: wallet.dat 0x7c00c:$string3: wallet.dat 0x7d3f8:$string4: Keylog Records 0x7d710:$string4: Keylog Records 0x7d92c:$string5: do not script --> 0x7b65a:$string6: \pidloc.txt 0x7b6e8:$string7: BSPLIT 0x7b6f8:$string7: BSPLIT
0000000E.00000000.432437087.0000000004AA2000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000000E.00000000.432437087.0000000004AA2000.00000040.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000000E.00000000.432437087.0000000004AA2000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000000E.00000000.432437087.0000000004AA2000.00000040.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bd0b:$hawkstr1: HawkEye Keylogger 0x7cb4c:$hawkstr1: HawkEye Keylogger 0x7ce7b:$hawkstr1: HawkEye Keylogger 0x7cfd6:$hawkstr1: HawkEye Keylogger 0x7d139:$hawkstr1: HawkEye Keylogger 0x7d3d0:$hawkstr1: HawkEye Keylogger 0x7b899:$hawkstr2: Dear HawkEye Customers! 0x7cece:$hawkstr2: Dear HawkEye Customers! 0x7d025:$hawkstr2: Dear HawkEye Customers! 0x7d18c:$hawkstr2: Dear HawkEye Customers! 0x7b9ba:$hawkstr3: HawkEye Logger Details:
0000000E.00000000.436977479.0000000000400000.00000040.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x908ca:$key: HawkEyeKeylogger 0x92b2c:$salt: 099u787978786 0x90f0b:$string1: HawkEye_Keylogger 0x91d5e:$string1: HawkEye_Keylogger 0x92a8c:$string1: HawkEye_Keylogger 0x912f4:$string2: holdermail.txt 0x91314:$string2: holdermail.txt 0x91236:$string3: wallet.dat 0x9124e:$string3: wallet.dat 0x91264:$string3: wallet.dat 0x92650:$string4: Keylog Records 0x92968:$string4: Keylog Records 0x92b84:$string5: do not script --> 0x908b2:$string6: \pidloc.txt 0x90940:$string7: BSPLIT 0x90950:$string7: BSPLIT
0000000E.00000000.436977479.0000000000400000.00000040.00000001.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1c47b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
0000000E.00000000.436977479.0000000000400000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000000E.00000000.436977479.0000000000400000.00000040.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000000E.00000000.436977479.0000000000400000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000000E.00000000.436977479.0000000000400000.00000040.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x90f63:$hawkstr1: HawkEye Keylogger 0x91da4:$hawkstr1: HawkEye Keylogger 0x920d3:$hawkstr1: HawkEye Keylogger 0x9222e:$hawkstr1: HawkEye Keylogger 0x92391:$hawkstr1: HawkEye Keylogger 0x92628:$hawkstr1: HawkEye Keylogger 0x90af1:$hawkstr2: Dear HawkEye Customers! 0x92126:$hawkstr2: Dear HawkEye Customers! 0x9227d:$hawkstr2: Dear HawkEye Customers! 0x923e4:$hawkstr2: Dear HawkEye Customers! 0x90c12:$hawkstr3: HawkEye Logger Details:
00000018.00000002.484362226.0000000000400000.00000040.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x908ca:$key: HawkEyeKeylogger 0x92b2c:$salt: 099u787978786 0x90f0b:$string1: HawkEye_Keylogger 0x91d5e:$string1: HawkEye_Keylogger 0x92a8c:$string1: HawkEye_Keylogger 0x912f4:$string2: holdermail.txt 0x91314:$string2: holdermail.txt 0x91236:$string3: wallet.dat 0x9124e:$string3: wallet.dat 0x91264:$string3: wallet.dat 0x92650:$string4: Keylog Records 0x92968:$string4: Keylog Records 0x92b84:$string5: do not script --> 0x908b2:$string6: \pidloc.txt 0x90940:$string7: BSPLIT 0x90950:$string7: BSPLIT
00000018.00000002.484362226.0000000000400000.00000040.00000001.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1c47b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
00000018.00000002.484362226.0000000000400000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000018.00000002.484362226.0000000000400000.00000040.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000018.00000002.484362226.0000000000400000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000018.00000002.484362226.0000000000400000.00000040.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x90f63:$hawkstr1: HawkEye Keylogger 0x91da4:$hawkstr1: HawkEye Keylogger 0x920d3:$hawkstr1: HawkEye Keylogger 0x9222e:$hawkstr1: HawkEye Keylogger 0x92391:$hawkstr1: HawkEye Keylogger 0x92628:$hawkstr1: HawkEye Keylogger 0x90af1:$hawkstr2: Dear HawkEye Customers! 0x92126:$hawkstr2: Dear HawkEye Customers! 0x9227d:$hawkstr2: Dear HawkEye Customers! 0x923e4:$hawkstr2: Dear HawkEye Customers! 0x90c12:$hawkstr3: HawkEye Logger Details:
00000007.00000000.318809130.0000000000400000.00000040.00000001.sdmp	JoeSecurity_SpyEx_1	Yara detected SpyEx stealer	Joe Security
00000007.00000002.571046734.0000000000400000.00000040.00000001.sdmp	JoeSecurity_SpyEx_1	Yara detected SpyEx stealer	Joe Security
0000000E.00000000.438307207.0000000002529000.00000004.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b892:$key: HawkEyeKeylogger 0x7daf4:$salt: 099u787978786 0x7bed3:$string1: HawkEye_Keylogger 0x7cd26:$string1: HawkEye_Keylogger 0x7da54:$string1: HawkEye_Keylogger 0x7c2bc:$string2: holdermail.txt 0x7c2dc:$string2: holdermail.txt 0x7c1fe:$string3: wallet.dat 0x7c216:$string3: wallet.dat 0x7c22c:$string3: wallet.dat 0x7d618:$string4: Keylog Records 0x7d930:$string4: Keylog Records 0x7db4c:$string5: do not script --> 0x7b87a:$string6: \pidloc.txt 0x7b908:$string7: BSPLIT 0x7b918:$string7: BSPLIT
0000000E.00000000.438307207.0000000002529000.00000004.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000000E.00000000.438307207.0000000002529000.00000004.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000000E.00000000.438307207.0000000002529000.00000004.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000000E.00000000.438307207.0000000002529000.00000004.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf2b:$hawkstr1: HawkEye Keylogger 0x7cd6c:$hawkstr1: HawkEye Keylogger 0x7d09b:$hawkstr1: HawkEye Keylogger 0x7d1f6:$hawkstr1: HawkEye Keylogger 0x7d359:$hawkstr1: HawkEye Keylogger 0x7d5f0:$hawkstr1: HawkEye Keylogger 0x7bab9:$hawkstr2: Dear HawkEye Customers! 0x7d0ee:$hawkstr2: Dear HawkEye Customers! 0x7d245:$hawkstr2: Dear HawkEye Customers! 0x7d3ac:$hawkstr2: Dear HawkEye Customers! 0x7bbda:$hawkstr3: HawkEye Logger Details:
00000013.00000000.413912145.0000000000400000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000018.00000000.453421134.0000000000414000.00000040.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7c8ca:$key: HawkEyeKeylogger 0x7eb2c:$salt: 099u787978786 0x7cf0b:$string1: HawkEye_Keylogger 0x7dd5e:$string1: HawkEye_Keylogger 0x7ea8c:$string1: HawkEye_Keylogger 0x7d2f4:$string2: holdermail.txt 0x7d314:$string2: holdermail.txt 0x7d236:$string3: wallet.dat 0x7d24e:$string3: wallet.dat 0x7d264:$string3: wallet.dat 0x7e650:$string4: Keylog Records 0x7e968:$string4: Keylog Records 0x7eb84:$string5: do not script --> 0x7c8b2:$string6: \pidloc.txt 0x7c940:$string7: BSPLIT 0x7c950:$string7: BSPLIT
00000018.00000000.453421134.0000000000414000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000018.00000000.453421134.0000000000414000.00000040.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000018.00000000.453421134.0000000000414000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000018.00000000.453421134.0000000000414000.00000040.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7cf63:$hawkstr1: HawkEye Keylogger 0x7dda4:$hawkstr1: HawkEye Keylogger 0x7e0d3:$hawkstr1: HawkEye Keylogger 0x7e22e:$hawkstr1: HawkEye Keylogger 0x7e391:$hawkstr1: HawkEye Keylogger 0x7e628:$hawkstr1: HawkEye Keylogger 0x7caf1:$hawkstr2: Dear HawkEye Customers! 0x7e126:$hawkstr2: Dear HawkEye Customers! 0x7e27d:$hawkstr2: Dear HawkEye Customers! 0x7e3e4:$hawkstr2: Dear HawkEye Customers! 0x7cc12:$hawkstr3: HawkEye Logger Details:
00000018.00000002.487409416.00000000048C0000.00000004.00020000.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
00000018.00000002.487409416.00000000048C0000.00000004.00020000.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
00000018.00000002.487409416.00000000048C0000.00000004.00020000.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000018.00000002.487409416.00000000048C0000.00000004.00020000.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000018.00000002.487409416.00000000048C0000.00000004.00020000.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000018.00000002.487409416.00000000048C0000.00000004.00020000.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
00000009.00000002.571455796.0000000000400000.00000040.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000009.00000002.571455796.0000000000400000.00000040.00000001.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
00000009.00000002.574924730.00000000006F8000.00000004.00000020.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000009.00000002.574924730.00000000006F8000.00000004.00000020.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
0000000E.00000000.438464449.0000000002911000.00000004.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x2d4b4:$key: HawkEyeKeylogger 0x2ddb0:$salt: 099u787978786 0x42260:$string1: HawkEye_Keylogger 0x48d5c:$string1: HawkEye_Keylogger 0x46748:$string2: holdermail.txt 0x46778:$string2: holdermail.txt 0x4368e:$string3: wallet.dat 0x436b6:$string3: wallet.dat 0x436dc:$string3: wallet.dat 0x44ad4:$string4: Keylog Records 0x44e0a:$string4: Keylog Records 0x32414:$string5: do not script --> 0x2d48c:$string6: \pidloc.txt 0x2d594:$string7: BSPLIT 0x2d5b4:$string7: BSPLIT
0000000E.00000000.438464449.0000000002911000.00000004.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000000E.00000000.438464449.0000000002911000.00000004.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x422f0:$hawkstr1: HawkEye Keylogger 0x438f4:$hawkstr1: HawkEye Keylogger 0x43c8c:$hawkstr1: HawkEye Keylogger 0x44aac:$hawkstr1: HawkEye Keylogger 0x48db4:$hawkstr1: HawkEye Keylogger 0x4b254:$hawkstr1: HawkEye Keylogger 0x41d68:$hawkstr2: Dear HawkEye Customers! 0x43958:$hawkstr2: Dear HawkEye Customers! 0x43cf0:$hawkstr2: Dear HawkEye Customers! 0x4b2b4:$hawkstr2: Dear HawkEye Customers! 0x41e9a:$hawkstr3: HawkEye Logger Details:
0000000E.00000000.442768485.0000000003911000.00000004.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7daca:$key: HawkEyeKeylogger 0x7fd2c:$salt: 099u787978786 0x7e10b:$string1: HawkEye_Keylogger 0x7ef5e:$string1: HawkEye_Keylogger 0x7fc8c:$string1: HawkEye_Keylogger 0x7e4f4:$string2: holdermail.txt 0x7e514:$string2: holdermail.txt 0x7e436:$string3: wallet.dat 0x7e44e:$string3: wallet.dat 0x7e464:$string3: wallet.dat 0x7f850:$string4: Keylog Records 0x7fb68:$string4: Keylog Records 0x7fd84:$string5: do not script --> 0x7dab2:$string6: \pidloc.txt 0x7db40:$string7: BSPLIT 0x7db50:$string7: BSPLIT
0000000E.00000000.442768485.0000000003911000.00000004.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000000E.00000000.442768485.0000000003911000.00000004.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000000E.00000000.442768485.0000000003911000.00000004.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000000E.00000000.442768485.0000000003911000.00000004.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7e163:$hawkstr1: HawkEye Keylogger 0x7efa4:$hawkstr1: HawkEye Keylogger 0x7f2d3:$hawkstr1: HawkEye Keylogger 0x7f42e:$hawkstr1: HawkEye Keylogger 0x7f591:$hawkstr1: HawkEye Keylogger 0x7f828:$hawkstr1: HawkEye Keylogger 0x7dcf1:$hawkstr2: Dear HawkEye Customers! 0x7f326:$hawkstr2: Dear HawkEye Customers! 0x7f47d:$hawkstr2: Dear HawkEye Customers! 0x7f5e4:$hawkstr2: Dear HawkEye Customers! 0x7de12:$hawkstr3: HawkEye Logger Details:
00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
00000016.00000002.466960238.00000000147A0000.00000004.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
00000016.00000002.466960238.00000000147A0000.00000004.00000001.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
00000016.00000002.466960238.00000000147A0000.00000004.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000016.00000002.466960238.00000000147A0000.00000004.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000016.00000002.466960238.00000000147A0000.00000004.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000016.00000002.466960238.00000000147A0000.00000004.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
00000007.00000001.323376377.0000000000400000.00000040.00020000.sdmp	JoeSecurity_SpyEx_1	Yara detected SpyEx stealer	Joe Security
00000007.00000000.317173820.0000000000400000.00000040.00000001.sdmp	JoeSecurity_SpyEx_1	Yara detected SpyEx stealer	Joe Security
00000007.00000000.321988059.0000000000400000.00000040.00000001.sdmp	JoeSecurity_SpyEx_1	Yara detected SpyEx stealer	Joe Security
0000000E.00000002.469849010.0000000003911000.00000004.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7daca:$key: HawkEyeKeylogger 0x7fd2c:$salt: 099u787978786 0x7e10b:$string1: HawkEye_Keylogger 0x7ef5e:$string1: HawkEye_Keylogger 0x7fc8c:$string1: HawkEye_Keylogger 0x7e4f4:$string2: holdermail.txt 0x7e514:$string2: holdermail.txt 0x7e436:$string3: wallet.dat 0x7e44e:$string3: wallet.dat 0x7e464:$string3: wallet.dat 0x7f850:$string4: Keylog Records 0x7fb68:$string4: Keylog Records 0x7fd84:$string5: do not script --> 0x7dab2:$string6: \pidloc.txt 0x7db40:$string7: BSPLIT 0x7db50:$string7: BSPLIT
0000000E.00000002.469849010.0000000003911000.00000004.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000000E.00000002.469849010.0000000003911000.00000004.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000000E.00000002.469849010.0000000003911000.00000004.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000000E.00000002.469849010.0000000003911000.00000004.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7e163:$hawkstr1: HawkEye Keylogger 0x7efa4:$hawkstr1: HawkEye Keylogger 0x7f2d3:$hawkstr1: HawkEye Keylogger 0x7f42e:$hawkstr1: HawkEye Keylogger 0x7f591:$hawkstr1: HawkEye Keylogger 0x7f828:$hawkstr1: HawkEye Keylogger 0x7dcf1:$hawkstr2: Dear HawkEye Customers! 0x7f326:$hawkstr2: Dear HawkEye Customers! 0x7f47d:$hawkstr2: Dear HawkEye Customers! 0x7f5e4:$hawkstr2: Dear HawkEye Customers! 0x7de12:$hawkstr3: HawkEye Logger Details:
0000000E.00000002.474766156.0000000007700000.00000004.00020000.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
0000000E.00000002.462830437.0000000000400000.00000040.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x908ca:$key: HawkEyeKeylogger 0x92b2c:$salt: 099u787978786 0x90f0b:$string1: HawkEye_Keylogger 0x91d5e:$string1: HawkEye_Keylogger 0x92a8c:$string1: HawkEye_Keylogger 0x912f4:$string2: holdermail.txt 0x91314:$string2: holdermail.txt 0x91236:$string3: wallet.dat 0x9124e:$string3: wallet.dat 0x91264:$string3: wallet.dat 0x92650:$string4: Keylog Records 0x92968:$string4: Keylog Records 0x92b84:$string5: do not script --> 0x908b2:$string6: \pidloc.txt 0x90940:$string7: BSPLIT 0x90950:$string7: BSPLIT
0000000E.00000002.462830437.0000000000400000.00000040.00000001.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1c47b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
0000000E.00000002.462830437.0000000000400000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000000E.00000002.462830437.0000000000400000.00000040.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000000E.00000002.462830437.0000000000400000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000000E.00000002.462830437.0000000000400000.00000040.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x90f63:$hawkstr1: HawkEye Keylogger 0x91da4:$hawkstr1: HawkEye Keylogger 0x920d3:$hawkstr1: HawkEye Keylogger 0x9222e:$hawkstr1: HawkEye Keylogger 0x92391:$hawkstr1: HawkEye Keylogger 0x92628:$hawkstr1: HawkEye Keylogger 0x90af1:$hawkstr2: Dear HawkEye Customers! 0x92126:$hawkstr2: Dear HawkEye Customers! 0x9227d:$hawkstr2: Dear HawkEye Customers! 0x923e4:$hawkstr2: Dear HawkEye Customers! 0x90c12:$hawkstr3: HawkEye Logger Details:
00000009.00000002.581900586.0000000004832000.00000040.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000009.00000002.581900586.0000000004832000.00000040.00000001.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7c8ca:$key: HawkEyeKeylogger 0x7eb2c:$salt: 099u787978786 0x7cf0b:$string1: HawkEye_Keylogger 0x7dd5e:$string1: HawkEye_Keylogger 0x7ea8c:$string1: HawkEye_Keylogger 0x7d2f4:$string2: holdermail.txt 0x7d314:$string2: holdermail.txt 0x7d236:$string3: wallet.dat 0x7d24e:$string3: wallet.dat 0x7d264:$string3: wallet.dat 0x7e650:$string4: Keylog Records 0x7e968:$string4: Keylog Records 0x7eb84:$string5: do not script --> 0x7c8b2:$string6: \pidloc.txt 0x7c940:$string7: BSPLIT 0x7c950:$string7: BSPLIT
00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7cf63:$hawkstr1: HawkEye Keylogger 0x7dda4:$hawkstr1: HawkEye Keylogger 0x7e0d3:$hawkstr1: HawkEye Keylogger 0x7e22e:$hawkstr1: HawkEye Keylogger 0x7e391:$hawkstr1: HawkEye Keylogger 0x7e628:$hawkstr1: HawkEye Keylogger 0x7caf1:$hawkstr2: Dear HawkEye Customers! 0x7e126:$hawkstr2: Dear HawkEye Customers! 0x7e27d:$hawkstr2: Dear HawkEye Customers! 0x7e3e4:$hawkstr2: Dear HawkEye Customers! 0x7cc12:$hawkstr3: HawkEye Logger Details:
00000012.00000000.407738754.0000000000400000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000009.00000002.580839788.00000000037E1000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000009.00000002.580839788.00000000037E1000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
0000000E.00000002.466203321.0000000002529000.00000004.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b892:$key: HawkEyeKeylogger 0x7daf4:$salt: 099u787978786 0x7bed3:$string1: HawkEye_Keylogger 0x7cd26:$string1: HawkEye_Keylogger 0x7da54:$string1: HawkEye_Keylogger 0x7c2bc:$string2: holdermail.txt 0x7c2dc:$string2: holdermail.txt 0x7c1fe:$string3: wallet.dat 0x7c216:$string3: wallet.dat 0x7c22c:$string3: wallet.dat 0x7d618:$string4: Keylog Records 0x7d930:$string4: Keylog Records 0x7db4c:$string5: do not script --> 0x7b87a:$string6: \pidloc.txt 0x7b908:$string7: BSPLIT 0x7b918:$string7: BSPLIT
0000000E.00000002.466203321.0000000002529000.00000004.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000000E.00000002.466203321.0000000002529000.00000004.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000000E.00000002.466203321.0000000002529000.00000004.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000000E.00000002.466203321.0000000002529000.00000004.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf2b:$hawkstr1: HawkEye Keylogger 0x7cd6c:$hawkstr1: HawkEye Keylogger 0x7d09b:$hawkstr1: HawkEye Keylogger 0x7d1f6:$hawkstr1: HawkEye Keylogger 0x7d359:$hawkstr1: HawkEye Keylogger 0x7d5f0:$hawkstr1: HawkEye Keylogger 0x7bab9:$hawkstr2: Dear HawkEye Customers! 0x7d0ee:$hawkstr2: Dear HawkEye Customers! 0x7d245:$hawkstr2: Dear HawkEye Customers! 0x7d3ac:$hawkstr2: Dear HawkEye Customers! 0x7bbda:$hawkstr3: HawkEye Logger Details:
00000009.00000001.339826554.0000000000414000.00000040.00020000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000009.00000001.339826554.0000000000414000.00000040.00020000.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
0000000E.00000000.446725234.00000000076B0000.00000004.00020000.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
0000001F.00000002.507953184.00000000023ED000.00000004.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b892:$key: HawkEyeKeylogger 0x7daf4:$salt: 099u787978786 0x7bed3:$string1: HawkEye_Keylogger 0x7cd26:$string1: HawkEye_Keylogger 0x7da54:$string1: HawkEye_Keylogger 0x7c2bc:$string2: holdermail.txt 0x7c2dc:$string2: holdermail.txt 0x7c1fe:$string3: wallet.dat 0x7c216:$string3: wallet.dat 0x7c22c:$string3: wallet.dat 0x7d618:$string4: Keylog Records 0x7d930:$string4: Keylog Records 0x7db4c:$string5: do not script --> 0x7b87a:$string6: \pidloc.txt 0x7b908:$string7: BSPLIT 0x7b918:$string7: BSPLIT
0000001F.00000002.507953184.00000000023ED000.00000004.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000001F.00000002.507953184.00000000023ED000.00000004.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000001F.00000002.507953184.00000000023ED000.00000004.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000001F.00000002.507953184.00000000023ED000.00000004.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf2b:$hawkstr1: HawkEye Keylogger 0x7cd6c:$hawkstr1: HawkEye Keylogger 0x7d09b:$hawkstr1: HawkEye Keylogger 0x7d1f6:$hawkstr1: HawkEye Keylogger 0x7d359:$hawkstr1: HawkEye Keylogger 0x7d5f0:$hawkstr1: HawkEye Keylogger 0x7bab9:$hawkstr2: Dear HawkEye Customers! 0x7d0ee:$hawkstr2: Dear HawkEye Customers! 0x7d245:$hawkstr2: Dear HawkEye Customers! 0x7d3ac:$hawkstr2: Dear HawkEye Customers! 0x7bbda:$hawkstr3: HawkEye Logger Details:
00000008.00000000.327594112.0000000000414000.00000040.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7c8ca:$key: HawkEyeKeylogger 0x7eb2c:$salt: 099u787978786 0x7cf0b:$string1: HawkEye_Keylogger 0x7dd5e:$string1: HawkEye_Keylogger 0x7ea8c:$string1: HawkEye_Keylogger 0x7d2f4:$string2: holdermail.txt 0x7d314:$string2: holdermail.txt 0x7d236:$string3: wallet.dat 0x7d24e:$string3: wallet.dat 0x7d264:$string3: wallet.dat 0x7e650:$string4: Keylog Records 0x7e968:$string4: Keylog Records 0x7eb84:$string5: do not script --> 0x7c8b2:$string6: \pidloc.txt 0x7c940:$string7: BSPLIT 0x7c950:$string7: BSPLIT
00000008.00000000.327594112.0000000000414000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000008.00000000.327594112.0000000000414000.00000040.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000008.00000000.327594112.0000000000414000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000008.00000000.327594112.0000000000414000.00000040.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7cf63:$hawkstr1: HawkEye Keylogger 0x7dda4:$hawkstr1: HawkEye Keylogger 0x7e0d3:$hawkstr1: HawkEye Keylogger 0x7e22e:$hawkstr1: HawkEye Keylogger 0x7e391:$hawkstr1: HawkEye Keylogger 0x7e628:$hawkstr1: HawkEye Keylogger 0x7caf1:$hawkstr2: Dear HawkEye Customers! 0x7e126:$hawkstr2: Dear HawkEye Customers! 0x7e27d:$hawkstr2: Dear HawkEye Customers! 0x7e3e4:$hawkstr2: Dear HawkEye Customers! 0x7cc12:$hawkstr3: HawkEye Logger Details:
00000009.00000002.581801823.00000000047E0000.00000004.00020000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000009.00000002.581801823.00000000047E0000.00000004.00020000.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
00000025.00000000.537967511.0000000000414000.00000040.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7c8ca:$key: HawkEyeKeylogger 0x7eb2c:$salt: 099u787978786 0x7cf0b:$string1: HawkEye_Keylogger 0x7dd5e:$string1: HawkEye_Keylogger 0x7ea8c:$string1: HawkEye_Keylogger 0x7d2f4:$string2: holdermail.txt 0x7d314:$string2: holdermail.txt 0x7d236:$string3: wallet.dat 0x7d24e:$string3: wallet.dat 0x7d264:$string3: wallet.dat 0x7e650:$string4: Keylog Records 0x7e968:$string4: Keylog Records 0x7eb84:$string5: do not script --> 0x7c8b2:$string6: \pidloc.txt 0x7c940:$string7: BSPLIT 0x7c950:$string7: BSPLIT
00000025.00000000.537967511.0000000000414000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000025.00000000.537967511.0000000000414000.00000040.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000025.00000000.537967511.0000000000414000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000025.00000000.537967511.0000000000414000.00000040.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7cf63:$hawkstr1: HawkEye Keylogger 0x7dda4:$hawkstr1: HawkEye Keylogger 0x7e0d3:$hawkstr1: HawkEye Keylogger 0x7e22e:$hawkstr1: HawkEye Keylogger 0x7e391:$hawkstr1: HawkEye Keylogger 0x7e628:$hawkstr1: HawkEye Keylogger 0x7caf1:$hawkstr2: Dear HawkEye Customers! 0x7e126:$hawkstr2: Dear HawkEye Customers! 0x7e27d:$hawkstr2: Dear HawkEye Customers! 0x7e3e4:$hawkstr2: Dear HawkEye Customers! 0x7cc12:$hawkstr3: HawkEye Logger Details:
0000001F.00000002.508737592.0000000004962000.00000040.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b672:$key: HawkEyeKeylogger 0x7d8d4:$salt: 099u787978786 0x7bcb3:$string1: HawkEye_Keylogger 0x7cb06:$string1: HawkEye_Keylogger 0x7d834:$string1: HawkEye_Keylogger 0x7c09c:$string2: holdermail.txt 0x7c0bc:$string2: holdermail.txt 0x7bfde:$string3: wallet.dat 0x7bff6:$string3: wallet.dat 0x7c00c:$string3: wallet.dat 0x7d3f8:$string4: Keylog Records 0x7d710:$string4: Keylog Records 0x7d92c:$string5: do not script --> 0x7b65a:$string6: \pidloc.txt 0x7b6e8:$string7: BSPLIT 0x7b6f8:$string7: BSPLIT
0000001F.00000002.508737592.0000000004962000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000001F.00000002.508737592.0000000004962000.00000040.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000001F.00000002.508737592.0000000004962000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000001F.00000002.508737592.0000000004962000.00000040.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bd0b:$hawkstr1: HawkEye Keylogger 0x7cb4c:$hawkstr1: HawkEye Keylogger 0x7ce7b:$hawkstr1: HawkEye Keylogger 0x7cfd6:$hawkstr1: HawkEye Keylogger 0x7d139:$hawkstr1: HawkEye Keylogger 0x7d3d0:$hawkstr1: HawkEye Keylogger 0x7b899:$hawkstr2: Dear HawkEye Customers! 0x7cece:$hawkstr2: Dear HawkEye Customers! 0x7d025:$hawkstr2: Dear HawkEye Customers! 0x7d18c:$hawkstr2: Dear HawkEye Customers! 0x7b9ba:$hawkstr3: HawkEye Logger Details:
0000000E.00000002.470986632.0000000004A10000.00000004.00020000.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
0000000E.00000002.470986632.0000000004A10000.00000004.00020000.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
0000000E.00000002.470986632.0000000004A10000.00000004.00020000.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000000E.00000002.470986632.0000000004A10000.00000004.00020000.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000000E.00000002.470986632.0000000004A10000.00000004.00020000.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000000E.00000002.470986632.0000000004A10000.00000004.00020000.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
00000009.00000002.576881645.00000000028B4000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000001F.00000002.508598472.00000000048D0000.00000004.00020000.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
0000001F.00000002.508598472.00000000048D0000.00000004.00020000.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
0000001F.00000002.508598472.00000000048D0000.00000004.00020000.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000001F.00000002.508598472.00000000048D0000.00000004.00020000.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000001F.00000002.508598472.00000000048D0000.00000004.00020000.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000001F.00000002.508598472.00000000048D0000.00000004.00020000.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
0000000E.00000000.421424723.0000000000400000.00000040.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x908ca:$key: HawkEyeKeylogger 0x92b2c:$salt: 099u787978786 0x90f0b:$string1: HawkEye_Keylogger 0x91d5e:$string1: HawkEye_Keylogger 0x92a8c:$string1: HawkEye_Keylogger 0x912f4:$string2: holdermail.txt 0x91314:$string2: holdermail.txt 0x91236:$string3: wallet.dat 0x9124e:$string3: wallet.dat 0x91264:$string3: wallet.dat 0x92650:$string4: Keylog Records 0x92968:$string4: Keylog Records 0x92b84:$string5: do not script --> 0x908b2:$string6: \pidloc.txt 0x90940:$string7: BSPLIT 0x90950:$string7: BSPLIT
0000000E.00000000.421424723.0000000000400000.00000040.00000001.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1c47b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
0000000E.00000000.421424723.0000000000400000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000000E.00000000.421424723.0000000000400000.00000040.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000000E.00000000.421424723.0000000000400000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000000E.00000000.421424723.0000000000400000.00000040.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x90f63:$hawkstr1: HawkEye Keylogger 0x91da4:$hawkstr1: HawkEye Keylogger 0x920d3:$hawkstr1: HawkEye Keylogger 0x9222e:$hawkstr1: HawkEye Keylogger 0x92391:$hawkstr1: HawkEye Keylogger 0x92628:$hawkstr1: HawkEye Keylogger 0x90af1:$hawkstr2: Dear HawkEye Customers! 0x92126:$hawkstr2: Dear HawkEye Customers! 0x9227d:$hawkstr2: Dear HawkEye Customers! 0x923e4:$hawkstr2: Dear HawkEye Customers! 0x90c12:$hawkstr3: HawkEye Logger Details:
0000001F.00000000.483650913.0000000000414000.00000040.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7c8ca:$key: HawkEyeKeylogger 0x7eb2c:$salt: 099u787978786 0x7cf0b:$string1: HawkEye_Keylogger 0x7dd5e:$string1: HawkEye_Keylogger 0x7ea8c:$string1: HawkEye_Keylogger 0x7d2f4:$string2: holdermail.txt 0x7d314:$string2: holdermail.txt 0x7d236:$string3: wallet.dat 0x7d24e:$string3: wallet.dat 0x7d264:$string3: wallet.dat 0x7e650:$string4: Keylog Records 0x7e968:$string4: Keylog Records 0x7eb84:$string5: do not script --> 0x7c8b2:$string6: \pidloc.txt 0x7c940:$string7: BSPLIT 0x7c950:$string7: BSPLIT
0000001F.00000000.483650913.0000000000414000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000001F.00000000.483650913.0000000000414000.00000040.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000001F.00000000.483650913.0000000000414000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000001F.00000000.483650913.0000000000414000.00000040.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7cf63:$hawkstr1: HawkEye Keylogger 0x7dda4:$hawkstr1: HawkEye Keylogger 0x7e0d3:$hawkstr1: HawkEye Keylogger 0x7e22e:$hawkstr1: HawkEye Keylogger 0x7e391:$hawkstr1: HawkEye Keylogger 0x7e628:$hawkstr1: HawkEye Keylogger 0x7caf1:$hawkstr2: Dear HawkEye Customers! 0x7e126:$hawkstr2: Dear HawkEye Customers! 0x7e27d:$hawkstr2: Dear HawkEye Customers! 0x7e3e4:$hawkstr2: Dear HawkEye Customers! 0x7cc12:$hawkstr3: HawkEye Logger Details:
0000000E.00000000.430233792.0000000003911000.00000004.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7daca:$key: HawkEyeKeylogger 0x7fd2c:$salt: 099u787978786 0x7e10b:$string1: HawkEye_Keylogger 0x7ef5e:$string1: HawkEye_Keylogger 0x7fc8c:$string1: HawkEye_Keylogger 0x7e4f4:$string2: holdermail.txt 0x7e514:$string2: holdermail.txt 0x7e436:$string3: wallet.dat 0x7e44e:$string3: wallet.dat 0x7e464:$string3: wallet.dat 0x7f850:$string4: Keylog Records 0x7fb68:$string4: Keylog Records 0x7fd84:$string5: do not script --> 0x7dab2:$string6: \pidloc.txt 0x7db40:$string7: BSPLIT 0x7db50:$string7: BSPLIT
0000000E.00000000.430233792.0000000003911000.00000004.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000000E.00000000.430233792.0000000003911000.00000004.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000000E.00000000.430233792.0000000003911000.00000004.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000000E.00000000.430233792.0000000003911000.00000004.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7e163:$hawkstr1: HawkEye Keylogger 0x7efa4:$hawkstr1: HawkEye Keylogger 0x7f2d3:$hawkstr1: HawkEye Keylogger 0x7f42e:$hawkstr1: HawkEye Keylogger 0x7f591:$hawkstr1: HawkEye Keylogger 0x7f828:$hawkstr1: HawkEye Keylogger 0x7dcf1:$hawkstr2: Dear HawkEye Customers! 0x7f326:$hawkstr2: Dear HawkEye Customers! 0x7f47d:$hawkstr2: Dear HawkEye Customers! 0x7f5e4:$hawkstr2: Dear HawkEye Customers! 0x7de12:$hawkstr3: HawkEye Logger Details:
0000000E.00000002.467195725.0000000002911000.00000004.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x2d4b4:$key: HawkEyeKeylogger 0x2ddb0:$salt: 099u787978786 0x42260:$string1: HawkEye_Keylogger 0x48d5c:$string1: HawkEye_Keylogger 0x46748:$string2: holdermail.txt 0x46778:$string2: holdermail.txt 0x4368e:$string3: wallet.dat 0x436b6:$string3: wallet.dat 0x436dc:$string3: wallet.dat 0x44ad4:$string4: Keylog Records 0x44e0a:$string4: Keylog Records 0x32414:$string5: do not script --> 0x2d48c:$string6: \pidloc.txt 0x2d594:$string7: BSPLIT 0x2d5b4:$string7: BSPLIT
0000000E.00000002.467195725.0000000002911000.00000004.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000000E.00000002.467195725.0000000002911000.00000004.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x422f0:$hawkstr1: HawkEye Keylogger 0x438f4:$hawkstr1: HawkEye Keylogger 0x43c8c:$hawkstr1: HawkEye Keylogger 0x44aac:$hawkstr1: HawkEye Keylogger 0x48db4:$hawkstr1: HawkEye Keylogger 0x4b254:$hawkstr1: HawkEye Keylogger 0x41d68:$hawkstr2: Dear HawkEye Customers! 0x43958:$hawkstr2: Dear HawkEye Customers! 0x43cf0:$hawkstr2: Dear HawkEye Customers! 0x4b2b4:$hawkstr2: Dear HawkEye Customers! 0x41e9a:$hawkstr3: HawkEye Logger Details:
00000008.00000002.365052759.00000000048D0000.00000004.00020000.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
00000008.00000002.365052759.00000000048D0000.00000004.00020000.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
00000008.00000002.365052759.00000000048D0000.00000004.00020000.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000008.00000002.365052759.00000000048D0000.00000004.00020000.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000008.00000002.365052759.00000000048D0000.00000004.00020000.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000008.00000002.365052759.00000000048D0000.00000004.00020000.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
0000000E.00000000.384722180.0000000000414000.00000040.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7c8ca:$key: HawkEyeKeylogger 0x7eb2c:$salt: 099u787978786 0x7cf0b:$string1: HawkEye_Keylogger 0x7dd5e:$string1: HawkEye_Keylogger 0x7ea8c:$string1: HawkEye_Keylogger 0x7d2f4:$string2: holdermail.txt 0x7d314:$string2: holdermail.txt 0x7d236:$string3: wallet.dat 0x7d24e:$string3: wallet.dat 0x7d264:$string3: wallet.dat 0x7e650:$string4: Keylog Records 0x7e968:$string4: Keylog Records 0x7eb84:$string5: do not script --> 0x7c8b2:$string6: \pidloc.txt 0x7c940:$string7: BSPLIT 0x7c950:$string7: BSPLIT
0000000E.00000000.384722180.0000000000414000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000000E.00000000.384722180.0000000000414000.00000040.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000000E.00000000.384722180.0000000000414000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000000E.00000000.384722180.0000000000414000.00000040.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7cf63:$hawkstr1: HawkEye Keylogger 0x7dda4:$hawkstr1: HawkEye Keylogger 0x7e0d3:$hawkstr1: HawkEye Keylogger 0x7e22e:$hawkstr1: HawkEye Keylogger 0x7e391:$hawkstr1: HawkEye Keylogger 0x7e628:$hawkstr1: HawkEye Keylogger 0x7caf1:$hawkstr2: Dear HawkEye Customers! 0x7e126:$hawkstr2: Dear HawkEye Customers! 0x7e27d:$hawkstr2: Dear HawkEye Customers! 0x7e3e4:$hawkstr2: Dear HawkEye Customers! 0x7cc12:$hawkstr3: HawkEye Logger Details:
0000000E.00000000.443660001.0000000004AA2000.00000040.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b672:$key: HawkEyeKeylogger 0x7d8d4:$salt: 099u787978786 0x7bcb3:$string1: HawkEye_Keylogger 0x7cb06:$string1: HawkEye_Keylogger 0x7d834:$string1: HawkEye_Keylogger 0x7c09c:$string2: holdermail.txt 0x7c0bc:$string2: holdermail.txt 0x7bfde:$string3: wallet.dat 0x7bff6:$string3: wallet.dat 0x7c00c:$string3: wallet.dat 0x7d3f8:$string4: Keylog Records 0x7d710:$string4: Keylog Records 0x7d92c:$string5: do not script --> 0x7b65a:$string6: \pidloc.txt 0x7b6e8:$string7: BSPLIT 0x7b6f8:$string7: BSPLIT
0000000E.00000000.443660001.0000000004AA2000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000000E.00000000.443660001.0000000004AA2000.00000040.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000000E.00000000.443660001.0000000004AA2000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000000E.00000000.443660001.0000000004AA2000.00000040.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bd0b:$hawkstr1: HawkEye Keylogger 0x7cb4c:$hawkstr1: HawkEye Keylogger 0x7ce7b:$hawkstr1: HawkEye Keylogger 0x7cfd6:$hawkstr1: HawkEye Keylogger 0x7d139:$hawkstr1: HawkEye Keylogger 0x7d3d0:$hawkstr1: HawkEye Keylogger 0x7b899:$hawkstr2: Dear HawkEye Customers! 0x7cece:$hawkstr2: Dear HawkEye Customers! 0x7d025:$hawkstr2: Dear HawkEye Customers! 0x7d18c:$hawkstr2: Dear HawkEye Customers! 0x7b9ba:$hawkstr3: HawkEye Logger Details:
0000001F.00000002.503503362.0000000000400000.00000040.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x908ca:$key: HawkEyeKeylogger 0x92b2c:$salt: 099u787978786 0x90f0b:$string1: HawkEye_Keylogger 0x91d5e:$string1: HawkEye_Keylogger 0x92a8c:$string1: HawkEye_Keylogger 0x912f4:$string2: holdermail.txt 0x91314:$string2: holdermail.txt 0x91236:$string3: wallet.dat 0x9124e:$string3: wallet.dat 0x91264:$string3: wallet.dat 0x92650:$string4: Keylog Records 0x92968:$string4: Keylog Records 0x92b84:$string5: do not script --> 0x908b2:$string6: \pidloc.txt 0x90940:$string7: BSPLIT 0x90950:$string7: BSPLIT
0000001F.00000002.503503362.0000000000400000.00000040.00000001.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1c47b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
0000001F.00000002.503503362.0000000000400000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000001F.00000002.503503362.0000000000400000.00000040.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000001F.00000002.503503362.0000000000400000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000001F.00000002.503503362.0000000000400000.00000040.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x90f63:$hawkstr1: HawkEye Keylogger 0x91da4:$hawkstr1: HawkEye Keylogger 0x920d3:$hawkstr1: HawkEye Keylogger 0x9222e:$hawkstr1: HawkEye Keylogger 0x92391:$hawkstr1: HawkEye Keylogger 0x92628:$hawkstr1: HawkEye Keylogger 0x90af1:$hawkstr2: Dear HawkEye Customers! 0x92126:$hawkstr2: Dear HawkEye Customers! 0x9227d:$hawkstr2: Dear HawkEye Customers! 0x923e4:$hawkstr2: Dear HawkEye Customers! 0x90c12:$hawkstr3: HawkEye Logger Details:
00000008.00000002.365200823.0000000004972000.00000040.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b672:$key: HawkEyeKeylogger 0x7d8d4:$salt: 099u787978786 0x7bcb3:$string1: HawkEye_Keylogger 0x7cb06:$string1: HawkEye_Keylogger 0x7d834:$string1: HawkEye_Keylogger 0x7c09c:$string2: holdermail.txt 0x7c0bc:$string2: holdermail.txt 0x7bfde:$string3: wallet.dat 0x7bff6:$string3: wallet.dat 0x7c00c:$string3: wallet.dat 0x7d3f8:$string4: Keylog Records 0x7d710:$string4: Keylog Records 0x7d92c:$string5: do not script --> 0x7b65a:$string6: \pidloc.txt 0x7b6e8:$string7: BSPLIT 0x7b6f8:$string7: BSPLIT
00000008.00000002.365200823.0000000004972000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000008.00000002.365200823.0000000004972000.00000040.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000008.00000002.365200823.0000000004972000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000008.00000002.365200823.0000000004972000.00000040.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bd0b:$hawkstr1: HawkEye Keylogger 0x7cb4c:$hawkstr1: HawkEye Keylogger 0x7ce7b:$hawkstr1: HawkEye Keylogger 0x7cfd6:$hawkstr1: HawkEye Keylogger 0x7d139:$hawkstr1: HawkEye Keylogger 0x7d3d0:$hawkstr1: HawkEye Keylogger 0x7b899:$hawkstr2: Dear HawkEye Customers! 0x7cece:$hawkstr2: Dear HawkEye Customers! 0x7d025:$hawkstr2: Dear HawkEye Customers! 0x7d18c:$hawkstr2: Dear HawkEye Customers! 0x7b9ba:$hawkstr3: HawkEye Logger Details:
0000000E.00000000.425599016.0000000002911000.00000004.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x2d4b4:$key: HawkEyeKeylogger 0x2ddb0:$salt: 099u787978786 0x425c0:$string1: HawkEye_Keylogger 0x49288:$string1: HawkEye_Keylogger 0x46bc0:$string2: holdermail.txt 0x46bf0:$string2: holdermail.txt 0x43a7a:$string3: wallet.dat 0x43aa2:$string3: wallet.dat 0x43ac8:$string3: wallet.dat 0x44ef8:$string4: Keylog Records 0x4522e:$string4: Keylog Records 0x32414:$string5: do not script --> 0x2d48c:$string6: \pidloc.txt 0x2d594:$string7: BSPLIT 0x2d5b4:$string7: BSPLIT
0000000E.00000000.425599016.0000000002911000.00000004.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000000E.00000000.425599016.0000000002911000.00000004.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x42650:$hawkstr1: HawkEye Keylogger 0x43d18:$hawkstr1: HawkEye Keylogger 0x440b0:$hawkstr1: HawkEye Keylogger 0x44ed0:$hawkstr1: HawkEye Keylogger 0x492e0:$hawkstr1: HawkEye Keylogger 0x4ba94:$hawkstr1: HawkEye Keylogger 0x420c8:$hawkstr2: Dear HawkEye Customers! 0x43d7c:$hawkstr2: Dear HawkEye Customers! 0x44114:$hawkstr2: Dear HawkEye Customers! 0x4baf4:$hawkstr2: Dear HawkEye Customers! 0x421fa:$hawkstr3: HawkEye Logger Details:
Process Memory Space: 21.exe PID: 6992	JoeSecurity_GenericDropper	Yara detected Generic Dropper	Joe Security
Process Memory Space: 5.exe PID: 6508	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
Process Memory Space: 5.exe PID: 6508	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
Process Memory Space: 5.exe PID: 6508	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
Process Memory Space: 4.exe PID: 5616	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: 21.exe PID: 5340	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 5.exe PID: 5396	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
Process Memory Space: 5.exe PID: 5396	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
Process Memory Space: 5.exe PID: 5396	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
Click to see the 302 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
14.0.Windows Update.exe.76b0000.37.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
9.2.4.exe.47e0000.4.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.2.4.exe.47e0000.4.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
14.0.Windows Update.exe.4affa72.34.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x1dc00:$key: HawkEyeKeylogger 0x1fe62:$salt: 099u787978786 0x1e241:$string1: HawkEye_Keylogger 0x1f094:$string1: HawkEye_Keylogger 0x1fdc2:$string1: HawkEye_Keylogger 0x1e62a:$string2: holdermail.txt 0x1e64a:$string2: holdermail.txt 0x1e56c:$string3: wallet.dat 0x1e584:$string3: wallet.dat 0x1e59a:$string3: wallet.dat 0x1f986:$string4: Keylog Records 0x1fc9e:$string4: Keylog Records 0x1feba:$string5: do not script --> 0x1dbe8:$string6: \pidloc.txt 0x1dc76:$string7: BSPLIT 0x1dc86:$string7: BSPLIT
14.0.Windows Update.exe.4affa72.34.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.4affa72.34.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.4affa72.34.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x1e299:$hawkstr1: HawkEye Keylogger 0x1f0da:$hawkstr1: HawkEye Keylogger 0x1f409:$hawkstr1: HawkEye Keylogger 0x1f564:$hawkstr1: HawkEye Keylogger 0x1f6c7:$hawkstr1: HawkEye Keylogger 0x1f95e:$hawkstr1: HawkEye Keylogger 0x1de27:$hawkstr2: Dear HawkEye Customers! 0x1f45c:$hawkstr2: Dear HawkEye Customers! 0x1f5b3:$hawkstr2: Dear HawkEye Customers! 0x1f71a:$hawkstr2: Dear HawkEye Customers! 0x1df48:$hawkstr3: HawkEye Logger Details:
9.2.4.exe.47e0000.4.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.2.4.exe.47e0000.4.raw.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
14.2.Windows Update.exe.2586c92.5.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x1dc00:$key: HawkEyeKeylogger 0x1fe62:$salt: 099u787978786 0x1e241:$string1: HawkEye_Keylogger 0x1f094:$string1: HawkEye_Keylogger 0x1fdc2:$string1: HawkEye_Keylogger 0x1e62a:$string2: holdermail.txt 0x1e64a:$string2: holdermail.txt 0x1e56c:$string3: wallet.dat 0x1e584:$string3: wallet.dat 0x1e59a:$string3: wallet.dat 0x1f986:$string4: Keylog Records 0x1fc9e:$string4: Keylog Records 0x1feba:$string5: do not script --> 0x1dbe8:$string6: \pidloc.txt 0x1dc76:$string7: BSPLIT 0x1dc86:$string7: BSPLIT
14.2.Windows Update.exe.2586c92.5.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.2.Windows Update.exe.2586c92.5.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.2.Windows Update.exe.2586c92.5.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x1e299:$hawkstr1: HawkEye Keylogger 0x1f0da:$hawkstr1: HawkEye Keylogger 0x1f409:$hawkstr1: HawkEye Keylogger 0x1f564:$hawkstr1: HawkEye Keylogger 0x1f6c7:$hawkstr1: HawkEye Keylogger 0x1f95e:$hawkstr1: HawkEye Keylogger 0x1de27:$hawkstr2: Dear HawkEye Customers! 0x1f45c:$hawkstr2: Dear HawkEye Customers! 0x1f5b3:$hawkstr2: Dear HawkEye Customers! 0x1f71a:$hawkstr2: Dear HawkEye Customers! 0x1df48:$hawkstr3: HawkEye Logger Details:
9.2.4.exe.4830000.5.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.2.4.exe.4830000.5.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
7.0.21.exe.400000.5.unpack	JoeSecurity_SpyEx_1	Yara detected SpyEx stealer	Joe Security
9.0.4.exe.400000.3.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.0.4.exe.400000.3.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
18.0.vbc.exe.400000.3.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
4.2.5.exe.14801458.1.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
4.2.5.exe.14801458.1.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
4.2.5.exe.14801458.1.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
4.2.5.exe.14801458.1.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
4.2.5.exe.14801458.1.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
4.2.5.exe.14801458.1.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
9.2.4.exe.7349b8.2.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.2.4.exe.7349b8.2.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
8.2.5.exe.4970000.15.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
8.2.5.exe.4970000.15.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.2.5.exe.4970000.15.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.2.5.exe.4970000.15.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.2.5.exe.4970000.15.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.2.5.exe.4970000.15.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.415058.10.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79a72:$key: HawkEyeKeylogger 0x7bcd4:$salt: 099u787978786 0x7a0b3:$string1: HawkEye_Keylogger 0x7af06:$string1: HawkEye_Keylogger 0x7bc34:$string1: HawkEye_Keylogger 0x7a49c:$string2: holdermail.txt 0x7a4bc:$string2: holdermail.txt 0x7a3de:$string3: wallet.dat 0x7a3f6:$string3: wallet.dat 0x7a40c:$string3: wallet.dat 0x7b7f8:$string4: Keylog Records 0x7bb10:$string4: Keylog Records 0x7bd2c:$string5: do not script --> 0x79a5a:$string6: \pidloc.txt 0x79ae8:$string7: BSPLIT 0x79af8:$string7: BSPLIT
14.0.Windows Update.exe.415058.10.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.415058.10.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.415058.10.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.415058.10.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
9.1.4.exe.400000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.1.4.exe.400000.0.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
14.0.Windows Update.exe.415058.10.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a10b:$hawkstr1: HawkEye Keylogger 0x7af4c:$hawkstr1: HawkEye Keylogger 0x7b27b:$hawkstr1: HawkEye Keylogger 0x7b3d6:$hawkstr1: HawkEye Keylogger 0x7b539:$hawkstr1: HawkEye Keylogger 0x7b7d0:$hawkstr1: HawkEye Keylogger 0x79c99:$hawkstr2: Dear HawkEye Customers! 0x7b2ce:$hawkstr2: Dear HawkEye Customers! 0x7b425:$hawkstr2: Dear HawkEye Customers! 0x7b58c:$hawkstr2: Dear HawkEye Customers! 0x79dba:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.4a17e0d.29.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.4a10000.53.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79a72:$key: HawkEyeKeylogger 0x7bcd4:$salt: 099u787978786 0x7a0b3:$string1: HawkEye_Keylogger 0x7af06:$string1: HawkEye_Keylogger 0x7bc34:$string1: HawkEye_Keylogger 0x7a49c:$string2: holdermail.txt 0x7a4bc:$string2: holdermail.txt 0x7a3de:$string3: wallet.dat 0x7a3f6:$string3: wallet.dat 0x7a40c:$string3: wallet.dat 0x7b7f8:$string4: Keylog Records 0x7bb10:$string4: Keylog Records 0x7bd2c:$string5: do not script --> 0x79a5a:$string6: \pidloc.txt 0x79ae8:$string7: BSPLIT 0x79af8:$string7: BSPLIT
14.0.Windows Update.exe.4a10000.53.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.4a10000.53.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.4a10000.53.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.4a10000.53.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.4a10000.53.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a10b:$hawkstr1: HawkEye Keylogger 0x7af4c:$hawkstr1: HawkEye Keylogger 0x7b27b:$hawkstr1: HawkEye Keylogger 0x7b3d6:$hawkstr1: HawkEye Keylogger 0x7b539:$hawkstr1: HawkEye Keylogger 0x7b7d0:$hawkstr1: HawkEye Keylogger 0x79c99:$hawkstr2: Dear HawkEye Customers! 0x7b2ce:$hawkstr2: Dear HawkEye Customers! 0x7b425:$hawkstr2: Dear HawkEye Customers! 0x7b58c:$hawkstr2: Dear HawkEye Customers! 0x79dba:$hawkstr3: HawkEye Logger Details:
4.2.5.exe.14807860.4.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
4.2.5.exe.14807860.4.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
4.2.5.exe.14807860.4.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
4.2.5.exe.14807860.4.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
4.2.5.exe.14807860.4.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
4.2.5.exe.14807860.4.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
14.2.Windows Update.exe.2530e2d.6.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
14.2.Windows Update.exe.2530e2d.6.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.2.Windows Update.exe.2530e2d.6.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.2.Windows Update.exe.2530e2d.6.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.2.Windows Update.exe.2530e2d.6.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
9.0.4.exe.415058.12.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.0.4.exe.415058.12.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
24.2.WindowsUpdate.exe.400000.1.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
24.2.WindowsUpdate.exe.400000.1.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.2.WindowsUpdate.exe.400000.1.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.2.WindowsUpdate.exe.400000.1.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.2.WindowsUpdate.exe.400000.1.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.2.WindowsUpdate.exe.400000.1.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
22.2.WindowsUpdate.exe.147b1458.3.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79a72:$key: HawkEyeKeylogger 0x7bcd4:$salt: 099u787978786 0x7a0b3:$string1: HawkEye_Keylogger 0x7af06:$string1: HawkEye_Keylogger 0x7bc34:$string1: HawkEye_Keylogger 0x7a49c:$string2: holdermail.txt 0x7a4bc:$string2: holdermail.txt 0x7a3de:$string3: wallet.dat 0x7a3f6:$string3: wallet.dat 0x7a40c:$string3: wallet.dat 0x7b7f8:$string4: Keylog Records 0x7bb10:$string4: Keylog Records 0x7bd2c:$string5: do not script --> 0x79a5a:$string6: \pidloc.txt 0x79ae8:$string7: BSPLIT 0x79af8:$string7: BSPLIT
22.2.WindowsUpdate.exe.147b1458.3.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
22.2.WindowsUpdate.exe.147b1458.3.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
22.2.WindowsUpdate.exe.147b1458.3.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
22.2.WindowsUpdate.exe.147b1458.3.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
22.2.WindowsUpdate.exe.147b1458.3.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a10b:$hawkstr1: HawkEye Keylogger 0x7af4c:$hawkstr1: HawkEye Keylogger 0x7b27b:$hawkstr1: HawkEye Keylogger 0x7b3d6:$hawkstr1: HawkEye Keylogger 0x7b539:$hawkstr1: HawkEye Keylogger 0x7b7d0:$hawkstr1: HawkEye Keylogger 0x79c99:$hawkstr2: Dear HawkEye Customers! 0x7b2ce:$hawkstr2: Dear HawkEye Customers! 0x7b425:$hawkstr2: Dear HawkEye Customers! 0x7b58c:$hawkstr2: Dear HawkEye Customers! 0x79dba:$hawkstr3: HawkEye Logger Details:
14.2.Windows Update.exe.391b065.10.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
14.2.Windows Update.exe.391b065.10.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.2.Windows Update.exe.391b065.10.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.2.Windows Update.exe.391b065.10.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.2.Windows Update.exe.391b065.10.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
13.2.Windows Update.exe.14681458.2.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79a72:$key: HawkEyeKeylogger 0x7bcd4:$salt: 099u787978786 0x7a0b3:$string1: HawkEye_Keylogger 0x7af06:$string1: HawkEye_Keylogger 0x7bc34:$string1: HawkEye_Keylogger 0x7a49c:$string2: holdermail.txt 0x7a4bc:$string2: holdermail.txt 0x7a3de:$string3: wallet.dat 0x7a3f6:$string3: wallet.dat 0x7a40c:$string3: wallet.dat 0x7b7f8:$string4: Keylog Records 0x7bb10:$string4: Keylog Records 0x7bd2c:$string5: do not script --> 0x79a5a:$string6: \pidloc.txt 0x79ae8:$string7: BSPLIT 0x79af8:$string7: BSPLIT
13.2.Windows Update.exe.14681458.2.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
13.2.Windows Update.exe.14681458.2.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
13.2.Windows Update.exe.14681458.2.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
13.2.Windows Update.exe.14681458.2.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
13.2.Windows Update.exe.14681458.2.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a10b:$hawkstr1: HawkEye Keylogger 0x7af4c:$hawkstr1: HawkEye Keylogger 0x7b27b:$hawkstr1: HawkEye Keylogger 0x7b3d6:$hawkstr1: HawkEye Keylogger 0x7b539:$hawkstr1: HawkEye Keylogger 0x7b7d0:$hawkstr1: HawkEye Keylogger 0x79c99:$hawkstr2: Dear HawkEye Customers! 0x7b2ce:$hawkstr2: Dear HawkEye Customers! 0x7b425:$hawkstr2: Dear HawkEye Customers! 0x7b58c:$hawkstr2: Dear HawkEye Customers! 0x79dba:$hawkstr3: HawkEye Logger Details:
8.0.5.exe.41ce65.11.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.2.Windows Update.exe.41ce65.2.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
9.0.4.exe.415058.10.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.0.4.exe.415058.10.raw.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
24.0.WindowsUpdate.exe.400000.6.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
24.0.WindowsUpdate.exe.400000.6.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.0.WindowsUpdate.exe.400000.6.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.0.WindowsUpdate.exe.400000.6.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.0.WindowsUpdate.exe.400000.6.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.0.WindowsUpdate.exe.400000.6.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
14.2.Windows Update.exe.4aa9c0d.18.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.2.5.exe.48d7e0d.11.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
8.2.5.exe.48d7e0d.11.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.2.5.exe.48d7e0d.11.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.2.5.exe.48d7e0d.11.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.2.5.exe.48d7e0d.11.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
8.2.5.exe.4979c0d.16.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
8.2.5.exe.4979c0d.16.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.2.5.exe.4979c0d.16.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.2.5.exe.4979c0d.16.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.2.5.exe.4979c0d.16.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
24.0.WindowsUpdate.exe.41ce65.16.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.0.5.exe.415058.12.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79a72:$key: HawkEyeKeylogger 0x7bcd4:$salt: 099u787978786 0x7a0b3:$string1: HawkEye_Keylogger 0x7af06:$string1: HawkEye_Keylogger 0x7bc34:$string1: HawkEye_Keylogger 0x7a49c:$string2: holdermail.txt 0x7a4bc:$string2: holdermail.txt 0x7a3de:$string3: wallet.dat 0x7a3f6:$string3: wallet.dat 0x7a40c:$string3: wallet.dat 0x7b7f8:$string4: Keylog Records 0x7bb10:$string4: Keylog Records 0x7bd2c:$string5: do not script --> 0x79a5a:$string6: \pidloc.txt 0x79ae8:$string7: BSPLIT 0x79af8:$string7: BSPLIT
8.0.5.exe.415058.12.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.0.5.exe.415058.12.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.0.5.exe.415058.12.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.0.5.exe.415058.12.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.0.5.exe.415058.12.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a10b:$hawkstr1: HawkEye Keylogger 0x7af4c:$hawkstr1: HawkEye Keylogger 0x7b27b:$hawkstr1: HawkEye Keylogger 0x7b3d6:$hawkstr1: HawkEye Keylogger 0x7b539:$hawkstr1: HawkEye Keylogger 0x7b7d0:$hawkstr1: HawkEye Keylogger 0x79c99:$hawkstr2: Dear HawkEye Customers! 0x7b2ce:$hawkstr2: Dear HawkEye Customers! 0x7b425:$hawkstr2: Dear HawkEye Customers! 0x7b58c:$hawkstr2: Dear HawkEye Customers! 0x79dba:$hawkstr3: HawkEye Logger Details:
14.2.Windows Update.exe.252f428.4.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
14.2.Windows Update.exe.252f428.4.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.2.Windows Update.exe.252f428.4.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.2.Windows Update.exe.252f428.4.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.2.Windows Update.exe.252f428.4.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.2.Windows Update.exe.252f428.4.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
14.2.Windows Update.exe.4aa0000.16.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
14.2.Windows Update.exe.4aa0000.16.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.2.Windows Update.exe.4aa0000.16.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.2.Windows Update.exe.4aa0000.16.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.2.Windows Update.exe.4aa0000.16.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.2.Windows Update.exe.4aa0000.16.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
8.2.5.exe.492dc72.13.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x1dc00:$key: HawkEyeKeylogger 0x1fe62:$salt: 099u787978786 0x1e241:$string1: HawkEye_Keylogger 0x1f094:$string1: HawkEye_Keylogger 0x1fdc2:$string1: HawkEye_Keylogger 0x1e62a:$string2: holdermail.txt 0x1e64a:$string2: holdermail.txt 0x1e56c:$string3: wallet.dat 0x1e584:$string3: wallet.dat 0x1e59a:$string3: wallet.dat 0x1f986:$string4: Keylog Records 0x1fc9e:$string4: Keylog Records 0x1feba:$string5: do not script --> 0x1dbe8:$string6: \pidloc.txt 0x1dc76:$string7: BSPLIT 0x1dc86:$string7: BSPLIT
8.2.5.exe.492dc72.13.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.2.5.exe.492dc72.13.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.2.5.exe.492dc72.13.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x1e299:$hawkstr1: HawkEye Keylogger 0x1f0da:$hawkstr1: HawkEye Keylogger 0x1f409:$hawkstr1: HawkEye Keylogger 0x1f564:$hawkstr1: HawkEye Keylogger 0x1f6c7:$hawkstr1: HawkEye Keylogger 0x1f95e:$hawkstr1: HawkEye Keylogger 0x1de27:$hawkstr2: Dear HawkEye Customers! 0x1f45c:$hawkstr2: Dear HawkEye Customers! 0x1f5b3:$hawkstr2: Dear HawkEye Customers! 0x1f71a:$hawkstr2: Dear HawkEye Customers! 0x1df48:$hawkstr3: HawkEye Logger Details:
9.2.4.exe.415058.0.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.2.4.exe.415058.0.raw.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
8.0.5.exe.41ce65.15.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.2.WindowsUpdate.exe.36f9660.4.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
24.2.WindowsUpdate.exe.36f9660.4.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.2.WindowsUpdate.exe.36f9660.4.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.2.WindowsUpdate.exe.36f9660.4.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.2.WindowsUpdate.exe.36f9660.4.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.2.WindowsUpdate.exe.36f9660.4.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
8.0.5.exe.400000.13.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
8.0.5.exe.400000.13.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.0.5.exe.400000.13.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.0.5.exe.400000.13.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.0.5.exe.400000.13.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.0.5.exe.400000.13.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
8.2.5.exe.489ac92.9.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.400000.13.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
14.0.Windows Update.exe.400000.13.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.400000.13.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.400000.13.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.400000.13.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.400000.13.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
24.2.WindowsUpdate.exe.48c0000.10.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
24.2.WindowsUpdate.exe.48c0000.10.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.2.WindowsUpdate.exe.48c0000.10.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.2.WindowsUpdate.exe.48c0000.10.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.2.WindowsUpdate.exe.48c0000.10.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.2.WindowsUpdate.exe.48c0000.10.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
14.1.Windows Update.exe.41ce65.3.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
14.1.Windows Update.exe.41ce65.3.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.1.Windows Update.exe.41ce65.3.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.1.Windows Update.exe.41ce65.3.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.1.Windows Update.exe.41ce65.3.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
8.2.5.exe.4844e2d.8.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
8.2.5.exe.4844e2d.8.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.2.5.exe.4844e2d.8.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.2.5.exe.4844e2d.8.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.2.5.exe.4844e2d.8.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
14.2.Windows Update.exe.4aa8208.17.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
14.2.Windows Update.exe.4aa8208.17.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.2.Windows Update.exe.4aa8208.17.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.2.Windows Update.exe.4aa8208.17.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.2.Windows Update.exe.4aa8208.17.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.2.Windows Update.exe.4aa8208.17.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
8.2.5.exe.48d6408.12.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
8.2.5.exe.48d6408.12.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.2.5.exe.48d6408.12.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.2.5.exe.48d6408.12.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.2.5.exe.48d6408.12.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.2.5.exe.48d6408.12.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.400000.41.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x908ca:$key: HawkEyeKeylogger 0x92b2c:$salt: 099u787978786 0x90f0b:$string1: HawkEye_Keylogger 0x91d5e:$string1: HawkEye_Keylogger 0x92a8c:$string1: HawkEye_Keylogger 0x912f4:$string2: holdermail.txt 0x91314:$string2: holdermail.txt 0x91236:$string3: wallet.dat 0x9124e:$string3: wallet.dat 0x91264:$string3: wallet.dat 0x92650:$string4: Keylog Records 0x92968:$string4: Keylog Records 0x92b84:$string5: do not script --> 0x908b2:$string6: \pidloc.txt 0x90940:$string7: BSPLIT 0x90950:$string7: BSPLIT
14.0.Windows Update.exe.400000.41.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1c47b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.400000.41.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.400000.41.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.400000.41.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.400000.41.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x90f63:$hawkstr1: HawkEye Keylogger 0x91da4:$hawkstr1: HawkEye Keylogger 0x920d3:$hawkstr1: HawkEye Keylogger 0x9222e:$hawkstr1: HawkEye Keylogger 0x92391:$hawkstr1: HawkEye Keylogger 0x92628:$hawkstr1: HawkEye Keylogger 0x90af1:$hawkstr2: Dear HawkEye Customers! 0x92126:$hawkstr2: Dear HawkEye Customers! 0x9227d:$hawkstr2: Dear HawkEye Customers! 0x923e4:$hawkstr2: Dear HawkEye Customers! 0x90c12:$hawkstr3: HawkEye Logger Details:
18.0.vbc.exe.400000.2.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
4.2.5.exe.147f0000.2.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
4.2.5.exe.147f0000.2.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
4.2.5.exe.147f0000.2.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
4.2.5.exe.147f0000.2.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
4.2.5.exe.147f0000.2.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
4.2.5.exe.147f0000.2.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.3913258.28.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79a72:$key: HawkEyeKeylogger 0x7bcd4:$salt: 099u787978786 0x7a0b3:$string1: HawkEye_Keylogger 0x7af06:$string1: HawkEye_Keylogger 0x7bc34:$string1: HawkEye_Keylogger 0x7a49c:$string2: holdermail.txt 0x7a4bc:$string2: holdermail.txt 0x7a3de:$string3: wallet.dat 0x7a3f6:$string3: wallet.dat 0x7a40c:$string3: wallet.dat 0x7b7f8:$string4: Keylog Records 0x7bb10:$string4: Keylog Records 0x7bd2c:$string5: do not script --> 0x79a5a:$string6: \pidloc.txt 0x79ae8:$string7: BSPLIT 0x79af8:$string7: BSPLIT
14.0.Windows Update.exe.3913258.28.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.3913258.28.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.3913258.28.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.3913258.28.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.3913258.28.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a10b:$hawkstr1: HawkEye Keylogger 0x7af4c:$hawkstr1: HawkEye Keylogger 0x7b27b:$hawkstr1: HawkEye Keylogger 0x7b3d6:$hawkstr1: HawkEye Keylogger 0x7b539:$hawkstr1: HawkEye Keylogger 0x7b7d0:$hawkstr1: HawkEye Keylogger 0x79c99:$hawkstr2: Dear HawkEye Customers! 0x7b2ce:$hawkstr2: Dear HawkEye Customers! 0x7b425:$hawkstr2: Dear HawkEye Customers! 0x7b58c:$hawkstr2: Dear HawkEye Customers! 0x79dba:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.400000.20.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x908ca:$key: HawkEyeKeylogger 0x92b2c:$salt: 099u787978786 0x90f0b:$string1: HawkEye_Keylogger 0x91d5e:$string1: HawkEye_Keylogger 0x92a8c:$string1: HawkEye_Keylogger 0x912f4:$string2: holdermail.txt 0x91314:$string2: holdermail.txt 0x91236:$string3: wallet.dat 0x9124e:$string3: wallet.dat 0x91264:$string3: wallet.dat 0x92650:$string4: Keylog Records 0x92968:$string4: Keylog Records 0x92b84:$string5: do not script --> 0x908b2:$string6: \pidloc.txt 0x90940:$string7: BSPLIT 0x90950:$string7: BSPLIT
14.0.Windows Update.exe.400000.20.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1c47b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.400000.20.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.400000.20.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.400000.20.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.400000.20.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x90f63:$hawkstr1: HawkEye Keylogger 0x91da4:$hawkstr1: HawkEye Keylogger 0x920d3:$hawkstr1: HawkEye Keylogger 0x9222e:$hawkstr1: HawkEye Keylogger 0x92391:$hawkstr1: HawkEye Keylogger 0x92628:$hawkstr1: HawkEye Keylogger 0x90af1:$hawkstr2: Dear HawkEye Customers! 0x92126:$hawkstr2: Dear HawkEye Customers! 0x9227d:$hawkstr2: Dear HawkEye Customers! 0x923e4:$hawkstr2: Dear HawkEye Customers! 0x90c12:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.41ce65.18.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
9.0.4.exe.400000.7.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.0.4.exe.400000.7.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
14.0.Windows Update.exe.41ce65.16.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
9.0.4.exe.400000.9.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.0.4.exe.400000.9.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
14.0.Windows Update.exe.400000.4.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
14.0.Windows Update.exe.400000.4.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.400000.4.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.400000.4.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.400000.4.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.400000.4.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
22.2.WindowsUpdate.exe.147b9265.2.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.2.5.exe.3643258.7.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79a72:$key: HawkEyeKeylogger 0x7bcd4:$salt: 099u787978786 0x7a0b3:$string1: HawkEye_Keylogger 0x7af06:$string1: HawkEye_Keylogger 0x7bc34:$string1: HawkEye_Keylogger 0x7a49c:$string2: holdermail.txt 0x7a4bc:$string2: holdermail.txt 0x7a3de:$string3: wallet.dat 0x7a3f6:$string3: wallet.dat 0x7a40c:$string3: wallet.dat 0x7b7f8:$string4: Keylog Records 0x7bb10:$string4: Keylog Records 0x7bd2c:$string5: do not script --> 0x79a5a:$string6: \pidloc.txt 0x79ae8:$string7: BSPLIT 0x79af8:$string7: BSPLIT
8.2.5.exe.3643258.7.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.2.5.exe.3643258.7.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.2.5.exe.3643258.7.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.2.5.exe.3643258.7.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.2.5.exe.3643258.7.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a10b:$hawkstr1: HawkEye Keylogger 0x7af4c:$hawkstr1: HawkEye Keylogger 0x7b27b:$hawkstr1: HawkEye Keylogger 0x7b3d6:$hawkstr1: HawkEye Keylogger 0x7b539:$hawkstr1: HawkEye Keylogger 0x7b7d0:$hawkstr1: HawkEye Keylogger 0x79c99:$hawkstr2: Dear HawkEye Customers! 0x7b2ce:$hawkstr2: Dear HawkEye Customers! 0x7b425:$hawkstr2: Dear HawkEye Customers! 0x7b58c:$hawkstr2: Dear HawkEye Customers! 0x79dba:$hawkstr3: HawkEye Logger Details:
24.0.WindowsUpdate.exe.400000.4.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
24.0.WindowsUpdate.exe.400000.4.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.0.WindowsUpdate.exe.400000.4.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.0.WindowsUpdate.exe.400000.4.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.0.WindowsUpdate.exe.400000.4.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.0.WindowsUpdate.exe.400000.4.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
14.2.Windows Update.exe.415058.1.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
14.2.Windows Update.exe.415058.1.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.2.Windows Update.exe.415058.1.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.2.Windows Update.exe.415058.1.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.2.Windows Update.exe.415058.1.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.2.Windows Update.exe.415058.1.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
4.2.5.exe.14801458.1.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79a72:$key: HawkEyeKeylogger 0x7bcd4:$salt: 099u787978786 0x7a0b3:$string1: HawkEye_Keylogger 0x7af06:$string1: HawkEye_Keylogger 0x7bc34:$string1: HawkEye_Keylogger 0x7a49c:$string2: holdermail.txt 0x7a4bc:$string2: holdermail.txt 0x7a3de:$string3: wallet.dat 0x7a3f6:$string3: wallet.dat 0x7a40c:$string3: wallet.dat 0x7b7f8:$string4: Keylog Records 0x7bb10:$string4: Keylog Records 0x7bd2c:$string5: do not script --> 0x79a5a:$string6: \pidloc.txt 0x79ae8:$string7: BSPLIT 0x79af8:$string7: BSPLIT
4.2.5.exe.14801458.1.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
4.2.5.exe.14801458.1.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
4.2.5.exe.14801458.1.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
4.2.5.exe.14801458.1.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
4.2.5.exe.14801458.1.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a10b:$hawkstr1: HawkEye Keylogger 0x7af4c:$hawkstr1: HawkEye Keylogger 0x7b27b:$hawkstr1: HawkEye Keylogger 0x7b3d6:$hawkstr1: HawkEye Keylogger 0x7b539:$hawkstr1: HawkEye Keylogger 0x7b7d0:$hawkstr1: HawkEye Keylogger 0x79c99:$hawkstr2: Dear HawkEye Customers! 0x7b2ce:$hawkstr2: Dear HawkEye Customers! 0x7b425:$hawkstr2: Dear HawkEye Customers! 0x7b58c:$hawkstr2: Dear HawkEye Customers! 0x79dba:$hawkstr3: HawkEye Logger Details:
6.2.4.exe.147b1458.2.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
6.2.4.exe.147b1458.2.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
18.0.vbc.exe.400000.4.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
19.2.vbc.exe.400000.0.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.2530e2d.22.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.41b460.39.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
14.0.Windows Update.exe.41b460.39.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.41b460.39.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.41b460.39.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.41b460.39.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.41b460.39.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
24.2.WindowsUpdate.exe.48c7e0d.7.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.2.5.exe.41b460.1.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
8.2.5.exe.41b460.1.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.2.5.exe.41b460.1.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.2.5.exe.41b460.1.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.2.5.exe.41b460.1.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.2.5.exe.41b460.1.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
9.2.4.exe.415058.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.2.4.exe.415058.0.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
14.0.Windows Update.exe.4aa0000.33.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
14.0.Windows Update.exe.4aa0000.33.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.4aa0000.33.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.4aa0000.33.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.4aa0000.33.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.4aa0000.33.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
8.0.5.exe.400000.7.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
8.0.5.exe.400000.7.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.0.5.exe.400000.7.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.0.5.exe.400000.7.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.0.5.exe.400000.7.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.0.5.exe.400000.7.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
9.0.4.exe.400000.5.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.0.4.exe.400000.5.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
19.0.vbc.exe.400000.2.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
13.2.Windows Update.exe.14681458.2.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
13.2.Windows Update.exe.14681458.2.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
13.2.Windows Update.exe.14681458.2.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
13.2.Windows Update.exe.14681458.2.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
13.2.Windows Update.exe.14681458.2.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
13.2.Windows Update.exe.14681458.2.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
24.0.WindowsUpdate.exe.41ce65.16.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
24.0.WindowsUpdate.exe.41ce65.16.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.0.WindowsUpdate.exe.41ce65.16.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.0.WindowsUpdate.exe.41ce65.16.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.0.WindowsUpdate.exe.41ce65.16.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
8.2.5.exe.489ac92.9.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x1dc00:$key: HawkEyeKeylogger 0x1fe62:$salt: 099u787978786 0x1e241:$string1: HawkEye_Keylogger 0x1f094:$string1: HawkEye_Keylogger 0x1fdc2:$string1: HawkEye_Keylogger 0x1e62a:$string2: holdermail.txt 0x1e64a:$string2: holdermail.txt 0x1e56c:$string3: wallet.dat 0x1e584:$string3: wallet.dat 0x1e59a:$string3: wallet.dat 0x1f986:$string4: Keylog Records 0x1fc9e:$string4: Keylog Records 0x1feba:$string5: do not script --> 0x1dbe8:$string6: \pidloc.txt 0x1dc76:$string7: BSPLIT 0x1dc86:$string7: BSPLIT
8.2.5.exe.489ac92.9.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.2.5.exe.489ac92.9.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.2.5.exe.489ac92.9.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x1e299:$hawkstr1: HawkEye Keylogger 0x1f0da:$hawkstr1: HawkEye Keylogger 0x1f409:$hawkstr1: HawkEye Keylogger 0x1f564:$hawkstr1: HawkEye Keylogger 0x1f6c7:$hawkstr1: HawkEye Keylogger 0x1f95e:$hawkstr1: HawkEye Keylogger 0x1de27:$hawkstr2: Dear HawkEye Customers! 0x1f45c:$hawkstr2: Dear HawkEye Customers! 0x1f5b3:$hawkstr2: Dear HawkEye Customers! 0x1f71a:$hawkstr2: Dear HawkEye Customers! 0x1df48:$hawkstr3: HawkEye Logger Details:
8.0.5.exe.400000.6.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
8.0.5.exe.400000.6.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.0.5.exe.400000.6.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.0.5.exe.400000.6.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.0.5.exe.400000.6.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.0.5.exe.400000.6.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
8.2.5.exe.415058.3.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79a72:$key: HawkEyeKeylogger 0x7bcd4:$salt: 099u787978786 0x7a0b3:$string1: HawkEye_Keylogger 0x7af06:$string1: HawkEye_Keylogger 0x7bc34:$string1: HawkEye_Keylogger 0x7a49c:$string2: holdermail.txt 0x7a4bc:$string2: holdermail.txt 0x7a3de:$string3: wallet.dat 0x7a3f6:$string3: wallet.dat 0x7a40c:$string3: wallet.dat 0x7b7f8:$string4: Keylog Records 0x7bb10:$string4: Keylog Records 0x7bd2c:$string5: do not script --> 0x79a5a:$string6: \pidloc.txt 0x79ae8:$string7: BSPLIT 0x79af8:$string7: BSPLIT
8.2.5.exe.415058.3.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.2.5.exe.415058.3.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.2.5.exe.415058.3.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.2.5.exe.415058.3.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.2.5.exe.415058.3.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a10b:$hawkstr1: HawkEye Keylogger 0x7af4c:$hawkstr1: HawkEye Keylogger 0x7b27b:$hawkstr1: HawkEye Keylogger 0x7b3d6:$hawkstr1: HawkEye Keylogger 0x7b539:$hawkstr1: HawkEye Keylogger 0x7b7d0:$hawkstr1: HawkEye Keylogger 0x79c99:$hawkstr2: Dear HawkEye Customers! 0x7b2ce:$hawkstr2: Dear HawkEye Customers! 0x7b425:$hawkstr2: Dear HawkEye Customers! 0x7b58c:$hawkstr2: Dear HawkEye Customers! 0x79dba:$hawkstr3: HawkEye Logger Details:
6.2.4.exe.147a0000.1.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
6.2.4.exe.147a0000.1.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
14.0.Windows Update.exe.4aa9c0d.36.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.2.Windows Update.exe.400000.3.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
14.2.Windows Update.exe.400000.3.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.2.Windows Update.exe.400000.3.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.2.Windows Update.exe.400000.3.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.2.Windows Update.exe.400000.3.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.2.Windows Update.exe.400000.3.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.400000.5.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
14.0.Windows Update.exe.400000.5.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.400000.5.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.400000.5.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.400000.5.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.400000.5.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
7.0.21.exe.400000.8.raw.unpack	JoeSecurity_SpyEx_1	Yara detected SpyEx stealer	Joe Security
14.2.Windows Update.exe.4a10000.15.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
14.2.Windows Update.exe.4a10000.15.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.2.Windows Update.exe.4a10000.15.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.2.Windows Update.exe.4a10000.15.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.2.Windows Update.exe.4a10000.15.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.2.Windows Update.exe.4a10000.15.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
14.2.Windows Update.exe.4a10000.15.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79a72:$key: HawkEyeKeylogger 0x7bcd4:$salt: 099u787978786 0x7a0b3:$string1: HawkEye_Keylogger 0x7af06:$string1: HawkEye_Keylogger 0x7bc34:$string1: HawkEye_Keylogger 0x7a49c:$string2: holdermail.txt 0x7a4bc:$string2: holdermail.txt 0x7a3de:$string3: wallet.dat 0x7a3f6:$string3: wallet.dat 0x7a40c:$string3: wallet.dat 0x7b7f8:$string4: Keylog Records 0x7bb10:$string4: Keylog Records 0x7bd2c:$string5: do not script --> 0x79a5a:$string6: \pidloc.txt 0x79ae8:$string7: BSPLIT 0x79af8:$string7: BSPLIT
14.2.Windows Update.exe.4a10000.15.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.2.Windows Update.exe.4a10000.15.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.2.Windows Update.exe.4a10000.15.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.2.Windows Update.exe.4a10000.15.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.2.Windows Update.exe.4a10000.15.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a10b:$hawkstr1: HawkEye Keylogger 0x7af4c:$hawkstr1: HawkEye Keylogger 0x7b27b:$hawkstr1: HawkEye Keylogger 0x7b3d6:$hawkstr1: HawkEye Keylogger 0x7b539:$hawkstr1: HawkEye Keylogger 0x7b7d0:$hawkstr1: HawkEye Keylogger 0x79c99:$hawkstr2: Dear HawkEye Customers! 0x7b2ce:$hawkstr2: Dear HawkEye Customers! 0x7b425:$hawkstr2: Dear HawkEye Customers! 0x7b58c:$hawkstr2: Dear HawkEye Customers! 0x79dba:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.4aa9c0d.36.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
14.0.Windows Update.exe.4aa9c0d.36.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.4aa9c0d.36.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.4aa9c0d.36.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.4aa9c0d.36.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
19.0.vbc.exe.400000.2.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.415058.15.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79a72:$key: HawkEyeKeylogger 0x7bcd4:$salt: 099u787978786 0x7a0b3:$string1: HawkEye_Keylogger 0x7af06:$string1: HawkEye_Keylogger 0x7bc34:$string1: HawkEye_Keylogger 0x7a49c:$string2: holdermail.txt 0x7a4bc:$string2: holdermail.txt 0x7a3de:$string3: wallet.dat 0x7a3f6:$string3: wallet.dat 0x7a40c:$string3: wallet.dat 0x7b7f8:$string4: Keylog Records 0x7bb10:$string4: Keylog Records 0x7bd2c:$string5: do not script --> 0x79a5a:$string6: \pidloc.txt 0x79ae8:$string7: BSPLIT 0x79af8:$string7: BSPLIT
14.0.Windows Update.exe.415058.15.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.415058.15.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.415058.15.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.415058.15.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.415058.15.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a10b:$hawkstr1: HawkEye Keylogger 0x7af4c:$hawkstr1: HawkEye Keylogger 0x7b27b:$hawkstr1: HawkEye Keylogger 0x7b3d6:$hawkstr1: HawkEye Keylogger 0x7b539:$hawkstr1: HawkEye Keylogger 0x7b7d0:$hawkstr1: HawkEye Keylogger 0x79c99:$hawkstr2: Dear HawkEye Customers! 0x7b2ce:$hawkstr2: Dear HawkEye Customers! 0x7b425:$hawkstr2: Dear HawkEye Customers! 0x7b58c:$hawkstr2: Dear HawkEye Customers! 0x79dba:$hawkstr3: HawkEye Logger Details:
18.0.vbc.exe.400000.1.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.4a10000.30.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79a72:$key: HawkEyeKeylogger 0x7bcd4:$salt: 099u787978786 0x7a0b3:$string1: HawkEye_Keylogger 0x7af06:$string1: HawkEye_Keylogger 0x7bc34:$string1: HawkEye_Keylogger 0x7a49c:$string2: holdermail.txt 0x7a4bc:$string2: holdermail.txt 0x7a3de:$string3: wallet.dat 0x7a3f6:$string3: wallet.dat 0x7a40c:$string3: wallet.dat 0x7b7f8:$string4: Keylog Records 0x7bb10:$string4: Keylog Records 0x7bd2c:$string5: do not script --> 0x79a5a:$string6: \pidloc.txt 0x79ae8:$string7: BSPLIT 0x79af8:$string7: BSPLIT
14.0.Windows Update.exe.4a10000.30.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.4a10000.30.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.4a10000.30.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.4a10000.30.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.4a10000.30.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a10b:$hawkstr1: HawkEye Keylogger 0x7af4c:$hawkstr1: HawkEye Keylogger 0x7b27b:$hawkstr1: HawkEye Keylogger 0x7b3d6:$hawkstr1: HawkEye Keylogger 0x7b539:$hawkstr1: HawkEye Keylogger 0x7b7d0:$hawkstr1: HawkEye Keylogger 0x79c99:$hawkstr2: Dear HawkEye Customers! 0x7b2ce:$hawkstr2: Dear HawkEye Customers! 0x7b425:$hawkstr2: Dear HawkEye Customers! 0x7b58c:$hawkstr2: Dear HawkEye Customers! 0x79dba:$hawkstr3: HawkEye Logger Details:
8.2.5.exe.49cfa72.18.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
3.2.21.exe.147a0000.1.raw.unpack	JoeSecurity_SpyEx_1	Yara detected SpyEx stealer	Joe Security
18.0.vbc.exe.400000.4.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.4aa0000.55.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
14.0.Windows Update.exe.4aa0000.55.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.4aa0000.55.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.4aa0000.55.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.4aa0000.55.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.4aa0000.55.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
7.1.21.exe.400000.0.unpack	JoeSecurity_SpyEx_1	Yara detected SpyEx stealer	Joe Security
7.2.21.exe.400000.0.unpack	JoeSecurity_SpyEx_1	Yara detected SpyEx stealer	Joe Security
7.0.21.exe.400000.7.raw.unpack	JoeSecurity_SpyEx_1	Yara detected SpyEx stealer	Joe Security
19.0.vbc.exe.400000.3.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.415058.17.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
14.0.Windows Update.exe.415058.17.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.415058.17.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.415058.17.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.415058.17.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.415058.17.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
9.0.4.exe.400000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.0.4.exe.400000.0.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
8.0.5.exe.41ce65.15.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
8.0.5.exe.41ce65.15.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.0.5.exe.41ce65.15.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.0.5.exe.41ce65.15.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.0.5.exe.41ce65.15.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
8.2.5.exe.3649660.6.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
8.2.5.exe.3649660.6.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.2.5.exe.3649660.6.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.2.5.exe.3649660.6.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.2.5.exe.3649660.6.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.2.5.exe.3649660.6.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
9.0.4.exe.400000.8.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.0.4.exe.400000.8.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
8.0.5.exe.400000.5.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
8.0.5.exe.400000.5.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.0.5.exe.400000.5.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.0.5.exe.400000.5.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.0.5.exe.400000.5.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.0.5.exe.400000.5.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
8.2.5.exe.26ab278.4.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.2.WindowsUpdate.exe.4950000.11.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
24.2.WindowsUpdate.exe.4950000.11.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.2.WindowsUpdate.exe.4950000.11.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.2.WindowsUpdate.exe.4950000.11.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.2.WindowsUpdate.exe.4950000.11.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.2.WindowsUpdate.exe.4950000.11.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.2939110.46.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x53a4:$key: HawkEyeKeylogger 0x5ca0:$salt: 099u787978786 0x1a150:$string1: HawkEye_Keylogger 0x20c4c:$string1: HawkEye_Keylogger 0x1e638:$string2: holdermail.txt 0x1e668:$string2: holdermail.txt 0x1b57e:$string3: wallet.dat 0x1b5a6:$string3: wallet.dat 0x1b5cc:$string3: wallet.dat 0x1c9c4:$string4: Keylog Records 0x1ccfa:$string4: Keylog Records 0xa304:$string5: do not script --> 0x537c:$string6: \pidloc.txt 0x5484:$string7: BSPLIT 0x54a4:$string7: BSPLIT
14.0.Windows Update.exe.2939110.46.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df 0x21f63:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.2939110.46.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.2939110.46.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x1a1e0:$hawkstr1: HawkEye Keylogger 0x1b7e4:$hawkstr1: HawkEye Keylogger 0x1bb7c:$hawkstr1: HawkEye Keylogger 0x1c99c:$hawkstr1: HawkEye Keylogger 0x20ca4:$hawkstr1: HawkEye Keylogger 0x23144:$hawkstr1: HawkEye Keylogger 0x19c58:$hawkstr2: Dear HawkEye Customers! 0x1b848:$hawkstr2: Dear HawkEye Customers! 0x1bbe0:$hawkstr2: Dear HawkEye Customers! 0x231a4:$hawkstr2: Dear HawkEye Customers! 0x19d8a:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.41ce65.16.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
14.0.Windows Update.exe.41ce65.16.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.41ce65.16.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.41ce65.16.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.41ce65.16.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
7.0.21.exe.400000.6.unpack	JoeSecurity_SpyEx_1	Yara detected SpyEx stealer	Joe Security
4.2.5.exe.14809265.3.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.2.5.exe.492dc72.13.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.0.WindowsUpdate.exe.415058.15.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79a72:$key: HawkEyeKeylogger 0x7bcd4:$salt: 099u787978786 0x7a0b3:$string1: HawkEye_Keylogger 0x7af06:$string1: HawkEye_Keylogger 0x7bc34:$string1: HawkEye_Keylogger 0x7a49c:$string2: holdermail.txt 0x7a4bc:$string2: holdermail.txt 0x7a3de:$string3: wallet.dat 0x7a3f6:$string3: wallet.dat 0x7a40c:$string3: wallet.dat 0x7b7f8:$string4: Keylog Records 0x7bb10:$string4: Keylog Records 0x7bd2c:$string5: do not script --> 0x79a5a:$string6: \pidloc.txt 0x79ae8:$string7: BSPLIT 0x79af8:$string7: BSPLIT
24.0.WindowsUpdate.exe.415058.15.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.0.WindowsUpdate.exe.415058.15.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.0.WindowsUpdate.exe.415058.15.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.0.WindowsUpdate.exe.415058.15.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.0.WindowsUpdate.exe.415058.15.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a10b:$hawkstr1: HawkEye Keylogger 0x7af4c:$hawkstr1: HawkEye Keylogger 0x7b27b:$hawkstr1: HawkEye Keylogger 0x7b3d6:$hawkstr1: HawkEye Keylogger 0x7b539:$hawkstr1: HawkEye Keylogger 0x7b7d0:$hawkstr1: HawkEye Keylogger 0x79c99:$hawkstr2: Dear HawkEye Customers! 0x7b2ce:$hawkstr2: Dear HawkEye Customers! 0x7b425:$hawkstr2: Dear HawkEye Customers! 0x7b58c:$hawkstr2: Dear HawkEye Customers! 0x79dba:$hawkstr3: HawkEye Logger Details:
8.2.5.exe.4844e2d.8.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.1.Windows Update.exe.415058.2.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
14.1.Windows Update.exe.415058.2.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.1.Windows Update.exe.415058.2.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.1.Windows Update.exe.415058.2.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.1.Windows Update.exe.415058.2.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.1.Windows Update.exe.415058.2.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.415058.10.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
14.0.Windows Update.exe.415058.10.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.415058.10.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.415058.10.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.415058.10.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.415058.10.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.4a6dc72.32.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.2586c92.45.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x1dc00:$key: HawkEyeKeylogger 0x1fe62:$salt: 099u787978786 0x1e241:$string1: HawkEye_Keylogger 0x1f094:$string1: HawkEye_Keylogger 0x1fdc2:$string1: HawkEye_Keylogger 0x1e62a:$string2: holdermail.txt 0x1e64a:$string2: holdermail.txt 0x1e56c:$string3: wallet.dat 0x1e584:$string3: wallet.dat 0x1e59a:$string3: wallet.dat 0x1f986:$string4: Keylog Records 0x1fc9e:$string4: Keylog Records 0x1feba:$string5: do not script --> 0x1dbe8:$string6: \pidloc.txt 0x1dc76:$string7: BSPLIT 0x1dc86:$string7: BSPLIT
14.0.Windows Update.exe.2586c92.45.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.2586c92.45.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.2586c92.45.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x1e299:$hawkstr1: HawkEye Keylogger 0x1f0da:$hawkstr1: HawkEye Keylogger 0x1f409:$hawkstr1: HawkEye Keylogger 0x1f564:$hawkstr1: HawkEye Keylogger 0x1f6c7:$hawkstr1: HawkEye Keylogger 0x1f95e:$hawkstr1: HawkEye Keylogger 0x1de27:$hawkstr2: Dear HawkEye Customers! 0x1f45c:$hawkstr2: Dear HawkEye Customers! 0x1f5b3:$hawkstr2: Dear HawkEye Customers! 0x1f71a:$hawkstr2: Dear HawkEye Customers! 0x1df48:$hawkstr3: HawkEye Logger Details:
14.2.Windows Update.exe.4a17e0d.12.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
14.2.Windows Update.exe.4a17e0d.12.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.2.Windows Update.exe.4a17e0d.12.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.2.Windows Update.exe.4a17e0d.12.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.2.Windows Update.exe.4a17e0d.12.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
14.2.Windows Update.exe.391b065.10.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
22.2.WindowsUpdate.exe.147b1458.3.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
22.2.WindowsUpdate.exe.147b1458.3.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
22.2.WindowsUpdate.exe.147b1458.3.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
22.2.WindowsUpdate.exe.147b1458.3.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
22.2.WindowsUpdate.exe.147b1458.3.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
22.2.WindowsUpdate.exe.147b1458.3.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
8.2.5.exe.415058.3.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
8.2.5.exe.415058.3.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.2.5.exe.415058.3.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.2.5.exe.415058.3.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.2.5.exe.415058.3.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.2.5.exe.415058.3.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
22.2.WindowsUpdate.exe.147b7860.1.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
22.2.WindowsUpdate.exe.147b7860.1.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
22.2.WindowsUpdate.exe.147b7860.1.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
22.2.WindowsUpdate.exe.147b7860.1.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
22.2.WindowsUpdate.exe.147b7860.1.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
22.2.WindowsUpdate.exe.147b7860.1.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
9.0.4.exe.400000.4.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.0.4.exe.400000.4.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
24.0.WindowsUpdate.exe.415058.10.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
24.0.WindowsUpdate.exe.415058.10.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.0.WindowsUpdate.exe.415058.10.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.0.WindowsUpdate.exe.415058.10.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.0.WindowsUpdate.exe.415058.10.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.0.WindowsUpdate.exe.415058.10.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
14.2.Windows Update.exe.4a6dc72.14.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x1dc00:$key: HawkEyeKeylogger 0x1fe62:$salt: 099u787978786 0x1e241:$string1: HawkEye_Keylogger 0x1f094:$string1: HawkEye_Keylogger 0x1fdc2:$string1: HawkEye_Keylogger 0x1e62a:$string2: holdermail.txt 0x1e64a:$string2: holdermail.txt 0x1e56c:$string3: wallet.dat 0x1e584:$string3: wallet.dat 0x1e59a:$string3: wallet.dat 0x1f986:$string4: Keylog Records 0x1fc9e:$string4: Keylog Records 0x1feba:$string5: do not script --> 0x1dbe8:$string6: \pidloc.txt 0x1dc76:$string7: BSPLIT 0x1dc86:$string7: BSPLIT
14.2.Windows Update.exe.4a6dc72.14.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.2.Windows Update.exe.4a6dc72.14.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.2.Windows Update.exe.4a6dc72.14.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x1e299:$hawkstr1: HawkEye Keylogger 0x1f0da:$hawkstr1: HawkEye Keylogger 0x1f409:$hawkstr1: HawkEye Keylogger 0x1f564:$hawkstr1: HawkEye Keylogger 0x1f6c7:$hawkstr1: HawkEye Keylogger 0x1f95e:$hawkstr1: HawkEye Keylogger 0x1de27:$hawkstr2: Dear HawkEye Customers! 0x1f45c:$hawkstr2: Dear HawkEye Customers! 0x1f5b3:$hawkstr2: Dear HawkEye Customers! 0x1f71a:$hawkstr2: Dear HawkEye Customers! 0x1df48:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.2530e2d.43.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.4aa9c0d.58.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.2.Windows Update.exe.4a17e0d.12.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.0.5.exe.415058.16.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79a72:$key: HawkEyeKeylogger 0x7bcd4:$salt: 099u787978786 0x7a0b3:$string1: HawkEye_Keylogger 0x7af06:$string1: HawkEye_Keylogger 0x7bc34:$string1: HawkEye_Keylogger 0x7a49c:$string2: holdermail.txt 0x7a4bc:$string2: holdermail.txt 0x7a3de:$string3: wallet.dat 0x7a3f6:$string3: wallet.dat 0x7a40c:$string3: wallet.dat 0x7b7f8:$string4: Keylog Records 0x7bb10:$string4: Keylog Records 0x7bd2c:$string5: do not script --> 0x79a5a:$string6: \pidloc.txt 0x79ae8:$string7: BSPLIT 0x79af8:$string7: BSPLIT
8.0.5.exe.415058.16.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.0.5.exe.415058.16.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.0.5.exe.415058.16.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.0.5.exe.415058.16.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.0.5.exe.415058.16.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a10b:$hawkstr1: HawkEye Keylogger 0x7af4c:$hawkstr1: HawkEye Keylogger 0x7b27b:$hawkstr1: HawkEye Keylogger 0x7b3d6:$hawkstr1: HawkEye Keylogger 0x7b539:$hawkstr1: HawkEye Keylogger 0x7b7d0:$hawkstr1: HawkEye Keylogger 0x79c99:$hawkstr2: Dear HawkEye Customers! 0x7b2ce:$hawkstr2: Dear HawkEye Customers! 0x7b425:$hawkstr2: Dear HawkEye Customers! 0x7b58c:$hawkstr2: Dear HawkEye Customers! 0x79dba:$hawkstr3: HawkEye Logger Details:
24.0.WindowsUpdate.exe.400000.7.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
24.0.WindowsUpdate.exe.400000.7.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.0.WindowsUpdate.exe.400000.7.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.0.WindowsUpdate.exe.400000.7.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.0.WindowsUpdate.exe.400000.7.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.0.WindowsUpdate.exe.400000.7.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
18.0.vbc.exe.400000.3.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.41ce65.42.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
14.0.Windows Update.exe.41ce65.42.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.41ce65.42.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.41ce65.42.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.41ce65.42.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
24.0.WindowsUpdate.exe.400000.5.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
24.0.WindowsUpdate.exe.400000.5.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.0.WindowsUpdate.exe.400000.5.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.0.WindowsUpdate.exe.400000.5.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.0.WindowsUpdate.exe.400000.5.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.0.WindowsUpdate.exe.400000.5.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
24.2.WindowsUpdate.exe.41b460.2.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
24.2.WindowsUpdate.exe.41b460.2.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.2.WindowsUpdate.exe.41b460.2.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.2.WindowsUpdate.exe.41b460.2.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.2.WindowsUpdate.exe.41b460.2.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.2.WindowsUpdate.exe.41b460.2.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.3919660.27.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
14.0.Windows Update.exe.3919660.27.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.3919660.27.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.3919660.27.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.3919660.27.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.3919660.27.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.3919660.50.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
14.0.Windows Update.exe.3919660.50.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.3919660.50.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.3919660.50.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.3919660.50.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.3919660.50.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.391b065.49.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
14.0.Windows Update.exe.391b065.49.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.391b065.49.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.391b065.49.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.391b065.49.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
14.2.Windows Update.exe.2586c92.5.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.2.WindowsUpdate.exe.36fb065.6.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
24.2.WindowsUpdate.exe.36fb065.6.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.2.WindowsUpdate.exe.36fb065.6.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.2.WindowsUpdate.exe.36fb065.6.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.2.WindowsUpdate.exe.36fb065.6.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
24.2.WindowsUpdate.exe.36f3258.5.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
24.2.WindowsUpdate.exe.36f3258.5.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.2.WindowsUpdate.exe.36f3258.5.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.2.WindowsUpdate.exe.36f3258.5.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.2.WindowsUpdate.exe.36f3258.5.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.2.WindowsUpdate.exe.36f3258.5.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.3913258.48.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
14.0.Windows Update.exe.3913258.48.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.3913258.48.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.3913258.48.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.3913258.48.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.3913258.48.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.41ce65.11.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
14.0.Windows Update.exe.41ce65.11.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.41ce65.11.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.41ce65.11.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.41ce65.11.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
7.0.21.exe.400000.5.raw.unpack	JoeSecurity_SpyEx_1	Yara detected SpyEx stealer	Joe Security
14.0.Windows Update.exe.4aa8208.35.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
14.0.Windows Update.exe.4aa8208.35.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.4aa8208.35.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.4aa8208.35.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.4aa8208.35.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.4aa8208.35.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
8.2.5.exe.400000.0.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
8.2.5.exe.400000.0.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.2.5.exe.400000.0.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.2.5.exe.400000.0.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.2.5.exe.400000.0.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.2.5.exe.400000.0.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.4aa9c0d.58.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
14.0.Windows Update.exe.4aa9c0d.58.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.4aa9c0d.58.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.4aa9c0d.58.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.4aa9c0d.58.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
14.2.Windows Update.exe.2530e2d.6.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.2.WindowsUpdate.exe.48c7e0d.7.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
24.2.WindowsUpdate.exe.48c7e0d.7.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.2.WindowsUpdate.exe.48c7e0d.7.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.2.WindowsUpdate.exe.48c7e0d.7.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.2.WindowsUpdate.exe.48c7e0d.7.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
24.2.WindowsUpdate.exe.415058.0.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
24.2.WindowsUpdate.exe.415058.0.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.2.WindowsUpdate.exe.415058.0.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.2.WindowsUpdate.exe.415058.0.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.2.WindowsUpdate.exe.415058.0.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.2.WindowsUpdate.exe.415058.0.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
7.0.21.exe.400000.7.unpack	JoeSecurity_SpyEx_1	Yara detected SpyEx stealer	Joe Security
24.2.WindowsUpdate.exe.4959c0d.12.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
24.2.WindowsUpdate.exe.4959c0d.12.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.2.WindowsUpdate.exe.4959c0d.12.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.2.WindowsUpdate.exe.4959c0d.12.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.2.WindowsUpdate.exe.4959c0d.12.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.295a058.47.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.2586c92.21.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.41ce65.11.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
22.2.WindowsUpdate.exe.147a0000.4.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
22.2.WindowsUpdate.exe.147a0000.4.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
22.2.WindowsUpdate.exe.147a0000.4.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
22.2.WindowsUpdate.exe.147a0000.4.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
22.2.WindowsUpdate.exe.147a0000.4.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
22.2.WindowsUpdate.exe.147a0000.4.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
8.0.5.exe.400000.8.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
8.0.5.exe.400000.8.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.0.5.exe.400000.8.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.0.5.exe.400000.8.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.0.5.exe.400000.8.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.0.5.exe.400000.8.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.4a16408.52.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
14.0.Windows Update.exe.4a16408.52.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.4a16408.52.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.4a16408.52.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.4a16408.52.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.4a16408.52.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
7.0.21.exe.400000.6.raw.unpack	JoeSecurity_SpyEx_1	Yara detected SpyEx stealer	Joe Security
14.1.Windows Update.exe.41ce65.3.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
9.2.4.exe.400000.1.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.2.4.exe.400000.1.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
14.2.Windows Update.exe.3919660.9.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
14.2.Windows Update.exe.3919660.9.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.2.Windows Update.exe.3919660.9.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.2.Windows Update.exe.3919660.9.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.2.Windows Update.exe.3919660.9.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.2.Windows Update.exe.3919660.9.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
7.1.21.exe.400000.0.raw.unpack	JoeSecurity_SpyEx_1	Yara detected SpyEx stealer	Joe Security
24.2.WindowsUpdate.exe.48c0000.10.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79a72:$key: HawkEyeKeylogger 0x7bcd4:$salt: 099u787978786 0x7a0b3:$string1: HawkEye_Keylogger 0x7af06:$string1: HawkEye_Keylogger 0x7bc34:$string1: HawkEye_Keylogger 0x7a49c:$string2: holdermail.txt 0x7a4bc:$string2: holdermail.txt 0x7a3de:$string3: wallet.dat 0x7a3f6:$string3: wallet.dat 0x7a40c:$string3: wallet.dat 0x7b7f8:$string4: Keylog Records 0x7bb10:$string4: Keylog Records 0x7bd2c:$string5: do not script --> 0x79a5a:$string6: \pidloc.txt 0x79ae8:$string7: BSPLIT 0x79af8:$string7: BSPLIT
24.2.WindowsUpdate.exe.48c0000.10.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.2.WindowsUpdate.exe.48c0000.10.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.2.WindowsUpdate.exe.48c0000.10.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.2.WindowsUpdate.exe.48c0000.10.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.2.WindowsUpdate.exe.48c0000.10.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a10b:$hawkstr1: HawkEye Keylogger 0x7af4c:$hawkstr1: HawkEye Keylogger 0x7b27b:$hawkstr1: HawkEye Keylogger 0x7b3d6:$hawkstr1: HawkEye Keylogger 0x7b539:$hawkstr1: HawkEye Keylogger 0x7b7d0:$hawkstr1: HawkEye Keylogger 0x79c99:$hawkstr2: Dear HawkEye Customers! 0x7b2ce:$hawkstr2: Dear HawkEye Customers! 0x7b425:$hawkstr2: Dear HawkEye Customers! 0x7b58c:$hawkstr2: Dear HawkEye Customers! 0x79dba:$hawkstr3: HawkEye Logger Details:
24.2.WindowsUpdate.exe.4958208.14.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
24.2.WindowsUpdate.exe.4958208.14.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.2.WindowsUpdate.exe.4958208.14.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.2.WindowsUpdate.exe.4958208.14.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.2.WindowsUpdate.exe.4958208.14.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.2.WindowsUpdate.exe.4958208.14.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.41b460.14.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
14.0.Windows Update.exe.41b460.14.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.41b460.14.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.41b460.14.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.41b460.14.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.41b460.14.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.4affa72.56.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.0.WindowsUpdate.exe.415058.15.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
24.0.WindowsUpdate.exe.415058.15.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.0.WindowsUpdate.exe.415058.15.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.0.WindowsUpdate.exe.415058.15.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.0.WindowsUpdate.exe.415058.15.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.0.WindowsUpdate.exe.415058.15.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
14.2.Windows Update.exe.3913258.11.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79a72:$key: HawkEyeKeylogger 0x7bcd4:$salt: 099u787978786 0x7a0b3:$string1: HawkEye_Keylogger 0x7af06:$string1: HawkEye_Keylogger 0x7bc34:$string1: HawkEye_Keylogger 0x7a49c:$string2: holdermail.txt 0x7a4bc:$string2: holdermail.txt 0x7a3de:$string3: wallet.dat 0x7a3f6:$string3: wallet.dat 0x7a40c:$string3: wallet.dat 0x7b7f8:$string4: Keylog Records 0x7bb10:$string4: Keylog Records 0x7bd2c:$string5: do not script --> 0x79a5a:$string6: \pidloc.txt 0x79ae8:$string7: BSPLIT 0x79af8:$string7: BSPLIT
14.2.Windows Update.exe.3913258.11.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.2.Windows Update.exe.3913258.11.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.2.Windows Update.exe.3913258.11.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.2.Windows Update.exe.3913258.11.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.2.Windows Update.exe.3913258.11.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a10b:$hawkstr1: HawkEye Keylogger 0x7af4c:$hawkstr1: HawkEye Keylogger 0x7b27b:$hawkstr1: HawkEye Keylogger 0x7b3d6:$hawkstr1: HawkEye Keylogger 0x7b539:$hawkstr1: HawkEye Keylogger 0x7b7d0:$hawkstr1: HawkEye Keylogger 0x79c99:$hawkstr2: Dear HawkEye Customers! 0x7b2ce:$hawkstr2: Dear HawkEye Customers! 0x7b425:$hawkstr2: Dear HawkEye Customers! 0x7b58c:$hawkstr2: Dear HawkEye Customers! 0x79dba:$hawkstr3: HawkEye Logger Details:
4.2.5.exe.147f0000.2.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x890ca:$key: HawkEyeKeylogger 0x8b32c:$salt: 099u787978786 0x8970b:$string1: HawkEye_Keylogger 0x8a55e:$string1: HawkEye_Keylogger 0x8b28c:$string1: HawkEye_Keylogger 0x89af4:$string2: holdermail.txt 0x89b14:$string2: holdermail.txt 0x89a36:$string3: wallet.dat 0x89a4e:$string3: wallet.dat 0x89a64:$string3: wallet.dat 0x8ae50:$string4: Keylog Records 0x8b168:$string4: Keylog Records 0x8b384:$string5: do not script --> 0x890b2:$string6: \pidloc.txt 0x89140:$string7: BSPLIT 0x89150:$string7: BSPLIT
4.2.5.exe.147f0000.2.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x14c7b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
4.2.5.exe.147f0000.2.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
4.2.5.exe.147f0000.2.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
4.2.5.exe.147f0000.2.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
4.2.5.exe.147f0000.2.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x89763:$hawkstr1: HawkEye Keylogger 0x8a5a4:$hawkstr1: HawkEye Keylogger 0x8a8d3:$hawkstr1: HawkEye Keylogger 0x8aa2e:$hawkstr1: HawkEye Keylogger 0x8ab91:$hawkstr1: HawkEye Keylogger 0x8ae28:$hawkstr1: HawkEye Keylogger 0x892f1:$hawkstr2: Dear HawkEye Customers! 0x8a926:$hawkstr2: Dear HawkEye Customers! 0x8aa7d:$hawkstr2: Dear HawkEye Customers! 0x8abe4:$hawkstr2: Dear HawkEye Customers! 0x89412:$hawkstr3: HawkEye Logger Details:
14.2.Windows Update.exe.41ce65.2.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
14.2.Windows Update.exe.41ce65.2.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.2.Windows Update.exe.41ce65.2.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.2.Windows Update.exe.41ce65.2.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.2.Windows Update.exe.41ce65.2.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.4aa8208.57.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
14.0.Windows Update.exe.4aa8208.57.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.4aa8208.57.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.4aa8208.57.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.4aa8208.57.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.4aa8208.57.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.4a10000.30.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
14.0.Windows Update.exe.4a10000.30.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.4a10000.30.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.4a10000.30.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.4a10000.30.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.4a10000.30.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
9.2.4.exe.400000.1.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.2.4.exe.400000.1.raw.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
14.2.Windows Update.exe.295a058.8.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.0.5.exe.41b460.10.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
8.0.5.exe.41b460.10.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.0.5.exe.41b460.10.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.0.5.exe.41b460.10.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.0.5.exe.41b460.10.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.0.5.exe.41b460.10.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.2530e2d.22.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
14.0.Windows Update.exe.2530e2d.22.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.2530e2d.22.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.2530e2d.22.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.2530e2d.22.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
19.0.vbc.exe.400000.1.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.1.Windows Update.exe.400000.0.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
14.1.Windows Update.exe.400000.0.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.1.Windows Update.exe.400000.0.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.1.Windows Update.exe.400000.0.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.1.Windows Update.exe.400000.0.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.1.Windows Update.exe.400000.0.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.4affa72.34.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.2.WindowsUpdate.exe.400000.1.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x908ca:$key: HawkEyeKeylogger 0x92b2c:$salt: 099u787978786 0x90f0b:$string1: HawkEye_Keylogger 0x91d5e:$string1: HawkEye_Keylogger 0x92a8c:$string1: HawkEye_Keylogger 0x912f4:$string2: holdermail.txt 0x91314:$string2: holdermail.txt 0x91236:$string3: wallet.dat 0x9124e:$string3: wallet.dat 0x91264:$string3: wallet.dat 0x92650:$string4: Keylog Records 0x92968:$string4: Keylog Records 0x92b84:$string5: do not script --> 0x908b2:$string6: \pidloc.txt 0x90940:$string7: BSPLIT 0x90950:$string7: BSPLIT
24.2.WindowsUpdate.exe.400000.1.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1c47b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.2.WindowsUpdate.exe.400000.1.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.2.WindowsUpdate.exe.400000.1.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.2.WindowsUpdate.exe.400000.1.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.2.WindowsUpdate.exe.400000.1.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x90f63:$hawkstr1: HawkEye Keylogger 0x91da4:$hawkstr1: HawkEye Keylogger 0x920d3:$hawkstr1: HawkEye Keylogger 0x9222e:$hawkstr1: HawkEye Keylogger 0x92391:$hawkstr1: HawkEye Keylogger 0x92628:$hawkstr1: HawkEye Keylogger 0x90af1:$hawkstr2: Dear HawkEye Customers! 0x92126:$hawkstr2: Dear HawkEye Customers! 0x9227d:$hawkstr2: Dear HawkEye Customers! 0x923e4:$hawkstr2: Dear HawkEye Customers! 0x90c12:$hawkstr3: HawkEye Logger Details:
14.2.Windows Update.exe.4a6dc72.14.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
19.0.vbc.exe.400000.0.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
9.0.4.exe.400000.6.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.0.4.exe.400000.6.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
8.0.5.exe.41b460.14.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
8.0.5.exe.41b460.14.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.0.5.exe.41b460.14.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.0.5.exe.41b460.14.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.0.5.exe.41b460.14.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.0.5.exe.41b460.14.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.4a6dc72.54.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
13.2.Windows Update.exe.14670000.4.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x890ca:$key: HawkEyeKeylogger 0x8b32c:$salt: 099u787978786 0x8970b:$string1: HawkEye_Keylogger 0x8a55e:$string1: HawkEye_Keylogger 0x8b28c:$string1: HawkEye_Keylogger 0x89af4:$string2: holdermail.txt 0x89b14:$string2: holdermail.txt 0x89a36:$string3: wallet.dat 0x89a4e:$string3: wallet.dat 0x89a64:$string3: wallet.dat 0x8ae50:$string4: Keylog Records 0x8b168:$string4: Keylog Records 0x8b384:$string5: do not script --> 0x890b2:$string6: \pidloc.txt 0x89140:$string7: BSPLIT 0x89150:$string7: BSPLIT
13.2.Windows Update.exe.14670000.4.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x14c7b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
13.2.Windows Update.exe.14670000.4.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
13.2.Windows Update.exe.14670000.4.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
13.2.Windows Update.exe.14670000.4.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
13.2.Windows Update.exe.14670000.4.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x89763:$hawkstr1: HawkEye Keylogger 0x8a5a4:$hawkstr1: HawkEye Keylogger 0x8a8d3:$hawkstr1: HawkEye Keylogger 0x8aa2e:$hawkstr1: HawkEye Keylogger 0x8ab91:$hawkstr1: HawkEye Keylogger 0x8ae28:$hawkstr1: HawkEye Keylogger 0x892f1:$hawkstr2: Dear HawkEye Customers! 0x8a926:$hawkstr2: Dear HawkEye Customers! 0x8aa7d:$hawkstr2: Dear HawkEye Customers! 0x8abe4:$hawkstr2: Dear HawkEye Customers! 0x89412:$hawkstr3: HawkEye Logger Details:
24.2.WindowsUpdate.exe.49afa72.13.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
9.1.4.exe.415058.1.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.1.4.exe.415058.1.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
14.0.Windows Update.exe.4a6dc72.54.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x1dc00:$key: HawkEyeKeylogger 0x1fe62:$salt: 099u787978786 0x1e241:$string1: HawkEye_Keylogger 0x1f094:$string1: HawkEye_Keylogger 0x1fdc2:$string1: HawkEye_Keylogger 0x1e62a:$string2: holdermail.txt 0x1e64a:$string2: holdermail.txt 0x1e56c:$string3: wallet.dat 0x1e584:$string3: wallet.dat 0x1e59a:$string3: wallet.dat 0x1f986:$string4: Keylog Records 0x1fc9e:$string4: Keylog Records 0x1feba:$string5: do not script --> 0x1dbe8:$string6: \pidloc.txt 0x1dc76:$string7: BSPLIT 0x1dc86:$string7: BSPLIT
14.0.Windows Update.exe.4a6dc72.54.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.4a6dc72.54.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.4a6dc72.54.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x1e299:$hawkstr1: HawkEye Keylogger 0x1f0da:$hawkstr1: HawkEye Keylogger 0x1f409:$hawkstr1: HawkEye Keylogger 0x1f564:$hawkstr1: HawkEye Keylogger 0x1f6c7:$hawkstr1: HawkEye Keylogger 0x1f95e:$hawkstr1: HawkEye Keylogger 0x1de27:$hawkstr2: Dear HawkEye Customers! 0x1f45c:$hawkstr2: Dear HawkEye Customers! 0x1f5b3:$hawkstr2: Dear HawkEye Customers! 0x1f71a:$hawkstr2: Dear HawkEye Customers! 0x1df48:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.391b065.26.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
14.0.Windows Update.exe.391b065.26.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.391b065.26.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.391b065.26.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.391b065.26.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
24.2.WindowsUpdate.exe.415058.0.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79a72:$key: HawkEyeKeylogger 0x7bcd4:$salt: 099u787978786 0x7a0b3:$string1: HawkEye_Keylogger 0x7af06:$string1: HawkEye_Keylogger 0x7bc34:$string1: HawkEye_Keylogger 0x7a49c:$string2: holdermail.txt 0x7a4bc:$string2: holdermail.txt 0x7a3de:$string3: wallet.dat 0x7a3f6:$string3: wallet.dat 0x7a40c:$string3: wallet.dat 0x7b7f8:$string4: Keylog Records 0x7bb10:$string4: Keylog Records 0x7bd2c:$string5: do not script --> 0x79a5a:$string6: \pidloc.txt 0x79ae8:$string7: BSPLIT 0x79af8:$string7: BSPLIT
24.2.WindowsUpdate.exe.415058.0.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.2.WindowsUpdate.exe.415058.0.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.2.WindowsUpdate.exe.415058.0.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.2.WindowsUpdate.exe.415058.0.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.2.WindowsUpdate.exe.415058.0.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a10b:$hawkstr1: HawkEye Keylogger 0x7af4c:$hawkstr1: HawkEye Keylogger 0x7b27b:$hawkstr1: HawkEye Keylogger 0x7b3d6:$hawkstr1: HawkEye Keylogger 0x7b539:$hawkstr1: HawkEye Keylogger 0x7b7d0:$hawkstr1: HawkEye Keylogger 0x79c99:$hawkstr2: Dear HawkEye Customers! 0x7b2ce:$hawkstr2: Dear HawkEye Customers! 0x7b425:$hawkstr2: Dear HawkEye Customers! 0x7b58c:$hawkstr2: Dear HawkEye Customers! 0x79dba:$hawkstr3: HawkEye Logger Details:
8.2.5.exe.41ce65.2.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.400000.6.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
14.0.Windows Update.exe.400000.6.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.400000.6.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.400000.6.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.400000.6.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.400000.6.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.252f428.23.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
14.0.Windows Update.exe.252f428.23.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.252f428.23.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.252f428.23.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.252f428.23.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.252f428.23.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
9.1.4.exe.415058.1.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.1.4.exe.415058.1.raw.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
24.0.WindowsUpdate.exe.41ce65.11.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
19.0.vbc.exe.400000.4.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.2.Windows Update.exe.4affa72.19.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x1dc00:$key: HawkEyeKeylogger 0x1fe62:$salt: 099u787978786 0x1e241:$string1: HawkEye_Keylogger 0x1f094:$string1: HawkEye_Keylogger 0x1fdc2:$string1: HawkEye_Keylogger 0x1e62a:$string2: holdermail.txt 0x1e64a:$string2: holdermail.txt 0x1e56c:$string3: wallet.dat 0x1e584:$string3: wallet.dat 0x1e59a:$string3: wallet.dat 0x1f986:$string4: Keylog Records 0x1fc9e:$string4: Keylog Records 0x1feba:$string5: do not script --> 0x1dbe8:$string6: \pidloc.txt 0x1dc76:$string7: BSPLIT 0x1dc86:$string7: BSPLIT
14.2.Windows Update.exe.4affa72.19.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.2.Windows Update.exe.4affa72.19.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.2.Windows Update.exe.4affa72.19.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x1e299:$hawkstr1: HawkEye Keylogger 0x1f0da:$hawkstr1: HawkEye Keylogger 0x1f409:$hawkstr1: HawkEye Keylogger 0x1f564:$hawkstr1: HawkEye Keylogger 0x1f6c7:$hawkstr1: HawkEye Keylogger 0x1f95e:$hawkstr1: HawkEye Keylogger 0x1de27:$hawkstr2: Dear HawkEye Customers! 0x1f45c:$hawkstr2: Dear HawkEye Customers! 0x1f5b3:$hawkstr2: Dear HawkEye Customers! 0x1f71a:$hawkstr2: Dear HawkEye Customers! 0x1df48:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.4a6dc72.32.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x1dc00:$key: HawkEyeKeylogger 0x1fe62:$salt: 099u787978786 0x1e241:$string1: HawkEye_Keylogger 0x1f094:$string1: HawkEye_Keylogger 0x1fdc2:$string1: HawkEye_Keylogger 0x1e62a:$string2: holdermail.txt 0x1e64a:$string2: holdermail.txt 0x1e56c:$string3: wallet.dat 0x1e584:$string3: wallet.dat 0x1e59a:$string3: wallet.dat 0x1f986:$string4: Keylog Records 0x1fc9e:$string4: Keylog Records 0x1feba:$string5: do not script --> 0x1dbe8:$string6: \pidloc.txt 0x1dc76:$string7: BSPLIT 0x1dc86:$string7: BSPLIT
14.0.Windows Update.exe.4a6dc72.32.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.4a6dc72.32.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.4a6dc72.32.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x1e299:$hawkstr1: HawkEye Keylogger 0x1f0da:$hawkstr1: HawkEye Keylogger 0x1f409:$hawkstr1: HawkEye Keylogger 0x1f564:$hawkstr1: HawkEye Keylogger 0x1f6c7:$hawkstr1: HawkEye Keylogger 0x1f95e:$hawkstr1: HawkEye Keylogger 0x1de27:$hawkstr2: Dear HawkEye Customers! 0x1f45c:$hawkstr2: Dear HawkEye Customers! 0x1f5b3:$hawkstr2: Dear HawkEye Customers! 0x1f71a:$hawkstr2: Dear HawkEye Customers! 0x1df48:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.4affa72.56.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x1dc00:$key: HawkEyeKeylogger 0x1fe62:$salt: 099u787978786 0x1e241:$string1: HawkEye_Keylogger 0x1f094:$string1: HawkEye_Keylogger 0x1fdc2:$string1: HawkEye_Keylogger 0x1e62a:$string2: holdermail.txt 0x1e64a:$string2: holdermail.txt 0x1e56c:$string3: wallet.dat 0x1e584:$string3: wallet.dat 0x1e59a:$string3: wallet.dat 0x1f986:$string4: Keylog Records 0x1fc9e:$string4: Keylog Records 0x1feba:$string5: do not script --> 0x1dbe8:$string6: \pidloc.txt 0x1dc76:$string7: BSPLIT 0x1dc86:$string7: BSPLIT
14.0.Windows Update.exe.4affa72.56.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.4affa72.56.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.4affa72.56.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x1e299:$hawkstr1: HawkEye Keylogger 0x1f0da:$hawkstr1: HawkEye Keylogger 0x1f409:$hawkstr1: HawkEye Keylogger 0x1f564:$hawkstr1: HawkEye Keylogger 0x1f6c7:$hawkstr1: HawkEye Keylogger 0x1f95e:$hawkstr1: HawkEye Keylogger 0x1de27:$hawkstr2: Dear HawkEye Customers! 0x1f45c:$hawkstr2: Dear HawkEye Customers! 0x1f5b3:$hawkstr2: Dear HawkEye Customers! 0x1f71a:$hawkstr2: Dear HawkEye Customers! 0x1df48:$hawkstr3: HawkEye Logger Details:
8.0.5.exe.41ce65.11.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
8.0.5.exe.41ce65.11.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.0.5.exe.41ce65.11.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.0.5.exe.41ce65.11.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.0.5.exe.41ce65.11.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
14.1.Windows Update.exe.41b460.1.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
14.1.Windows Update.exe.41b460.1.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.1.Windows Update.exe.41b460.1.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.1.Windows Update.exe.41b460.1.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.1.Windows Update.exe.41b460.1.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.1.Windows Update.exe.41b460.1.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
3.2.21.exe.147a0000.1.unpack	JoeSecurity_SpyEx_1	Yara detected SpyEx stealer	Joe Security
14.2.Windows Update.exe.400000.3.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x908ca:$key: HawkEyeKeylogger 0x92b2c:$salt: 099u787978786 0x90f0b:$string1: HawkEye_Keylogger 0x91d5e:$string1: HawkEye_Keylogger 0x92a8c:$string1: HawkEye_Keylogger 0x912f4:$string2: holdermail.txt 0x91314:$string2: holdermail.txt 0x91236:$string3: wallet.dat 0x9124e:$string3: wallet.dat 0x91264:$string3: wallet.dat 0x92650:$string4: Keylog Records 0x92968:$string4: Keylog Records 0x92b84:$string5: do not script --> 0x908b2:$string6: \pidloc.txt 0x90940:$string7: BSPLIT 0x90950:$string7: BSPLIT
14.2.Windows Update.exe.400000.3.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1c47b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.2.Windows Update.exe.400000.3.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.2.Windows Update.exe.400000.3.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.2.Windows Update.exe.400000.3.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.2.Windows Update.exe.400000.3.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x90f63:$hawkstr1: HawkEye Keylogger 0x91da4:$hawkstr1: HawkEye Keylogger 0x920d3:$hawkstr1: HawkEye Keylogger 0x9222e:$hawkstr1: HawkEye Keylogger 0x92391:$hawkstr1: HawkEye Keylogger 0x92628:$hawkstr1: HawkEye Keylogger 0x90af1:$hawkstr2: Dear HawkEye Customers! 0x92126:$hawkstr2: Dear HawkEye Customers! 0x9227d:$hawkstr2: Dear HawkEye Customers! 0x923e4:$hawkstr2: Dear HawkEye Customers! 0x90c12:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.7700000.38.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.0.5.exe.400000.9.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
8.0.5.exe.400000.9.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.0.5.exe.400000.9.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.0.5.exe.400000.9.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.0.5.exe.400000.9.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.0.5.exe.400000.9.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.41b460.19.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
14.0.Windows Update.exe.41b460.19.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.41b460.19.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.41b460.19.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.41b460.19.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.41b460.19.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
13.2.Windows Update.exe.14687860.3.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
13.2.Windows Update.exe.14687860.3.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
13.2.Windows Update.exe.14687860.3.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
13.2.Windows Update.exe.14687860.3.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
13.2.Windows Update.exe.14687860.3.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
13.2.Windows Update.exe.14687860.3.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.415058.40.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
14.0.Windows Update.exe.415058.40.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.415058.40.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.415058.40.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.415058.40.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.415058.40.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
24.2.WindowsUpdate.exe.48c6408.8.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
24.2.WindowsUpdate.exe.48c6408.8.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.2.WindowsUpdate.exe.48c6408.8.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.2.WindowsUpdate.exe.48c6408.8.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.2.WindowsUpdate.exe.48c6408.8.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.2.WindowsUpdate.exe.48c6408.8.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
24.2.WindowsUpdate.exe.491dc72.9.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x1dc00:$key: HawkEyeKeylogger 0x1fe62:$salt: 099u787978786 0x1e241:$string1: HawkEye_Keylogger 0x1f094:$string1: HawkEye_Keylogger 0x1fdc2:$string1: HawkEye_Keylogger 0x1e62a:$string2: holdermail.txt 0x1e64a:$string2: holdermail.txt 0x1e56c:$string3: wallet.dat 0x1e584:$string3: wallet.dat 0x1e59a:$string3: wallet.dat 0x1f986:$string4: Keylog Records 0x1fc9e:$string4: Keylog Records 0x1feba:$string5: do not script --> 0x1dbe8:$string6: \pidloc.txt 0x1dc76:$string7: BSPLIT 0x1dc86:$string7: BSPLIT
24.2.WindowsUpdate.exe.491dc72.9.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.2.WindowsUpdate.exe.491dc72.9.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.2.WindowsUpdate.exe.491dc72.9.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x1e299:$hawkstr1: HawkEye Keylogger 0x1f0da:$hawkstr1: HawkEye Keylogger 0x1f409:$hawkstr1: HawkEye Keylogger 0x1f564:$hawkstr1: HawkEye Keylogger 0x1f6c7:$hawkstr1: HawkEye Keylogger 0x1f95e:$hawkstr1: HawkEye Keylogger 0x1de27:$hawkstr2: Dear HawkEye Customers! 0x1f45c:$hawkstr2: Dear HawkEye Customers! 0x1f5b3:$hawkstr2: Dear HawkEye Customers! 0x1f71a:$hawkstr2: Dear HawkEye Customers! 0x1df48:$hawkstr3: HawkEye Logger Details:
19.2.vbc.exe.400000.0.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
9.0.4.exe.400000.1.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.0.4.exe.400000.1.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
14.0.Windows Update.exe.3913258.48.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79a72:$key: HawkEyeKeylogger 0x7bcd4:$salt: 099u787978786 0x7a0b3:$string1: HawkEye_Keylogger 0x7af06:$string1: HawkEye_Keylogger 0x7bc34:$string1: HawkEye_Keylogger 0x7a49c:$string2: holdermail.txt 0x7a4bc:$string2: holdermail.txt 0x7a3de:$string3: wallet.dat 0x7a3f6:$string3: wallet.dat 0x7a40c:$string3: wallet.dat 0x7b7f8:$string4: Keylog Records 0x7bb10:$string4: Keylog Records 0x7bd2c:$string5: do not script --> 0x79a5a:$string6: \pidloc.txt 0x79ae8:$string7: BSPLIT 0x79af8:$string7: BSPLIT
14.0.Windows Update.exe.3913258.48.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.3913258.48.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.3913258.48.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.3913258.48.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.3913258.48.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a10b:$hawkstr1: HawkEye Keylogger 0x7af4c:$hawkstr1: HawkEye Keylogger 0x7b27b:$hawkstr1: HawkEye Keylogger 0x7b3d6:$hawkstr1: HawkEye Keylogger 0x7b539:$hawkstr1: HawkEye Keylogger 0x7b7d0:$hawkstr1: HawkEye Keylogger 0x79c99:$hawkstr2: Dear HawkEye Customers! 0x7b2ce:$hawkstr2: Dear HawkEye Customers! 0x7b425:$hawkstr2: Dear HawkEye Customers! 0x7b58c:$hawkstr2: Dear HawkEye Customers! 0x79dba:$hawkstr3: HawkEye Logger Details:
13.2.Windows Update.exe.14670000.4.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
13.2.Windows Update.exe.14670000.4.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
13.2.Windows Update.exe.14670000.4.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
13.2.Windows Update.exe.14670000.4.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
13.2.Windows Update.exe.14670000.4.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
13.2.Windows Update.exe.14670000.4.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.41ce65.18.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
14.0.Windows Update.exe.41ce65.18.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.41ce65.18.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.41ce65.18.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.41ce65.18.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.400000.8.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
14.0.Windows Update.exe.400000.8.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.400000.8.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.400000.8.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.400000.8.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.400000.8.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
13.2.Windows Update.exe.14689265.1.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
13.2.Windows Update.exe.14689265.1.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
13.2.Windows Update.exe.14689265.1.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
13.2.Windows Update.exe.14689265.1.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
13.2.Windows Update.exe.14689265.1.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
8.0.5.exe.415058.16.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
8.0.5.exe.415058.16.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.0.5.exe.415058.16.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.0.5.exe.415058.16.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.0.5.exe.415058.16.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.0.5.exe.415058.16.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
9.2.4.exe.37e3258.3.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.2.4.exe.37e3258.3.raw.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
14.2.Windows Update.exe.7700000.21.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.2.5.exe.48d0000.14.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79a72:$key: HawkEyeKeylogger 0x7bcd4:$salt: 099u787978786 0x7a0b3:$string1: HawkEye_Keylogger 0x7af06:$string1: HawkEye_Keylogger 0x7bc34:$string1: HawkEye_Keylogger 0x7a49c:$string2: holdermail.txt 0x7a4bc:$string2: holdermail.txt 0x7a3de:$string3: wallet.dat 0x7a3f6:$string3: wallet.dat 0x7a40c:$string3: wallet.dat 0x7b7f8:$string4: Keylog Records 0x7bb10:$string4: Keylog Records 0x7bd2c:$string5: do not script --> 0x79a5a:$string6: \pidloc.txt 0x79ae8:$string7: BSPLIT 0x79af8:$string7: BSPLIT
8.2.5.exe.48d0000.14.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.2.5.exe.48d0000.14.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.2.5.exe.48d0000.14.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.2.5.exe.48d0000.14.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.2.5.exe.48d0000.14.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a10b:$hawkstr1: HawkEye Keylogger 0x7af4c:$hawkstr1: HawkEye Keylogger 0x7b27b:$hawkstr1: HawkEye Keylogger 0x7b3d6:$hawkstr1: HawkEye Keylogger 0x7b539:$hawkstr1: HawkEye Keylogger 0x7b7d0:$hawkstr1: HawkEye Keylogger 0x79c99:$hawkstr2: Dear HawkEye Customers! 0x7b2ce:$hawkstr2: Dear HawkEye Customers! 0x7b425:$hawkstr2: Dear HawkEye Customers! 0x7b58c:$hawkstr2: Dear HawkEye Customers! 0x79dba:$hawkstr3: HawkEye Logger Details:
8.2.5.exe.49cfa72.18.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x1dc00:$key: HawkEyeKeylogger 0x1fe62:$salt: 099u787978786 0x1e241:$string1: HawkEye_Keylogger 0x1f094:$string1: HawkEye_Keylogger 0x1fdc2:$string1: HawkEye_Keylogger 0x1e62a:$string2: holdermail.txt 0x1e64a:$string2: holdermail.txt 0x1e56c:$string3: wallet.dat 0x1e584:$string3: wallet.dat 0x1e59a:$string3: wallet.dat 0x1f986:$string4: Keylog Records 0x1fc9e:$string4: Keylog Records 0x1feba:$string5: do not script --> 0x1dbe8:$string6: \pidloc.txt 0x1dc76:$string7: BSPLIT 0x1dc86:$string7: BSPLIT
8.2.5.exe.49cfa72.18.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.2.5.exe.49cfa72.18.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.2.5.exe.49cfa72.18.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x1e299:$hawkstr1: HawkEye Keylogger 0x1f0da:$hawkstr1: HawkEye Keylogger 0x1f409:$hawkstr1: HawkEye Keylogger 0x1f564:$hawkstr1: HawkEye Keylogger 0x1f6c7:$hawkstr1: HawkEye Keylogger 0x1f95e:$hawkstr1: HawkEye Keylogger 0x1de27:$hawkstr2: Dear HawkEye Customers! 0x1f45c:$hawkstr2: Dear HawkEye Customers! 0x1f5b3:$hawkstr2: Dear HawkEye Customers! 0x1f71a:$hawkstr2: Dear HawkEye Customers! 0x1df48:$hawkstr3: HawkEye Logger Details:
14.2.Windows Update.exe.41b460.0.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
14.2.Windows Update.exe.41b460.0.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.2.Windows Update.exe.41b460.0.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.2.Windows Update.exe.41b460.0.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.2.Windows Update.exe.41b460.0.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.2.Windows Update.exe.41b460.0.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.4a17e0d.51.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.41b460.12.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
14.0.Windows Update.exe.41b460.12.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.41b460.12.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.41b460.12.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.41b460.12.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.41b460.12.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
24.2.WindowsUpdate.exe.41ce65.3.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.2.WindowsUpdate.exe.49afa72.13.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x1dc00:$key: HawkEyeKeylogger 0x1fe62:$salt: 099u787978786 0x1e241:$string1: HawkEye_Keylogger 0x1f094:$string1: HawkEye_Keylogger 0x1fdc2:$string1: HawkEye_Keylogger 0x1e62a:$string2: holdermail.txt 0x1e64a:$string2: holdermail.txt 0x1e56c:$string3: wallet.dat 0x1e584:$string3: wallet.dat 0x1e59a:$string3: wallet.dat 0x1f986:$string4: Keylog Records 0x1fc9e:$string4: Keylog Records 0x1feba:$string5: do not script --> 0x1dbe8:$string6: \pidloc.txt 0x1dc76:$string7: BSPLIT 0x1dc86:$string7: BSPLIT
24.2.WindowsUpdate.exe.49afa72.13.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.2.WindowsUpdate.exe.49afa72.13.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.2.WindowsUpdate.exe.49afa72.13.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x1e299:$hawkstr1: HawkEye Keylogger 0x1f0da:$hawkstr1: HawkEye Keylogger 0x1f409:$hawkstr1: HawkEye Keylogger 0x1f564:$hawkstr1: HawkEye Keylogger 0x1f6c7:$hawkstr1: HawkEye Keylogger 0x1f95e:$hawkstr1: HawkEye Keylogger 0x1de27:$hawkstr2: Dear HawkEye Customers! 0x1f45c:$hawkstr2: Dear HawkEye Customers! 0x1f5b3:$hawkstr2: Dear HawkEye Customers! 0x1f71a:$hawkstr2: Dear HawkEye Customers! 0x1df48:$hawkstr3: HawkEye Logger Details:
24.0.WindowsUpdate.exe.400000.8.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
24.0.WindowsUpdate.exe.400000.8.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.0.WindowsUpdate.exe.400000.8.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.0.WindowsUpdate.exe.400000.8.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.0.WindowsUpdate.exe.400000.8.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.0.WindowsUpdate.exe.400000.8.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.400000.20.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
14.0.Windows Update.exe.400000.20.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.400000.20.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.400000.20.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.400000.20.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.400000.20.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
14.2.Windows Update.exe.4aa9c0d.18.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
14.2.Windows Update.exe.4aa9c0d.18.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.2.Windows Update.exe.4aa9c0d.18.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.2.Windows Update.exe.4aa9c0d.18.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.2.Windows Update.exe.4aa9c0d.18.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.415058.17.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79a72:$key: HawkEyeKeylogger 0x7bcd4:$salt: 099u787978786 0x7a0b3:$string1: HawkEye_Keylogger 0x7af06:$string1: HawkEye_Keylogger 0x7bc34:$string1: HawkEye_Keylogger 0x7a49c:$string2: holdermail.txt 0x7a4bc:$string2: holdermail.txt 0x7a3de:$string3: wallet.dat 0x7a3f6:$string3: wallet.dat 0x7a40c:$string3: wallet.dat 0x7b7f8:$string4: Keylog Records 0x7bb10:$string4: Keylog Records 0x7bd2c:$string5: do not script --> 0x79a5a:$string6: \pidloc.txt 0x79ae8:$string7: BSPLIT 0x79af8:$string7: BSPLIT
14.0.Windows Update.exe.415058.17.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.415058.17.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.415058.17.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.415058.17.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.415058.17.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a10b:$hawkstr1: HawkEye Keylogger 0x7af4c:$hawkstr1: HawkEye Keylogger 0x7b27b:$hawkstr1: HawkEye Keylogger 0x7b3d6:$hawkstr1: HawkEye Keylogger 0x7b539:$hawkstr1: HawkEye Keylogger 0x7b7d0:$hawkstr1: HawkEye Keylogger 0x79c99:$hawkstr2: Dear HawkEye Customers! 0x7b2ce:$hawkstr2: Dear HawkEye Customers! 0x7b425:$hawkstr2: Dear HawkEye Customers! 0x7b58c:$hawkstr2: Dear HawkEye Customers! 0x79dba:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.415058.40.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79a72:$key: HawkEyeKeylogger 0x7bcd4:$salt: 099u787978786 0x7a0b3:$string1: HawkEye_Keylogger 0x7af06:$string1: HawkEye_Keylogger 0x7bc34:$string1: HawkEye_Keylogger 0x7a49c:$string2: holdermail.txt 0x7a4bc:$string2: holdermail.txt 0x7a3de:$string3: wallet.dat 0x7a3f6:$string3: wallet.dat 0x7a40c:$string3: wallet.dat 0x7b7f8:$string4: Keylog Records 0x7bb10:$string4: Keylog Records 0x7bd2c:$string5: do not script --> 0x79a5a:$string6: \pidloc.txt 0x79ae8:$string7: BSPLIT 0x79af8:$string7: BSPLIT
14.0.Windows Update.exe.415058.40.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.415058.40.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.415058.40.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.415058.40.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.415058.40.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a10b:$hawkstr1: HawkEye Keylogger 0x7af4c:$hawkstr1: HawkEye Keylogger 0x7b27b:$hawkstr1: HawkEye Keylogger 0x7b3d6:$hawkstr1: HawkEye Keylogger 0x7b539:$hawkstr1: HawkEye Keylogger 0x7b7d0:$hawkstr1: HawkEye Keylogger 0x79c99:$hawkstr2: Dear HawkEye Customers! 0x7b2ce:$hawkstr2: Dear HawkEye Customers! 0x7b425:$hawkstr2: Dear HawkEye Customers! 0x7b58c:$hawkstr2: Dear HawkEye Customers! 0x79dba:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.7700000.60.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
9.2.4.exe.37e3258.3.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.2.4.exe.37e3258.3.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
14.2.Windows Update.exe.76b0000.20.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.0.WindowsUpdate.exe.41b460.12.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
24.0.WindowsUpdate.exe.41b460.12.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.0.WindowsUpdate.exe.41b460.12.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.0.WindowsUpdate.exe.41b460.12.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.0.WindowsUpdate.exe.41b460.12.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.0.WindowsUpdate.exe.41b460.12.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
8.2.5.exe.400000.0.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x908ca:$key: HawkEyeKeylogger 0x92b2c:$salt: 099u787978786 0x90f0b:$string1: HawkEye_Keylogger 0x91d5e:$string1: HawkEye_Keylogger 0x92a8c:$string1: HawkEye_Keylogger 0x912f4:$string2: holdermail.txt 0x91314:$string2: holdermail.txt 0x91236:$string3: wallet.dat 0x9124e:$string3: wallet.dat 0x91264:$string3: wallet.dat 0x92650:$string4: Keylog Records 0x92968:$string4: Keylog Records 0x92b84:$string5: do not script --> 0x908b2:$string6: \pidloc.txt 0x90940:$string7: BSPLIT 0x90950:$string7: BSPLIT
8.2.5.exe.400000.0.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1c47b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.2.5.exe.400000.0.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.2.5.exe.400000.0.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.2.5.exe.400000.0.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.2.5.exe.400000.0.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x90f63:$hawkstr1: HawkEye Keylogger 0x91da4:$hawkstr1: HawkEye Keylogger 0x920d3:$hawkstr1: HawkEye Keylogger 0x9222e:$hawkstr1: HawkEye Keylogger 0x92391:$hawkstr1: HawkEye Keylogger 0x92628:$hawkstr1: HawkEye Keylogger 0x90af1:$hawkstr2: Dear HawkEye Customers! 0x92126:$hawkstr2: Dear HawkEye Customers! 0x9227d:$hawkstr2: Dear HawkEye Customers! 0x923e4:$hawkstr2: Dear HawkEye Customers! 0x90c12:$hawkstr3: HawkEye Logger Details:
6.2.4.exe.147b1458.2.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
6.2.4.exe.147b1458.2.raw.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
13.2.Windows Update.exe.14689265.1.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.0.WindowsUpdate.exe.41ce65.11.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
24.0.WindowsUpdate.exe.41ce65.11.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.0.WindowsUpdate.exe.41ce65.11.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.0.WindowsUpdate.exe.41ce65.11.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.0.WindowsUpdate.exe.41ce65.11.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.400000.7.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
14.0.Windows Update.exe.400000.7.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.400000.7.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.400000.7.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.400000.7.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.400000.7.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
18.0.vbc.exe.400000.2.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
7.0.21.exe.400000.8.unpack	JoeSecurity_SpyEx_1	Yara detected SpyEx stealer	Joe Security
7.0.21.exe.400000.4.unpack	JoeSecurity_SpyEx_1	Yara detected SpyEx stealer	Joe Security
9.0.4.exe.415058.12.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.0.4.exe.415058.12.raw.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
14.2.Windows Update.exe.415058.1.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79a72:$key: HawkEyeKeylogger 0x7bcd4:$salt: 099u787978786 0x7a0b3:$string1: HawkEye_Keylogger 0x7af06:$string1: HawkEye_Keylogger 0x7bc34:$string1: HawkEye_Keylogger 0x7a49c:$string2: holdermail.txt 0x7a4bc:$string2: holdermail.txt 0x7a3de:$string3: wallet.dat 0x7a3f6:$string3: wallet.dat 0x7a40c:$string3: wallet.dat 0x7b7f8:$string4: Keylog Records 0x7bb10:$string4: Keylog Records 0x7bd2c:$string5: do not script --> 0x79a5a:$string6: \pidloc.txt 0x79ae8:$string7: BSPLIT 0x79af8:$string7: BSPLIT
14.2.Windows Update.exe.415058.1.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.2.Windows Update.exe.415058.1.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.2.Windows Update.exe.415058.1.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.2.Windows Update.exe.415058.1.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.2.Windows Update.exe.415058.1.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a10b:$hawkstr1: HawkEye Keylogger 0x7af4c:$hawkstr1: HawkEye Keylogger 0x7b27b:$hawkstr1: HawkEye Keylogger 0x7b3d6:$hawkstr1: HawkEye Keylogger 0x7b539:$hawkstr1: HawkEye Keylogger 0x7b7d0:$hawkstr1: HawkEye Keylogger 0x79c99:$hawkstr2: Dear HawkEye Customers! 0x7b2ce:$hawkstr2: Dear HawkEye Customers! 0x7b425:$hawkstr2: Dear HawkEye Customers! 0x7b58c:$hawkstr2: Dear HawkEye Customers! 0x79dba:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.2586c92.21.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x1dc00:$key: HawkEyeKeylogger 0x1fe62:$salt: 099u787978786 0x1e241:$string1: HawkEye_Keylogger 0x1f094:$string1: HawkEye_Keylogger 0x1fdc2:$string1: HawkEye_Keylogger 0x1e62a:$string2: holdermail.txt 0x1e64a:$string2: holdermail.txt 0x1e56c:$string3: wallet.dat 0x1e584:$string3: wallet.dat 0x1e59a:$string3: wallet.dat 0x1f986:$string4: Keylog Records 0x1fc9e:$string4: Keylog Records 0x1feba:$string5: do not script --> 0x1dbe8:$string6: \pidloc.txt 0x1dc76:$string7: BSPLIT 0x1dc86:$string7: BSPLIT
14.0.Windows Update.exe.2586c92.21.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.2586c92.21.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.2586c92.21.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x1e299:$hawkstr1: HawkEye Keylogger 0x1f0da:$hawkstr1: HawkEye Keylogger 0x1f409:$hawkstr1: HawkEye Keylogger 0x1f564:$hawkstr1: HawkEye Keylogger 0x1f6c7:$hawkstr1: HawkEye Keylogger 0x1f95e:$hawkstr1: HawkEye Keylogger 0x1de27:$hawkstr2: Dear HawkEye Customers! 0x1f45c:$hawkstr2: Dear HawkEye Customers! 0x1f5b3:$hawkstr2: Dear HawkEye Customers! 0x1f71a:$hawkstr2: Dear HawkEye Customers! 0x1df48:$hawkstr3: HawkEye Logger Details:
9.0.4.exe.415058.10.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.0.4.exe.415058.10.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
8.2.5.exe.4843428.10.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
8.2.5.exe.4843428.10.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.2.5.exe.4843428.10.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.2.5.exe.4843428.10.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.2.5.exe.4843428.10.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.2.5.exe.4843428.10.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
14.2.Windows Update.exe.4a16408.13.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
14.2.Windows Update.exe.4a16408.13.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.2.Windows Update.exe.4a16408.13.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.2.Windows Update.exe.4a16408.13.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.2.Windows Update.exe.4a16408.13.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.2.Windows Update.exe.4a16408.13.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.4a17e0d.29.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
14.0.Windows Update.exe.4a17e0d.29.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.4a17e0d.29.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.4a17e0d.29.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.4a17e0d.29.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
8.0.5.exe.415058.12.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
8.0.5.exe.415058.12.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.0.5.exe.415058.12.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.0.5.exe.415058.12.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.0.5.exe.415058.12.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.0.5.exe.415058.12.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
8.2.5.exe.41ce65.2.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
8.2.5.exe.41ce65.2.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.2.5.exe.41ce65.2.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.2.5.exe.41ce65.2.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.2.5.exe.41ce65.2.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.391b065.26.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.415058.15.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
14.0.Windows Update.exe.415058.15.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.415058.15.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.415058.15.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.415058.15.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.415058.15.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
8.2.5.exe.4978208.17.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
8.2.5.exe.4978208.17.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.2.5.exe.4978208.17.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.2.5.exe.4978208.17.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.2.5.exe.4978208.17.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.2.5.exe.4978208.17.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
24.2.WindowsUpdate.exe.491dc72.9.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
18.0.vbc.exe.400000.0.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.2.WindowsUpdate.exe.36fb065.6.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.2.Windows Update.exe.3913258.11.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
14.2.Windows Update.exe.3913258.11.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.2.Windows Update.exe.3913258.11.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.2.Windows Update.exe.3913258.11.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.2.Windows Update.exe.3913258.11.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.2.Windows Update.exe.3913258.11.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
8.0.5.exe.400000.4.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
8.0.5.exe.400000.4.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.0.5.exe.400000.4.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.0.5.exe.400000.4.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.0.5.exe.400000.4.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.0.5.exe.400000.4.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
19.0.vbc.exe.400000.3.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.0.WindowsUpdate.exe.400000.13.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
24.0.WindowsUpdate.exe.400000.13.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.0.WindowsUpdate.exe.400000.13.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.0.WindowsUpdate.exe.400000.13.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.0.WindowsUpdate.exe.400000.13.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.0.WindowsUpdate.exe.400000.13.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.400000.9.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
14.0.Windows Update.exe.400000.9.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.400000.9.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.400000.9.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.400000.9.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.400000.9.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
8.2.5.exe.4979c0d.16.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
9.0.4.exe.400000.11.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.0.4.exe.400000.11.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
14.0.Windows Update.exe.4a17e0d.51.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
14.0.Windows Update.exe.4a17e0d.51.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.4a17e0d.51.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.4a17e0d.51.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.4a17e0d.51.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
24.2.WindowsUpdate.exe.36f3258.5.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79a72:$key: HawkEyeKeylogger 0x7bcd4:$salt: 099u787978786 0x7a0b3:$string1: HawkEye_Keylogger 0x7af06:$string1: HawkEye_Keylogger 0x7bc34:$string1: HawkEye_Keylogger 0x7a49c:$string2: holdermail.txt 0x7a4bc:$string2: holdermail.txt 0x7a3de:$string3: wallet.dat 0x7a3f6:$string3: wallet.dat 0x7a40c:$string3: wallet.dat 0x7b7f8:$string4: Keylog Records 0x7bb10:$string4: Keylog Records 0x7bd2c:$string5: do not script --> 0x79a5a:$string6: \pidloc.txt 0x79ae8:$string7: BSPLIT 0x79af8:$string7: BSPLIT
24.2.WindowsUpdate.exe.36f3258.5.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.2.WindowsUpdate.exe.36f3258.5.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.2.WindowsUpdate.exe.36f3258.5.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.2.WindowsUpdate.exe.36f3258.5.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.2.WindowsUpdate.exe.36f3258.5.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a10b:$hawkstr1: HawkEye Keylogger 0x7af4c:$hawkstr1: HawkEye Keylogger 0x7b27b:$hawkstr1: HawkEye Keylogger 0x7b3d6:$hawkstr1: HawkEye Keylogger 0x7b539:$hawkstr1: HawkEye Keylogger 0x7b7d0:$hawkstr1: HawkEye Keylogger 0x79c99:$hawkstr2: Dear HawkEye Customers! 0x7b2ce:$hawkstr2: Dear HawkEye Customers! 0x7b425:$hawkstr2: Dear HawkEye Customers! 0x7b58c:$hawkstr2: Dear HawkEye Customers! 0x79dba:$hawkstr3: HawkEye Logger Details:
6.2.4.exe.147a0000.1.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
6.2.4.exe.147a0000.1.raw.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
8.2.5.exe.364b065.5.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
8.2.5.exe.364b065.5.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.2.5.exe.364b065.5.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.2.5.exe.364b065.5.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.2.5.exe.364b065.5.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
18.2.vbc.exe.400000.0.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.1.Windows Update.exe.415058.2.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79a72:$key: HawkEyeKeylogger 0x7bcd4:$salt: 099u787978786 0x7a0b3:$string1: HawkEye_Keylogger 0x7af06:$string1: HawkEye_Keylogger 0x7bc34:$string1: HawkEye_Keylogger 0x7a49c:$string2: holdermail.txt 0x7a4bc:$string2: holdermail.txt 0x7a3de:$string3: wallet.dat 0x7a3f6:$string3: wallet.dat 0x7a40c:$string3: wallet.dat 0x7b7f8:$string4: Keylog Records 0x7bb10:$string4: Keylog Records 0x7bd2c:$string5: do not script --> 0x79a5a:$string6: \pidloc.txt 0x79ae8:$string7: BSPLIT 0x79af8:$string7: BSPLIT
14.1.Windows Update.exe.415058.2.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.1.Windows Update.exe.415058.2.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.1.Windows Update.exe.415058.2.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.1.Windows Update.exe.415058.2.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.1.Windows Update.exe.415058.2.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a10b:$hawkstr1: HawkEye Keylogger 0x7af4c:$hawkstr1: HawkEye Keylogger 0x7b27b:$hawkstr1: HawkEye Keylogger 0x7b3d6:$hawkstr1: HawkEye Keylogger 0x7b539:$hawkstr1: HawkEye Keylogger 0x7b7d0:$hawkstr1: HawkEye Keylogger 0x79c99:$hawkstr2: Dear HawkEye Customers! 0x7b2ce:$hawkstr2: Dear HawkEye Customers! 0x7b425:$hawkstr2: Dear HawkEye Customers! 0x7b58c:$hawkstr2: Dear HawkEye Customers! 0x79dba:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.76b0000.59.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
9.0.4.exe.400000.2.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.0.4.exe.400000.2.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
14.0.Windows Update.exe.41ce65.42.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
4.2.5.exe.14809265.3.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
4.2.5.exe.14809265.3.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
4.2.5.exe.14809265.3.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
4.2.5.exe.14809265.3.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
4.2.5.exe.14809265.3.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
8.2.5.exe.3643258.7.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
8.2.5.exe.3643258.7.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.2.5.exe.3643258.7.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.2.5.exe.3643258.7.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.2.5.exe.3643258.7.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.2.5.exe.3643258.7.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.3913258.28.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
14.0.Windows Update.exe.3913258.28.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.3913258.28.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.3913258.28.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.3913258.28.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.3913258.28.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.252f428.44.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
14.0.Windows Update.exe.252f428.44.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.252f428.44.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.252f428.44.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.252f428.44.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.252f428.44.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
24.2.WindowsUpdate.exe.41ce65.3.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
24.2.WindowsUpdate.exe.41ce65.3.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.2.WindowsUpdate.exe.41ce65.3.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.2.WindowsUpdate.exe.41ce65.3.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.2.WindowsUpdate.exe.41ce65.3.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.2586c92.45.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.400000.41.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
14.0.Windows Update.exe.400000.41.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.400000.41.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.400000.41.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.400000.41.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.400000.41.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
22.2.WindowsUpdate.exe.147a0000.4.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x890ca:$key: HawkEyeKeylogger 0x8b32c:$salt: 099u787978786 0x8970b:$string1: HawkEye_Keylogger 0x8a55e:$string1: HawkEye_Keylogger 0x8b28c:$string1: HawkEye_Keylogger 0x89af4:$string2: holdermail.txt 0x89b14:$string2: holdermail.txt 0x89a36:$string3: wallet.dat 0x89a4e:$string3: wallet.dat 0x89a64:$string3: wallet.dat 0x8ae50:$string4: Keylog Records 0x8b168:$string4: Keylog Records 0x8b384:$string5: do not script --> 0x890b2:$string6: \pidloc.txt 0x89140:$string7: BSPLIT 0x89150:$string7: BSPLIT
22.2.WindowsUpdate.exe.147a0000.4.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x14c7b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
22.2.WindowsUpdate.exe.147a0000.4.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
22.2.WindowsUpdate.exe.147a0000.4.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
22.2.WindowsUpdate.exe.147a0000.4.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
22.2.WindowsUpdate.exe.147a0000.4.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x89763:$hawkstr1: HawkEye Keylogger 0x8a5a4:$hawkstr1: HawkEye Keylogger 0x8a8d3:$hawkstr1: HawkEye Keylogger 0x8aa2e:$hawkstr1: HawkEye Keylogger 0x8ab91:$hawkstr1: HawkEye Keylogger 0x8ae28:$hawkstr1: HawkEye Keylogger 0x892f1:$hawkstr2: Dear HawkEye Customers! 0x8a926:$hawkstr2: Dear HawkEye Customers! 0x8aa7d:$hawkstr2: Dear HawkEye Customers! 0x8abe4:$hawkstr2: Dear HawkEye Customers! 0x89412:$hawkstr3: HawkEye Logger Details:
7.2.21.exe.400000.0.raw.unpack	JoeSecurity_SpyEx_1	Yara detected SpyEx stealer	Joe Security
18.2.vbc.exe.400000.0.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.2.Windows Update.exe.4affa72.19.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.0.WindowsUpdate.exe.415058.10.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79a72:$key: HawkEyeKeylogger 0x7bcd4:$salt: 099u787978786 0x7a0b3:$string1: HawkEye_Keylogger 0x7af06:$string1: HawkEye_Keylogger 0x7bc34:$string1: HawkEye_Keylogger 0x7a49c:$string2: holdermail.txt 0x7a4bc:$string2: holdermail.txt 0x7a3de:$string3: wallet.dat 0x7a3f6:$string3: wallet.dat 0x7a40c:$string3: wallet.dat 0x7b7f8:$string4: Keylog Records 0x7bb10:$string4: Keylog Records 0x7bd2c:$string5: do not script --> 0x79a5a:$string6: \pidloc.txt 0x79ae8:$string7: BSPLIT 0x79af8:$string7: BSPLIT
24.0.WindowsUpdate.exe.415058.10.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.0.WindowsUpdate.exe.415058.10.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.0.WindowsUpdate.exe.415058.10.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.0.WindowsUpdate.exe.415058.10.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.0.WindowsUpdate.exe.415058.10.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a10b:$hawkstr1: HawkEye Keylogger 0x7af4c:$hawkstr1: HawkEye Keylogger 0x7b27b:$hawkstr1: HawkEye Keylogger 0x7b3d6:$hawkstr1: HawkEye Keylogger 0x7b539:$hawkstr1: HawkEye Keylogger 0x7b7d0:$hawkstr1: HawkEye Keylogger 0x79c99:$hawkstr2: Dear HawkEye Customers! 0x7b2ce:$hawkstr2: Dear HawkEye Customers! 0x7b425:$hawkstr2: Dear HawkEye Customers! 0x7b58c:$hawkstr2: Dear HawkEye Customers! 0x79dba:$hawkstr3: HawkEye Logger Details:
8.2.5.exe.364b065.5.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.391b065.49.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
9.2.4.exe.7349b8.2.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
9.2.4.exe.7349b8.2.raw.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
19.0.vbc.exe.400000.4.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.4a10000.53.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
14.0.Windows Update.exe.4a10000.53.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.4a10000.53.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.4a10000.53.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.4a10000.53.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.4a10000.53.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
8.2.5.exe.48d7e0d.11.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.4a16408.31.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
14.0.Windows Update.exe.4a16408.31.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.4a16408.31.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.4a16408.31.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.4a16408.31.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.4a16408.31.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
24.2.WindowsUpdate.exe.4959c0d.12.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.2530e2d.43.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
14.0.Windows Update.exe.2530e2d.43.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
14.0.Windows Update.exe.2530e2d.43.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.2530e2d.43.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
14.0.Windows Update.exe.2530e2d.43.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
24.0.WindowsUpdate.exe.400000.9.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x8ccca:$key: HawkEyeKeylogger 0x8ef2c:$salt: 099u787978786 0x8d30b:$string1: HawkEye_Keylogger 0x8e15e:$string1: HawkEye_Keylogger 0x8ee8c:$string1: HawkEye_Keylogger 0x8d6f4:$string2: holdermail.txt 0x8d714:$string2: holdermail.txt 0x8d636:$string3: wallet.dat 0x8d64e:$string3: wallet.dat 0x8d664:$string3: wallet.dat 0x8ea50:$string4: Keylog Records 0x8ed68:$string4: Keylog Records 0x8ef84:$string5: do not script --> 0x8ccb2:$string6: \pidloc.txt 0x8cd40:$string7: BSPLIT 0x8cd50:$string7: BSPLIT
24.0.WindowsUpdate.exe.400000.9.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x1887b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.0.WindowsUpdate.exe.400000.9.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.0.WindowsUpdate.exe.400000.9.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.0.WindowsUpdate.exe.400000.9.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.0.WindowsUpdate.exe.400000.9.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x8d363:$hawkstr1: HawkEye Keylogger 0x8e1a4:$hawkstr1: HawkEye Keylogger 0x8e4d3:$hawkstr1: HawkEye Keylogger 0x8e62e:$hawkstr1: HawkEye Keylogger 0x8e791:$hawkstr1: HawkEye Keylogger 0x8ea28:$hawkstr1: HawkEye Keylogger 0x8cef1:$hawkstr2: Dear HawkEye Customers! 0x8e526:$hawkstr2: Dear HawkEye Customers! 0x8e67d:$hawkstr2: Dear HawkEye Customers! 0x8e7e4:$hawkstr2: Dear HawkEye Customers! 0x8d012:$hawkstr3: HawkEye Logger Details:
22.2.WindowsUpdate.exe.147b9265.2.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73a65:$key: HawkEyeKeylogger 0x75cc7:$salt: 099u787978786 0x740a6:$string1: HawkEye_Keylogger 0x74ef9:$string1: HawkEye_Keylogger 0x75c27:$string1: HawkEye_Keylogger 0x7448f:$string2: holdermail.txt 0x744af:$string2: holdermail.txt 0x743d1:$string3: wallet.dat 0x743e9:$string3: wallet.dat 0x743ff:$string3: wallet.dat 0x757eb:$string4: Keylog Records 0x75b03:$string4: Keylog Records 0x75d1f:$string5: do not script --> 0x73a4d:$string6: \pidloc.txt 0x73adb:$string7: BSPLIT 0x73aeb:$string7: BSPLIT
22.2.WindowsUpdate.exe.147b9265.2.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
22.2.WindowsUpdate.exe.147b9265.2.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
22.2.WindowsUpdate.exe.147b9265.2.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
22.2.WindowsUpdate.exe.147b9265.2.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x740fe:$hawkstr1: HawkEye Keylogger 0x74f3f:$hawkstr1: HawkEye Keylogger 0x7526e:$hawkstr1: HawkEye Keylogger 0x753c9:$hawkstr1: HawkEye Keylogger 0x7552c:$hawkstr1: HawkEye Keylogger 0x757c3:$hawkstr1: HawkEye Keylogger 0x73c8c:$hawkstr2: Dear HawkEye Customers! 0x752c1:$hawkstr2: Dear HawkEye Customers! 0x75418:$hawkstr2: Dear HawkEye Customers! 0x7557f:$hawkstr2: Dear HawkEye Customers! 0x73dad:$hawkstr3: HawkEye Logger Details:
24.0.WindowsUpdate.exe.41b460.14.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7546a:$key: HawkEyeKeylogger 0x776cc:$salt: 099u787978786 0x75aab:$string1: HawkEye_Keylogger 0x768fe:$string1: HawkEye_Keylogger 0x7762c:$string1: HawkEye_Keylogger 0x75e94:$string2: holdermail.txt 0x75eb4:$string2: holdermail.txt 0x75dd6:$string3: wallet.dat 0x75dee:$string3: wallet.dat 0x75e04:$string3: wallet.dat 0x771f0:$string4: Keylog Records 0x77508:$string4: Keylog Records 0x77724:$string5: do not script --> 0x75452:$string6: \pidloc.txt 0x754e0:$string7: BSPLIT 0x754f0:$string7: BSPLIT
24.0.WindowsUpdate.exe.41b460.14.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
24.0.WindowsUpdate.exe.41b460.14.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
24.0.WindowsUpdate.exe.41b460.14.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
24.0.WindowsUpdate.exe.41b460.14.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
24.0.WindowsUpdate.exe.41b460.14.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b03:$hawkstr1: HawkEye Keylogger 0x76944:$hawkstr1: HawkEye Keylogger 0x76c73:$hawkstr1: HawkEye Keylogger 0x76dce:$hawkstr1: HawkEye Keylogger 0x76f31:$hawkstr1: HawkEye Keylogger 0x771c8:$hawkstr1: HawkEye Keylogger 0x75691:$hawkstr2: Dear HawkEye Customers! 0x76cc6:$hawkstr2: Dear HawkEye Customers! 0x76e1d:$hawkstr2: Dear HawkEye Customers! 0x76f84:$hawkstr2: Dear HawkEye Customers! 0x757b2:$hawkstr3: HawkEye Logger Details:
8.2.5.exe.48d0000.14.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b872:$key: HawkEyeKeylogger 0x7dad4:$salt: 099u787978786 0x7beb3:$string1: HawkEye_Keylogger 0x7cd06:$string1: HawkEye_Keylogger 0x7da34:$string1: HawkEye_Keylogger 0x7c29c:$string2: holdermail.txt 0x7c2bc:$string2: holdermail.txt 0x7c1de:$string3: wallet.dat 0x7c1f6:$string3: wallet.dat 0x7c20c:$string3: wallet.dat 0x7d5f8:$string4: Keylog Records 0x7d910:$string4: Keylog Records 0x7db2c:$string5: do not script --> 0x7b85a:$string6: \pidloc.txt 0x7b8e8:$string7: BSPLIT 0x7b8f8:$string7: BSPLIT
8.2.5.exe.48d0000.14.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.2.5.exe.48d0000.14.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.2.5.exe.48d0000.14.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.2.5.exe.48d0000.14.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.2.5.exe.48d0000.14.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf0b:$hawkstr1: HawkEye Keylogger 0x7cd4c:$hawkstr1: HawkEye Keylogger 0x7d07b:$hawkstr1: HawkEye Keylogger 0x7d1d6:$hawkstr1: HawkEye Keylogger 0x7d339:$hawkstr1: HawkEye Keylogger 0x7d5d0:$hawkstr1: HawkEye Keylogger 0x7ba99:$hawkstr2: Dear HawkEye Customers! 0x7d0ce:$hawkstr2: Dear HawkEye Customers! 0x7d225:$hawkstr2: Dear HawkEye Customers! 0x7d38c:$hawkstr2: Dear HawkEye Customers! 0x7bbba:$hawkstr3: HawkEye Logger Details:
14.0.Windows Update.exe.295a584.24.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.2939110.25.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x53a4:$key: HawkEyeKeylogger 0x5ca0:$salt: 099u787978786 0x1a4b0:$string1: HawkEye_Keylogger 0x21178:$string1: HawkEye_Keylogger 0x1eab0:$string2: holdermail.txt 0x1eae0:$string2: holdermail.txt 0x1b96a:$string3: wallet.dat 0x1b992:$string3: wallet.dat 0x1b9b8:$string3: wallet.dat 0x1cde8:$string4: Keylog Records 0x1d11e:$string4: Keylog Records 0xa304:$string5: do not script --> 0x537c:$string6: \pidloc.txt 0x5484:$string7: BSPLIT 0x54a4:$string7: BSPLIT
14.0.Windows Update.exe.2939110.25.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df 0x2248f:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.0.Windows Update.exe.2939110.25.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.0.Windows Update.exe.2939110.25.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x1a540:$hawkstr1: HawkEye Keylogger 0x1bc08:$hawkstr1: HawkEye Keylogger 0x1bfa0:$hawkstr1: HawkEye Keylogger 0x1cdc0:$hawkstr1: HawkEye Keylogger 0x211d0:$hawkstr1: HawkEye Keylogger 0x23984:$hawkstr1: HawkEye Keylogger 0x19fb8:$hawkstr2: Dear HawkEye Customers! 0x1bc6c:$hawkstr2: Dear HawkEye Customers! 0x1c004:$hawkstr2: Dear HawkEye Customers! 0x239e4:$hawkstr2: Dear HawkEye Customers! 0x1a0ea:$hawkstr3: HawkEye Logger Details:
14.2.Windows Update.exe.2939110.7.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x53a4:$key: HawkEyeKeylogger 0x5ca0:$salt: 099u787978786 0x1a150:$string1: HawkEye_Keylogger 0x20c4c:$string1: HawkEye_Keylogger 0x1e638:$string2: holdermail.txt 0x1e668:$string2: holdermail.txt 0x1b57e:$string3: wallet.dat 0x1b5a6:$string3: wallet.dat 0x1b5cc:$string3: wallet.dat 0x1c9c4:$string4: Keylog Records 0x1ccfa:$string4: Keylog Records 0xa304:$string5: do not script --> 0x537c:$string6: \pidloc.txt 0x5484:$string7: BSPLIT 0x54a4:$string7: BSPLIT
14.2.Windows Update.exe.2939110.7.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df 0x21f63:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
14.2.Windows Update.exe.2939110.7.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
14.2.Windows Update.exe.2939110.7.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x1a1e0:$hawkstr1: HawkEye Keylogger 0x1b7e4:$hawkstr1: HawkEye Keylogger 0x1bb7c:$hawkstr1: HawkEye Keylogger 0x1c99c:$hawkstr1: HawkEye Keylogger 0x20ca4:$hawkstr1: HawkEye Keylogger 0x23144:$hawkstr1: HawkEye Keylogger 0x19c58:$hawkstr2: Dear HawkEye Customers! 0x1b848:$hawkstr2: Dear HawkEye Customers! 0x1bbe0:$hawkstr2: Dear HawkEye Customers! 0x231a4:$hawkstr2: Dear HawkEye Customers! 0x19d8a:$hawkstr3: HawkEye Logger Details:
Click to see the 1154 entries

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: cMXrP6YXvo.exe	Virustotal: Detection: 70%			Perma Link
Source: cMXrP6YXvo.exe	ReversingLabs: Detection: 75%

Antivirus / Scanner detection for submitted sample

Show sources

Source: cMXrP6YXvo.exe

Avira: detected

Machine Learning detection for sample

Show sources

Source: cMXrP6YXvo.exe

Joe Sandbox ML: detected

Machine Learning detection for dropped file

Show sources

Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\5.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\4.exe	Joe Sandbox ML: detected

Source: 9.2.4.exe.4830000.5.unpack	Avira: Label: TR/Spy.Gen8
Source: 14.0.Windows Update.exe.415058.10.unpack	Avira: Label: TR/Inject.vcoldi
Source: 18.0.vbc.exe.400000.3.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 9.1.4.exe.400000.0.unpack	Avira: Label: TR/Spy.Gen8
Source: 22.2.WindowsUpdate.exe.147b1458.3.unpack	Avira: Label: TR/Inject.vcoldi
Source: 24.0.WindowsUpdate.exe.400000.6.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 24.0.WindowsUpdate.exe.400000.6.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 13.2.Windows Update.exe.14681458.2.unpack	Avira: Label: TR/Inject.vcoldi
Source: 24.2.WindowsUpdate.exe.400000.1.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 24.2.WindowsUpdate.exe.400000.1.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 8.2.5.exe.4970000.15.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 8.2.5.exe.4970000.15.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 7.0.21.exe.400000.5.unpack	Avira: Label: TR/Dropper.Gen
Source: 14.0.Windows Update.exe.4a10000.53.unpack	Avira: Label: TR/Inject.vcoldi
Source: 1.2.cMXrP6YXvo.exe.400000.0.unpack	Avira: Label: TR/Dropper.Gen
Source: 14.2.Windows Update.exe.4aa0000.16.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 14.2.Windows Update.exe.4aa0000.16.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 8.0.5.exe.415058.12.unpack	Avira: Label: TR/Inject.vcoldi
Source: 14.0.Windows Update.exe.3913258.28.unpack	Avira: Label: TR/Inject.vcoldi
Source: 8.0.5.exe.400000.13.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 8.0.5.exe.400000.13.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 4.2.5.exe.14801458.1.unpack	Avira: Label: TR/Inject.vcoldi
Source: 14.0.Windows Update.exe.400000.13.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 14.0.Windows Update.exe.400000.13.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 14.0.Windows Update.exe.4aa0000.33.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 14.0.Windows Update.exe.4aa0000.33.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 8.0.5.exe.400000.7.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 8.0.5.exe.400000.7.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 8.0.5.exe.400000.6.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 8.0.5.exe.400000.6.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 14.0.Windows Update.exe.400000.4.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 14.0.Windows Update.exe.400000.4.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 24.0.WindowsUpdate.exe.400000.4.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 24.0.WindowsUpdate.exe.400000.4.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 18.0.vbc.exe.400000.2.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 8.2.5.exe.3643258.7.unpack	Avira: Label: TR/Inject.vcoldi
Source: 9.0.4.exe.400000.9.unpack	Avira: Label: TR/Spy.Gen8
Source: 9.0.4.exe.400000.7.unpack	Avira: Label: TR/Spy.Gen8
Source: 14.2.Windows Update.exe.4a10000.15.unpack	Avira: Label: TR/Inject.vcoldi
Source: 9.0.4.exe.400000.5.unpack	Avira: Label: TR/Spy.Gen8
Source: 8.2.5.exe.415058.3.unpack	Avira: Label: TR/Inject.vcoldi
Source: 14.2.Windows Update.exe.400000.3.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 14.2.Windows Update.exe.400000.3.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 14.0.Windows Update.exe.400000.5.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 14.0.Windows Update.exe.400000.5.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 14.0.Windows Update.exe.415058.15.unpack	Avira: Label: TR/Inject.vcoldi
Source: 14.0.Windows Update.exe.4a10000.30.unpack	Avira: Label: TR/Inject.vcoldi
Source: 18.0.vbc.exe.400000.1.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 18.0.vbc.exe.400000.4.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 7.1.21.exe.400000.0.unpack	Avira: Label: TR/Dropper.Gen
Source: 7.2.21.exe.400000.0.unpack	Avira: Label: TR/Dropper.Gen
Source: 14.0.Windows Update.exe.4aa0000.55.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 14.0.Windows Update.exe.4aa0000.55.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 9.0.4.exe.400000.8.unpack	Avira: Label: TR/Spy.Gen8
Source: 8.0.5.exe.400000.5.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 8.0.5.exe.400000.5.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 24.2.WindowsUpdate.exe.4950000.11.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 24.2.WindowsUpdate.exe.4950000.11.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 7.0.21.exe.400000.6.unpack	Avira: Label: TR/Dropper.Gen
Source: 24.0.WindowsUpdate.exe.415058.15.unpack	Avira: Label: TR/Inject.vcoldi
Source: 9.0.4.exe.400000.4.unpack	Avira: Label: TR/Spy.Gen8
Source: 24.0.WindowsUpdate.exe.400000.7.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 24.0.WindowsUpdate.exe.400000.7.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 8.0.5.exe.415058.16.unpack	Avira: Label: TR/Inject.vcoldi
Source: 24.0.WindowsUpdate.exe.400000.5.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 24.0.WindowsUpdate.exe.400000.5.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 1.0.cMXrP6YXvo.exe.400000.0.unpack	Avira: Label: TR/Dropper.Gen
Source: 8.2.5.exe.400000.0.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 8.2.5.exe.400000.0.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 1.0.cMXrP6YXvo.exe.4031bf.3.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 7.0.21.exe.400000.7.unpack	Avira: Label: TR/Dropper.Gen
Source: 8.0.5.exe.400000.8.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 8.0.5.exe.400000.8.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 24.2.WindowsUpdate.exe.48c0000.10.unpack	Avira: Label: TR/Inject.vcoldi
Source: 1.0.cMXrP6YXvo.exe.4df189.1.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 9.2.4.exe.400000.1.unpack	Avira: Label: TR/Spy.Gen8
Source: 4.2.5.exe.147f0000.2.unpack	Avira: Label: TR/Inject.vcoldi
Source: 14.2.Windows Update.exe.3913258.11.unpack	Avira: Label: TR/Inject.vcoldi
Source: 14.1.Windows Update.exe.400000.0.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 14.1.Windows Update.exe.400000.0.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 1.2.cMXrP6YXvo.exe.5af305.2.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 14.0.Windows Update.exe.400000.6.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 14.0.Windows Update.exe.400000.6.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 13.2.Windows Update.exe.14670000.4.unpack	Avira: Label: TR/Inject.vcoldi
Source: 9.0.4.exe.400000.6.unpack	Avira: Label: TR/Spy.Gen8
Source: 24.2.WindowsUpdate.exe.415058.0.unpack	Avira: Label: TR/Inject.vcoldi
Source: 8.0.5.exe.400000.9.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 8.0.5.exe.400000.9.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 3.2.21.exe.147a0000.1.unpack	Avira: Label: TR/Dropper.Gen
Source: 14.0.Windows Update.exe.3913258.48.unpack	Avira: Label: TR/Inject.vcoldi
Source: 14.0.Windows Update.exe.400000.8.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 14.0.Windows Update.exe.400000.8.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 8.2.5.exe.48d0000.14.unpack	Avira: Label: TR/Inject.vcoldi
Source: 1.2.cMXrP6YXvo.exe.4df189.3.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 14.0.Windows Update.exe.400000.20.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 14.0.Windows Update.exe.400000.20.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 14.0.Windows Update.exe.415058.40.unpack	Avira: Label: TR/Inject.vcoldi
Source: 24.0.WindowsUpdate.exe.400000.8.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 24.0.WindowsUpdate.exe.400000.8.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 14.0.Windows Update.exe.415058.17.unpack	Avira: Label: TR/Inject.vcoldi
Source: 1.2.cMXrP6YXvo.exe.4031bf.1.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 14.0.Windows Update.exe.400000.7.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 14.0.Windows Update.exe.400000.7.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 7.0.21.exe.400000.4.unpack	Avira: Label: TR/Dropper.Gen
Source: 7.0.21.exe.400000.8.unpack	Avira: Label: TR/Dropper.Gen
Source: 14.2.Windows Update.exe.415058.1.unpack	Avira: Label: TR/Inject.vcoldi
Source: 8.0.5.exe.400000.4.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 8.0.5.exe.400000.4.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 24.0.WindowsUpdate.exe.400000.13.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 24.0.WindowsUpdate.exe.400000.13.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 14.0.Windows Update.exe.400000.9.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 14.0.Windows Update.exe.400000.9.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 18.0.vbc.exe.400000.0.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 24.2.WindowsUpdate.exe.36f3258.5.unpack	Avira: Label: TR/Inject.vcoldi
Source: 9.0.4.exe.400000.11.unpack	Avira: Label: TR/Spy.Gen8
Source: 14.1.Windows Update.exe.415058.2.unpack	Avira: Label: TR/Inject.vcoldi
Source: 22.2.WindowsUpdate.exe.147a0000.4.unpack	Avira: Label: TR/Inject.vcoldi
Source: 14.0.Windows Update.exe.400000.41.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 14.0.Windows Update.exe.400000.41.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 24.0.WindowsUpdate.exe.415058.10.unpack	Avira: Label: TR/Inject.vcoldi
Source: 1.0.cMXrP6YXvo.exe.5af305.2.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 24.0.WindowsUpdate.exe.400000.9.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 24.0.WindowsUpdate.exe.400000.9.unpack	Avira: Label: SPR/Tool.MailPassView.473

Compliance:

Detected unpacking (creates a PE file in dynamic memory)

Show sources

Source: C:\Users\user\AppData\Local\Temp\5.exe	Unpacked PE file: 8.2.5.exe.4970000.15.unpack
Source: C:\Users\user\AppData\Local\Temp\4.exe	Unpacked PE file: 9.2.4.exe.4830000.5.unpack
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Unpacked PE file: 24.2.WindowsUpdate.exe.4950000.11.unpack

Source: cMXrP6YXvo.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: C:\Users\user\AppData\Local\Temp\5.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Source:	Binary string: C:\Work\SQLiteForExcel\Source\SQLite3_StdCall\Release\SQLite3_StdCall.pdb0. source: 21.exe, 00000007.00000003.382502789.000000000331C000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578000693.0000000003CFB000.00000002.00020000.sdmp, 21.exe, 00000007.00000003.383454586.000000000373E000.00000004.00000001.sdmp
Source:	Binary string: wntdll.pdbUGP source: 21.exe, 00000003.00000003.322768240.00000000149E0000.00000004.00000001.sdmp, 21.exe, 00000003.00000003.317462821.0000000014850000.00000004.00000001.sdmp, 5.exe, 00000004.00000003.315628702.0000000014890000.00000004.00000001.sdmp, 5.exe, 00000004.00000003.328102555.0000000014A20000.00000004.00000001.sdmp, 4.exe, 00000006.00000003.314088851.00000000147F0000.00000004.00000001.sdmp, 4.exe, 00000006.00000003.321684171.0000000014980000.00000004.00000001.sdmp
Source:	Binary string: C:\Users\Jovan\Documents\Visual Studio 2010\Projects\Stealer\CMemoryExecute\CMemoryExecute\obj\Release\CMemoryExecute.pdb source: 5.exe, 5.exe, 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, 5.exe, 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.364617078.0000000002641000.00000004.00000001.sdmp, 5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp
Source:	Binary string: wntdll.pdb source: 21.exe, 00000003.00000003.322768240.00000000149E0000.00000004.00000001.sdmp, 21.exe, 00000003.00000003.317462821.0000000014850000.00000004.00000001.sdmp, 5.exe, 00000004.00000003.315628702.0000000014890000.00000004.00000001.sdmp, 5.exe, 00000004.00000003.328102555.0000000014A20000.00000004.00000001.sdmp, 4.exe, 00000006.00000003.314088851.00000000147F0000.00000004.00000001.sdmp, 4.exe, 00000006.00000003.321684171.0000000014980000.00000004.00000001.sdmp
Source:	Binary string: f:\Projects\VS2005\mailpv\Release\mailpv.pdb source: 5.exe, 5.exe, 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, 5.exe, 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, 5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp
Source:	Binary string: f:\Projects\VS2005\WebBrowserPassView\Release\WebBrowserPassView.pdb source: 5.exe, 5.exe, 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, 5.exe, 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, 5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp
Source:	Binary string: C:\Work\SQLiteForExcel\Source\SQLite3_StdCall\Release\SQLite3_StdCall.pdb source: 21.exe, 00000007.00000003.382502789.000000000331C000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578000693.0000000003CFB000.00000002.00020000.sdmp, 21.exe, 00000007.00000003.383454586.000000000373E000.00000004.00000001.sdmp

Source: 5.exe, 00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp	Binary or memory string: autorun.inf
Source: 5.exe, 00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp	Binary or memory string: [autorun]
Source: 5.exe	Binary or memory string: autorun.inf
Source: 5.exe	Binary or memory string: [autorun]
Source: 5.exe, 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp	Binary or memory string: autorun.inf
Source: 5.exe, 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp	Binary or memory string: [autorun]
Source: 5.exe, 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp	Binary or memory string: autorun.inf
Source: 5.exe, 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp	Binary or memory string: [autorun]
Source: 5.exe, 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp	Binary or memory string: autorun.inf
Source: 5.exe, 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp	Binary or memory string: [autorun]
Source: 5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp	Binary or memory string: autorun.inf
Source: 5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp	Binary or memory string: [autorun]

Source: C:\Users\user\AppData\Local\Temp\21.exe	File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\21.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft
Source: C:\Users\user\AppData\Local\Temp\21.exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\21.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates
Source: C:\Users\user\AppData\Local\Temp\21.exe	File opened: C:\Users\user\AppData\Roaming
Source: C:\Users\user\AppData\Local\Temp\21.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows

Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_00405250 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_00405C22 FindFirstFileA,FindClose,
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_00402630 FindFirstFileA,
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4_2_00405250 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4_2_00405C22 FindFirstFileA,FindClose,
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4_2_00402630 FindFirstFileA,
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_00405250 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_00405C22 FindFirstFileA,FindClose,
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_00402630 FindFirstFileA,
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_2_00404A29 FindFirstFileExW,

Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4x nop then jmp 04A21A73h
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4x nop then lea esp, dword ptr [ebp-0Ch]
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4x nop then jmp 04A21A73h
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4x nop then lea esp, dword ptr [ebp-0Ch]
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4x nop then lea esp, dword ptr [ebp-0Ch]

Networking:

May check the online IP address of the machine

Show sources

Source: C:\Users\user\AppData\Roaming\Windows Update.exe	DNS query: name: whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	DNS query: name: whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	DNS query: name: whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	DNS query: name: whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	DNS query: name: whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	DNS query: name: whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	DNS query: name: whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	DNS query: name: whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	DNS query: name: whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	DNS query: name: whatismyipaddress.com

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: whatismyipaddress.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: whatismyipaddress.comConnection: Keep-Alive

Source: global traffic

TCP traffic: 192.168.2.3:49755 -> 66.29.159.53:587

Source: global traffic

TCP traffic: 192.168.2.3:49755 -> 66.29.159.53:587

Source: 21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp	String found in binary or memory: http://crl.c
Source: 21.exe, 00000007.00000003.469445754.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463713394.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457739598.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474593553.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459094367.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464495989.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468602865.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473530369.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456547230.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465729511.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458549786.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471269572.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452925223.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.455126754.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472498096.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461010407.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467936036.0000000003744000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertific
Source: 21.exe, 00000007.00000003.481181521.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473210755.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484751942.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475734184.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477331838.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474689214.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467825795.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458866774.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456592011.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470107293.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472240252.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486965824.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456371204.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467479639.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469378697.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479715862.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492655598.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577730314.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471498708.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452908679.00000000037A0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474367333.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375721078.00000000006F1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465361197.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490315222.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467239100.00000000037A1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482951727.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458796852.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459906643.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478058785.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456321578.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458354568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465970568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517074877.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463456854.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475383582.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469948198.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481954789.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461753640.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475171425.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460936632.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463156501.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468427298.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464220778.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469208670.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577761403.00000000037B4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473167040.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: 21.exe, 00000007.00000003.481181521.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473210755.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484751942.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475734184.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477331838.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474689214.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467825795.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458866774.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456592011.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470107293.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472240252.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486965824.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456371204.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467479639.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469378697.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479715862.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492655598.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577730314.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471498708.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452908679.00000000037A0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474367333.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375721078.00000000006F1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465361197.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490315222.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467239100.00000000037A1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482951727.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458796852.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459906643.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478058785.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456321578.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458354568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465970568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517074877.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463456854.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475383582.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469948198.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481954789.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461753640.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475171425.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375653868.000000000372D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460936632.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463156501.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468427298.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464220778.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469208670.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577761403.00000000037B4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473167040.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: 5.exe, 00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, 5.exe, 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, 5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
Source: 21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp	String found in binary or memory: http://crt.sectig
Source: 21.exe, 00000007.00000003.465183864.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481181521.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476165816.0000000003781000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473210755.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484751942.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475734184.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477331838.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474689214.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467825795.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458866774.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456592011.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470107293.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472240252.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486965824.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456371204.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467479639.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469378697.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479715862.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492655598.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577730314.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471498708.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452908679.00000000037A0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474367333.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475976439.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465361197.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490315222.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467239100.00000000037A1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482951727.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458796852.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459906643.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478058785.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456321578.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458354568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465970568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517074877.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463456854.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475383582.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469948198.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481954789.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461753640.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475171425.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460936632.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463156501.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468427298.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464220778.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469208670.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473167040.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
Source: 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	String found in binary or memory: http://fontfabrik.com
Source: 4.exe, 4.exe, 00000006.00000000.304418151.0000000000409000.00000008.00020000.sdmp, 4.exe, 00000006.00000002.340255321.0000000000409000.00000004.00020000.sdmp, 21.exe, 00000007.00000000.306122135.0000000000409000.00000008.00020000.sdmp, 5.exe, 00000008.00000000.308290177.0000000000409000.00000008.00020000.sdmp, WindowsUpdate.exe, 00000016.00000000.417659218.0000000000409000.00000008.00020000.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: cMXrP6YXvo.exe, 00000001.00000000.297927134.0000000000403000.00000002.00020000.sdmp, cMXrP6YXvo.exe, 00000001.00000003.301080272.0000000003CC0000.00000004.00000001.sdmp, 21.exe, 00000003.00000000.301002034.0000000000409000.00000008.00020000.sdmp, 21.exe, 00000003.00000002.323706680.0000000000409000.00000004.00020000.sdmp, 5.exe, 00000004.00000002.330524243.0000000000409000.00000004.00020000.sdmp, 5.exe, 00000004.00000000.302589612.0000000000409000.00000008.00020000.sdmp, 4.exe, 00000006.00000000.304418151.0000000000409000.00000008.00020000.sdmp, 4.exe, 00000006.00000002.340255321.0000000000409000.00000004.00020000.sdmp, 21.exe, 00000007.00000000.306122135.0000000000409000.00000008.00020000.sdmp, 5.exe, 00000008.00000000.308290177.0000000000409000.00000008.00020000.sdmp, WindowsUpdate.exe, 00000016.00000000.417659218.0000000000409000.00000008.00020000.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: 5.exe, 00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481181521.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473210755.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484751942.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475734184.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477331838.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474689214.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467825795.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458866774.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456592011.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470107293.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472240252.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486965824.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456371204.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467479639.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469378697.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479715862.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492655598.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577730314.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471498708.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452908679.00000000037A0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474367333.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375721078.00000000006F1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465361197.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490315222.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467239100.00000000037A1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482951727.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458796852.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459906643.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478058785.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456321578.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458354568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465970568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517074877.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463456854.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475383582.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469948198.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481954789.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461753640.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475171425.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460936632.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463156501.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468427298.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464220778.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469208670.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577761403.00000000037B4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473167040.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, 5.exe, 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, 5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: 21.exe, 00000007.00000003.465183864.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481181521.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476165816.0000000003781000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473210755.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484751942.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475734184.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477331838.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474689214.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467825795.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458866774.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456592011.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470107293.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472240252.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486965824.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456371204.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467479639.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469378697.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479715862.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492655598.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577730314.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471498708.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452908679.00000000037A0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474367333.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475976439.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465361197.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490315222.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467239100.00000000037A1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482951727.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458796852.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459906643.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478058785.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456321578.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458354568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465970568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517074877.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463456854.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475383582.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469948198.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481954789.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461753640.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475171425.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460936632.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463156501.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468427298.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464220778.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469208670.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473167040.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: 5.exe	String found in binary or memory: http://whatismyipaddress.com/
Source: 5.exe, 00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, 5.exe, 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, 5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp	String found in binary or memory: http://whatismyipaddress.com/-
Source: 5.exe, 00000008.00000003.354846997.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.354601373.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.agfamonotype.
Source: 5.exe, 00000008.00000003.354846997.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.355084277.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.354601373.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.agfamonotype.$
Source: 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: 5.exe, 00000008.00000003.338635640.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.338819126.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.338683089.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.338707494.0000000004F08000.00000004.00000001.sdmp	String found in binary or memory: http://www.carterandcone.com
Source: 5.exe, 00000008.00000003.338635640.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.338683089.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.338707494.0000000004F08000.00000004.00000001.sdmp	String found in binary or memory: http://www.carterandcone.comd
Source: 5.exe, 00000008.00000003.339293514.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.338914041.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.339815007.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.338819126.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.339615074.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.339218568.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.339505702.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.339695527.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.339455319.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.338707494.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.339071790.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.339378426.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.339648265.0000000004F08000.00000004.00000001.sdmp	String found in binary or memory: http://www.carterandcone.comen
Source: 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: 5.exe, 00000008.00000003.338635640.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.338601713.0000000004F08000.00000004.00000001.sdmp	String found in binary or memory: http://www.carterandcone.como.
Source: 5.exe, 00000008.00000003.338683089.0000000004F08000.00000004.00000001.sdmp	String found in binary or memory: http://www.carterandcone.comypo
Source: 5.exe, 00000008.00000003.356474993.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347738285.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356719307.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347607584.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356807096.0000000004F09000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347081881.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.365838402.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.344937966.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347013225.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356163763.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347247847.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356945399.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356603331.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347693346.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345002625.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356875013.0000000004EF9000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: 5.exe, 00000008.00000003.346061659.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345561865.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345408880.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345680999.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346360527.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345271566.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346245492.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345803853.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346680418.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345949585.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345319861.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346294561.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/
Source: 5.exe, 00000008.00000003.347247847.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348154088.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345319861.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: 5.exe, 00000008.00000003.344937966.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/
Source: 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: 5.exe, 00000008.00000003.347013225.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.html
Source: 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: 5.exe, 00000008.00000003.346061659.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346360527.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346245492.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346680418.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346294561.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: 5.exe, 00000008.00000003.346061659.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html0~
Source: 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: 5.exe, 00000008.00000003.345271566.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345319861.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersM
Source: 5.exe, 00000008.00000003.345319861.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersR
Source: 5.exe, 00000008.00000003.356163763.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersS
Source: 5.exe, 00000008.00000003.345561865.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345408880.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345680999.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345803853.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersers
Source: 5.exe, 00000008.00000003.345002625.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersl
Source: 5.exe, 00000008.00000003.345408880.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersy
Source: 5.exe, 00000008.00000003.348544043.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348598817.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348362782.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348053411.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348299396.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348686650.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347989826.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348154088.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348642392.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348404895.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348469434.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com=
Source: 5.exe, 00000008.00000003.346872026.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346061659.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346360527.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346825939.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346245492.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346680418.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346294561.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comR.TTF
Source: 5.exe, 00000008.00000003.346872026.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346061659.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348544043.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345561865.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347738285.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345167367.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348598817.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347854982.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345408880.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347607584.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345680999.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348362782.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348053411.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347081881.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348299396.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346360527.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347013225.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346825939.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347989826.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345271566.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347247847.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348154088.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348404895.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346245492.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347693346.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345803853.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346680418.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345002625.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348469434.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345949585.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345319861.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346294561.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346944660.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345220726.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com_
Source: 5.exe, 00000008.00000003.356474993.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356719307.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356807096.0000000004F09000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.365838402.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356163763.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356945399.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356603331.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356875013.0000000004EF9000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.coma
Source: 5.exe, 00000008.00000003.348544043.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347738285.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348598817.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347854982.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347607584.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348362782.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348053411.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348299396.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348686650.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347989826.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347247847.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348154088.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348642392.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348404895.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347693346.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348469434.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comalsa
Source: 5.exe, 00000008.00000003.348544043.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347738285.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348598817.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347854982.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347607584.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348362782.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348053411.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348299396.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348686650.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348729854.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347989826.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348154088.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348642392.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348404895.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347693346.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348469434.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comalsd
Source: 5.exe, 00000008.00000003.348544043.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348598817.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347854982.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348362782.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348053411.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348299396.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348686650.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347989826.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348154088.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348642392.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348404895.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348469434.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comcom
Source: 5.exe, 00000008.00000003.346872026.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346061659.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347738285.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347854982.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347607584.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346360527.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346825939.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347247847.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346245492.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347693346.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346680418.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346294561.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comd
Source: 5.exe, 00000008.00000003.348544043.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347738285.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348598817.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347854982.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347607584.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348362782.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348053411.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348299396.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347989826.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348154088.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348404895.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347693346.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348469434.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comdx
Source: 5.exe, 00000008.00000003.346872026.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346061659.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345561865.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345408880.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345680999.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346360527.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346825939.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346245492.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345803853.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346680418.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345949585.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345319861.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346294561.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346944660.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comessed
Source: 5.exe, 00000008.00000003.348544043.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348598817.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348362782.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348053411.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348299396.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348686650.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347989826.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348154088.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348642392.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348404895.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348469434.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comicTF4
Source: 5.exe, 00000008.00000003.346061659.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345561865.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345408880.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345680999.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346360527.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345271566.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346245492.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345803853.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346680418.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345949585.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345319861.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346294561.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comiond
Source: 5.exe, 00000008.00000003.356163763.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.commta
Source: 5.exe, 00000008.00000003.345561865.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345408880.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345680999.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345803853.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345949585.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.commv=
Source: 5.exe, 00000008.00000003.344937966.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comnc./
Source: 5.exe, 00000008.00000003.346872026.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346061659.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345561865.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345408880.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345680999.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346360527.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346825939.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346245492.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345803853.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346680418.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345949585.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346294561.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346944660.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comoD
Source: 5.exe, 00000008.00000003.356474993.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356719307.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356807096.0000000004F09000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.365838402.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356163763.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356945399.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356603331.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356875013.0000000004EF9000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comrsiva=
Source: 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	String found in binary or memory: http://www.fonts.com
Source: 5.exe, 00000008.00000003.337717106.0000000004F0E000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.cV
Source: 5.exe, 00000008.00000003.337527959.0000000004F0E000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.337495860.0000000004F05000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: 5.exe, 00000008.00000003.338084100.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.337965552.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.337889725.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.337791585.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.337762200.0000000004F05000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn.
Source: 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: 5.exe, 00000008.00000003.338084100.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.337965552.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.337889725.0000000004F05000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/l
Source: 5.exe, 00000008.00000003.337601254.0000000004F0E000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cna-du
Source: 5.exe, 00000008.00000003.337495860.0000000004F05000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cnd
Source: 5.exe, 00000008.00000003.337601254.0000000004F0E000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cnda
Source: 5.exe, 00000008.00000003.337601254.0000000004F0E000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cnq~
Source: 5.exe, 00000008.00000003.337601254.0000000004F0E000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cns-c
Source: 5.exe, 00000008.00000003.349536320.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/
Source: 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: 5.exe, 00000008.00000003.350644260.0000000004F23000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.350729844.0000000004F23000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.349624835.0000000004F23000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.350409395.0000000004F23000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.349890917.0000000004F23000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.349556455.0000000004F23000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.349935819.0000000004F23000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.349495477.0000000004F23000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.350587994.0000000004F23000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.350491314.0000000004F23000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.350214738.0000000004F23000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.350049320.0000000004F23000.00000004.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.337117183.0000000004F0E000.00000004.00000001.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: 5.exe, 00000008.00000003.337117183.0000000004F0E000.00000004.00000001.sdmp	String found in binary or memory: http://www.goodfont.co.krc
Source: 5.exe, 00000008.00000003.341144953.0000000004F0C000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343930105.0000000004F09000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.344031880.0000000004F09000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.344165011.0000000004F09000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.344057373.0000000004F09000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: 5.exe, 00000008.00000003.341645055.0000000004F07000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343674226.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343428209.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343898467.0000000004F09000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342115645.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343581561.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343479049.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343799934.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342861819.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.341453448.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343825621.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343859197.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343714140.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343260242.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343144637.0000000004F05000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/4
Source: 5.exe, 00000008.00000003.341645055.0000000004F07000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343674226.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343428209.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342115645.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343581561.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343479049.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343799934.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342861819.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.341453448.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343714140.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343260242.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343144637.0000000004F05000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/=
Source: 5.exe, 00000008.00000003.343428209.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343581561.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343479049.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343260242.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343144637.0000000004F05000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/D
Source: 5.exe, 00000008.00000003.341645055.0000000004F07000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343428209.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342115645.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343581561.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343479049.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342861819.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.341453448.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343260242.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343144637.0000000004F05000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/J
Source: 5.exe, 00000008.00000003.341645055.0000000004F07000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343674226.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343428209.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343955635.0000000004F09000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343898467.0000000004F09000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342115645.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343984425.0000000004F09000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343581561.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343479049.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343799934.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342861819.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.341453448.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343825621.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343859197.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343714140.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343260242.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343144637.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.344119874.0000000004F09000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343930105.0000000004F09000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.344031880.0000000004F09000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.344057373.0000000004F09000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/X
Source: 5.exe, 00000008.00000003.341645055.0000000004F07000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343674226.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343428209.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342115645.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.340956885.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343581561.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343479049.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343799934.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.341079722.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342861819.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.341237688.0000000004F0C000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.341453448.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343714140.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343260242.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343144637.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.341144953.0000000004F0C000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/h
Source: 5.exe, 00000008.00000003.343144637.0000000004F05000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: 5.exe, 00000008.00000003.341645055.0000000004F07000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343674226.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343428209.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342115645.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343581561.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343479049.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343799934.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342861819.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.341453448.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343714140.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343260242.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343144637.0000000004F05000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/n
Source: 5.exe, 00000008.00000003.343428209.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342115645.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343581561.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343479049.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342861819.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343260242.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343144637.0000000004F05000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/s
Source: 5.exe, 00000008.00000003.341645055.0000000004F07000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343428209.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342115645.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.341079722.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342861819.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.341237688.0000000004F0C000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.341453448.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343260242.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343144637.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.341144953.0000000004F0C000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/x
Source: 5.exe, 00000008.00000003.346061659.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345561865.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345408880.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345680999.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.344245433.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346360527.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345271566.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.344208846.0000000004F09000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346245492.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345803853.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346680418.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.344165011.0000000004F09000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345949585.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345319861.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346294561.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.monotype.
Source: 5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp	String found in binary or memory: http://www.nirsoft.net/
Source: 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: 5.exe, 00000008.00000003.343674226.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343799934.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343714140.0000000004F08000.00000004.00000001.sdmp	String found in binary or memory: http://www.sakkal.com
Source: 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.337117183.0000000004F0E000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.337032459.0000000004F0E000.00000004.00000001.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: 5.exe, 00000008.00000003.337117183.0000000004F0E000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.337366137.0000000004F0E000.00000004.00000001.sdmp	String found in binary or memory: http://www.sandoll.co.kr.kra-e
Source: 5.exe, 00000008.00000003.337117183.0000000004F0E000.00000004.00000001.sdmp	String found in binary or memory: http://www.sandoll.co.kr/deB
Source: 5.exe, 00000008.00000003.337117183.0000000004F0E000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.337032459.0000000004F0E000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.337366137.0000000004F0E000.00000004.00000001.sdmp	String found in binary or memory: http://www.sandoll.co.kr2
Source: 5.exe, 00000008.00000003.337366137.0000000004F0E000.00000004.00000001.sdmp	String found in binary or memory: http://www.sandoll.co.krC
Source: 5.exe, 00000008.00000003.337032459.0000000004F0E000.00000004.00000001.sdmp	String found in binary or memory: http://www.sandoll.co.kra-e
Source: 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.340132947.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.340472423.0000000004F0C000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.340518312.0000000004F0D000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.340549191.0000000004F0D000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.340274317.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.340339139.0000000004F08000.00000004.00000001.sdmp	String found in binary or memory: http://www.tiro.com
Source: 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	String found in binary or memory: http://www.typography.netD
Source: 5.exe, 00000008.00000003.344728916.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348299396.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.344785037.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.344874671.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.344830622.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348154088.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.urwpp.de
Source: 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: 5.exe, 00000008.00000003.348362782.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348299396.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348154088.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348404895.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.urwpp.derT
Source: 5.exe, 00000008.00000003.344728916.0000000004F0A000.00000004.00000001.sdmp	String found in binary or memory: http://www.urwpp.dewa
Source: 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: 21.exe, 00000007.00000003.459845289.000000000378F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517350970.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: 21.exe, 00000007.00000003.459845289.000000000378F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517350970.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: 21.exe, 00000007.00000003.459845289.000000000378F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517350970.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: 21.exe, 00000007.00000003.459845289.000000000378F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517350970.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: 21.exe, 00000007.00000003.459845289.000000000378F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517350970.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 5.exe	String found in binary or memory: https://login.yahoo.com/config/login
Source: 21.exe, 00000007.00000003.459845289.000000000378F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517350970.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: 21.exe, 00000007.00000003.459845289.000000000378F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517350970.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: 21.exe, 00000007.00000003.465183864.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481181521.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476165816.0000000003781000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473210755.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484751942.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475734184.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477331838.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474689214.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467825795.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458866774.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456592011.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470107293.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472240252.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486965824.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456371204.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467479639.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469378697.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479715862.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492655598.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577730314.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471498708.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452908679.00000000037A0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474367333.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475976439.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465361197.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490315222.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467239100.00000000037A1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482951727.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458796852.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459906643.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478058785.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456321578.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458354568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465970568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517074877.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463456854.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475383582.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469948198.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481954789.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461753640.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475171425.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460936632.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463156501.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468427298.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464220778.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469208670.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473167040.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: 5.exe	String found in binary or memory: https://www.google.com/accounts/servicelogin
Source: 21.exe, 00000007.00000003.459845289.000000000378F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517350970.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: 4.exe, 00000006.00000002.343005223.00000000147A0000.00000004.00000001.sdmp	String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip

Source: unknown

DNS traffic detected: queries for: smtp.privateemail.com

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: whatismyipaddress.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: whatismyipaddress.comConnection: Keep-Alive

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 07 Dec 2021 12:42:50 GMTContent-Type: text/plain; charset=UTF-8Content-Length: 16Connection: keep-aliveX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTSet-Cookie: __cf_bm=QOuM3RmsPhPnlGxEWN14IP333362PF9ErlwrhJkk8mY-1638880970-0-AVW8DBeDEgw5r1OU0eSU/pnIlygzsIB+VSElHLY3+i+AaahCkTYv++ASWneXnNJ2CCFzgLwyPP25G5YFQFOtwWY=; path=/; expires=Tue, 07-Dec-21 13:12:50 GMT; domain=.whatismyipaddress.com; HttpOnlyServer: cloudflareCF-RAY: 6b9dd613fe06d6cd-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 31 30 32 30 Data Ascii: error code: 1020
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 07 Dec 2021 12:44:04 GMTContent-Type: text/plain; charset=UTF-8Content-Length: 16Connection: keep-aliveX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTSet-Cookie: __cf_bm=idW3BRu2zz6ZpgXHFu6.8Tmp12DqsEqEmOCmbASzYyA-1638881044-0-AXpBJtjwvOeIUbwWpjyHev2F+XSbEsEl6lMWQwSlGZ1iQrEJK4LjPXftlntoQVz3r2kxjrpYJ/E1g08XNxYH1Xw=; path=/; expires=Tue, 07-Dec-21 13:14:04 GMT; domain=.whatismyipaddress.com; HttpOnlyServer: cloudflareCF-RAY: 6b9dd7de8e206931-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 31 30 32 30 Data Ascii: error code: 1020

Source: 5.exe, 00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, 5.exe, 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, 5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp	String found in binary or memory: @nss3.dllSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\seamonkey.exe%programfiles%\Sea MonkeySOFTWARE\Mozillamozilla%s\binPathToExe%programfiles%\Mozilla FirefoxSELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_logins.---signons.txtsignons2.txtsignons3.txtsignons.sqlitenetmsg.dllUnknown Error\Error %d: %seditkernel32.dll... open %2.2X %s (%s)Microsoft_WinInetMicrosoft_WinInet_u7@dllhost.exetaskhost.exetaskhostex.exebhvContainersContainerIdNameHistoryContainer_%I64dAccessCountCreationTimeExpiryTimeAccessedTimeModifiedTimeUrlEntryIDvisited:Microsoft\Windows\WebCache\WebCacheV01.datMicrosoft\Windows\WebCache\WebCacheV24.dat0123456789ABCDEFURL index.datSoftware\Microsoft\Internet Explorer\IntelliForms\Storage2https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook)
Source: 5.exe, 00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, 5.exe, 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, 5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp	String found in binary or memory: @nss3.dllSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\seamonkey.exe%programfiles%\Sea MonkeySOFTWARE\Mozillamozilla%s\binPathToExe%programfiles%\Mozilla FirefoxSELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_logins.---signons.txtsignons2.txtsignons3.txtsignons.sqlitenetmsg.dllUnknown Error\Error %d: %seditkernel32.dll... open %2.2X %s (%s)Microsoft_WinInetMicrosoft_WinInet_u7@dllhost.exetaskhost.exetaskhostex.exebhvContainersContainerIdNameHistoryContainer_%I64dAccessCountCreationTimeExpiryTimeAccessedTimeModifiedTimeUrlEntryIDvisited:Microsoft\Windows\WebCache\WebCacheV01.datMicrosoft\Windows\WebCache\WebCacheV24.dat0123456789ABCDEFURL index.datSoftware\Microsoft\Internet Explorer\IntelliForms\Storage2https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo)
Source: 5.exe	String found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook)

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Yara detected HawkEye Keylogger

Show sources

Source: Yara match	File source: 14.0.Windows Update.exe.4affa72.34.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.2586c92.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.14801458.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4970000.15.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a10000.53.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.14807860.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.2530e2d.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147b1458.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.391b065.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14681458.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.48d7e0d.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4979c0d.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.415058.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.252f428.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4aa0000.16.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.492dc72.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.36f9660.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.48c0000.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.1.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4844e2d.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4aa8208.17.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.48d6408.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.41.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.147f0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3913258.28.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.20.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.3643258.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.415058.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.14801458.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41b460.39.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.41b460.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa0000.33.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14681458.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.41ce65.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.489ac92.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.415058.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.400000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4a10000.15.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4a10000.15.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa9c0d.36.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.15.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a10000.30.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa0000.55.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.17.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.41ce65.15.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.3649660.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.4950000.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2939110.46.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41ce65.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.415058.15.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.1.Windows Update.exe.415058.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2586c92.45.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4a17e0d.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147b1458.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.415058.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147b7860.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.415058.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4a6dc72.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.415058.16.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41ce65.42.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.41b460.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3919660.27.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3919660.50.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.391b065.49.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.36fb065.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.36f3258.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3913258.48.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41ce65.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa8208.35.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa9c0d.58.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.48c7e0d.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.415058.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.4959c0d.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147a0000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a16408.52.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.3919660.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.48c0000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.4958208.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41b460.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.415058.15.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.3913258.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.147f0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.41ce65.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa8208.57.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a10000.30.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.41b460.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2530e2d.22.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.1.Windows Update.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.41b460.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14670000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a6dc72.54.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.391b065.26.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.415058.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.252f428.23.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4affa72.19.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a6dc72.32.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4affa72.56.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.41ce65.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.1.Windows Update.exe.41b460.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.400000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41b460.19.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14687860.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.40.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.48c6408.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.491dc72.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3913258.48.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14670000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41ce65.18.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14689265.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.415058.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.48d0000.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.49cfa72.18.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.41b460.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41b460.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.49afa72.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.20.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4aa9c0d.18.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.17.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.40.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.41b460.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.41ce65.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.415058.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2586c92.21.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4843428.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4a16408.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a17e0d.29.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.415058.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.41ce65.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.15.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4978208.17.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.3913258.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a17e0d.51.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.36f3258.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.364b065.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.1.Windows Update.exe.415058.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.14809265.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.3643258.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3913258.28.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.252f428.44.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.41ce65.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.41.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147a0000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.415058.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a10000.53.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a16408.31.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2530e2d.43.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147b9265.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.41b460.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.48d0000.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2939110.25.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.2939110.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001F.00000000.487258333.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000001.540146334.0000000000414000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.424853508.0000000002529000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000000.458447354.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.496758993.00000000147E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.487065045.00000000036F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.544269268.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.471556569.0000000004AA2000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.443459685.0000000004A10000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000001.387071526.0000000000414000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.386135625.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.487659906.0000000004952000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.508401661.00000000037D1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.392123032.0000000014670000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.431782544.0000000004A10000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000000.532110592.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.432437087.0000000004AA2000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.436977479.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.484362226.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.438307207.0000000002529000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000000.453421134.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.487409416.00000000048C0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.438464449.0000000002911000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.442768485.0000000003911000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.466960238.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.469849010.0000000003911000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.462830437.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.466203321.0000000002529000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.507953184.00000000023ED000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.327594112.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000000.537967511.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.508737592.0000000004962000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.470986632.0000000004A10000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.508598472.00000000048D0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.421424723.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000000.483650913.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.430233792.0000000003911000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.467195725.0000000002911000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.365052759.00000000048D0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.384722180.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.443660001.0000000004AA2000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.503503362.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.365200823.0000000004972000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.425599016.0000000002911000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 5.exe PID: 6508, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 5.exe PID: 5396, type: MEMORYSTR

Installs a global keyboard hook

Show sources

Source: C:\Users\user\AppData\Roaming\Windows Update.exe

Windows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\Windows Update.exe

Contains functionality to log keystrokes (.Net Source)

Show sources

Source: 8.2.5.exe.4970000.15.unpack, Form1.cs	.Net Code: HookKeyboard
Source: 14.2.Windows Update.exe.4aa0000.16.unpack, Form1.cs	.Net Code: HookKeyboard
Source: 14.0.Windows Update.exe.4aa0000.33.unpack, Form1.cs	.Net Code: HookKeyboard
Source: 14.0.Windows Update.exe.4aa0000.55.unpack, Form1.cs	.Net Code: HookKeyboard

Source: C:\Users\user\AppData\Local\Temp\21.exe

Code function: 3_2_00404E07 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

Source: cMXrP6YXvo.exe, 00000001.00000002.306279597.00000000008DA000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary:

Potential malicious icon found

Show sources

Source: initial sample

Icon embedded in PE file: bad icon match: 20047c7c70f0e004

Malicious sample detected (through community Yara rule)

Show sources

Source: 14.0.Windows Update.exe.4affa72.34.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.4affa72.34.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.2.Windows Update.exe.2586c92.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.2.Windows Update.exe.2586c92.5.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 4.2.5.exe.14801458.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 4.2.5.exe.14801458.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.2.5.exe.4970000.15.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.5.exe.4970000.15.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.415058.10.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.415058.10.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.4a10000.53.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.4a10000.53.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 4.2.5.exe.14807860.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 4.2.5.exe.14807860.4.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.2.Windows Update.exe.2530e2d.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.2.Windows Update.exe.2530e2d.6.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.2.WindowsUpdate.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.2.WindowsUpdate.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 22.2.WindowsUpdate.exe.147b1458.3.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 22.2.WindowsUpdate.exe.147b1458.3.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.2.Windows Update.exe.391b065.10.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.2.Windows Update.exe.391b065.10.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 13.2.Windows Update.exe.14681458.2.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 13.2.Windows Update.exe.14681458.2.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.0.WindowsUpdate.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.0.WindowsUpdate.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.2.5.exe.48d7e0d.11.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.5.exe.48d7e0d.11.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.2.5.exe.4979c0d.16.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.5.exe.4979c0d.16.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.0.5.exe.415058.12.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.0.5.exe.415058.12.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.2.Windows Update.exe.252f428.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.2.Windows Update.exe.252f428.4.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.2.Windows Update.exe.4aa0000.16.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.2.Windows Update.exe.4aa0000.16.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.2.5.exe.492dc72.13.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.5.exe.492dc72.13.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.2.WindowsUpdate.exe.36f9660.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.2.WindowsUpdate.exe.36f9660.4.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.0.5.exe.400000.13.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.0.5.exe.400000.13.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.400000.13.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.400000.13.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.2.WindowsUpdate.exe.48c0000.10.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.2.WindowsUpdate.exe.48c0000.10.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.1.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.1.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.2.5.exe.4844e2d.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.5.exe.4844e2d.8.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.2.Windows Update.exe.4aa8208.17.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.2.Windows Update.exe.4aa8208.17.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.2.5.exe.48d6408.12.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.5.exe.48d6408.12.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.400000.41.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.400000.41.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 4.2.5.exe.147f0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 4.2.5.exe.147f0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.3913258.28.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.3913258.28.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.400000.20.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.400000.20.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.2.5.exe.3643258.7.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.5.exe.3643258.7.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.0.WindowsUpdate.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.0.WindowsUpdate.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.2.Windows Update.exe.415058.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.2.Windows Update.exe.415058.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 4.2.5.exe.14801458.1.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 4.2.5.exe.14801458.1.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.41b460.39.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.41b460.39.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.2.5.exe.41b460.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.5.exe.41b460.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.4aa0000.33.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.4aa0000.33.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.0.5.exe.400000.7.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.0.5.exe.400000.7.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 13.2.Windows Update.exe.14681458.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 13.2.Windows Update.exe.14681458.2.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.0.WindowsUpdate.exe.41ce65.16.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.0.WindowsUpdate.exe.41ce65.16.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.2.5.exe.489ac92.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.5.exe.489ac92.9.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.0.5.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.0.5.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.2.5.exe.415058.3.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.5.exe.415058.3.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.2.Windows Update.exe.400000.3.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.2.Windows Update.exe.400000.3.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.2.Windows Update.exe.4a10000.15.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.2.Windows Update.exe.4a10000.15.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.2.Windows Update.exe.4a10000.15.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.2.Windows Update.exe.4a10000.15.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.4aa9c0d.36.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.4aa9c0d.36.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.415058.15.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.415058.15.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.4a10000.30.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.4a10000.30.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.4aa0000.55.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.4aa0000.55.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.415058.17.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.415058.17.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.0.5.exe.41ce65.15.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.0.5.exe.41ce65.15.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.2.5.exe.3649660.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.5.exe.3649660.6.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.0.5.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.0.5.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.2.WindowsUpdate.exe.4950000.11.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.2.WindowsUpdate.exe.4950000.11.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.2939110.46.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.2939110.46.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.41ce65.16.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.41ce65.16.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.0.WindowsUpdate.exe.415058.15.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.0.WindowsUpdate.exe.415058.15.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.1.Windows Update.exe.415058.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.1.Windows Update.exe.415058.2.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.415058.10.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.415058.10.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.2586c92.45.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.2586c92.45.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.2.Windows Update.exe.4a17e0d.12.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.2.Windows Update.exe.4a17e0d.12.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 22.2.WindowsUpdate.exe.147b1458.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 22.2.WindowsUpdate.exe.147b1458.3.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.2.5.exe.415058.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.5.exe.415058.3.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 22.2.WindowsUpdate.exe.147b7860.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 22.2.WindowsUpdate.exe.147b7860.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.0.WindowsUpdate.exe.415058.10.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.0.WindowsUpdate.exe.415058.10.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.2.Windows Update.exe.4a6dc72.14.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.2.Windows Update.exe.4a6dc72.14.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.0.5.exe.415058.16.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.0.5.exe.415058.16.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.0.WindowsUpdate.exe.400000.7.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.0.WindowsUpdate.exe.400000.7.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.41ce65.42.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.41ce65.42.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.0.WindowsUpdate.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.0.WindowsUpdate.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.2.WindowsUpdate.exe.41b460.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.2.WindowsUpdate.exe.41b460.2.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.3919660.27.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.3919660.27.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.3919660.50.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.3919660.50.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.391b065.49.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.391b065.49.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.2.WindowsUpdate.exe.36fb065.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.2.WindowsUpdate.exe.36fb065.6.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.2.WindowsUpdate.exe.36f3258.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.2.WindowsUpdate.exe.36f3258.5.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.3913258.48.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.3913258.48.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.41ce65.11.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.41ce65.11.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.4aa8208.35.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.4aa8208.35.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.2.5.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.5.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.4aa9c0d.58.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.4aa9c0d.58.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.2.WindowsUpdate.exe.48c7e0d.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.2.WindowsUpdate.exe.48c7e0d.7.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.2.WindowsUpdate.exe.415058.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.2.WindowsUpdate.exe.415058.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.2.WindowsUpdate.exe.4959c0d.12.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.2.WindowsUpdate.exe.4959c0d.12.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 22.2.WindowsUpdate.exe.147a0000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 22.2.WindowsUpdate.exe.147a0000.4.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.0.5.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.0.5.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.4a16408.52.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.4a16408.52.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.2.Windows Update.exe.3919660.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.2.Windows Update.exe.3919660.9.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.2.WindowsUpdate.exe.48c0000.10.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.2.WindowsUpdate.exe.48c0000.10.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.2.WindowsUpdate.exe.4958208.14.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.2.WindowsUpdate.exe.4958208.14.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.41b460.14.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.41b460.14.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.0.WindowsUpdate.exe.415058.15.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.0.WindowsUpdate.exe.415058.15.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.2.Windows Update.exe.3913258.11.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.2.Windows Update.exe.3913258.11.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 4.2.5.exe.147f0000.2.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 4.2.5.exe.147f0000.2.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.2.Windows Update.exe.41ce65.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.2.Windows Update.exe.41ce65.2.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.4aa8208.57.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.4aa8208.57.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.4a10000.30.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.4a10000.30.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.0.5.exe.41b460.10.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.0.5.exe.41b460.10.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.2530e2d.22.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.2530e2d.22.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.1.Windows Update.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.1.Windows Update.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.2.WindowsUpdate.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.2.WindowsUpdate.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.0.5.exe.41b460.14.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.0.5.exe.41b460.14.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 13.2.Windows Update.exe.14670000.4.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 13.2.Windows Update.exe.14670000.4.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.4a6dc72.54.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.4a6dc72.54.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.391b065.26.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.391b065.26.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.2.WindowsUpdate.exe.415058.0.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.2.WindowsUpdate.exe.415058.0.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.252f428.23.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.252f428.23.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.2.Windows Update.exe.4affa72.19.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.2.Windows Update.exe.4affa72.19.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.4a6dc72.32.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.4a6dc72.32.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.4affa72.56.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.4affa72.56.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.0.5.exe.41ce65.11.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.0.5.exe.41ce65.11.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.1.Windows Update.exe.41b460.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.1.Windows Update.exe.41b460.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.2.Windows Update.exe.400000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.2.Windows Update.exe.400000.3.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.0.5.exe.400000.9.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.0.5.exe.400000.9.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.41b460.19.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.41b460.19.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 13.2.Windows Update.exe.14687860.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 13.2.Windows Update.exe.14687860.3.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.415058.40.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.415058.40.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.2.WindowsUpdate.exe.48c6408.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.2.WindowsUpdate.exe.48c6408.8.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.2.WindowsUpdate.exe.491dc72.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.2.WindowsUpdate.exe.491dc72.9.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.3913258.48.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.3913258.48.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 13.2.Windows Update.exe.14670000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 13.2.Windows Update.exe.14670000.4.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.41ce65.18.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.41ce65.18.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 13.2.Windows Update.exe.14689265.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 13.2.Windows Update.exe.14689265.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.0.5.exe.415058.16.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.0.5.exe.415058.16.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.2.5.exe.48d0000.14.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.5.exe.48d0000.14.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.2.5.exe.49cfa72.18.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.5.exe.49cfa72.18.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.2.Windows Update.exe.41b460.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.2.Windows Update.exe.41b460.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.41b460.12.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.41b460.12.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.2.WindowsUpdate.exe.49afa72.13.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.2.WindowsUpdate.exe.49afa72.13.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.0.WindowsUpdate.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.0.WindowsUpdate.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.400000.20.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.400000.20.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.2.Windows Update.exe.4aa9c0d.18.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.2.Windows Update.exe.4aa9c0d.18.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.415058.17.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.415058.17.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.415058.40.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.415058.40.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.0.WindowsUpdate.exe.41b460.12.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.0.WindowsUpdate.exe.41b460.12.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.2.5.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.5.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.0.WindowsUpdate.exe.41ce65.11.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.0.WindowsUpdate.exe.41ce65.11.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.400000.7.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.400000.7.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.2.Windows Update.exe.415058.1.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.2.Windows Update.exe.415058.1.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.2586c92.21.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.2586c92.21.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.2.5.exe.4843428.10.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.5.exe.4843428.10.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.2.Windows Update.exe.4a16408.13.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.2.Windows Update.exe.4a16408.13.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.4a17e0d.29.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.4a17e0d.29.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.0.5.exe.415058.12.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.0.5.exe.415058.12.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.2.5.exe.41ce65.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.5.exe.41ce65.2.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.415058.15.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.415058.15.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.2.5.exe.4978208.17.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.5.exe.4978208.17.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.2.Windows Update.exe.3913258.11.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.2.Windows Update.exe.3913258.11.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.0.5.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.0.5.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.0.WindowsUpdate.exe.400000.13.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.0.WindowsUpdate.exe.400000.13.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.400000.9.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.400000.9.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.4a17e0d.51.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.4a17e0d.51.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.2.WindowsUpdate.exe.36f3258.5.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.2.WindowsUpdate.exe.36f3258.5.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.2.5.exe.364b065.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.5.exe.364b065.5.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.1.Windows Update.exe.415058.2.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.1.Windows Update.exe.415058.2.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 4.2.5.exe.14809265.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 4.2.5.exe.14809265.3.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.2.5.exe.3643258.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.5.exe.3643258.7.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.3913258.28.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.3913258.28.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.252f428.44.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.252f428.44.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.2.WindowsUpdate.exe.41ce65.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.2.WindowsUpdate.exe.41ce65.3.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.400000.41.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.400000.41.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 22.2.WindowsUpdate.exe.147a0000.4.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 22.2.WindowsUpdate.exe.147a0000.4.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.0.WindowsUpdate.exe.415058.10.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.0.WindowsUpdate.exe.415058.10.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.4a10000.53.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.4a10000.53.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.4a16408.31.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.4a16408.31.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.2530e2d.43.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.2530e2d.43.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.0.WindowsUpdate.exe.400000.9.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.0.WindowsUpdate.exe.400000.9.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 22.2.WindowsUpdate.exe.147b9265.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 22.2.WindowsUpdate.exe.147b9265.2.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 24.0.WindowsUpdate.exe.41b460.14.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 24.0.WindowsUpdate.exe.41b460.14.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.2.5.exe.48d0000.14.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.5.exe.48d0000.14.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.0.Windows Update.exe.2939110.25.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.0.Windows Update.exe.2939110.25.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 14.2.Windows Update.exe.2939110.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 14.2.Windows Update.exe.2939110.7.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000001F.00000000.487258333.0000000000414000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000001F.00000000.487258333.0000000000414000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 00000025.00000001.540146334.0000000000414000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000025.00000001.540146334.0000000000414000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000000E.00000000.424853508.0000000002529000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000E.00000000.424853508.0000000002529000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 00000018.00000000.458447354.0000000000414000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000018.00000000.458447354.0000000000414000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000001E.00000002.496758993.00000000147E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000001E.00000002.496758993.00000000147E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 00000018.00000002.487065045.00000000036F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000018.00000002.487065045.00000000036F1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 00000021.00000002.544269268.00000000147A0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000021.00000002.544269268.00000000147A0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000000E.00000002.471556569.0000000004AA2000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000E.00000002.471556569.0000000004AA2000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000000E.00000000.443459685.0000000004A10000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000E.00000000.443459685.0000000004A10000.00000004.00020000.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000000E.00000001.387071526.0000000000414000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000E.00000001.387071526.0000000000414000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000000E.00000000.386135625.0000000000414000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000E.00000000.386135625.0000000000414000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 00000018.00000002.487659906.0000000004952000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000018.00000002.487659906.0000000004952000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000001F.00000002.508401661.00000000037D1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000001F.00000002.508401661.00000000037D1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000000D.00000002.392123032.0000000014670000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000D.00000002.392123032.0000000014670000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000000E.00000000.431782544.0000000004A10000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000E.00000000.431782544.0000000004A10000.00000004.00020000.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 00000025.00000000.532110592.0000000000414000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000025.00000000.532110592.0000000000414000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000000E.00000000.432437087.0000000004AA2000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000E.00000000.432437087.0000000004AA2000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000000E.00000000.436977479.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000E.00000000.436977479.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 00000018.00000002.484362226.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000018.00000002.484362226.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000000E.00000000.438307207.0000000002529000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000E.00000000.438307207.0000000002529000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 00000018.00000000.453421134.0000000000414000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000018.00000000.453421134.0000000000414000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 00000018.00000002.487409416.00000000048C0000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000018.00000002.487409416.00000000048C0000.00000004.00020000.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000000E.00000000.438464449.0000000002911000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000E.00000000.438464449.0000000002911000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000000E.00000000.442768485.0000000003911000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000E.00000000.442768485.0000000003911000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 00000016.00000002.466960238.00000000147A0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000016.00000002.466960238.00000000147A0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000000E.00000002.469849010.0000000003911000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000E.00000002.469849010.0000000003911000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000000E.00000002.462830437.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000E.00000002.462830437.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000000E.00000002.466203321.0000000002529000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000E.00000002.466203321.0000000002529000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000001F.00000002.507953184.00000000023ED000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000001F.00000002.507953184.00000000023ED000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 00000008.00000000.327594112.0000000000414000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000008.00000000.327594112.0000000000414000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 00000025.00000000.537967511.0000000000414000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000025.00000000.537967511.0000000000414000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000001F.00000002.508737592.0000000004962000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000001F.00000002.508737592.0000000004962000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000000E.00000002.470986632.0000000004A10000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000E.00000002.470986632.0000000004A10000.00000004.00020000.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000001F.00000002.508598472.00000000048D0000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000001F.00000002.508598472.00000000048D0000.00000004.00020000.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000000E.00000000.421424723.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000E.00000000.421424723.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000001F.00000000.483650913.0000000000414000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000001F.00000000.483650913.0000000000414000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000000E.00000000.430233792.0000000003911000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000E.00000000.430233792.0000000003911000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000000E.00000002.467195725.0000000002911000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000E.00000002.467195725.0000000002911000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 00000008.00000002.365052759.00000000048D0000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000008.00000002.365052759.00000000048D0000.00000004.00020000.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000000E.00000000.384722180.0000000000414000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000E.00000000.384722180.0000000000414000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000000E.00000000.443660001.0000000004AA2000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000E.00000000.443660001.0000000004AA2000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000001F.00000002.503503362.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000001F.00000002.503503362.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 00000008.00000002.365200823.0000000004972000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000008.00000002.365200823.0000000004972000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000000E.00000000.425599016.0000000002911000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000E.00000000.425599016.0000000002911000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group

Writes or reads registry keys via WMI

Show sources

Source: C:\Users\user\AppData\Local\Temp\21.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Users\user\AppData\Local\Temp\21.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Users\user\AppData\Local\Temp\21.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Users\user\AppData\Local\Temp\21.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Users\user\AppData\Local\Temp\21.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Users\user\AppData\Local\Temp\21.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Users\user\AppData\Local\Temp\21.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Users\user\AppData\Local\Temp\21.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Users\user\AppData\Local\Temp\21.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Users\user\AppData\Local\Temp\21.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Users\user\AppData\Local\Temp\21.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Users\user\AppData\Local\Temp\21.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Users\user\AppData\Local\Temp\21.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Users\user\AppData\Local\Temp\21.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Users\user\AppData\Local\Temp\21.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Users\user\AppData\Local\Temp\21.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Users\user\AppData\Local\Temp\21.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Users\user\AppData\Local\Temp\21.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey

.NET source code contains very large array initializations

Show sources

Source: 9.2.4.exe.4830000.5.unpack, u003cPrivateImplementationDetailsu003eu007b4B4BDF90u002d67CCu002d4E78u002dB7CFu002d90C54C83273Du007d/u0033FD8B6FEu002d01FFu002d44A8u002dB1F7u002d0A1374CC851F.cs

Large array initialization: .cctor: array initializer size 11902

Source: C:\Users\user\AppData\Roaming\Windows Update.exe

Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 2108

Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_00406043
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_00404618
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_0040681A
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_72E43AFE
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_72E48214
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_72E48786
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_72E48F2E
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_72E4A303
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_72E47CA2
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_72E529EC
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_72E529FB
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4_2_00406043
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4_2_00404618
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4_2_0040681A
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4_2_70187C82
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4_2_701881F4
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4_2_70192A1E
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4_2_70192A0F
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4_2_70183AEE
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4_2_7018A2E3
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4_2_70188F10
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4_2_70188766
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_00406043
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_00404618
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_0040681A
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_701BF530
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_701C7C82
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_701BF5AF
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_701C81F4
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_701D2A1E
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_701D2A0F
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_701C3AEE
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_701CA2E3
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_701C8F10
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_701C8766
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_2_0040A2A5
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_2_021E7EBD
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_2_04A21D98
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_1_0040A2A5
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_2_04A21DA8

Source: cMXrP6YXvo.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 21.exe.1.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 5.exe.1.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 4.exe.1.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Windows Update.exe.8.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WindowsUpdate.exe.14.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: sqlite3.dll.7.dr

Static PE information: Number of sections : 19 > 10

Source: cMXrP6YXvo.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: 14.0.Windows Update.exe.76b0000.37.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.4affa72.34.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.4affa72.34.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.2.Windows Update.exe.2586c92.5.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.2.Windows Update.exe.2586c92.5.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 4.2.5.exe.14801458.1.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 4.2.5.exe.14801458.1.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 4.2.5.exe.14801458.1.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.2.5.exe.4970000.15.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.2.5.exe.4970000.15.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.5.exe.4970000.15.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.415058.10.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.415058.10.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.415058.10.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.4a10000.53.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.4a10000.53.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.4a10000.53.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 4.2.5.exe.14807860.4.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 4.2.5.exe.14807860.4.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 4.2.5.exe.14807860.4.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.2.Windows Update.exe.2530e2d.6.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.2.Windows Update.exe.2530e2d.6.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.2.WindowsUpdate.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.2.WindowsUpdate.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.2.WindowsUpdate.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 22.2.WindowsUpdate.exe.147b1458.3.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 22.2.WindowsUpdate.exe.147b1458.3.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 22.2.WindowsUpdate.exe.147b1458.3.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.2.Windows Update.exe.391b065.10.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.2.Windows Update.exe.391b065.10.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 13.2.Windows Update.exe.14681458.2.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 13.2.Windows Update.exe.14681458.2.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 13.2.Windows Update.exe.14681458.2.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.0.WindowsUpdate.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.0.WindowsUpdate.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.0.WindowsUpdate.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.2.5.exe.48d7e0d.11.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.2.5.exe.48d7e0d.11.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.2.5.exe.4979c0d.16.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.2.5.exe.4979c0d.16.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.0.5.exe.415058.12.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.0.5.exe.415058.12.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.0.5.exe.415058.12.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.2.Windows Update.exe.252f428.4.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.2.Windows Update.exe.252f428.4.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.2.Windows Update.exe.252f428.4.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.2.Windows Update.exe.4aa0000.16.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.2.Windows Update.exe.4aa0000.16.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.2.Windows Update.exe.4aa0000.16.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.2.5.exe.492dc72.13.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.2.5.exe.492dc72.13.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.2.WindowsUpdate.exe.36f9660.4.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.2.WindowsUpdate.exe.36f9660.4.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.2.WindowsUpdate.exe.36f9660.4.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.0.5.exe.400000.13.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.0.5.exe.400000.13.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.0.5.exe.400000.13.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.400000.13.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.400000.13.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.400000.13.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.2.WindowsUpdate.exe.48c0000.10.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.2.WindowsUpdate.exe.48c0000.10.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.2.WindowsUpdate.exe.48c0000.10.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.1.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.1.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.2.5.exe.4844e2d.8.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.2.5.exe.4844e2d.8.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.2.Windows Update.exe.4aa8208.17.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.2.Windows Update.exe.4aa8208.17.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.2.Windows Update.exe.4aa8208.17.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.2.5.exe.48d6408.12.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.2.5.exe.48d6408.12.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.5.exe.48d6408.12.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.400000.41.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.400000.41.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.400000.41.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 4.2.5.exe.147f0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 4.2.5.exe.147f0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 4.2.5.exe.147f0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.3913258.28.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.3913258.28.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.3913258.28.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.400000.20.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.400000.20.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.400000.20.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.2.5.exe.3643258.7.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.2.5.exe.3643258.7.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.5.exe.3643258.7.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.0.WindowsUpdate.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.0.WindowsUpdate.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.0.WindowsUpdate.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.2.Windows Update.exe.415058.1.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.2.Windows Update.exe.415058.1.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.2.Windows Update.exe.415058.1.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 4.2.5.exe.14801458.1.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 4.2.5.exe.14801458.1.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 4.2.5.exe.14801458.1.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.41b460.39.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.41b460.39.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.41b460.39.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.2.5.exe.41b460.1.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.2.5.exe.41b460.1.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.5.exe.41b460.1.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.4aa0000.33.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.4aa0000.33.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.4aa0000.33.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.0.5.exe.400000.7.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.0.5.exe.400000.7.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.0.5.exe.400000.7.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 13.2.Windows Update.exe.14681458.2.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 13.2.Windows Update.exe.14681458.2.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 13.2.Windows Update.exe.14681458.2.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.0.WindowsUpdate.exe.41ce65.16.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.0.WindowsUpdate.exe.41ce65.16.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.2.5.exe.489ac92.9.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.2.5.exe.489ac92.9.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.0.5.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.0.5.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.0.5.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.2.5.exe.415058.3.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.2.5.exe.415058.3.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.5.exe.415058.3.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.2.Windows Update.exe.400000.3.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.2.Windows Update.exe.400000.3.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.2.Windows Update.exe.400000.3.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.2.Windows Update.exe.4a10000.15.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.2.Windows Update.exe.4a10000.15.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.2.Windows Update.exe.4a10000.15.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.2.Windows Update.exe.4a10000.15.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.2.Windows Update.exe.4a10000.15.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.2.Windows Update.exe.4a10000.15.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.4aa9c0d.36.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.4aa9c0d.36.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.415058.15.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.415058.15.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.415058.15.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.4a10000.30.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.4a10000.30.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.4a10000.30.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.4aa0000.55.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.4aa0000.55.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.4aa0000.55.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.415058.17.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.415058.17.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.415058.17.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.0.5.exe.41ce65.15.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.0.5.exe.41ce65.15.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.2.5.exe.3649660.6.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.2.5.exe.3649660.6.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.5.exe.3649660.6.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.0.5.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.0.5.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.0.5.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.2.5.exe.26ab278.4.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.2.WindowsUpdate.exe.4950000.11.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.2.WindowsUpdate.exe.4950000.11.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.2.WindowsUpdate.exe.4950000.11.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.2939110.46.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.2939110.46.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.2939110.46.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.41ce65.16.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.41ce65.16.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.0.WindowsUpdate.exe.415058.15.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.0.WindowsUpdate.exe.415058.15.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.0.WindowsUpdate.exe.415058.15.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.1.Windows Update.exe.415058.2.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.1.Windows Update.exe.415058.2.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.1.Windows Update.exe.415058.2.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.415058.10.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.415058.10.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.415058.10.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.2586c92.45.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.2586c92.45.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.2.Windows Update.exe.4a17e0d.12.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.2.Windows Update.exe.4a17e0d.12.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 22.2.WindowsUpdate.exe.147b1458.3.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 22.2.WindowsUpdate.exe.147b1458.3.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 22.2.WindowsUpdate.exe.147b1458.3.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.2.5.exe.415058.3.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.2.5.exe.415058.3.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.5.exe.415058.3.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 22.2.WindowsUpdate.exe.147b7860.1.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 22.2.WindowsUpdate.exe.147b7860.1.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 22.2.WindowsUpdate.exe.147b7860.1.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.0.WindowsUpdate.exe.415058.10.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.0.WindowsUpdate.exe.415058.10.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.0.WindowsUpdate.exe.415058.10.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.2.Windows Update.exe.4a6dc72.14.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.2.Windows Update.exe.4a6dc72.14.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.0.5.exe.415058.16.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.0.5.exe.415058.16.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.0.5.exe.415058.16.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.0.WindowsUpdate.exe.400000.7.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.0.WindowsUpdate.exe.400000.7.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.0.WindowsUpdate.exe.400000.7.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.41ce65.42.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.41ce65.42.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.0.WindowsUpdate.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.0.WindowsUpdate.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.0.WindowsUpdate.exe.400000.5.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.2.WindowsUpdate.exe.41b460.2.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.2.WindowsUpdate.exe.41b460.2.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.2.WindowsUpdate.exe.41b460.2.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.3919660.27.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.3919660.27.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.3919660.27.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.3919660.50.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.3919660.50.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.3919660.50.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.391b065.49.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.391b065.49.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.2.WindowsUpdate.exe.36fb065.6.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.2.WindowsUpdate.exe.36fb065.6.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.2.WindowsUpdate.exe.36f3258.5.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.2.WindowsUpdate.exe.36f3258.5.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.2.WindowsUpdate.exe.36f3258.5.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.3913258.48.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.3913258.48.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.3913258.48.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.41ce65.11.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.41ce65.11.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.4aa8208.35.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.4aa8208.35.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.4aa8208.35.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.2.5.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.2.5.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.5.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.4aa9c0d.58.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.4aa9c0d.58.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.2.WindowsUpdate.exe.48c7e0d.7.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.2.WindowsUpdate.exe.48c7e0d.7.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.2.WindowsUpdate.exe.415058.0.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.2.WindowsUpdate.exe.415058.0.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.2.WindowsUpdate.exe.415058.0.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.2.WindowsUpdate.exe.4959c0d.12.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.2.WindowsUpdate.exe.4959c0d.12.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.295a058.47.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 22.2.WindowsUpdate.exe.147a0000.4.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 22.2.WindowsUpdate.exe.147a0000.4.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 22.2.WindowsUpdate.exe.147a0000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.0.5.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.0.5.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.0.5.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.4a16408.52.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.4a16408.52.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.4a16408.52.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.2.Windows Update.exe.3919660.9.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.2.Windows Update.exe.3919660.9.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.2.Windows Update.exe.3919660.9.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.2.WindowsUpdate.exe.48c0000.10.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.2.WindowsUpdate.exe.48c0000.10.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.2.WindowsUpdate.exe.48c0000.10.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.2.WindowsUpdate.exe.4958208.14.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.2.WindowsUpdate.exe.4958208.14.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.2.WindowsUpdate.exe.4958208.14.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.41b460.14.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.41b460.14.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.41b460.14.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.0.WindowsUpdate.exe.415058.15.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.0.WindowsUpdate.exe.415058.15.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.0.WindowsUpdate.exe.415058.15.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.2.Windows Update.exe.3913258.11.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.2.Windows Update.exe.3913258.11.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.2.Windows Update.exe.3913258.11.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 4.2.5.exe.147f0000.2.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 4.2.5.exe.147f0000.2.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 4.2.5.exe.147f0000.2.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.2.Windows Update.exe.41ce65.2.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.2.Windows Update.exe.41ce65.2.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.4aa8208.57.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.4aa8208.57.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.4aa8208.57.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.4a10000.30.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.4a10000.30.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.4a10000.30.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.2.Windows Update.exe.295a058.8.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.0.5.exe.41b460.10.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.0.5.exe.41b460.10.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.0.5.exe.41b460.10.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.2530e2d.22.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.2530e2d.22.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.1.Windows Update.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.1.Windows Update.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.1.Windows Update.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.2.WindowsUpdate.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.2.WindowsUpdate.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.2.WindowsUpdate.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.0.5.exe.41b460.14.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.0.5.exe.41b460.14.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.0.5.exe.41b460.14.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 13.2.Windows Update.exe.14670000.4.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 13.2.Windows Update.exe.14670000.4.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 13.2.Windows Update.exe.14670000.4.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.4a6dc72.54.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.4a6dc72.54.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.391b065.26.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.391b065.26.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.2.WindowsUpdate.exe.415058.0.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.2.WindowsUpdate.exe.415058.0.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.2.WindowsUpdate.exe.415058.0.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.252f428.23.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.252f428.23.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.252f428.23.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.2.Windows Update.exe.4affa72.19.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.2.Windows Update.exe.4affa72.19.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.4a6dc72.32.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.4a6dc72.32.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.4affa72.56.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.4affa72.56.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.0.5.exe.41ce65.11.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.0.5.exe.41ce65.11.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.1.Windows Update.exe.41b460.1.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.1.Windows Update.exe.41b460.1.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.1.Windows Update.exe.41b460.1.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.2.Windows Update.exe.400000.3.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.2.Windows Update.exe.400000.3.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.2.Windows Update.exe.400000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.7700000.38.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.0.5.exe.400000.9.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.0.5.exe.400000.9.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.0.5.exe.400000.9.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.41b460.19.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.41b460.19.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.41b460.19.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 13.2.Windows Update.exe.14687860.3.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 13.2.Windows Update.exe.14687860.3.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 13.2.Windows Update.exe.14687860.3.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.415058.40.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.415058.40.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.415058.40.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.2.WindowsUpdate.exe.48c6408.8.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.2.WindowsUpdate.exe.48c6408.8.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.2.WindowsUpdate.exe.48c6408.8.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.2.WindowsUpdate.exe.491dc72.9.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.2.WindowsUpdate.exe.491dc72.9.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.3913258.48.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.3913258.48.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.3913258.48.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 13.2.Windows Update.exe.14670000.4.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 13.2.Windows Update.exe.14670000.4.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 13.2.Windows Update.exe.14670000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.41ce65.18.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.41ce65.18.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 13.2.Windows Update.exe.14689265.1.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 13.2.Windows Update.exe.14689265.1.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.0.5.exe.415058.16.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.0.5.exe.415058.16.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.0.5.exe.415058.16.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.2.Windows Update.exe.7700000.21.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.5.exe.48d0000.14.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.2.5.exe.48d0000.14.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.5.exe.48d0000.14.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.2.5.exe.49cfa72.18.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.2.5.exe.49cfa72.18.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.2.Windows Update.exe.41b460.0.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.2.Windows Update.exe.41b460.0.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.2.Windows Update.exe.41b460.0.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.41b460.12.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.41b460.12.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.41b460.12.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.2.WindowsUpdate.exe.49afa72.13.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.2.WindowsUpdate.exe.49afa72.13.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.0.WindowsUpdate.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.0.WindowsUpdate.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.0.WindowsUpdate.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.400000.20.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.400000.20.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.400000.20.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.2.Windows Update.exe.4aa9c0d.18.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.2.Windows Update.exe.4aa9c0d.18.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.415058.17.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.415058.17.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.415058.17.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.415058.40.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.415058.40.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.415058.40.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.7700000.60.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.2.Windows Update.exe.76b0000.20.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.0.WindowsUpdate.exe.41b460.12.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.0.WindowsUpdate.exe.41b460.12.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.0.WindowsUpdate.exe.41b460.12.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.2.5.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.2.5.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.5.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.0.WindowsUpdate.exe.41ce65.11.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.0.WindowsUpdate.exe.41ce65.11.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.400000.7.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.400000.7.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.400000.7.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.2.Windows Update.exe.415058.1.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.2.Windows Update.exe.415058.1.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.2.Windows Update.exe.415058.1.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.2586c92.21.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.2586c92.21.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.2.5.exe.4843428.10.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.2.5.exe.4843428.10.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.5.exe.4843428.10.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.2.Windows Update.exe.4a16408.13.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.2.Windows Update.exe.4a16408.13.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.2.Windows Update.exe.4a16408.13.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.4a17e0d.29.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.4a17e0d.29.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.0.5.exe.415058.12.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.0.5.exe.415058.12.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.0.5.exe.415058.12.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.2.5.exe.41ce65.2.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.2.5.exe.41ce65.2.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.415058.15.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.415058.15.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.415058.15.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.2.5.exe.4978208.17.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.2.5.exe.4978208.17.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.5.exe.4978208.17.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.2.Windows Update.exe.3913258.11.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.2.Windows Update.exe.3913258.11.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.2.Windows Update.exe.3913258.11.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.0.5.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.0.5.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.0.5.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.0.WindowsUpdate.exe.400000.13.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.0.WindowsUpdate.exe.400000.13.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.0.WindowsUpdate.exe.400000.13.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.400000.9.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.400000.9.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.400000.9.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.4a17e0d.51.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.4a17e0d.51.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.2.WindowsUpdate.exe.36f3258.5.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.2.WindowsUpdate.exe.36f3258.5.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.2.WindowsUpdate.exe.36f3258.5.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.2.5.exe.364b065.5.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.2.5.exe.364b065.5.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.1.Windows Update.exe.415058.2.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.1.Windows Update.exe.415058.2.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.1.Windows Update.exe.415058.2.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.76b0000.59.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 4.2.5.exe.14809265.3.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 4.2.5.exe.14809265.3.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.2.5.exe.3643258.7.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.2.5.exe.3643258.7.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.5.exe.3643258.7.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.3913258.28.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.3913258.28.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.3913258.28.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.252f428.44.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.252f428.44.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.252f428.44.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.2.WindowsUpdate.exe.41ce65.3.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.2.WindowsUpdate.exe.41ce65.3.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.400000.41.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.400000.41.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.400000.41.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 22.2.WindowsUpdate.exe.147a0000.4.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 22.2.WindowsUpdate.exe.147a0000.4.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 22.2.WindowsUpdate.exe.147a0000.4.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.0.WindowsUpdate.exe.415058.10.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.0.WindowsUpdate.exe.415058.10.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.0.WindowsUpdate.exe.415058.10.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.4a10000.53.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.4a10000.53.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.4a10000.53.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.4a16408.31.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.4a16408.31.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.4a16408.31.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.2530e2d.43.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.2530e2d.43.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.0.WindowsUpdate.exe.400000.9.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.0.WindowsUpdate.exe.400000.9.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.0.WindowsUpdate.exe.400000.9.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 22.2.WindowsUpdate.exe.147b9265.2.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 22.2.WindowsUpdate.exe.147b9265.2.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 24.0.WindowsUpdate.exe.41b460.14.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 24.0.WindowsUpdate.exe.41b460.14.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 24.0.WindowsUpdate.exe.41b460.14.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.2.5.exe.48d0000.14.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.2.5.exe.48d0000.14.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.5.exe.48d0000.14.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.0.Windows Update.exe.295a584.24.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.2939110.25.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.0.Windows Update.exe.2939110.25.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.0.Windows Update.exe.2939110.25.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 14.2.Windows Update.exe.2939110.7.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 14.2.Windows Update.exe.2939110.7.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.2.Windows Update.exe.2939110.7.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 0000001F.00000000.487258333.0000000000414000.00000040.00000001.sdmp, type: MEMORY	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 0000001F.00000000.487258333.0000000000414000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 00000025.00000001.540146334.0000000000414000.00000040.00020000.sdmp, type: MEMORY	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 00000025.00000001.540146334.0000000000414000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research

Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_004030E3 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4_2_004030E3 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_004030E3 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,

Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: String function: 00401ED0 appears 46 times
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: String function: 0040569E appears 36 times

Source: cMXrP6YXvo.exe, 00000001.00000000.298133911.00000000005C7000.00000002.00020000.sdmp

Binary or memory string: OriginalFilenameViottoBinder_Stub.exePADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD vs cMXrP6YXvo.exe

Source: cMXrP6YXvo.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	Section loaded: C:\Windows\SysWOW64\msvbvm60.dll
Source: C:\Users\user\AppData\Local\Temp\21.exe	Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Source: C:\Users\user\AppData\Local\Temp\5.exe

File created: C:\Users\user\AppData\Roaming\Windows Update.exe

Jump to behavior

Source: classification engine

Classification label: mal100.rans.phis.troj.spyw.evad.winEXE@34/46@20/4

Source: C:\Users\user\Desktop\cMXrP6YXvo.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: 14.0.Windows Update.exe.4aa0000.33.unpack, Form1.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 14.2.Windows Update.exe.4aa0000.16.unpack, Form1.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 14.0.Windows Update.exe.4aa0000.55.unpack, Form1.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 8.2.5.exe.4970000.15.unpack, Form1.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()

Source: C:\Users\user\AppData\Local\Temp\5.exe

Code function: 8_2_00401489 GetModuleHandleW,GetModuleHandleW,FindResourceW,GetModuleHandleW,LoadResource,LockResource,GetModuleHandleW,SizeofResource,FreeResource,ExitProcess,

Source: 21.exe, 00000003.00000002.327402234.00000000147A0000.00000004.00000001.sdmp, 21.exe, 00000007.00000000.314241953.0000000000400000.00000040.00000001.sdmp, 21.exe, 00000007.00000002.571046734.0000000000400000.00000040.00000001.sdmp, 21.exe, 00000007.00000001.323376377.0000000000400000.00000040.00020000.sdmp	Binary or memory string: E6:@ E*\AC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\Stub\Project1.vbp
Source: 21.exe, 00000007.00000002.571046734.0000000000400000.00000040.00000001.sdmp, 21.exe, 00000007.00000001.323376377.0000000000400000.00000040.00020000.sdmp	Binary or memory string: O@*\AC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\Stub\Project1.vbp

Source: cMXrP6YXvo.exe	Virustotal: Detection: 70%
Source: cMXrP6YXvo.exe	ReversingLabs: Detection: 75%

Source: C:\Users\user\Desktop\cMXrP6YXvo.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Users\user\Desktop\cMXrP6YXvo.exe "C:\Users\user\Desktop\cMXrP6YXvo.exe"
Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	Process created: C:\Users\user\AppData\Local\Temp\21.exe "C:\Users\user\AppData\Local\Temp\21.exe" 0
Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	Process created: C:\Users\user\AppData\Local\Temp\5.exe "C:\Users\user\AppData\Local\Temp\5.exe" 0
Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	Process created: C:\Users\user\AppData\Local\Temp\4.exe "C:\Users\user\AppData\Local\Temp\4.exe" 0
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process created: C:\Users\user\AppData\Local\Temp\21.exe "C:\Users\user\AppData\Local\Temp\21.exe" 0
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process created: C:\Users\user\AppData\Local\Temp\5.exe "C:\Users\user\AppData\Local\Temp\5.exe" 0
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process created: C:\Users\user\AppData\Local\Temp\4.exe "C:\Users\user\AppData\Local\Temp\4.exe" 0
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process created: C:\Users\user\AppData\Roaming\Windows Update.exe "C:\Users\user\AppData\Roaming\Windows Update.exe"
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process created: C:\Users\user\AppData\Roaming\Windows Update.exe "C:\Users\user\AppData\Roaming\Windows Update.exe"
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 2108
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\user\AppData\Local\Temp\holdermail.txt"
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\user\AppData\Local\Temp\holderwb.txt"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\WindowsUpdate.exe "C:\Users\user\AppData\Roaming\WindowsUpdate.exe"
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process created: C:\Users\user\AppData\Roaming\WindowsUpdate.exe "C:\Users\user\AppData\Roaming\WindowsUpdate.exe"
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 864
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 864
Source: unknown	Process created: C:\Users\user\AppData\Roaming\WindowsUpdate.exe "C:\Users\user\AppData\Roaming\WindowsUpdate.exe"
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process created: C:\Users\user\AppData\Roaming\WindowsUpdate.exe "C:\Users\user\AppData\Roaming\WindowsUpdate.exe"
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process created: C:\Users\user\AppData\Roaming\Windows Update.exe "C:\Users\user\AppData\Roaming\Windows Update.exe"
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process created: C:\Users\user\AppData\Roaming\Windows Update.exe "C:\Users\user\AppData\Roaming\Windows Update.exe"
Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	Process created: C:\Users\user\AppData\Local\Temp\21.exe "C:\Users\user\AppData\Local\Temp\21.exe" 0
Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	Process created: C:\Users\user\AppData\Local\Temp\5.exe "C:\Users\user\AppData\Local\Temp\5.exe" 0
Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	Process created: C:\Users\user\AppData\Local\Temp\4.exe "C:\Users\user\AppData\Local\Temp\4.exe" 0
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process created: C:\Users\user\AppData\Local\Temp\21.exe "C:\Users\user\AppData\Local\Temp\21.exe" 0
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process created: C:\Users\user\AppData\Local\Temp\5.exe "C:\Users\user\AppData\Local\Temp\5.exe" 0
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process created: C:\Users\user\AppData\Local\Temp\4.exe "C:\Users\user\AppData\Local\Temp\4.exe" 0
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process created: C:\Users\user\AppData\Roaming\Windows Update.exe "C:\Users\user\AppData\Roaming\Windows Update.exe"
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process created: C:\Users\user\AppData\Roaming\Windows Update.exe "C:\Users\user\AppData\Roaming\Windows Update.exe"
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 2108
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\user\AppData\Local\Temp\holdermail.txt"
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\user\AppData\Local\Temp\holderwb.txt"
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 864
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process created: C:\Users\user\AppData\Roaming\WindowsUpdate.exe "C:\Users\user\AppData\Roaming\WindowsUpdate.exe"

Source: C:\Users\user\Desktop\cMXrP6YXvo.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

System information queried: HandleInformation

Source: C:\Users\user\Desktop\cMXrP6YXvo.exe

File created: C:\Users\user\AppData\Local\Temp\21.exe

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\21.exe

Code function: 3_2_00402012 CoCreateInstance,MultiByteToWideChar,

Source: C:\Users\user\AppData\Local\Temp\21.exe

Code function: 3_2_0040411B GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

Source: 5.exe, 5.exe, 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, 5.exe, 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, 5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: 5.exe, 5.exe, 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, 5.exe, 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, 5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: 5.exe, 00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, 5.exe, 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, 5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
Source: 5.exe, 5.exe, 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, 5.exe, 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, 5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
Source: 21.exe, 00000007.00000002.578606968.0000000060966000.00000002.00020000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
Source: 21.exe, 00000007.00000002.578606968.0000000060966000.00000002.00020000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: 21.exe, 00000007.00000002.578606968.0000000060966000.00000002.00020000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: 21.exe, 00000007.00000002.578606968.0000000060966000.00000002.00020000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: 5.exe, 5.exe, 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, 5.exe, 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, 5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: 5.exe, 5.exe, 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, 5.exe, 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, 5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: 21.exe, 00000007.00000002.578606968.0000000060966000.00000002.00020000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: 21.exe, 00000007.00000002.578606968.0000000060966000.00000002.00020000.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: 5.exe, 5.exe, 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, 5.exe, 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, 5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

Source: C:\Users\user\AppData\Local\Temp\5.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\5.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Users\user\AppData\Local\Temp\5.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Users\user\AppData\Local\Temp\4.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp

Source: 8.2.5.exe.4970000.15.unpack, Form1.cs	Base64 encoded string: 'hxYuBRkiiqF2m5U/v+PiR2nswhUqG0SslS0sInRy44yND2XYDxDtrDNZ25ZQ5u6E', 'ybZRZ/CCW7udMx58FQTRrK9RIMwrfnmlR5Z83UvMyu30rrOEs1DzW7d2mK+Drn3u', 'PN4TW3peZ3UeXi7asDB56E4dMEf6JrdkxXNUlrUjLlWcjHK1wZ5CpLZZKB/ocuFWy9Kw0Q8tIc1Qv7OEgqzD+w=='
Source: 14.2.Windows Update.exe.4aa0000.16.unpack, Form1.cs	Base64 encoded string: 'hxYuBRkiiqF2m5U/v+PiR2nswhUqG0SslS0sInRy44yND2XYDxDtrDNZ25ZQ5u6E', 'ybZRZ/CCW7udMx58FQTRrK9RIMwrfnmlR5Z83UvMyu30rrOEs1DzW7d2mK+Drn3u', 'PN4TW3peZ3UeXi7asDB56E4dMEf6JrdkxXNUlrUjLlWcjHK1wZ5CpLZZKB/ocuFWy9Kw0Q8tIc1Qv7OEgqzD+w=='
Source: 14.0.Windows Update.exe.4aa0000.33.unpack, Form1.cs	Base64 encoded string: 'hxYuBRkiiqF2m5U/v+PiR2nswhUqG0SslS0sInRy44yND2XYDxDtrDNZ25ZQ5u6E', 'ybZRZ/CCW7udMx58FQTRrK9RIMwrfnmlR5Z83UvMyu30rrOEs1DzW7d2mK+Drn3u', 'PN4TW3peZ3UeXi7asDB56E4dMEf6JrdkxXNUlrUjLlWcjHK1wZ5CpLZZKB/ocuFWy9Kw0Q8tIc1Qv7OEgqzD+w=='
Source: 14.0.Windows Update.exe.4aa0000.55.unpack, Form1.cs	Base64 encoded string: 'hxYuBRkiiqF2m5U/v+PiR2nswhUqG0SslS0sInRy44yND2XYDxDtrDNZ25ZQ5u6E', 'ybZRZ/CCW7udMx58FQTRrK9RIMwrfnmlR5Z83UvMyu30rrOEs1DzW7d2mK+Drn3u', 'PN4TW3peZ3UeXi7asDB56E4dMEf6JrdkxXNUlrUjLlWcjHK1wZ5CpLZZKB/ocuFWy9Kw0Q8tIc1Qv7OEgqzD+w=='

Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe

Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking

Source: 8.2.5.exe.4970000.15.unpack, Form1.cs	Cryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
Source: 8.2.5.exe.4970000.15.unpack, Form1.cs	Cryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
Source: 8.2.5.exe.4970000.15.unpack, Form1.cs	Cryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
Source: 8.2.5.exe.4970000.15.unpack, Form1.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 9.2.4.exe.4830000.5.unpack, A/b2.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 9.2.4.exe.4830000.5.unpack, A/b2.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'

Source: C:\Users\user\AppData\Local\Temp\21.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\21.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\4.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\4.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\4.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\4.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\5.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Source: C:\Users\user\AppData\Local\Temp\4.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Source: C:\Users\user\AppData\Local\Temp\5.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Source: cMXrP6YXvo.exe

Static file information: File size 2351104 > 1048576

Source: cMXrP6YXvo.exe

Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x23c000

Source:	Binary string: C:\Work\SQLiteForExcel\Source\SQLite3_StdCall\Release\SQLite3_StdCall.pdb0. source: 21.exe, 00000007.00000003.382502789.000000000331C000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578000693.0000000003CFB000.00000002.00020000.sdmp, 21.exe, 00000007.00000003.383454586.000000000373E000.00000004.00000001.sdmp
Source:	Binary string: wntdll.pdbUGP source: 21.exe, 00000003.00000003.322768240.00000000149E0000.00000004.00000001.sdmp, 21.exe, 00000003.00000003.317462821.0000000014850000.00000004.00000001.sdmp, 5.exe, 00000004.00000003.315628702.0000000014890000.00000004.00000001.sdmp, 5.exe, 00000004.00000003.328102555.0000000014A20000.00000004.00000001.sdmp, 4.exe, 00000006.00000003.314088851.00000000147F0000.00000004.00000001.sdmp, 4.exe, 00000006.00000003.321684171.0000000014980000.00000004.00000001.sdmp
Source:	Binary string: C:\Users\Jovan\Documents\Visual Studio 2010\Projects\Stealer\CMemoryExecute\CMemoryExecute\obj\Release\CMemoryExecute.pdb source: 5.exe, 5.exe, 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, 5.exe, 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.364617078.0000000002641000.00000004.00000001.sdmp, 5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp
Source:	Binary string: wntdll.pdb source: 21.exe, 00000003.00000003.322768240.00000000149E0000.00000004.00000001.sdmp, 21.exe, 00000003.00000003.317462821.0000000014850000.00000004.00000001.sdmp, 5.exe, 00000004.00000003.315628702.0000000014890000.00000004.00000001.sdmp, 5.exe, 00000004.00000003.328102555.0000000014A20000.00000004.00000001.sdmp, 4.exe, 00000006.00000003.314088851.00000000147F0000.00000004.00000001.sdmp, 4.exe, 00000006.00000003.321684171.0000000014980000.00000004.00000001.sdmp
Source:	Binary string: f:\Projects\VS2005\mailpv\Release\mailpv.pdb source: 5.exe, 5.exe, 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, 5.exe, 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, 5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp
Source:	Binary string: f:\Projects\VS2005\WebBrowserPassView\Release\WebBrowserPassView.pdb source: 5.exe, 5.exe, 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, 5.exe, 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, 5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp
Source:	Binary string: C:\Work\SQLiteForExcel\Source\SQLite3_StdCall\Release\SQLite3_StdCall.pdb source: 21.exe, 00000007.00000003.382502789.000000000331C000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578000693.0000000003CFB000.00000002.00020000.sdmp, 21.exe, 00000007.00000003.383454586.000000000373E000.00000004.00000001.sdmp

Data Obfuscation:

Detected unpacking (creates a PE file in dynamic memory)

Show sources

Source: C:\Users\user\AppData\Local\Temp\5.exe	Unpacked PE file: 8.2.5.exe.4970000.15.unpack
Source: C:\Users\user\AppData\Local\Temp\4.exe	Unpacked PE file: 9.2.4.exe.4830000.5.unpack
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Unpacked PE file: 24.2.WindowsUpdate.exe.4950000.11.unpack

.NET source code contains potential unpacker

Show sources

Source: 8.2.5.exe.4970000.15.unpack, Form1.cs	.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 8.2.5.exe.4970000.15.unpack, Form1.cs	.Net Code: run System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 8.2.5.exe.4970000.15.unpack, Form1.cs	.Net Code: stealMail System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 8.2.5.exe.4970000.15.unpack, Form1.cs	.Net Code: stealWebroswers System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 14.2.Windows Update.exe.4aa0000.16.unpack, Form1.cs	.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 14.2.Windows Update.exe.4aa0000.16.unpack, Form1.cs	.Net Code: run System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 14.2.Windows Update.exe.4aa0000.16.unpack, Form1.cs	.Net Code: stealMail System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 14.2.Windows Update.exe.4aa0000.16.unpack, Form1.cs	.Net Code: stealWebroswers System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 14.0.Windows Update.exe.4aa0000.33.unpack, Form1.cs	.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 14.0.Windows Update.exe.4aa0000.33.unpack, Form1.cs	.Net Code: run System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 14.0.Windows Update.exe.4aa0000.33.unpack, Form1.cs	.Net Code: stealMail System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 14.0.Windows Update.exe.4aa0000.33.unpack, Form1.cs	.Net Code: stealWebroswers System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 14.0.Windows Update.exe.4aa0000.55.unpack, Form1.cs	.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 14.0.Windows Update.exe.4aa0000.55.unpack, Form1.cs	.Net Code: run System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 14.0.Windows Update.exe.4aa0000.55.unpack, Form1.cs	.Net Code: stealMail System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 14.0.Windows Update.exe.4aa0000.55.unpack, Form1.cs	.Net Code: stealWebroswers System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])

Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_72E42E55 push ecx; ret
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_72E56D6E push esp; retf
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_72E56D7A pushfd ; retf
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4_2_70182E45 push ecx; ret
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_701C2E45 push ecx; ret
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_701D6F3E push esp; retf
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_701D6F4A pushfd ; retf
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 7_3_0379A478 push FFFFFFB2h; ret
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 7_3_0379406C push eax; retf
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 7_3_0379406C push eax; retf
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 7_3_0379A396 push FFFFFFB2h; ret
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 7_3_0379A396 push FFFFFFB2h; ret
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 7_3_0379406C push eax; retf
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 7_3_0379406C push eax; retf
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 7_3_0379A396 push FFFFFFB2h; ret
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 7_3_0379A396 push FFFFFFB2h; ret
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_2_00401F16 push ecx; ret
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_2_02142685 push edi; ret
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_2_02142AD5 push edi; ret
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_2_02142AC9 push edi; ret
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_2_021426E0 push edi; ret
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_2_02142733 push eax; ret
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_2_02142C48 push eax; ret
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_2_02142D39 push edi; ret
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_2_02142570 push ecx; ret
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_2_021425D7 push ecx; ret
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_2_021425C5 push ecx; ret
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_1_00401F16 push ecx; ret

Source: C:\Users\user\AppData\Local\Temp\21.exe

Code function: 3_2_00405C49 GetModuleHandleA,LoadLibraryA,GetProcAddress,

Source: sqlite3.dll.7.dr	Static PE information: section name: /4
Source: sqlite3.dll.7.dr	Static PE information: section name: /19
Source: sqlite3.dll.7.dr	Static PE information: section name: /35
Source: sqlite3.dll.7.dr	Static PE information: section name: /51
Source: sqlite3.dll.7.dr	Static PE information: section name: /63
Source: sqlite3.dll.7.dr	Static PE information: section name: /77
Source: sqlite3.dll.7.dr	Static PE information: section name: /89
Source: sqlite3.dll.7.dr	Static PE information: section name: /102
Source: sqlite3.dll.7.dr	Static PE information: section name: /113
Source: sqlite3.dll.7.dr	Static PE information: section name: /124

Source: rgsbzeog.dll.4.dr	Static PE information: real checksum: 0x0 should be: 0x32e49
Source: WindowsUpdate.exe.14.dr	Static PE information: real checksum: 0x0 should be: 0xd409f
Source: rgsbzeog.dll.22.dr	Static PE information: real checksum: 0x0 should be: 0x32e49
Source: orwglwkinzb.dll.3.dr	Static PE information: real checksum: 0x0 should be: 0x2d55f
Source: Windows Update.exe.8.dr	Static PE information: real checksum: 0x0 should be: 0xd409f
Source: rgsbzeog.dll.13.dr	Static PE information: real checksum: 0x0 should be: 0x32e49
Source: cMXrP6YXvo.exe	Static PE information: real checksum: 0xa45b should be: 0x249c41
Source: 4.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x91963
Source: 21.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0xea499
Source: kqkz.dll.6.dr	Static PE information: real checksum: 0x0 should be: 0x308b5
Source: 5.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0xd409f

Source: C:\Users\user\AppData\Local\Temp\5.exe	File created: C:\Users\user\AppData\Roaming\Windows Update.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\5.exe	File created: C:\Users\user\AppData\Local\Temp\nsqF40D.tmp\rgsbzeog.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\21.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	File created: C:\Users\user\AppData\Local\Temp\nsbCF78.tmp\rgsbzeog.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	File created: C:\Users\user\AppData\Local\Temp\nsdC84E.tmp\rgsbzeog.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\4.exe	File created: C:\Users\user\AppData\Local\Temp\tmpG355.tmp (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\21.exe	File created: C:\Users\user\AppData\Local\Temp\nsoF0FF.tmp\orwglwkinzb.dll	Jump to dropped file
Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	File created: C:\Users\user\AppData\Local\Temp\5.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\4.exe	File created: C:\Users\user\AppData\Local\Temp\nscFA17.tmp\kqkz.dll	Jump to dropped file
Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	File created: C:\Users\user\AppData\Local\Temp\4.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\21.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\SQLite3_StdCall.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	File created: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	File created: C:\Users\user\AppData\Local\Temp\21.exe	Jump to dropped file

Boot Survival:

Creates multiple autostart registry keys

Show sources

Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Windows Update
Source: C:\Users\user\AppData\Local\Temp\4.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run itswell

Source: C:\Users\user\AppData\Local\Temp\4.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run itswell
Source: C:\Users\user\AppData\Local\Temp\4.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run itswell
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Windows Update
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Windows Update

Hooking and other Techniques for Hiding and Protection:

Changes the view of files in windows explorer (hidden files and folders)

Show sources

Source: C:\Users\user\AppData\Roaming\Windows Update.exe

Key value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Hidden

Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Show sources

Source: C:\Users\user\AppData\Local\Temp\4.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Found evasive API chain (trying to detect sleep duration tampering with parallel thread)

Show sources

Source: C:\Users\user\AppData\Local\Temp\4.exe	Function Chain: threadResumed,threadDelayed,memAlloc,systemQueried,systemQueried,threadCreated,threadResumed,threadDelayed,threadDelayed,threadDelayed,systemQueried,systemQueried,threadDelayed,systemQueried,threadDelayed,processSet,processSet,processSet,fileCreated,processSet,processSet,keyOpened,keyValueQueried,keyValueCreated,keyOpened
Source: C:\Users\user\AppData\Local\Temp\4.exe	Function Chain: threadCreated,threadResumed,threadDelayed,threadDelayed,threadDelayed,systemQueried,systemQueried,threadDelayed,systemQueried,threadDelayed,processSet,processSet,processSet,fileCreated,processSet,processSet,keyOpened,keyValueQueried,keyValueCreated,keyOpened,keyValueQueried,keyValueCreated,processSet,processSet,memAlloc

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Show sources

Source: C:\Users\user\AppData\Local\Temp\21.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Users\user\AppData\Local\Temp\5.exe TID: 6888	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\5.exe TID: 6964	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\4.exe TID: 2056	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\4.exe TID: 2056	Thread sleep count: 128 > 30
Source: C:\Users\user\AppData\Local\Temp\4.exe TID: 2056	Thread sleep time: -3840000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\4.exe TID: 5380	Thread sleep count: 33 > 30
Source: C:\Users\user\AppData\Local\Temp\4.exe TID: 2056	Thread sleep time: -150000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\4.exe TID: 4624	Thread sleep count: 316 > 30
Source: C:\Users\user\AppData\Roaming\Windows Update.exe TID: 6572	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Windows Update.exe TID: 6864	Thread sleep time: -120000s >= -30000s
Source: C:\Users\user\AppData\Roaming\Windows Update.exe TID: 7076	Thread sleep time: -140000s >= -30000s
Source: C:\Users\user\AppData\Roaming\Windows Update.exe TID: 3076	Thread sleep time: -300000s >= -30000s
Source: C:\Users\user\AppData\Roaming\Windows Update.exe TID: 3932	Thread sleep time: -180000s >= -30000s
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe TID: 3744	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\4.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\4.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\5.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\5.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\4.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Thread delayed: delay time: 300000
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\21.exe	Window / User API: foregroundWindowGot 612
Source: C:\Users\user\AppData\Local\Temp\21.exe	Window / User API: foregroundWindowGot 385

Source: C:\Users\user\AppData\Local\Temp\21.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem

Source: C:\Users\user\AppData\Local\Temp\21.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\SQLite3_StdCall.dll

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\21.exe

File opened / queried: C:\Windows\SysWOW64\drivers\VBoxMouse.sys

Source: C:\Users\user\AppData\Local\Temp\21.exe

Code function: 7_3_006A38BC sldt word ptr [eax+00000000h]

Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\5.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\5.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\4.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\4.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\4.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Thread delayed: delay time: 120000
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Thread delayed: delay time: 140000
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Thread delayed: delay time: 300000
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\21.exe	File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\21.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft
Source: C:\Users\user\AppData\Local\Temp\21.exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\21.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates
Source: C:\Users\user\AppData\Local\Temp\21.exe	File opened: C:\Users\user\AppData\Roaming
Source: C:\Users\user\AppData\Local\Temp\21.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows

Source: 21.exe, 00000007.00000002.575988538.0000000002990000.00000004.00000001.sdmp	Binary or memory string: ers\VBoxMouse.sys
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll37 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.575988538.0000000002990000.00000004.00000001.sdmp	Binary or memory string: File not found: 'C:\Windows\System32\drivers\VBoxMouse.sys'
Source: 21.exe, 00000007.00000003.375595803.00000000006F7000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Local\Temp\4.exe

Process information queried: ProcessInformation

Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_00405250 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_00405C22 FindFirstFileA,FindClose,
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_00402630 FindFirstFileA,
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4_2_00405250 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4_2_00405C22 FindFirstFileA,FindClose,
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4_2_00402630 FindFirstFileA,
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_00405250 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_00405C22 FindFirstFileA,FindClose,
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_00402630 FindFirstFileA,
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_2_00404A29 FindFirstFileExW,

Source: C:\Users\user\AppData\Local\Temp\21.exe	File Volume queried: C:\Users\user\AppData\Roaming\Microsoft\Windows FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\21.exe	File Volume queried: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\21.exe

Code function: 3_2_00405C49 GetModuleHandleA,LoadLibraryA,GetProcAddress,

Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_72E52402 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_72E526C7 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_72E52616 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_72E52744 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_72E52706 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4_2_70192402 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4_2_70192616 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4_2_701926C7 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4_2_70192706 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4_2_70192744 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_701D2402 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_701D2616 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_701D26C7 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_701D2706 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_701D2744 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_2_004035F1 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_1_004035F1 mov eax, dword ptr fs:[00000030h]

Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process queried: DebugPort

Source: C:\Users\user\AppData\Roaming\Windows Update.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 864

Source: C:\Users\user\AppData\Local\Temp\21.exe

Code function: 3_2_72E452FB IsDebuggerPresent,

Source: C:\Users\user\AppData\Local\Temp\21.exe

Code function: 3_2_72E417A3 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

Source: C:\Users\user\AppData\Local\Temp\5.exe

Code function: 8_2_004067FE GetProcessHeap,

Source: C:\Users\user\AppData\Local\Temp\4.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\5.exe

Memory allocated: page read and write | page guard

Source: C:\Users\user\AppData\Local\Temp\21.exe	Code function: 3_2_72E42A12 SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 4_2_70182A02 SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\4.exe	Code function: 6_2_701C2A02 SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_2_00401E1D SetUnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_2_0040446F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_2_00401C88 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_2_00401F30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_1_00401E1D SetUnhandledExceptionFilter,

HIPS / PFW / Operating System Protection Evasion:

Allocates memory in foreign processes

Show sources

Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000 protect: page execute and read and write
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000 protect: page execute and read and write

Injects a PE file into a foreign processes

Show sources

Source: C:\Users\user\AppData\Local\Temp\21.exe	Memory written: C:\Users\user\AppData\Local\Temp\21.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\5.exe	Memory written: C:\Users\user\AppData\Local\Temp\5.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\4.exe	Memory written: C:\Users\user\AppData\Local\Temp\4.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Memory written: C:\Users\user\AppData\Roaming\Windows Update.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Memory written: C:\Users\user\AppData\Roaming\WindowsUpdate.exe base: 400000 value starts with: 4D5A

Sample uses process hollowing technique

Show sources

Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Section unmapped: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base address: 400000
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Section unmapped: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base address: 400000

Writes to foreign memory regions

Show sources

Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 401000
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 412000
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 416000
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 418000
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 401000
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 443000
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 44F000
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 452000

.NET source code references suspicious native API functions

Show sources

Source: 8.2.5.exe.4970000.15.unpack, Form1.cs	Reference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
Source: 8.2.5.exe.4970000.15.unpack, RunPE.cs	Reference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
Source: 9.2.4.exe.4830000.5.unpack, A/b2.cs	Reference to suspicious API methods: ('A', 'MapVirtualKey@user32.dll')
Source: 14.2.Windows Update.exe.4aa0000.16.unpack, Form1.cs	Reference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
Source: 14.2.Windows Update.exe.4aa0000.16.unpack, RunPE.cs	Reference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
Source: 14.0.Windows Update.exe.4aa0000.33.unpack, Form1.cs	Reference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
Source: 14.0.Windows Update.exe.4aa0000.33.unpack, RunPE.cs	Reference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
Source: 14.0.Windows Update.exe.4aa0000.55.unpack, Form1.cs	Reference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
Source: 14.0.Windows Update.exe.4aa0000.55.unpack, RunPE.cs	Reference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')

Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	Process created: C:\Users\user\AppData\Local\Temp\21.exe "C:\Users\user\AppData\Local\Temp\21.exe" 0
Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	Process created: C:\Users\user\AppData\Local\Temp\5.exe "C:\Users\user\AppData\Local\Temp\5.exe" 0
Source: C:\Users\user\Desktop\cMXrP6YXvo.exe	Process created: C:\Users\user\AppData\Local\Temp\4.exe "C:\Users\user\AppData\Local\Temp\4.exe" 0
Source: C:\Users\user\AppData\Local\Temp\21.exe	Process created: C:\Users\user\AppData\Local\Temp\21.exe "C:\Users\user\AppData\Local\Temp\21.exe" 0
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process created: C:\Users\user\AppData\Local\Temp\5.exe "C:\Users\user\AppData\Local\Temp\5.exe" 0
Source: C:\Users\user\AppData\Local\Temp\4.exe	Process created: C:\Users\user\AppData\Local\Temp\4.exe "C:\Users\user\AppData\Local\Temp\4.exe" 0
Source: C:\Users\user\AppData\Local\Temp\5.exe	Process created: C:\Users\user\AppData\Roaming\Windows Update.exe "C:\Users\user\AppData\Roaming\Windows Update.exe"
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process created: C:\Users\user\AppData\Roaming\Windows Update.exe "C:\Users\user\AppData\Roaming\Windows Update.exe"
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 2108
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\user\AppData\Local\Temp\holdermail.txt"
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\user\AppData\Local\Temp\holderwb.txt"
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 864
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe	Process created: C:\Users\user\AppData\Roaming\WindowsUpdate.exe "C:\Users\user\AppData\Roaming\WindowsUpdate.exe"

Source: 21.exe	Binary or memory string: 38 PM]<<Program Manager>> [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475423310.0000000005E14000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465183864.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493296356.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425095311.0000000003745000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483011357.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517264336.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460088658.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464415246.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460540222.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472048739.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475402200.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457401335.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458841769.0000000005E49000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452881848.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462131672.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453765033.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463174279.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456450599.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461729042.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456150858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470694507.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453992276.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479480704.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482653953.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458277455.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469400002.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458762474.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454224724.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468569231.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472240252.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487616192.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456340949.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517350970.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467479639.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459634702.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459386417.00000000037D3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457695266.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458526394.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477309350.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457288339.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424831327.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463241340.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461466122.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460720131.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472222993.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471498708.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492504654.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456183103.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476806766.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474367333.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475976439.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464078238.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465573846.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457325715.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458727342.00000000037CE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472150191.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459053061.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460762953.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459075635.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478897060.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465361197.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459007999.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473603381.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468310327.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424654455.000000000379F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458291644.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456115809.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452621648.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452638824.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452597267.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467458390.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464234945.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457347121.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460033768.00000000037C9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453881580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464160930.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458796852.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458611315.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461973180.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456321578.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459297034.00000000037BE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458354568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452895169.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453788789.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468411877.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469948198.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484653444.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475844497.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461753640.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467883847.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459697609.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460161780.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457559306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475719230.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481164656.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459578253.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452806427.00000000037B7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458811178.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463660039.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460362009.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453689380.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468362798.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476642889.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463137212.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460260764.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458225078.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472467964.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463673901.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458119405.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480829841.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424773837.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486444561.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465382984.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461338085.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490151238.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463644684.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465641003.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477379199.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461529807.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456532192.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463156501.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456389310.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478315777.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478979265.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467854718.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461800019.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456071803.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469183098.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464202193.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457464772.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458185611.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479674015.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468374780.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463047506.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468427298.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454209766.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464220778.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464140712.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464300233.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464465973.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452784846.00000000037C1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456512237.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454109857.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474545758.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469208670.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458636179.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492158978.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452840429.0000000005DF5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473919060.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424714972.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475770030.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459447578.0000000005E43000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460120579.0000000005E48000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472127553.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473167040.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470173071.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469882044.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477744907.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467809463.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465614084.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481255581.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458333672.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478422040.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:42:52 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.375627252.0000000003739000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp	Binary or memory string: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates Program Manager>>
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475423310.0000000005E14000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481181521.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483011357.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473210755.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484751942.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460088658.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464415246.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472048739.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475402200.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475734184.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457401335.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458841769.0000000005E49000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452881848.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462131672.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477331838.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453765033.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467825795.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463174279.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456450599.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461729042.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456150858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470694507.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453992276.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458866774.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479480704.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463713394.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458277455.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469400002.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458762474.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454224724.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468569231.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470107293.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472240252.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486965824.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456340949.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456371204.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467479639.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459634702.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469378697.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459386417.00000000037D3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479715862.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492655598.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457695266.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458526394.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457288339.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463241340.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461466122.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460720131.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472222993.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471498708.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456183103.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474367333.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464078238.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465573846.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457325715.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458727342.00000000037CE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472150191.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459053061.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460762953.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459075635.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465361197.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459007999.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473603381.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468310327.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458291644.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456115809.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452621648.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490315222.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452638824.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452597267.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467458390.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464234945.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457347121.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460033768.00000000037C9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453881580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464160930.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482951727.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458796852.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458611315.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478058785.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461973180.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456321578.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459297034.00000000037BE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458354568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517074877.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452895169.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453788789.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463456854.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475383582.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468411877.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469948198.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475844497.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481954789.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461753640.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467883847.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459697609.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460161780.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457559306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475719230.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459578253.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452806427.00000000037B7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458811178.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463660039.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460362009.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453689380.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468362798.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476642889.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463137212.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460260764.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458225078.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472467964.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463673901.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458119405.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465382984.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461338085.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463644684.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465641003.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477379199.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461529807.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456532192.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460936632.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463156501.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456389310.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478315777.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478979265.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467854718.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461800019.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456071803.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469183098.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464202193.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457464772.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458185611.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468374780.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463047506.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468427298.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454209766.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464220778.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464140712.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464300233.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464465973.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452784846.00000000037C1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456512237.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454109857.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474545758.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469208670.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458636179.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452840429.0000000005DF5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473919060.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475770030.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459447578.0000000005E43000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460120579.0000000005E48000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472127553.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473167040.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470173071.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469882044.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477744907.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467809463.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465614084.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481255581.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458333672.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:43:05 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.577730314.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577594157.000000000377A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.570844728.0000000000196000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577621493.000000000377E000.00000004.00000001.sdmp	Binary or memory string: [1:43:55 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: m Manager>> [1:42:35 PM]<<Program Manager>> [1:42:
Source: 21.exe, 00000007.00000003.493296356.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490537591.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491953447.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484578600.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492945009.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482653953.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487616192.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577864404.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487835519.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492504654.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489129276.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492464525.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484653444.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486444561.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517033183.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490151238.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492158978.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489896544.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp	Binary or memory string: [1:43:30 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp	Binary or memory string: [1:43:24 PM]<<Program Manager[1:
Source: 21.exe, 00000007.00000002.577730314.0000000003793000.00000004.00000001.sdmp	Binary or memory string: Ko[1:43:54 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: ram Manager>> [1:42:54 PM]<<Program Manager>> [1:42:54 PM]<<Program Manager>> [1:42:54 PM]<<Program Manager>> [1:42:54
Source: 21.exe	Binary or memory string: 3 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Program
Source: 21.exe, 00000007.00000003.517435891.000000000373E000.00000004.00000001.sdmp	Binary or memory string: Program Manager3776383D0D0A9BZ #
Source: 21.exe	Binary or memory string: nager>> [1:42:55 PM]<<Program Manager>> [1:42:55 PM]<<Program Manager>> [1:42:55 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp	Binary or memory string: [1:43:34 PM]<<Program Managerg
Source: 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp	Binary or memory string: [1:43:28 PM]<<Program Manager>>s
Source: 21.exe	Binary or memory string: PM]<<Program Manager>> [1:42:55 PM]<<Program Manager>> [1:42:55 PM]<<Program Manager>> [1:42:55 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472048739.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490537591.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491953447.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492945009.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470694507.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479480704.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577864404.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487835519.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472222993.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489129276.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468310327.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467458390.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468411877.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492464525.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475844497.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475719230.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468362798.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476642889.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478315777.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469183098.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473919060.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489896544.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475770030.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472127553.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469882044.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477744907.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467809463.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:43:23 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479737585.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475423310.0000000005E14000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493296356.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481181521.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425095311.0000000003745000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458384159.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483011357.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473210755.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484751942.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490292064.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517264336.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481970425.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424852272.0000000003772000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460088658.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460540222.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476150906.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471158762.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475402200.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475734184.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488213476.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458841769.0000000005E49000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452881848.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462131672.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477331838.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453765033.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467825795.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463174279.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517116988.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456450599.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461729042.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456150858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469445754.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453992276.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458866774.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463469017.000000000376C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482653953.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487214724.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469400002.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458762474.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454224724.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468569231.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470107293.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472240252.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375627252.0000000003739000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486965824.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487616192.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457739598.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456340949.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517350970.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477732801.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467479639.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482690405.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459634702.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459386417.00000000037D3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479715862.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494502594.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492655598.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457695266.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458526394.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462193603.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457288339.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424831327.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463241340.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461466122.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460720131.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457541582.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577730314.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472222993.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471498708.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492504654.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456183103.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454819334.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474593553.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474367333.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483444383.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464078238.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465573846.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457325715.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474575836.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458727342.00000000037CE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472150191.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459053061.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460762953.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459075635.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465361197.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459007999.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493336704.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473603381.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424654455.000000000379F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458291644.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456115809.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487630853.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452621648.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490315222.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452638824.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452597267.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472278661.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459713896.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467458390.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464234945.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457347121.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460033768.00000000037C9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467869638.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464160930.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482951727.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492543566.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458796852.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458611315.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478058785.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458428261.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456321578.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459297034.00000000037BE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517054374.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458354568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517074877.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464495989.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452895169.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453788789.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463456854.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475383582.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468411877.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469948198.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484653444.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468442294.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481954789.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461753640.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467883847.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459697609.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460161780.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457559306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452806427.00000000037B7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458811178.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463660039.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464478198.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460362009.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468602865.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486474318.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476243465.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453689380.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.383468808.000000000374E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480683127.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463137212.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473530369.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460260764.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472467964.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463673901.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458119405.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375653868.000000000372D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456547230.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424773837.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486444561.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465382984.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461338085.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490151238.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463644684.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465641003.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477379199.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483091608.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456532192.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460936632.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463156501.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456389310.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478979265.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467854718.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461800019.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456071803.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469183098.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464202193.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465729511.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457464772.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458185611.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468374780.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463047506.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468427298.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482240498.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454209766.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471269572.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464220778.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476630064.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464300233.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452925223.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464465973.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452784846.00000000037C1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456512237.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458882013.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454109857.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474545758.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469208670.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577761403.00000000037B4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458636179.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.455126754.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492158978.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452840429.0000000005DF5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424714972.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472498096.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459447578.0000000005E43000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460120579.0000000005E48000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484738414.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473167040.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461010407.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467936036.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470173071.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469882044.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465614084.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481255581.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458333672.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:42:34 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp	Binary or memory string: g42:33 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: ager>> [1:43:17 PM]<<Program Manager>> [1:43:17 PM]<<Program Manager>> [1:43:17 PM]<<Program Manager>> [1:43:17 PM]<<P
Source: 21.exe, 00000007.00000003.469445754.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463713394.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457739598.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474593553.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459094367.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464495989.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468602865.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473530369.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456547230.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465729511.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458549786.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471269572.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452925223.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.455126754.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472498096.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461010407.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467936036.0000000003744000.00000004.00000001.sdmp	Binary or memory string: Program ManagerdllMPD0A
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: [1:42:35 PM]<<Program Manager>>3
Source: 21.exe	Binary or memory string: er>> [1:43:43 PM]<<Program Manager>> [1:43:43 PM]<<Program Manager>> [1:43:43 PM]<<Program Manager>> [1:43:43 PM]<<Pro
Source: 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577594157.000000000377A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.570844728.0000000000196000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577621493.000000000377E000.00000004.00000001.sdmp	Binary or memory string: [1:44:01 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp	Binary or memory string: [1:43:28 PM]<<Program Manager>>a
Source: 21.exe	Binary or memory string: <Program Manager>> [1:42:35 PM]<<Program Manager>> [1:42:35 PM]<<Program Manager>> [1:42:35 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: PM]<<Program Manager>> [1:43:15 PM]<<Program Manager>> [1:43:15 PM]<<Program Manager>> [1:43:15 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.456183103.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452638824.000000000376A000.00000004.00000001.sdmp	Binary or memory string: 43:07 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp	Binary or memory string: [1:43:57 PM]<<Program Manager>>ram Manager>>
Source: 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp	Binary or memory string: [1:42:34 PM]<<Program Manager>1
Source: 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp	Binary or memory string: [1:43:26 PM]<<Program ManagerPM]
Source: 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp	Binary or memory string: [1:43:28 PM]<<Program Manager>>_
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: 43:57 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp	Binary or memory string: [1:43:32 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466559024.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472455766.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472989361.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460088658.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464415246.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463343927.0000000005E4D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472048739.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457401335.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458841769.0000000005E49000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478695418.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478298809.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472018149.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479961257.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458167753.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484578600.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459368709.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463174279.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479778193.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461729042.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470694507.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479480704.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463469017.000000000376C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458277455.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477613994.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458762474.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476581949.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475086635.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459634702.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459386417.00000000037D3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469849454.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457288339.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463241340.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461466122.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460720131.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472222993.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464078238.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457325715.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458727342.00000000037CE000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460762953.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459075635.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470649697.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468310327.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467444335.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467458390.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464234945.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457347121.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460033768.00000000037C9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458611315.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458428261.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461973180.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459297034.00000000037BE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476946731.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473841413.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468411877.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475844497.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475368247.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468555223.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460161780.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457559306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473894462.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475719230.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458592106.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475589827.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459578253.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471226062.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469072850.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458811178.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463660039.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460362009.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469134928.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468362798.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476642889.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463137212.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460260764.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458225078.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458119405.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465382984.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461338085.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467840996.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461529807.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478315777.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473514761.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461800019.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469183098.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464202193.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457464772.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458185611.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463047506.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464140712.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464300233.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458882013.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458636179.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473919060.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475770030.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459447578.0000000005E43000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460120579.0000000005E48000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472127553.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469882044.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477744907.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467809463.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465614084.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458333672.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:43:19 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.517187978.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517291558.000000000377F000.00000004.00000001.sdmp	Binary or memory string: [1:43:47 PM]<<Program Manager>
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: @o[1:43:54 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: :57 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: 1:43:58 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: [1:42:32 PM]<<Program Manager>> [1:42:32 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Program M
Source: 21.exe	Binary or memory string: [1:42:53 PM]<<Program Manager>> [1:42:54 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: @%SystemRoot%\System32\mswsock.dll,-60202%SystemRoot%\system32\mswsock.dll43:38 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp	Binary or memory string: :32 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: nager>> [1:43:19 PM]<<Program Manager>> [1:43:19 PM]<<Program Manager>> [1:43:20 PM]<<Program Manager>> [1:43:20 PM]<<
Source: 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: :43:26 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: ger>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Pr
Source: 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp	Binary or memory string: [1:43:54 PM]<<:43:09 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>> [1:42:34 PM]<<Program Manager>> [1:42:34 PM]<<Program Ma
Source: 21.exe	Binary or memory string: [1:43:39 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.517264336.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517187978.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517435891.000000000373E000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.570844728.0000000000196000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517405635.0000000003763000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517291558.000000000377F000.00000004.00000001.sdmp	Binary or memory string: [1:43:44 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp	Binary or memory string: [1:43:30 PM]<<Program Managerk
Source: 21.exe, 00000007.00000003.465183864.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477309350.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476806766.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475976439.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478897060.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481164656.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480829841.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479674015.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478422040.000000000377E000.00000004.00000001.sdmp	Binary or memory string: 2:53 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: ]<<Program Manager>> [1:42:34 PM]<<Program Manager>> [1:42:34
Source: 21.exe	Binary or memory string: 1:42:51 PM]<<Program Manager>> [1:42:52 PM]<<Program Manager>> [1:
Source: 21.exe	Binary or memory string: nager>> [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<
Source: 21.exe, 00000007.00000003.517264336.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490537591.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491953447.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492945009.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577864404.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487835519.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489129276.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492464525.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489896544.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp	Binary or memory string: 2 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp	Binary or memory string: [1:43:29 PM]<<Program ManagerE
Source: 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp	Binary or memory string: [1:43:30 PM]<<Program Managerq
Source: 21.exe	Binary or memory string: Manager>> [1:42:35 PM]<<Program Manager>> [1:42:35 PM]<<Program Manager>> [1:42:35 PM]<<Program Manager>> [1:42:35 PM]
Source: 21.exe	Binary or memory string: rogram Manager>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>> [1:42
Source: 21.exe, 00000007.00000003.517435891.000000000373E000.00000004.00000001.sdmp	Binary or memory string: @%SystemRoot%\System32\wshqos.dll,-101%SystemRoot%\system32\mswsock.dll37 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.424773837.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424714972.00000000037A9000.00000004.00000001.sdmp	Binary or memory string: [1:43:01 PM]<<Program Manager>>g
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: [1:44:03 PM]<<Program Manager>>nag
Source: 21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp	Binary or memory string: bcryptprimitives.dll3 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp	Binary or memory string: [1:44:07 PM<<Program Manager>>
Source: 21.exe, 00000007.00000003.456103667.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460088658.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458167753.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453765033.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459368709.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457325715.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458592106.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453689380.00000000037BF000.00000004.00000001.sdmp	Binary or memory string: 16 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp	Binary or memory string: [1:43:29 PM]<<Program ManagerO
Source: 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp	Binary or memory string: [1:43:31 PM]<<Program Manager>>?
Source: 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp	Binary or memory string: [1:43:34 PM]<<Program Managerg=
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: AF_UNIX%SystemRoot%\system32\mswsock.dll37 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577594157.000000000377A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.570844728.0000000000196000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577621493.000000000377E000.00000004.00000001.sdmp	Binary or memory string: [1:43:59 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.517435891.000000000373E000.00000004.00000001.sdmp	Binary or memory string: (o[1:43:36 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.458119405.00000000037D4000.00000004.00000001.sdmp	Binary or memory string: [1:43:19 PM]<<Program Manager>>I
Source: 21.exe	Binary or memory string: rogram Manager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>> [1:43
Source: 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp	Binary or memory string: [1:43:20 PM]<<Program Manager3
Source: 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp	Binary or memory string: @o:08 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: [1:43:00 PM]<<Program Manager>> [1:43:00 PM]<<Program Manager>> [1:43:00 PM]<<Program Manager>> r [1:43:00 PM]<<Program
Source: 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.570844728.0000000000196000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577621493.000000000377E000.00000004.00000001.sdmp	Binary or memory string: [1:44:04 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: [1:43:58 PM]<<Program Manager
Source: 21.exe, 00000007.00000003.375627252.0000000003739000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375653868.000000000372D000.00000004.00000001.sdmp	Binary or memory string: n[1:42:32 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: gram Manager>> [1:42:52 PM]<<Program Manager>> [1:42:52 PM]<<P
Source: 21.exe	Binary or memory string: PM]<<Program Manager>> [1:42:54 PM]<<Program Manager>> [1:42:54 PM]<<Program Manager>> [1:42:54 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.375627252.0000000003739000.00000004.00000001.sdmp	Binary or memory string: :42:33 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: [1:43:37 PM]<<Program Manager>>p
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp	Binary or memory string: [1:43:22 PM]<<Program Managerana
Source: 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp	Binary or memory string: [1:43:30 PM]<<Program Manager
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: (o[1:43:54 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: 43:38 PM]<<Program Manager>> [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<Program Manage
Source: 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476243465.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp	Binary or memory string: [1:42:34 PM]<<Program Manager>>B
Source: 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp	Binary or memory string: [1:43:31 PM]<<Program Manager>>%
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: `:02 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp	Binary or memory string: :43:37 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp	Binary or memory string: [1:43:54 PM][1:43:09 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program
Source: 21.exe	Binary or memory string: anager>> [1:42:34 PM]<<Program Manager>> [1:42:34 PM]<<
Source: 21.exe	Binary or memory string: ogram Manager>> [1:42:51 PM]<<Program Manager>> [1
Source: 21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp	Binary or memory string: F`<Program Manager
Source: 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp	Binary or memory string: [1:43:56 PM]<<Program Manager>
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475423310.0000000005E14000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483011357.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460088658.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464415246.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472048739.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475402200.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457401335.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458841769.0000000005E49000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453765033.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463174279.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456450599.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461729042.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456150858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470694507.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453992276.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479480704.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463469017.000000000376C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458277455.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469400002.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458762474.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456340949.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459634702.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459386417.00000000037D3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457288339.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463241340.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461466122.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460720131.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472222993.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452908679.00000000037A0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456183103.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464078238.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457325715.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458727342.00000000037CE000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472150191.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460762953.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459075635.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459007999.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473603381.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468310327.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458291644.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456115809.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452621648.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452638824.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452597267.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467458390.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464234945.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457347121.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460033768.00000000037C9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453881580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464160930.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458611315.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458428261.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461973180.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459297034.00000000037BE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452895169.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453788789.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468411877.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475844497.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467883847.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460161780.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457559306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475719230.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459578253.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452806427.00000000037B7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458811178.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463660039.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460362009.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453689380.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468362798.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476642889.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463137212.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460260764.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458225078.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463673901.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458119405.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465382984.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461338085.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465641003.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477379199.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461529807.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456532192.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456389310.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478315777.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478979265.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461800019.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456071803.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469183098.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464202193.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457464772.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458185611.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468374780.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463047506.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454209766.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464140712.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464300233.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452784846.00000000037C1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458882013.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454109857.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458636179.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452840429.0000000005DF5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473919060.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475770030.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459447578.0000000005E43000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460120579.0000000005E48000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472127553.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470173071.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469882044.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477744907.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467809463.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465614084.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481255581.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458333672.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:43:09 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: r>> [1:43:06 PM]<<Program Manager>> [1:43:06 PM]<<Program Manager>> [1:43:06 PM]<<Program Manager>> [1:43:06 PM]<<Prog
Source: 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp	Binary or memory string: [1:43:31 PM]<<Program Manager>>5
Source: 21.exe	Binary or memory string: gram Manager>> [1:42:55 PM]<<Program Manager>> [1:42:55 PM]<<Program Manager>> [1:42:55 PM]<<Program Manager>> [1:42:5
Source: 21.exe, 00000007.00000003.457288339.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457347121.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458611315.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458636179.00000000037B5000.00000004.00000001.sdmp	Binary or memory string: [1:43:19 PM]<<Program Manager
Source: 21.exe, 00000007.00000003.517435891.000000000373E000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: ^b5 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: [1:43:00 PM]<<Program Manager>> [1:43:00 PM]<<Run>>
Source: 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp	Binary or memory string: 34 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp	Binary or memory string: [1:43:24 PM]<<Program Manager#
Source: 21.exe	Binary or memory string: 34 PM]<<Program Manager>> [1:42:34 PM]<<Program Manager>> [1:42:34 PM]<<Program Manager>> [1:42:34 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481181521.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466559024.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473210755.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484751942.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472455766.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472989361.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460088658.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464415246.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463343927.0000000005E4D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472048739.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475734184.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457401335.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458841769.0000000005E49000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478695418.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478298809.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472018149.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479961257.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477331838.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484578600.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453765033.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467825795.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463174279.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479778193.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461729042.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456150858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470694507.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458866774.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479480704.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463469017.000000000376C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458277455.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477613994.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458762474.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470107293.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476581949.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486965824.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456340949.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456371204.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475086635.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459634702.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469378697.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459386417.00000000037D3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479715862.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469849454.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492655598.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457288339.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463241340.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461466122.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460720131.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472222993.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456183103.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464078238.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457325715.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458727342.00000000037CE000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460762953.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459075635.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470649697.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468310327.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456115809.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467444335.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452621648.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490315222.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452638824.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452597267.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467458390.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464234945.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457347121.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460033768.00000000037C9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453881580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482951727.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458611315.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478058785.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461973180.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459297034.00000000037BE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476946731.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517074877.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473841413.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452895169.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453788789.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463456854.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475383582.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468411877.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475844497.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481954789.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475368247.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468555223.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460161780.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457559306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473894462.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475719230.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475589827.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459578253.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471226062.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452806427.00000000037B7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469072850.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458811178.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463660039.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460362009.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469134928.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453689380.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468362798.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476642889.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463137212.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460260764.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458225078.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458119405.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465382984.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461338085.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467840996.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461529807.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456532192.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460936632.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456389310.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478315777.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473514761.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461800019.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456071803.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469183098.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464202193.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457464772.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458185611.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463047506.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454209766.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464140712.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464300233.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452784846.00000000037C1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454109857.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458636179.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473919060.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475770030.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459447578.0000000005E43000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460120579.0000000005E48000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472127553.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469882044.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477744907.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467809463.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465614084.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458333672.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:43:15 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.517264336.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517350970.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517187978.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517435891.000000000373E000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.570844728.0000000000196000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517405635.0000000003763000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517291558.000000000377F000.00000004.00000001.sdmp	Binary or memory string: [1:43:41 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>> [1:42:34 PM]<<Program Manager>> [1:42:34 PM]<<Program
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: MSAFD Irda [IrDA]%SystemRoot%\system32\mswsock.dll43:38 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp	Binary or memory string: 01 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: 8 PM]<<Program Manager>> [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: <Program Manager>> [1:42:52 PM]<<Program Manager>> [1:42:52 PM
Source: 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp	Binary or memory string: [1:43:31 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.570844728.0000000000196000.00000004.00000001.sdmp	Binary or memory string: [1:43:48 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: ogram Manager>> [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<Program Manager>> [1:43:
Source: 21.exe	Binary or memory string: [1:42:32 PM]<<Program Manager>> [1:42:32 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<
Source: 21.exe	Binary or memory string: ram Manager>> [1:43:07 PM]<<Program Manager>> [1:43:07 PM]<<Program Manager>> [1:43:07 PM]<<Program Manager>> [1:43:07
Source: 21.exe	Binary or memory string: Program Manager>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<PrograC:\Users\
Source: 21.exe	Binary or memory string: :43 PM]<<Program Manager>> [1:42:51 PM]<<Program Manager>> [1:42:51 PM]<<Program Manager>> [1:42:51 PM]<<Program Manager>
Source: 21.exe, 00000007.00000003.517264336.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp	Binary or memory string: 51 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp	Binary or memory string: [1:43:21 PM]<<Program Manager2:
Source: 21.exe	Binary or memory string: ]<<Program Manager>> [1:43:06 PM]<<Program Manager>> [1:43:06 PM]<<Program Manager>> [1:43:06 PM]<<Program Manager>> [
Source: 21.exe	Binary or memory string: PM]<<Program Manager>> [1:43:41 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: gram Manager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>> [1:43:3
Source: 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp	Binary or memory string: 1:42:52 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: 3:56 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: Manager>> [1:42:55 PM]<<Program Manager>> [1:42:55 PM]<<Progra
Source: 21.exe	Binary or memory string: ager>> [1:42:33 PM]<<Program Manager>> [1:42:3
Source: 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517264336.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464415246.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472048739.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457401335.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456150858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470694507.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457288339.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463241340.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460720131.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460762953.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468310327.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452621648.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458611315.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461973180.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453788789.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475719230.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459578253.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476243465.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458225078.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.570844728.0000000000196000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458636179.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473919060.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467809463.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp	Binary or memory string: M]<<Program Manager>>
Source: 21.exe, 00000007.00000003.517264336.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517350970.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517187978.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517435891.000000000373E000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.570844728.0000000000196000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517405635.0000000003763000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517291558.000000000377F000.00000004.00000001.sdmp	Binary or memory string: [1:43:37 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: [1:42:33 PM]<<Program Manager>> [1:42:34 PM]<<Program
Source: 21.exe, 00000007.00000002.574850451.0000000000CD0000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: 21.exe	Binary or memory string: ogram Manager>> [1:42:55 PM]<<Program Manager>> [1:42:55 PM]<<
Source: 21.exe, 00000007.00000003.425095311.0000000003745000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469445754.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463713394.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457739598.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474593553.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459094367.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464495989.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468602865.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473530369.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456547230.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465729511.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458549786.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471269572.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452925223.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.455126754.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472498096.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461010407.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467936036.0000000003744000.00000004.00000001.sdmp	Binary or memory string: Program Managerdll593D0D0A
Source: 21.exe	Binary or memory string: > [1:42:51 PM]<<Program Manager>> [1:42:51 PM]
Source: 21.exe, 00000007.00000003.383468808.000000000374E000.00000004.00000001.sdmp	Binary or memory string: [1:42:43 PM]<<Program Manager
Source: 21.exe, 00000007.00000003.472455766.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469849454.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467444335.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475368247.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473894462.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475589827.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471226062.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469072850.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473514761.0000000005E53000.00000004.00000001.sdmp	Binary or memory string: 1:43:15 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: HTj1:43:55 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.461338085.0000000005E3F000.00000004.00000001.sdmp	Binary or memory string: [1:43:21 PM]<<Program Manageru
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: :44:00 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp	Binary or memory string: 42:54 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp	Binary or memory string: [1:43:21 PM]<<Program Manager2:}
Source: 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp	Binary or memory string: [1:43:52 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493296356.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490537591.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491953447.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492945009.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479480704.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482653953.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487616192.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577864404.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487835519.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492504654.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489129276.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492464525.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484653444.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475844497.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475719230.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476642889.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486444561.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517033183.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490151238.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478315777.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492158978.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473919060.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489896544.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475770030.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477744907.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:43:26 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: gram Manager>> [1:43:08 PM]<<Program Manager>> [1:43:08 PM]<<Program Manager>> [1:43:08 PM]<<Program Manager>> [1:43:0
Source: 21.exe, 00000007.00000003.459386417.00000000037D3000.00000004.00000001.sdmp	Binary or memory string: [1:43:19 PM]<<Program Manager>>[
Source: 21.exe	Binary or memory string: Manager>> [1:42:53 PM]<<Program Manager>> [1:42:53 PM]<<Progr
Source: 21.exe	Binary or memory string: m Manager>> [1:43:41 PM]<<Program Manager>> [1:43:41 PM]<<Program Manager>> [1:43:41 PM]<<Program Manager>> [1:43:41 P
Source: 21.exe, 00000007.00000003.517264336.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517350970.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517187978.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517435891.000000000373E000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.570844728.0000000000196000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517405635.0000000003763000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517291558.000000000377F000.00000004.00000001.sdmp	Binary or memory string: [1:43:38 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476243465.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp	Binary or memory string: [1:42:51 PM]<<Program Manager>
Source: 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp	Binary or memory string: 42:53 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: > [1:43:40 PM]<<Program Manager>> [1:43:40 PM]<<Program Manager>> [1:43:40 PM]<<Program Manager>> [1:43:40 PM]<<Progra
Source: 21.exe	Binary or memory string: [1:42:51 PM]<<Program Manager>> [1:42:51 PM
Source: 21.exe	Binary or memory string: m Manager>> [1:42:52 PM]<<Program Manager>> [1:42:52 PM]<<Program Manager>> [1:42:52 PM]<<Program Manager>> [1:42:52 P
Source: 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp	Binary or memory string: [1:43:22 PM]<<Program Manager>>PM]<<Pr
Source: 21.exe	Binary or memory string: PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: ager>> [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<P
Source: 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577594157.000000000377A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577621493.000000000377E000.00000004.00000001.sdmp	Binary or memory string: [1:44:00 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp	Binary or memory string: [1:44:07 PM]<Program Manager>>
Source: 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp	Binary or memory string: :29 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: er>> [1:42:54 PM]<<Program Manager>> [1:42:54 PM]<<Program Manager>> [1:42:54 PM]<<Program Manager>> [1:42:54 PM]<<Pro
Source: 21.exe	Binary or memory string: anager>> [1:42:34 PM]<<Program Manager>> [1:42:34 PM]<<Program Manager>> [1:42:34 PM]<<Program Manager>> [1:42:34 PM]<
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: [1:43:55 PM]<<Program Manager>> T
Source: 21.exe	Binary or memory string: M]<<Program Manager>> [1:42:34 PM
Source: 21.exe	Binary or memory string: :39 PM]<<Program Manager>> [1:43:39 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: d[1:43:36 PM]<<Program Manager>> [1:43:36 PM]<<Program Manager>> [1:43:36 PM]<<Program Manager>> [1:43:37 PM]<<Program Ma
Source: 21.exe, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476243465.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp	Binary or memory string: PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: ram Manager>> [1:42:55 PM]<<Program Manager>> [1:42:55 PM]<<Pr
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: n:44:03 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: 43:05 PM]<<Program Manager>> [1:43:05 PM]<<Program Manager>> [1:43:05 PM]<<Program Manager>> [1:43:05 PM]<<Program Manage
Source: 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490537591.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491953447.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484578600.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492945009.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577864404.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487835519.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489129276.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492464525.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489896544.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp	Binary or memory string: [1:43:31 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: :42:53 PM]<<Program Manager>> [1:42:53 PM
Source: 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp	Binary or memory string: [1:43:30 PM]<<Program Manager>>g
Source: 21.exe	Binary or memory string: 2:51 PM]<<Program Manager>> [1:42:52 PM]<<Program Manager>> [1:42:52 PM]<<Program Manager>> [1:42:52 PM]<<Program Manager
Source: 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp	Binary or memory string: [1:43:30 PM]<<Program Manager>>k
Source: 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: 1:43:25 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: [1:42:32 PM]<<Program Manager>> [1:42:32 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Program Man
Source: 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476243465.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp	Binary or memory string: 33 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.517435891.000000000373E000.00000004.00000001.sdmp	Binary or memory string: HTj1:43:37 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.456115809.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456389310.00000000037CB000.00000004.00000001.sdmp	Binary or memory string: [1:43:06 PM]<<Program Manager>
Source: 21.exe, 00000007.00000002.577621493.000000000377E000.00000004.00000001.sdmp	Binary or memory string: 43:58 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466559024.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472455766.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472989361.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460088658.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464415246.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463343927.0000000005E4D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472048739.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478695418.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478298809.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472018149.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479961257.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484578600.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463174279.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479778193.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461729042.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470694507.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479480704.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463469017.000000000376C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477613994.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476581949.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475086635.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459386417.00000000037D3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469849454.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463241340.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461466122.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460720131.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472222993.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464078238.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460762953.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470649697.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468310327.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467444335.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467458390.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464234945.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460033768.00000000037C9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461973180.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476946731.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473841413.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468411877.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475844497.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475368247.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468555223.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460161780.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473894462.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475719230.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475589827.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471226062.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469072850.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463660039.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469134928.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468362798.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476642889.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463137212.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460260764.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465382984.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461338085.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467840996.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461529807.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478315777.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473514761.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461800019.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469183098.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464202193.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463047506.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464140712.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464300233.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473919060.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475770030.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472127553.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469882044.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477744907.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467809463.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465614084.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:43:20 PM]<<Program Manager>>
Source: 21.exe, 21.exe, 00000007.00000002.574850451.0000000000CD0000.00000002.00020000.sdmp	Binary or memory string: Program Manager
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479737585.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475423310.0000000005E14000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493296356.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481181521.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425095311.0000000003745000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458384159.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483011357.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473210755.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484751942.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490292064.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517264336.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481970425.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424852272.0000000003772000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460088658.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460540222.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476150906.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471158762.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475402200.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475734184.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488213476.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452881848.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462131672.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477331838.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453765033.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467825795.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463174279.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517116988.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456450599.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456150858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469445754.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453992276.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458866774.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463469017.000000000376C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482653953.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487214724.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469400002.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454224724.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468569231.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470107293.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472240252.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375627252.0000000003739000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486965824.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487616192.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457739598.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456340949.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517350970.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477732801.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467479639.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482690405.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459634702.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459386417.00000000037D3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479715862.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494502594.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492655598.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457695266.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458526394.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462193603.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457288339.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424831327.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463241340.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461466122.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460720131.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457541582.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577730314.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471498708.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492504654.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456183103.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454819334.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474593553.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474367333.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483444383.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464078238.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465573846.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457325715.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474575836.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458727342.00000000037CE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472150191.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459053061.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460762953.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459075635.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465361197.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459007999.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493336704.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473603381.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424654455.000000000379F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458291644.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456115809.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487630853.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452621648.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490315222.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452638824.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452597267.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472278661.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459713896.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464234945.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457347121.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460033768.00000000037C9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467869638.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464160930.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482951727.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492543566.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458796852.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458611315.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478058785.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458428261.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456321578.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459297034.00000000037BE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517054374.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458354568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517074877.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464495989.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452895169.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453788789.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463456854.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475383582.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469948198.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484653444.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468442294.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481954789.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461753640.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467883847.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459697609.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460161780.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457559306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452806427.00000000037B7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458811178.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463660039.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464478198.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460362009.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468602865.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486474318.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476243465.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453689380.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.383468808.000000000374E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480683127.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473530369.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460260764.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472467964.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463673901.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458119405.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375653868.000000000372D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456547230.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424773837.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375595803.00000000006F7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486444561.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465382984.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461338085.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490151238.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463644684.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465641003.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477379199.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483091608.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456532192.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460936632.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463156501.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456389310.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478979265.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467854718.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461800019.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456071803.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465729511.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457464772.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458185611.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468374780.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463047506.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468427298.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482240498.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454209766.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471269572.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464220778.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476630064.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464300233.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452925223.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464465973.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452784846.00000000037C1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456512237.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458882013.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454109857.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474545758.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469208670.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577761403.00000000037B4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458636179.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.455126754.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492158978.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452840429.0000000005DF5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424714972.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472498096.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459447578.0000000005E43000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460120579.0000000005E48000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484738414.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473167040.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461010407.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467936036.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470173071.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465614084.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481255581.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:42:33 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: 1:43:00 PM]<<Program Manager>> [1:43:00 PM]<<Program Manager>> [1:43:00 PM]<<Program Manage
Source: 21.exe	Binary or memory string: [1:42:54 PM]<<Program Manager>> [1:42:54 PM]<<Program Manager>> [1:42:54 PM]<<Program Manager>> [1:42:54 PM]<<Program Man
Source: 21.exe, 00000007.00000003.517435891.000000000373E000.00000004.00000001.sdmp	Binary or memory string: [1:43:37 PM]<<Program Manager
Source: 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp	Binary or memory string: [1:44:03 PM]<<Program Manager>>33M
Source: 21.exe, 00000007.00000003.465183864.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477309350.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476806766.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475976439.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478897060.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481164656.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480829841.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479674015.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478422040.000000000377E000.00000004.00000001.sdmp	Binary or memory string: 3 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: ager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<P
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: Program Managerdllge1OB4 !
Source: 21.exe	Binary or memory string: [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<Program
Source: 21.exe	Binary or memory string: er>> [1:42:53 PM]<<Program Manager>> [1:42:53 PM]<<Program Man
Source: 21.exe, 00000007.00000003.424773837.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424714972.00000000037A9000.00000004.00000001.sdmp	Binary or memory string: 42314930707776357A6F73374C5762517156302B5132756B7946394F67423046666E6A6168734836476A3156577A4C3562744A466971737A6E556B794F6F77670D0A6F7933684D68324F38476B654875493D0D0AD3D0D0A[1:42:33 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: 1:42:53 PM]<<Program Manager>> [1:42:53 PM]<<Program Manager>> [1:42:53 PM]<<Program Manager>> [1:42:54 PM]<<Program Mana
Source: 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp	Binary or memory string: 1:43:22 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: ogram Manager>> [1:43:17 PM]<<Program Manager>> [1:43:17 PM]<<Program Manager>> [1:43:18 PM]<<Program Manager>> [1:43:
Source: 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp	Binary or memory string: [1:42:53 PM]<<Program Manager>
Source: 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp	Binary or memory string: [1:43:22 PM]<<Program Manageri
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: [1:44:07 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.577594157.000000000377A000.00000004.00000001.sdmp	Binary or memory string: [1:44:02 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: ogram Manager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>> [1:43:
Source: 21.exe	Binary or memory string: nager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<
Source: 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577594157.000000000377A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.570844728.0000000000196000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577621493.000000000377E000.00000004.00000001.sdmp	Binary or memory string: [1:43:56 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: anager>> [1:42:35 PM]<<Program Manager>> [1:42:35 PM]<<Program Manager>> [1:42:35 PM]<<Program Manager>> [1:42:35 PM]<
Source: 21.exe	Binary or memory string: c[1:43:36 PM]<<Program Manager>> [1:43:36 PM]<<Program Manager>> [1:43:36 PM]<<Program Manager>> [1:43:37 PM]<<Program Ma
Source: 21.exe, 00000007.00000003.463047506.00000000037C4000.00000004.00000001.sdmp	Binary or memory string: [1:43:22 PM]<<Program Managerw
Source: 21.exe, 00000007.00000003.453765033.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453689380.00000000037BF000.00000004.00000001.sdmp	Binary or memory string: [1:43:17 PM]<<Program Manager
Source: 21.exe	Binary or memory string: nager>> [1:42:51 PM]<<Program Manager>> [1:42:51 PM]<<Program Mana
Source: 21.exe, 00000007.00000003.375638835.0000000003726000.00000004.00000001.sdmp	Binary or memory string: :33 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp	Binary or memory string: [1:43:27 PM]<<Program Manager>>G
Source: 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp	Binary or memory string: [1:43:31 PM]<<Program Manager
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475423310.0000000005E14000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483011357.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460088658.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464415246.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472048739.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475402200.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457401335.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458841769.0000000005E49000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452881848.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462131672.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453765033.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463174279.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456450599.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461729042.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456150858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470694507.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453992276.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479480704.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463713394.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458277455.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469400002.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458762474.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454224724.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468569231.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472240252.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456340949.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467479639.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459634702.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459386417.00000000037D3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457695266.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458526394.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457288339.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463241340.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461466122.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460720131.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472222993.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471498708.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456183103.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474367333.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464078238.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465573846.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457325715.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458727342.00000000037CE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472150191.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459053061.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460762953.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459075635.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465361197.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459007999.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473603381.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468310327.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458291644.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456115809.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452621648.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452638824.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452597267.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467458390.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464234945.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457347121.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460033768.00000000037C9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453881580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464160930.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458796852.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458611315.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461973180.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456321578.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459297034.00000000037BE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458354568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452895169.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453788789.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468411877.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469948198.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475844497.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461753640.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467883847.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459697609.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460161780.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457559306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475719230.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459578253.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452806427.00000000037B7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458811178.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463660039.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460362009.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453689380.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468362798.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476642889.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463137212.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460260764.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458225078.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472467964.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463673901.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458119405.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424773837.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465382984.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461338085.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463644684.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465641003.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477379199.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461529807.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456532192.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463156501.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456389310.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478315777.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478979265.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467854718.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461800019.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456071803.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469183098.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464202193.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457464772.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458185611.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468374780.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463047506.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468427298.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454209766.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464220778.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464140712.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464300233.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464465973.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452784846.00000000037C1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456512237.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454109857.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474545758.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469208670.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458636179.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452840429.0000000005DF5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473919060.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424714972.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475770030.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459447578.0000000005E43000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460120579.0000000005E48000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472127553.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473167040.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470173071.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469882044.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477744907.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467809463.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465614084.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481255581.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458333672.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:43:01 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: rogram Manager>> [1:42:51 PM]<<Program Manager>> [1:42:51 PM]<<Program Manager>> [1:42:52 PM]<<
Source: 21.exe, 00000007.00000003.465183864.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477309350.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476806766.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475976439.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478897060.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481164656.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476243465.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480829841.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479674015.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478422040.000000000377E000.00000004.00000001.sdmp	Binary or memory string: Program Manager>>
Source: 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476243465.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458185611.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp	Binary or memory string: 2:33 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp	Binary or memory string: [1:43:31 PM]<<Program Manager-
Source: 21.exe, 00000007.00000003.425095311.0000000003745000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469445754.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463713394.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457739598.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474593553.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459094367.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464495989.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517435891.000000000373E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468602865.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473530369.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456547230.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465729511.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458549786.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471269572.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452925223.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.455126754.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472498096.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461010407.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467936036.0000000003744000.00000004.00000001.sdmp	Binary or memory string: [1:42:56 PM]<<Program Manager
Source: 21.exe	Binary or memory string: [1:42:55 PM]<<Program Manager>> [1:42:55 PM]<<Program Manager>> [1:42:55 PM]<<Program Manager>> [1:42:55 PM]<<Program Ma
Source: 21.exe	Binary or memory string: rogram Manager>> [1:43:39 PM]<<Program Manager>> [1:43:39 PM]<<Program Manager>> [1:43:39 PM]<<Program Manager>> [1:43
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: [1:43:55 PM]<<Program Manager>>>>
Source: 21.exe	Binary or memory string: ager>> [1:42:53 PM]<<Program Manager>> [1:42:53 PM]<<Program M
Source: 21.exe, 00000007.00000003.460720131.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460033768.00000000037C9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp	Binary or memory string: [1:43:20 PM]<<Program Manager
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475423310.0000000005E14000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483011357.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460088658.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464415246.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472048739.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475402200.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457401335.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458841769.0000000005E49000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453765033.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463174279.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456450599.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461729042.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456150858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470694507.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469445754.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453992276.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479480704.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463469017.000000000376C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463713394.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458277455.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469400002.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458762474.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457739598.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456340949.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459634702.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459386417.00000000037D3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457288339.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463241340.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461466122.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460720131.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472222993.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452908679.00000000037A0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456183103.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474593553.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459094367.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464078238.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457325715.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458727342.00000000037CE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472150191.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460762953.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459075635.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459007999.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473603381.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468310327.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458291644.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456115809.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452621648.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452638824.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452597267.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467458390.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464234945.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457347121.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460033768.00000000037C9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453881580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464160930.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458611315.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458428261.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461973180.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459297034.00000000037BE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464495989.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452895169.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453788789.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468411877.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475844497.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517435891.000000000373E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467883847.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460161780.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457559306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475719230.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459578253.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452806427.00000000037B7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458811178.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463660039.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460362009.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468602865.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453689380.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468362798.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476642889.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463137212.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473530369.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460260764.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458225078.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463673901.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458119405.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456547230.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465382984.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461338085.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465641003.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477379199.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461529807.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456532192.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456389310.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478315777.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478979265.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461800019.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456071803.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469183098.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464202193.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465729511.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457464772.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458185611.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468374780.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463047506.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454209766.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458549786.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471269572.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464140712.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464300233.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452925223.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452784846.00000000037C1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458882013.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454109857.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458636179.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.455126754.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452840429.0000000005DF5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473919060.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472498096.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475770030.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459447578.0000000005E43000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460120579.0000000005E48000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472127553.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461010407.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467936036.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470173071.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469882044.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477744907.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467809463.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465614084.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481255581.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458333672.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:43:08 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp	Binary or memory string: [1:43:34 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.517264336.0000000003793000.00000004.00000001.sdmp	Binary or memory string: d[1:43:36 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475423310.0000000005E14000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465183864.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493296356.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425095311.0000000003745000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483011357.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517264336.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460088658.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464415246.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472048739.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475402200.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457401335.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458841769.0000000005E49000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452881848.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462131672.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453765033.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463174279.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456450599.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461729042.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456150858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470694507.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453992276.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479480704.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482653953.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463713394.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458277455.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469400002.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458762474.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454224724.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468569231.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472240252.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487616192.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456340949.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467479639.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459634702.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459386417.00000000037D3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457695266.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458526394.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477309350.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457288339.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424831327.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463241340.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461466122.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460720131.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472222993.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471498708.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492504654.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456183103.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476806766.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474367333.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475976439.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464078238.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465573846.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457325715.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458727342.00000000037CE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472150191.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459053061.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460762953.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459075635.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478897060.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465361197.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459007999.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473603381.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468310327.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424654455.000000000379F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458291644.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456115809.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452621648.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452638824.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452597267.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467458390.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464234945.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457347121.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460033768.00000000037C9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453881580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464160930.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458796852.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458611315.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461973180.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456321578.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459297034.00000000037BE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458354568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452895169.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453788789.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468411877.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469948198.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484653444.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475844497.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461753640.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467883847.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459697609.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460161780.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457559306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475719230.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481164656.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459578253.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452806427.00000000037B7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458811178.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463660039.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460362009.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453689380.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468362798.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476642889.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463137212.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460260764.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458225078.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472467964.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463673901.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458119405.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480829841.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424773837.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486444561.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465382984.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461338085.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490151238.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463644684.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465641003.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477379199.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461529807.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456532192.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463156501.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456389310.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478315777.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478979265.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467854718.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461800019.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456071803.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469183098.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464202193.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457464772.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458185611.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479674015.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468374780.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463047506.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468427298.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454209766.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464220778.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464140712.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464300233.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464465973.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452784846.00000000037C1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456512237.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454109857.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474545758.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469208670.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458636179.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492158978.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452840429.0000000005DF5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473919060.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424714972.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475770030.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459447578.0000000005E43000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460120579.0000000005E48000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472127553.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473167040.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470173071.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469882044.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477744907.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467809463.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465614084.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481255581.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458333672.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478422040.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:42:55 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: <Program Manager>> [1:43:39 PM]<<Program Manager>> [1:43:39 PM]<<Program Manager>> [1:43:39 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.517264336.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517187978.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517435891.000000000373E000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517405635.0000000003763000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517291558.000000000377F000.00000004.00000001.sdmp	Binary or memory string: [1:43:42 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: :00 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: ger>> [1:42:55 PM]<<Program Manager>> [1:42:55 PM]<<Program Manager>> [1:42:55 PM]<<Program Manager>> [1:42:55 PM]<<Pr
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456103667.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481181521.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466559024.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473210755.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484751942.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472455766.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472989361.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460088658.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464415246.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463343927.0000000005E4D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472048739.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475734184.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457401335.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458841769.0000000005E49000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478695418.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478298809.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472018149.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479961257.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477331838.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458167753.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484578600.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453765033.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467825795.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459368709.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463174279.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479778193.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461729042.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456150858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470694507.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458866774.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479480704.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463469017.000000000376C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458277455.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477613994.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458762474.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470107293.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476581949.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486965824.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456340949.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456371204.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475086635.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459634702.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469378697.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459386417.00000000037D3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479715862.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469849454.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492655598.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457288339.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463241340.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461466122.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460720131.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472222993.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456183103.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464078238.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457325715.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458727342.00000000037CE000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460762953.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459075635.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470649697.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468310327.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456115809.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467444335.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452621648.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490315222.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452638824.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452597267.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467458390.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464234945.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457347121.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460033768.00000000037C9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453881580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482951727.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458611315.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478058785.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461973180.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459297034.00000000037BE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476946731.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517074877.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473841413.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452895169.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453788789.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463456854.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475383582.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468411877.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475844497.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481954789.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475368247.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468555223.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460161780.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457559306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473894462.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475719230.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458592106.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475589827.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459578253.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471226062.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452806427.00000000037B7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469072850.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458811178.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463660039.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460362009.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469134928.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453689380.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468362798.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476642889.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463137212.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460260764.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458225078.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458119405.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465382984.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461338085.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467840996.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461529807.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456532192.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460936632.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456389310.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478315777.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473514761.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461800019.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456071803.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469183098.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464202193.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457464772.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458185611.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463047506.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454209766.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464140712.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464300233.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452784846.00000000037C1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454109857.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458636179.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473919060.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475770030.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459447578.0000000005E43000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460120579.0000000005E48000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472127553.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469882044.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477744907.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467809463.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465614084.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458333672.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:43:16 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.517264336.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577730314.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp	Binary or memory string: @%SystemRoot%\System32\mswsock.dll,-60100%SystemRoot%\system32\mswsock.dllM]<<Program Manager>>
Source: 21.exe	Binary or memory string: PM]<<Program Manager>> [1:42:54 PM]<<Program Manager>> [1:42:
Source: 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452784846.00000000037C1000.00000004.00000001.sdmp	Binary or memory string: [1:43:17 PM]<<Program Manager>>ogra
Source: 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp	Binary or memory string: [1:43:25 PM]<<Program Manager.=
Source: 21.exe	Binary or memory string: 51 PM]<<Program Manager>> [1:42:51 PM]<<Program Manager>> [1:42:51
Source: 21.exe, 00000007.00000003.453689380.00000000037BF000.00000004.00000001.sdmp	Binary or memory string: [1:43:17 PM]<<Program Managergr
Source: 21.exe	Binary or memory string: PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.463469017.000000000376C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp	Binary or memory string: @o8 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: :35 PM]<<Program Manager>> [1:42:35 PM]<<Program Mana
Source: 21.exe	Binary or memory string: n]<<Program Manager>>
Source: 21.exe	Binary or memory string: PM]<<Run>> [1:43:14 PM]<<Run>> [1:43:14 PM]<<Run>> [1:43:14 PM]<<Program Manager>> [1:43:14 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp	Binary or memory string: [1:43:31 PM]<<Program Manager?
Source: 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp	Binary or memory string: 18 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp	Binary or memory string: 1:43:29 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: <Program Manager>> [1:43:39 PM]<<Program Manager>> [1:43:39 PM]<<Program Manager>> [1:43:39 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp	Binary or memory string: [1:43:27 PM]<<Program Manager
Source: 21.exe	Binary or memory string: rogram Manager>> [1:42:34 PM]<<Program Manager>> [1:42:34 PM]<<Program Manager>> [1:42:34 PM]<<Program Manager>> [1:42
Source: 21.exe, 00000007.00000003.424831327.000000000376A000.00000004.00000001.sdmp	Binary or memory string: SQLITE~1.DLLSQLite3_StdCall.dllProgram Manager>>
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: ^b<Program Manager>>r
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: [1:44:01 PM]<<Program Manager>
Source: 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp	Binary or memory string: [1:43:24 PM]<<Program Manager>>J
Source: 21.exe	Binary or memory string: [1:42:53 PM]<<Program Manager>> [1:42:53 PM]<<Program Manager
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: ^cM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp	Binary or memory string: [1:43:54 PM]<<Program Manager>>ager
Source: 21.exe	Binary or memory string: M]<<Program Manager>> [1:43:00 PM]<<Program Manager>> [1:43:00 PM]<<Program Manager>> [1:43:00 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp	Binary or memory string: [1:43:53 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp	Binary or memory string: [1:42:55 PM]<<Program Manager>>N
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: 59 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493296356.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490537591.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491953447.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492945009.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479480704.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482653953.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487616192.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577864404.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487835519.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492504654.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489129276.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492464525.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484653444.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475844497.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475719230.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476642889.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486444561.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517033183.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490151238.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478315777.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492158978.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489896544.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475770030.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477744907.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:43:27 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp	Binary or memory string: [1:43:31 PM]<<Program Managerj
Source: 21.exe	Binary or memory string: m Manager>> [1:42:54 PM]<<Program Manager>> [1:42:54 PM]<<Program
Source: 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp	Binary or memory string: [1:43:30 PM]<<Program Manager>>L
Source: 21.exe	Binary or memory string: [1:42:34 PM]<<Program Manager>> [1:42:35 PM]<<Program Manager>> [1:42:35 PM]<<Program Manager>> [1:42:35 PM]<<Program
Source: 21.exe, 00000007.00000003.484578600.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp	Binary or memory string: :15 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: PM]<<Program Manager>> [1:43:08 PM]<<Program Manager>> [1:43:08 PM]<<Program Manager>> [1:43:09 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475423310.0000000005E14000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465183864.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493296356.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425095311.0000000003745000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483011357.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517264336.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424852272.0000000003772000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460088658.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464415246.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460540222.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472048739.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475402200.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457401335.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458841769.0000000005E49000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452881848.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462131672.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453765033.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463174279.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456450599.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461729042.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456150858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470694507.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469445754.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453992276.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463469017.000000000376C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482653953.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469400002.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458762474.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454224724.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468569231.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472240252.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487616192.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457739598.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456340949.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517350970.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467479639.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459634702.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459386417.00000000037D3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457695266.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458526394.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477309350.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457288339.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424831327.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463241340.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461466122.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460720131.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472222993.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471498708.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492504654.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456183103.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476806766.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474593553.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474367333.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475976439.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464078238.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465573846.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457325715.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458727342.00000000037CE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472150191.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459053061.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460762953.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459075635.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478897060.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465361197.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459007999.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473603381.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468310327.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424654455.000000000379F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458291644.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456115809.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452621648.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452638824.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452597267.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467458390.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464234945.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457347121.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460033768.00000000037C9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464160930.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458796852.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458611315.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458428261.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461973180.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456321578.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459297034.00000000037BE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458354568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464495989.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452895169.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453788789.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468411877.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469948198.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484653444.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475844497.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461753640.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467883847.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459697609.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460161780.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457559306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475719230.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481164656.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459578253.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452806427.00000000037B7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458811178.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463660039.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460362009.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468602865.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476243465.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453689380.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463137212.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473530369.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460260764.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458225078.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472467964.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463673901.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458119405.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480829841.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456547230.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424773837.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486444561.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465382984.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461338085.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490151238.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463644684.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465641003.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477379199.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456532192.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463156501.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456389310.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478979265.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467854718.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461800019.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456071803.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469183098.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464202193.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465729511.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457464772.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458185611.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479674015.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468374780.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463047506.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468427298.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454209766.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471269572.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464220778.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464300233.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452925223.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464465973.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452784846.00000000037C1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456512237.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458882013.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454109857.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474545758.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469208670.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458636179.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.455126754.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492158978.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452840429.0000000005DF5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473919060.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424714972.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472498096.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459447578.0000000005E43000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460120579.0000000005E48000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473167040.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461010407.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467936036.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470173071.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469882044.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467809463.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465614084.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481255581.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458333672.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478422040.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:42:51 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: 4:00 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: PM]<<Program Manager>> [1:43:16 PM]<<Program Manager>> [1:43:16 PM]<<Program Manager>> [1:43:16 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: [1:43:08 PM]<<Program Manager>> [1:43:08 PM]<<Program Manager>> [1:43:08 PM]<<Program Manager>> [1:43:08 PM]<<Program Man
Source: 21.exe	Binary or memory string: anager>> [1:42:53 PM]<<Program Manager>> [1:42:53 PM]<<Program
Source: 21.exe, 00000007.00000003.475423310.0000000005E14000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375627252.0000000003739000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp	Binary or memory string: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates Program Manager>>
Source: 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp	Binary or memory string: [1:43:29 PM]<<Program Manager>>PM]
Source: 21.exe	Binary or memory string: anager>> [1:43:00 PM]<<Run>> [1:43:00 PM]<<Run>> [1:43:01 PM]<<Program Manager>> [1:43:05 PM]<<Program Manager>> [1
Source: 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.570844728.0000000000196000.00000004.00000001.sdmp	Binary or memory string: [1:43:49 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp	Binary or memory string: :26 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: @%SystemRoot%\System32\wshqos.dll,-102%SystemRoot%\system32\mswsock.dll37 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.570844728.0000000000196000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577621493.000000000377E000.00000004.00000001.sdmp	Binary or memory string: [1:44:03 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.469445754.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463713394.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457739598.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474593553.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459094367.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464495989.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517435891.000000000373E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468602865.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473530369.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456547230.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465729511.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458549786.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471269572.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452925223.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.455126754.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472498096.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461010407.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467936036.0000000003744000.00000004.00000001.sdmp	Binary or memory string: ^cProgram Manager>>
Source: 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp	Binary or memory string: [1:42:55 PM]<<Program Manager>>t
Source: 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp	Binary or memory string: 1:42:53 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: m Manager>> [1:42:55 PM]<<Program Manager>> [1:42:55 PM]<<Prog
Source: 21.exe	Binary or memory string: ger>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Pr
Source: 21.exe	Binary or memory string: 2 PM]<<Program Manager>> [1:42:52 PM]
Source: 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp	Binary or memory string: [1:43:34 PM]<<Program Manager>>W
Source: 21.exe	Binary or memory string: nager>> [1:43:38 PM]<<Program Manager>> [1:43:39 PM]<<Program Manager>> [1:43:39 PM]<<Program Manager>> [1:43:39 PM]<<
Source: 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp	Binary or memory string: i PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: [1:42:34 PM]<<Program Manager>> [1:42:34 PM]<<Program Manager>> [1:42:35 PM]<<Program Manager>> [1:42:35 PM]<<Program
Source: 21.exe	Binary or memory string: anager>> [1:42:35 PM]<<Program Manager>> [1:42:35 PM]<<Program
Source: 21.exe	Binary or memory string: ger>> [1:43:08 PM]<<Program Manager>> [1:43:08 PM]<<Program Manager>> [1:43:08 PM]<<Program Manager>> [1:43:08 PM]<<Pr
Source: 21.exe	Binary or memory string: <Program Manager>> [1:43:40 PM]<<Program Manager>> [1:43:40 PM]<<Program Manager>> [1:43:40 PM]<<Program Manager>> [1:
Source: 21.exe	Binary or memory string: PM]<<Program Manager>> [1:43:44 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475423310.0000000005E14000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493296356.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425095311.0000000003745000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483011357.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424852272.0000000003772000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460088658.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460540222.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475402200.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458841769.0000000005E49000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452881848.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462131672.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453765033.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463174279.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456450599.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461729042.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456150858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469445754.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453992276.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463469017.000000000376C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482653953.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469400002.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458762474.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454224724.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468569231.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472240252.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487616192.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457739598.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456340949.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517350970.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467479639.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459634702.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459386417.00000000037D3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457695266.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458526394.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457288339.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424831327.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463241340.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461466122.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460720131.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472222993.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471498708.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492504654.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456183103.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474593553.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474367333.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464078238.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465573846.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457325715.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458727342.00000000037CE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472150191.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459053061.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460762953.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459075635.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465361197.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459007999.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473603381.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424654455.000000000379F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458291644.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456115809.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452621648.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452638824.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452597267.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467458390.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464234945.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457347121.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460033768.00000000037C9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464160930.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458796852.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458611315.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458428261.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456321578.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459297034.00000000037BE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458354568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464495989.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452895169.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453788789.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468411877.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469948198.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484653444.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461753640.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467883847.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459697609.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460161780.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457559306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452806427.00000000037B7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458811178.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463660039.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460362009.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468602865.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476243465.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453689380.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.383468808.000000000374E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463137212.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473530369.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460260764.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472467964.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463673901.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458119405.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456547230.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424773837.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486444561.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465382984.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461338085.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490151238.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463644684.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465641003.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477379199.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456532192.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463156501.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456389310.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478979265.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467854718.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461800019.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456071803.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469183098.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464202193.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465729511.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457464772.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458185611.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468374780.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463047506.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468427298.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454209766.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471269572.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464220778.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464300233.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452925223.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464465973.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452784846.00000000037C1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456512237.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458882013.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454109857.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474545758.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469208670.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458636179.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.455126754.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492158978.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452840429.0000000005DF5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424714972.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472498096.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459447578.0000000005E43000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460120579.0000000005E48000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473167040.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461010407.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467936036.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470173071.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469882044.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465614084.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481255581.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458333672.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:42:43 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp	Binary or memory string: [1:43:27 PM]<<Program ManagerK
Source: 21.exe	Binary or memory string: am Manager>> [1:43:42 PM]<<Program Manager>> [1:43:42 PM]<<Program Manager>> [1:43:42 PM]<<Program Manager>> [1:43:42
Source: 21.exe	Binary or memory string: anager>> [1:43:38 PM]<<Program Manager>> [1:43:39 PM]<<Program Manager>> [1:43:39 PM]<<Program Manager>> [1:43:39 PM]<
Source: 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp	Binary or memory string: [1:43:34 PM]<<Program Manager>>E
Source: 21.exe	Binary or memory string: 1:43:07 PM]<<Program Manager>> [1:43:07 PM]<<Program Manager>> [1:43:07 PM]<<Program Manager>> [1:43:07 PM]<<Program Mana
Source: 21.exe	Binary or memory string: >> [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<Program
Source: 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp	Binary or memory string: [1:43:27 PM]<<Program ManagerO
Source: 21.exe, 00000007.00000003.517187978.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517435891.000000000373E000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.570844728.0000000000196000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517405635.0000000003763000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517291558.000000000377F000.00000004.00000001.sdmp	Binary or memory string: [1:43:46 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: > [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Pr
Source: 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp	Binary or memory string: [1:43:25 PM]<<Program Manager
Source: 21.exe, 00000007.00000003.517435891.000000000373E000.00000004.00000001.sdmp	Binary or memory string: Program ManagerFh.BMPukrSg==
Source: 21.exe, 00000007.00000003.517264336.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517350970.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517187978.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517435891.000000000373E000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.570844728.0000000000196000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517405635.0000000003763000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517291558.000000000377F000.00000004.00000001.sdmp	Binary or memory string: [1:43:39 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: ]<<Program Manager>> [1:43:42 PM]<<Program Manager>> [1:43:42 PM]<<Program Manager>> [1:43:42 PM]<<Program Manager>> [
Source: 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp	Binary or memory string: [1:43:23 PM]<<Program Manager
Source: 21.exe	Binary or memory string: :42:54 PM]<<Program Manager>> [1:42:54 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: 7 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: > r [1:42:52 PM]<<Program Manager>> [1:42:52 PM]<<Program Manager>> [1:42:52 PM]<<Program Manager>> [1:42:52 PM]<<Progr
Source: 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp	Binary or memory string: 4 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp	Binary or memory string: 2:55 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: Manager>> [1:42:34 PM]<<Program Manager>> [1:42:34 PM]
Source: 21.exe, 00000007.00000003.456450599.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453992276.0000000005DF7000.00000004.00000001.sdmp	Binary or memory string: 07 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: ram Manager>> [1:43:14 PM]<<Program Manager>> [1:43:14 PM]<<Program Manager>> [1:43:14 PM]<<Program Manager>> [1:43:15
Source: 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp	Binary or memory string: [1:43:26 PM]<<Program ManagerPM]?
Source: 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493296356.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490537591.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491953447.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492945009.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479480704.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482653953.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487616192.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577864404.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487835519.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492504654.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489129276.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492464525.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484653444.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486444561.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517033183.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490151238.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478315777.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492158978.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489896544.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477744907.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:43:28 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: M]<<Program Manager>> [1:42:33 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: Program ManagerdllMPkyF9Og
Source: 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472048739.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp	Binary or memory string: [1:43:26 PM]<<Program Manager
Source: 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp	Binary or memory string: [1:43:23 PM]<<Program Manager>
Source: 21.exe, 00000007.00000003.463343927.0000000005E4D000.00000004.00000001.sdmp	Binary or memory string: 14 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: c[1:43:54 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: [1:42:54 PM]<<Program Manager>> [1:42:54 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: >> [1:43:41 PM]<<Program Manager>> [1:43:41 PM]<<Program Manager>> [1:43:41 PM]<<Program Manager>> [1:43:41 PM]<<Progr
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475423310.0000000005E14000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465183864.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493296356.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425095311.0000000003745000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483011357.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517264336.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460088658.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464415246.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472048739.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475402200.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457401335.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458841769.0000000005E49000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452881848.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462131672.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453765033.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463174279.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456450599.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461729042.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456150858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470694507.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453992276.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479480704.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482653953.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458277455.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469400002.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458762474.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454224724.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468569231.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472240252.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487616192.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456340949.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467479639.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459634702.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459386417.00000000037D3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457695266.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458526394.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477309350.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457288339.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424831327.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463241340.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461466122.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460720131.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472222993.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471498708.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492504654.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456183103.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476806766.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474367333.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475976439.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464078238.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465573846.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457325715.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458727342.00000000037CE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472150191.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459053061.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460762953.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459075635.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478897060.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465361197.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459007999.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473603381.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468310327.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424654455.000000000379F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458291644.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456115809.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452621648.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452638824.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452597267.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467458390.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464234945.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457347121.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460033768.00000000037C9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453881580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464160930.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458796852.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458611315.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461973180.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456321578.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459297034.00000000037BE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458354568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452895169.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453788789.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468411877.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469948198.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484653444.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475844497.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461753640.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467883847.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459697609.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460161780.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457559306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475719230.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481164656.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459578253.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452806427.00000000037B7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458811178.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463660039.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460362009.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453689380.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468362798.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476642889.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463137212.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460260764.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458225078.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472467964.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463673901.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458119405.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480829841.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424773837.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486444561.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465382984.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461338085.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490151238.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463644684.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465641003.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477379199.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461529807.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456532192.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463156501.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456389310.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478315777.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478979265.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467854718.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461800019.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456071803.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469183098.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464202193.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457464772.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458185611.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479674015.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468374780.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463047506.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468427298.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454209766.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464220778.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464140712.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464300233.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464465973.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452784846.00000000037C1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456512237.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454109857.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474545758.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469208670.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458636179.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492158978.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452840429.0000000005DF5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473919060.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424714972.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475770030.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459447578.0000000005E43000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460120579.0000000005E48000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472127553.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473167040.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470173071.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469882044.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477744907.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467809463.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465614084.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481255581.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458333672.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478422040.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:42:54 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp	Binary or memory string: vhttp://schemas.microsoft.com/cdo/configuration/sendusername[1:42:55 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp	Binary or memory string: n[1:43:54 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.453689380.00000000037BF000.00000004.00000001.sdmp	Binary or memory string: [1:43:17 PM]<<Program Manager>>)
Source: 21.exe	Binary or memory string: Manager>> [1:43:38 PM]<<Program Manager>> [1:43:39 PM]<<Program Manager>> [1:43:39 PM]<<Program Manager>> [1:43:39 PM]
Source: 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577594157.000000000377A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.570844728.0000000000196000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577621493.000000000377E000.00000004.00000001.sdmp	Binary or memory string: [1:43:57 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp	Binary or memory string: 42:34 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: Manager>> [1:42:51 PM]<<Program Manager>> [1:42:51 PM]<<Program Manager>> [1:42:51 PM]<<Program Manager>> [1:42:51 PM]
Source: 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490537591.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491953447.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492945009.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577864404.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487835519.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489129276.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492464525.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489896544.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp	Binary or memory string: [1:43:32 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp	Binary or memory string: e[1:42:32 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: [1:43:58 PM]<<Program Manager>
Source: 21.exe, 00000007.00000003.463343927.0000000005E4D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461338085.0000000005E3F000.00000004.00000001.sdmp	Binary or memory string: [1:43:21 PM]<<Program Manager>>X
Source: 21.exe	Binary or memory string: 54 PM]<<Program Manager>> [1:42:54 PM]<<Program Manager>> [1:4
Source: 21.exe, 00000007.00000003.456150858.0000000005E3A000.00000004.00000001.sdmp	Binary or memory string: [1:43:18 PM]<<Program Manager PM]<<
Source: 21.exe	Binary or memory string: 33 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.465183864.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477309350.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476806766.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475976439.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478897060.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481164656.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480829841.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479674015.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478422040.000000000377E000.00000004.00000001.sdmp	Binary or memory string: [1:42:54 PM]<<Program Manager
Source: 21.exe	Binary or memory string: Program Manager>> [1:42:54 PM]<<Program Manager>> [1:42:54 PM]
Source: 21.exe, 00000007.00000003.517291558.000000000377F000.00000004.00000001.sdmp	Binary or memory string: 43:37 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479737585.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493296356.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481181521.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425095311.0000000003745000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458384159.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483011357.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473210755.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484751942.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490292064.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517264336.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481970425.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424852272.0000000003772000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460088658.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460540222.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476150906.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471158762.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475402200.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475734184.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488213476.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452881848.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462131672.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477331838.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453765033.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467825795.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463174279.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517116988.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456450599.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456150858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469445754.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453992276.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458866774.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482653953.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487214724.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469400002.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454224724.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468569231.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470107293.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472240252.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375627252.0000000003739000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486965824.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487616192.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457739598.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456340949.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517350970.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477732801.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467479639.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482690405.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459634702.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459386417.00000000037D3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479715862.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494502594.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492655598.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457695266.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458526394.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462193603.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457288339.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424831327.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463241340.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461466122.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460720131.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457541582.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577730314.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471498708.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492504654.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454819334.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474593553.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474367333.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483444383.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464078238.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465573846.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457325715.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474575836.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458727342.00000000037CE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472150191.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459053061.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460762953.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459075635.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465361197.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459007999.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493336704.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473603381.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424654455.000000000379F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458291644.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456115809.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487630853.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452621648.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490315222.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452597267.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472278661.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459713896.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464234945.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457347121.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460033768.00000000037C9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467869638.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464160930.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482951727.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492543566.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458796852.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458611315.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478058785.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456321578.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459297034.00000000037BE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517054374.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458354568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517074877.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464495989.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452895169.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463456854.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475383582.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469948198.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484653444.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468442294.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481954789.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461753640.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467883847.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459697609.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460161780.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452806427.00000000037B7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458811178.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463660039.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464478198.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468602865.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486474318.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476243465.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453689380.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.383468808.000000000374E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480683127.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473530369.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460260764.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472467964.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463673901.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458119405.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375653868.000000000372D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456547230.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424773837.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375595803.00000000006F7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486444561.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465382984.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461338085.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490151238.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463644684.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465641003.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477379199.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483091608.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456532192.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460936632.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463156501.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456389310.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478979265.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467854718.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461800019.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456071803.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465729511.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457464772.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458185611.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468374780.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463047506.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468427298.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482240498.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454209766.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471269572.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464220778.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476630064.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452925223.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464465973.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452784846.00000000037C1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456512237.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474545758.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469208670.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458636179.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.455126754.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492158978.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452840429.0000000005DF5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424714972.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472498096.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459447578.0000000005E43000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460120579.0000000005E48000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484738414.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473167040.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461010407.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467936036.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470173071.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465614084.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481255581.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:42:32 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.517264336.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp	Binary or memory string: :42:53 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466559024.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472455766.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472989361.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464415246.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472048739.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478695418.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478298809.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472018149.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479961257.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484578600.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463174279.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479778193.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470694507.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479480704.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463469017.000000000376C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477613994.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476581949.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475086635.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469849454.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463241340.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461466122.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472222993.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464078238.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470649697.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468310327.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467444335.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467458390.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464234945.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476946731.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473841413.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468411877.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475844497.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475368247.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468555223.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473894462.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475719230.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475589827.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471226062.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469072850.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463660039.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469134928.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468362798.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476642889.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463137212.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465382984.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467840996.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478315777.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473514761.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469183098.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464202193.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463047506.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464140712.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464300233.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473919060.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475770030.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472127553.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469882044.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477744907.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467809463.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465614084.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:43:21 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: <Program Manager>> [1
Source: 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp	Binary or memory string: [1:43:34 PM]<<Program Manager>>]<<Prog
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: @%SystemRoot%\System32\mswsock.dll,-60201%SystemRoot%\system32\mswsock.dll37 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: Manager>> [1:43:36 PM]<<Program Manager>> [
Source: 21.exe, 00000007.00000003.465183864.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477309350.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476806766.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475976439.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478897060.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481164656.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480829841.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479674015.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478422040.000000000377E000.00000004.00000001.sdmp	Binary or memory string: [1:42:51 PM]<<Program Manager@y
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475423310.0000000005E14000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483011357.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460088658.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464415246.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472048739.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475402200.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457401335.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458841769.0000000005E49000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453765033.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463174279.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456450599.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461729042.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456150858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470694507.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453992276.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479480704.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463469017.000000000376C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463713394.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458277455.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469400002.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458762474.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456340949.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459634702.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459386417.00000000037D3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457288339.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463241340.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461466122.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460720131.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472222993.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452908679.00000000037A0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456183103.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464078238.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457325715.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458727342.00000000037CE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472150191.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460762953.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459075635.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459007999.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473603381.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468310327.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458291644.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456115809.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452621648.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452638824.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452597267.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467458390.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464234945.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457347121.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460033768.00000000037C9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453881580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464160930.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458611315.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461973180.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459297034.00000000037BE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452895169.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453788789.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468411877.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475844497.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467883847.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460161780.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457559306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475719230.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459578253.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452806427.00000000037B7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458811178.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463660039.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460362009.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453689380.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468362798.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476642889.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463137212.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460260764.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458225078.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463673901.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458119405.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465382984.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461338085.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465641003.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477379199.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461529807.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456532192.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456389310.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478315777.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478979265.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461800019.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456071803.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469183098.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464202193.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457464772.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458185611.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468374780.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463047506.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454209766.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464140712.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464300233.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452925223.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452784846.00000000037C1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454109857.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458636179.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452840429.0000000005DF5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473919060.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475770030.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459447578.0000000005E43000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460120579.0000000005E48000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472127553.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470173071.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469882044.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477744907.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467809463.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465614084.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481255581.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458333672.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:43:07 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: :42:52 PM]<<Program Manager>> [1:42:52 PM]<<Program Manager>> [1:42:53 PM]<<Program Manager>> [1:42:53 PM]<<Program Manag
Source: 21.exe	Binary or memory string: <<Program Manager>> [1:43:41 PM]<<Program Manager>> [1:43:41 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468310327.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp	Binary or memory string: [1:43:24 PM]<<Program Manager
Source: 21.exe	Binary or memory string: [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.424654455.000000000379F000.00000004.00000001.sdmp	Binary or memory string: \Users\user\AppData\Roaming\Microsoft\Windows\Templates Program Manager>>
Source: 21.exe	Binary or memory string: 2:54 PM]<<Program Manager>> [1:42:54 PM]<<Program Manager>> [1
Source: 21.exe, 00000007.00000003.469445754.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463713394.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457739598.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474593553.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459094367.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464495989.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468602865.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473530369.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456547230.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465729511.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458549786.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471269572.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452925223.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.455126754.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472498096.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461010407.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467936036.0000000003744000.00000004.00000001.sdmp	Binary or memory string: Program Manager0w==
Source: 21.exe	Binary or memory string: [1:42:53 PM]<<Program Manager>> [1:42:53 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.517264336.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517187978.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517435891.000000000373E000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.570844728.0000000000196000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517405635.0000000003763000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517291558.000000000377F000.00000004.00000001.sdmp	Binary or memory string: [1:43:43 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456103667.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466559024.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472455766.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472989361.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460088658.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464415246.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463343927.0000000005E4D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472048739.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457401335.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458841769.0000000005E49000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478695418.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478298809.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472018149.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479961257.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458167753.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484578600.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453765033.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459368709.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463174279.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479778193.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461729042.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456150858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470694507.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479480704.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463469017.000000000376C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458277455.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477613994.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458762474.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476581949.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456340949.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475086635.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459634702.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459386417.00000000037D3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469849454.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457288339.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463241340.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461466122.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460720131.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472222993.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456183103.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464078238.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457325715.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458727342.00000000037CE000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460762953.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459075635.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470649697.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468310327.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456115809.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467444335.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452621648.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452638824.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452597267.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467458390.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464234945.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457347121.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460033768.00000000037C9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453881580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458611315.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458428261.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461973180.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459297034.00000000037BE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476946731.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473841413.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452895169.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453788789.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468411877.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475844497.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475368247.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468555223.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460161780.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457559306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473894462.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475719230.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458592106.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475589827.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459578253.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471226062.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452806427.00000000037B7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469072850.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458811178.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463660039.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460362009.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469134928.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453689380.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468362798.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476642889.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463137212.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460260764.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458225078.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458119405.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465382984.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461338085.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467840996.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461529807.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456532192.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456389310.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478315777.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473514761.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461800019.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456071803.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469183098.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464202193.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457464772.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458185611.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463047506.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454209766.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464140712.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464300233.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452784846.00000000037C1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458882013.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454109857.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458636179.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473919060.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475770030.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459447578.0000000005E43000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460120579.0000000005E48000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472127553.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469882044.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477744907.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467809463.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465614084.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458333672.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:43:17 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: Program Manager>> [1:42:34 PM]<<Program Manager>> [1:42:34 PM]<<Program Manager>> [1:42:34 PM]<<Program Manager>> [1:4
Source: 21.exe	Binary or memory string: 43:41 PM]<<Program Manager>> [1:43:41 PM]<<Program Manager>> [1:43:41 PM]<<Program Manager>> [1:43:41 PM]<<Program Manage
Source: 21.exe	Binary or memory string: <<Program Manager>> [1:42:54 PM]<<Program Manager>> [1:42:54 P
Source: 21.exe	Binary or memory string: [1:43:36 PM]<<Program Manager>> [1:43:36 PM]<<Program Manager>> [1:43:36 PM]<<Program Manager>> [1:43:37 PM]<<Program M
Source: 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476243465.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp	Binary or memory string: :51 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476243465.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp	Binary or memory string: ]<<Program Manager>>
Source: 21.exe	Binary or memory string: er>> [1:43:14 PM]<<Program Manager>> [1:43:14 PM]<<Program Manager>> [1:43:14 PM]<<Program Manager>> [1:43:14 PM]<<Pro
Source: 21.exe	Binary or memory string: rogram Manager>> [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<Program Manager>> [1:43
Source: 21.exe, 00000007.00000003.465183864.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477309350.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476806766.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475976439.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478897060.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481164656.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480829841.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479674015.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478422040.000000000377E000.00000004.00000001.sdmp	Binary or memory string: 1:42:54 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp	Binary or memory string: 1:43:24 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: :43:06 PM]<<Program Manager>> [1:43:06 PM]<<Program Manager>> [1:43:06 PM]<<Program Manager>> [1:43:06 PM]<<Program Manag
Source: 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp	Binary or memory string: [1:43:35 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: M]<<Program Manager>> [1:43:07 PM]<<Program Manager>> [1:43:07 PM]<<Program Manager>> [1:43:07 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475423310.0000000005E14000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493296356.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483011357.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517264336.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460088658.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464415246.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472048739.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475402200.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457401335.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458841769.0000000005E49000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452881848.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462131672.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453765033.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463174279.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456450599.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461729042.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456150858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470694507.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453992276.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479480704.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482653953.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463713394.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458277455.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469400002.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458762474.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454224724.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468569231.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472240252.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487616192.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456340949.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467479639.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459634702.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459386417.00000000037D3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457695266.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458526394.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457288339.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424831327.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463241340.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461466122.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460720131.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577730314.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472222993.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471498708.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492504654.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456183103.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474367333.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464078238.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465573846.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457325715.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458727342.00000000037CE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472150191.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459053061.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460762953.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459075635.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465361197.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459007999.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473603381.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468310327.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424654455.000000000379F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458291644.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456115809.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452621648.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452638824.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452597267.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467458390.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464234945.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457347121.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460033768.00000000037C9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453881580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464160930.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458796852.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458611315.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461973180.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456321578.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459297034.00000000037BE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458354568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452895169.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453788789.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468411877.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469948198.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484653444.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475844497.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461753640.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467883847.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459697609.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460161780.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457559306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475719230.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459578253.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452806427.00000000037B7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458811178.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463660039.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460362009.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453689380.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468362798.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476642889.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463137212.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460260764.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458225078.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472467964.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463673901.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458119405.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424773837.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486444561.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465382984.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461338085.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490151238.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463644684.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465641003.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477379199.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461529807.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456532192.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463156501.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456389310.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478315777.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478979265.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467854718.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461800019.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456071803.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469183098.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464202193.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457464772.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458185611.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468374780.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463047506.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468427298.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454209766.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464220778.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464140712.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464300233.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464465973.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452784846.00000000037C1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456512237.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454109857.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474545758.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469208670.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458636179.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492158978.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452840429.0000000005DF5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473919060.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424714972.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475770030.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459447578.0000000005E43000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460120579.0000000005E48000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472127553.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473167040.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470173071.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469882044.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477744907.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467809463.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465614084.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481255581.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458333672.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:43:00 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll37 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.457347121.00000000037C4000.00000004.00000001.sdmp	Binary or memory string: [1:43:19 PM]<<Program Manager>>:10 P
Source: 21.exe	Binary or memory string: r>> [1:42:53 PM]<<Program Manager>> [1:42:53 PM]<<Program Manager>> [1:42:53 PM]<<Program Manager>> [1:42:53 PM]<<Prog
Source: 21.exe, 00000007.00000003.458428261.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457559306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458882013.000000000376E000.00000004.00000001.sdmp	Binary or memory string: d3:07 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp	Binary or memory string: [1:42:55 PM]<<Program Manager
Source: 21.exe	Binary or memory string: Manager>> [1:43:39 PM]<<Program Manager>> [1:43:39 PM]<<Program Manager>> [1:43:40 PM]<<Program Manager>> [1:43:40 PM]
Source: 21.exe	Binary or memory string: M]<<Program Manager>> [1:42:53 PM]<<Program Manager>> [1:42:53 PM]<<Program Manager>> [1:42:53 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp	Binary or memory string: [1:43:28 PM]<<Program Manager{
Source: 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp	Binary or memory string: [1:43:50 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.375627252.0000000003739000.00000004.00000001.sdmp	Binary or memory string: [1:42:35 PM]<<Program Manager>>4y
Source: 21.exe	Binary or memory string: Manager>> [1:43:40 PM]<<Program Manager>> [1:43:40 PM]<<Program Manager>> [1:43:40 PM]<<Program Manager>> [1:43:41 PM
Source: 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp	Binary or memory string: [1:43:26 PM]<<Program Manager>><Progr
Source: 21.exe, 00000007.00000003.375627252.0000000003739000.00000004.00000001.sdmp	Binary or memory string: [1:42:35 PM]<<Program Manager34
Source: 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp	Binary or memory string: 43:34 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp	Binary or memory string: [1:44:07 PM]<<Program Manager>
Source: 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472048739.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490537591.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491953447.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492945009.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470694507.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479480704.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577864404.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487835519.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472222993.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489129276.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468310327.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468411877.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492464525.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475844497.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475719230.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468362798.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476642889.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478315777.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469183098.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473919060.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489896544.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475770030.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472127553.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469882044.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477744907.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:43:24 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:43:28 PM]<<Program Managerk
Source: 21.exe	Binary or memory string: rogram Manager>> [1:42:52 PM]<<Program Manager>> [1:42:52 PM]<
Source: 21.exe	Binary or memory string: <<Program Manager>> [1:43:41 PM]<<Program Manager>> [1:43:41 PM]<<Program Manager>> [1:43:41 PM]<<Program Manager>> [1
Source: 21.exe	Binary or memory string: M]<<Program Manager>> [1:43:42 PM]<<Program Manager>> [1:43:43 PM]<<Program Manager>> [1:43:43 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: nager>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Program
Source: 21.exe	Binary or memory string: [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<Program M
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: 7 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: @%SystemRoot%\System32\wshqos.dll,-103%SystemRoot%\system32\mswsock.dll43:38 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: ager>> [1:42:55 PM]<<Program Manager>> [1:42:56 PM]<<Program Manager>> [1:42:56 PM]<<Program Manager>> [1:42:56 PM]<<P
Source: 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577594157.000000000377A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.570844728.0000000000196000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577621493.000000000377E000.00000004.00000001.sdmp	Binary or memory string: [1:44:02 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: Program Manager>> [1:43:39 PM]<<Program Manager>> [1:43:39 PM]<<Program Manager>> [1:43:39 PM]<<Program Manager>> [1:4
Source: 21.exe	Binary or memory string: anager>> [1:42:34 PM]<<Program Manager>> [1:42:34 PM
Source: 21.exe	Binary or memory string: [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Ma
Source: 21.exe	Binary or memory string: 1:43:14 PM]<<Program Manager>> [1:43:14 PM]<<Program Manager>> [1:43:14 PM]<<Program Manager>> [1:43:14 PM]<<Program Mana
Source: 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp	Binary or memory string: [1:43:28 PM]<<Program Manager_
Source: 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp	Binary or memory string: [1:43:31 PM]<<Program Manager>>42:33 P-
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: m-g7 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: 1:43:43 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp	Binary or memory string: [1:43:35 PM]<<Program Manager
Source: 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476243465.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp	Binary or memory string: [1:42:34 PM]<<Program Manager3
Source: 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp	Binary or memory string: [1:43:33 PM]<<Program Manager>>{*
Source: 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp	Binary or memory string: [1:43:28 PM]<<Program Manager
Source: 21.exe	Binary or memory string: M]<<Program Manager>> [1:43:00 PM]<<Program Manager>> [1:43:00 PM]<<Program Manager>> [1
Source: 21.exe	Binary or memory string: rogram Manager>> [1:43:21 PM]<<Program Manager>> [1:43:21 PM]<<Program Manager>> [1:43:22 PM]<<Program Manager>> [1:43
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp	Binary or memory string: [1:43:22 PM]<<Program Manager>>aq
Source: 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp	Binary or memory string: [1:43:24 PM]<<Program Manager>>01 PM]#
Source: 21.exe, 00000007.00000003.517435891.000000000373E000.00000004.00000001.sdmp	Binary or memory string: @%SystemRoot%\System32\wshqos.dll,-102%SystemRoot%\system32\mswsock.dll43:38 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.375638835.0000000003726000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\GX1E0XX84V.zip:42:33 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: 8 PM]<<Program Manager>> [1:43:18 PM]<<Program Manager>> [1:43:19 PM]<<Program Manager>> [1:43:19 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: [1:43:09 PM]<<Program Manager>> [1:43:09 PM]<<Program Manager>> [1:43:09 PM]<<Program Manager>> r [1:43:09 PM]<<Run>>
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466559024.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472455766.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472989361.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472048739.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490537591.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478695418.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478298809.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472018149.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479961257.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491953447.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484578600.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492945009.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479778193.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470694507.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479480704.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477613994.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476581949.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475086635.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577864404.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469849454.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487835519.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472222993.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489129276.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464078238.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470649697.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468310327.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467444335.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467458390.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476946731.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473841413.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468411877.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492464525.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475844497.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475368247.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468555223.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473894462.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475719230.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475589827.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471226062.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469072850.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469134928.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468362798.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476642889.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465382984.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467840996.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478315777.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473514761.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469183098.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464202193.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464140712.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464300233.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473919060.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489896544.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475770030.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472127553.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469882044.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477744907.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467809463.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465614084.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:43:22 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: am Manager>> [1:42:52 PM]<<Program Manager>> [1:42:53 PM]<<Pro
Source: 21.exe, 00000007.00000003.454109857.000000000376A000.00000004.00000001.sdmp	Binary or memory string: 3:07 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: 39 PM]<<Program Manager>> [1:43:39 PM]<<Program Manager>> [1:43:39 PM]<<Program Manager>> [1:43:39 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475423310.0000000005E14000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493296356.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425095311.0000000003745000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458384159.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483011357.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424852272.0000000003772000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460088658.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460540222.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476150906.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471158762.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475402200.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458841769.0000000005E49000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452881848.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462131672.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453765033.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463174279.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456450599.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461729042.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456150858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469445754.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453992276.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463469017.000000000376C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482653953.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469400002.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458762474.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454224724.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468569231.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472240252.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375627252.0000000003739000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487616192.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457739598.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456340949.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517350970.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467479639.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482690405.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459634702.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459386417.00000000037D3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457695266.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458526394.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462193603.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457288339.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424831327.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463241340.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461466122.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460720131.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457541582.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472222993.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471498708.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492504654.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456183103.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454819334.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474593553.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474367333.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464078238.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465573846.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457325715.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474575836.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458727342.00000000037CE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472150191.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459053061.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460762953.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459075635.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465361197.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459007999.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493336704.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473603381.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424654455.000000000379F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458291644.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456115809.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487630853.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452621648.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452638824.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452597267.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472278661.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459713896.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467458390.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464234945.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457347121.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460033768.00000000037C9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467869638.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464160930.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458796852.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458611315.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458428261.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456321578.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459297034.00000000037BE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517054374.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458354568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464495989.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452895169.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453788789.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468411877.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469948198.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484653444.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468442294.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461753640.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467883847.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459697609.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460161780.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457559306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452806427.00000000037B7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458811178.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463660039.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464478198.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460362009.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468602865.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486474318.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476243465.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453689380.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.383468808.000000000374E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463137212.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473530369.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460260764.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472467964.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463673901.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458119405.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375653868.000000000372D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456547230.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424773837.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486444561.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465382984.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461338085.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490151238.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463644684.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465641003.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477379199.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456532192.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463156501.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456389310.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478979265.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467854718.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461800019.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456071803.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469183098.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464202193.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465729511.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457464772.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458185611.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468374780.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463047506.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468427298.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454209766.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471269572.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464220778.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464300233.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452925223.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464465973.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452784846.00000000037C1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456512237.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458882013.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454109857.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474545758.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469208670.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458636179.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.455126754.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492158978.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452840429.0000000005DF5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424714972.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472498096.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459447578.0000000005E43000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460120579.0000000005E48000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473167040.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461010407.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467936036.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470173071.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469882044.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465614084.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481255581.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458333672.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:42:35 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: 0 PM]<<Program Manager>> [1:43:00 PM]<<Program Manager>> [1:43:00 PM]<<Program Manager>> [1:43:00 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: ogram Manager>> [1:42:55 PM]<<Program Manager>> [1:42:55 PM]<<Program Manager>> [1:42:55 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: 5 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp	Binary or memory string: [1:43:35 PM]<<Program Managerg
Source: 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493296356.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490537591.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491953447.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492945009.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482653953.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487616192.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577864404.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487835519.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492504654.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489129276.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492464525.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484653444.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486444561.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517033183.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490151238.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492158978.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489896544.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:43:29 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: :43:42 PM]<<Program Manager>> [1:43:42 PM]<<Program Manager>> [1:43:42 PM]<<Program Manager>> [1:43:42 PM]<<Program Manag
Source: 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp	Binary or memory string: [1:43:35 PM]<<Program Manager_
Source: 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp	Binary or memory string: [1:44:02 PM]<<Program Manager>>ram Man\|
Source: 21.exe	Binary or memory string: [1:43:16 PM]<<Program Manager>> [1:43:16 PM]<<Program Manager>> [1:43:17 PM]<<Program Manager>> [1:43:17 PM]<<Program Ma
Source: 21.exe	Binary or memory string: 37 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: :34 PM]<<Program Manager>> [1:42:34 PM]<<Program Manager>> [1:42:34 PM]<<Program Manager>> [1:42:34 PM]<<Program Manager>
Source: 21.exe	Binary or memory string: <Program Manager>> [1:42:51 PM]<<Program Manager>> [1:42:51 PM]<<Program Manager>> [1:42:51 PM]<<Program Manager>> [1:
Source: 21.exe, 00000007.00000003.375653868.000000000372D000.00000004.00000001.sdmp	Binary or memory string: j PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp	Binary or memory string: [1:43:35 PM]<<Program Manager>>_
Source: 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp	Binary or memory string: [:43:50 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: [1:43:39 PM]<<Program Manager>> [1:43:39 PM]<<Program Manager>> [1:43:39 PM]<<Program Manager>> [1:43:39 PM]<<Program
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475423310.0000000005E14000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465183864.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493296356.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425095311.0000000003745000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483011357.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517264336.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460088658.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464415246.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460540222.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472048739.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475402200.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457401335.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458841769.0000000005E49000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452881848.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462131672.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453765033.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463174279.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456450599.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461729042.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456150858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470694507.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453992276.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479480704.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482653953.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458277455.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469400002.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458762474.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454224724.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468569231.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472240252.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487616192.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456340949.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517350970.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467479639.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459634702.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459386417.00000000037D3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457695266.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458526394.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477309350.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457288339.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424831327.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463241340.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461466122.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460720131.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472222993.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471498708.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492504654.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456183103.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476806766.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474367333.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475976439.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464078238.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465573846.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457325715.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458727342.00000000037CE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472150191.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459053061.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460762953.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459075635.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478897060.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465361197.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459007999.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473603381.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468310327.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424654455.000000000379F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458291644.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456115809.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452621648.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452638824.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452597267.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467458390.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464234945.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457347121.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460033768.00000000037C9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453881580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464160930.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458796852.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458611315.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461973180.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456321578.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459297034.00000000037BE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458354568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452895169.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453788789.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468411877.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469948198.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484653444.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475844497.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461753640.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467883847.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459697609.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460161780.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457559306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475719230.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481164656.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459578253.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452806427.00000000037B7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458811178.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463660039.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460362009.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453689380.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468362798.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476642889.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463137212.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460260764.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458225078.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472467964.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463673901.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458119405.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480829841.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424773837.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486444561.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465382984.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461338085.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490151238.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463644684.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465641003.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477379199.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461529807.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456532192.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463156501.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456389310.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478315777.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478979265.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467854718.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461800019.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456071803.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469183098.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464202193.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457464772.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458185611.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479674015.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468374780.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463047506.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468427298.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454209766.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464220778.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464140712.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464300233.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464465973.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452784846.00000000037C1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456512237.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454109857.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474545758.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469208670.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458636179.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492158978.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452840429.0000000005DF5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473919060.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424714972.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475770030.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459447578.0000000005E43000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460120579.0000000005E48000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472127553.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473167040.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470173071.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469882044.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477744907.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467809463.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465614084.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481255581.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458333672.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478422040.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:42:53 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.462131672.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454224724.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468569231.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472240252.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467479639.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457695266.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458526394.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471498708.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474367333.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465573846.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458727342.00000000037CE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459053061.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465361197.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458796852.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456321578.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458354568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469948198.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461753640.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459697609.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476243465.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472467964.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.570844728.0000000000196000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463644684.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463156501.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467854718.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468427298.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464220778.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464465973.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456512237.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474545758.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469208670.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473167040.00000000037A2000.00000004.00000001.sdmp	Binary or memory string: <<Program Manager>>
Source: 21.exe	Binary or memory string: am Manager>> [1:43:00 PM]<<Program Manager>> [1:43:00 PM]<<Program Manager>> [1:43:00 PM]<<Program Manager>> [1:43:00
Source: 21.exe	Binary or memory string: er>> [1:42:51 PM]<<Program Manager>> [1:42:51 PM]<<Program Man
Source: 21.exe	Binary or memory string: am Manager>> [1:42:53 PM]<<Program Manager>> [1:42:53 PM]<<Program Manager>> [1:42:53 PM]<<Program Manager>> [1:42:53
Source: 21.exe	Binary or memory string: 3:40 PM]<<Program Manager>> [1:43:40 PM]<<Program Manager>> [1:43:40 PM]<<Program Manager>> [1:43:40 PM]<<Program Manager
Source: 21.exe	Binary or memory string: ]<<Program Manager>> [1:42:52 PM]<<Program Manager>> [1:42:52 PM]<<Program Manager>> [1:42:52 PM]<<Program Manager>> [
Source: 21.exe, 00000007.00000003.517187978.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517435891.000000000373E000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.570844728.0000000000196000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517405635.0000000003763000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517291558.000000000377F000.00000004.00000001.sdmp	Binary or memory string: [1:43:47 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000002.577730314.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577594157.000000000377A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.570844728.0000000000196000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577621493.000000000377E000.00000004.00000001.sdmp	Binary or memory string: [1:43:54 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp	Binary or memory string: [1:43:33 PM]<<Program Manager
Source: 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp	Binary or memory string: [1:43:36 PM]<<Program Manager
Source: 21.exe, 00000007.00000003.465183864.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517264336.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477309350.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476806766.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475976439.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478897060.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481164656.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476243465.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480829841.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479674015.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478422040.000000000377E000.00000004.00000001.sdmp	Binary or memory string: 1:42:51 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp	Binary or memory string: [1:43:24 PM]<<Program Managerp<
Source: 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp	Binary or memory string: 3:59 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: r>> [1:43:42 PM]<<Program Manager>> [1:43:42 PM]<<Program Manager>> [1:43:42 PM]<<Program Manager>> [1:43:42 PM]<<Prog
Source: 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp	Binary or memory string: [1:43:24 PM]<<Program Manager>>r+
Source: 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp	Binary or memory string: [1:43:48 PM]<<Program Manager>
Source: 21.exe	Binary or memory string: nager>> [1:42:34 PM]<<Program Manager>> [1:42:34 PM]<<Program Manager>> [1:42:34 PM]<<Program Manager>> [1:42:34 PM]<<
Source: 21.exe	Binary or memory string: ger>> [1:43:15 PM]<<Program Manager>> [1:43:15 PM]<<Program Manager>> [1:43:15 PM]<<Program Manager>> [1:43:15 PM]<<Pr
Source: 21.exe	Binary or memory string: [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program M
Source: 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452806427.00000000037B7000.00000004.00000001.sdmp	Binary or memory string: [1:43:17 PM]<<Program ManagerM
Source: 21.exe	Binary or memory string: [1:42:53 PM]<<Program Manager>> [1:42:53 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: <Program Manager>> [1:42:35 PM]<<Program Manager>> [1:42:35 PM]<<Program Manager>> [1:42:35 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476243465.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp	Binary or memory string: 42:51 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: gram Manager>> [1:43:16 PM]<<Program Manager>> [1:43:16 PM]<<Program Manager>> [1:43:16 PM]<<Program Manager>> [1:43:1
Source: 21.exe	Binary or memory string: [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Manager>> [1:43:37 PM]<<Program Ma
Source: 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp	Binary or memory string: [1:43:32 PM]<<Program Manager
Source: 21.exe	Binary or memory string: [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<Program Manager>> [1:43:38 PM]<<Program
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475423310.0000000005E14000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493296356.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483011357.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460088658.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464415246.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472048739.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475402200.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457401335.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458841769.0000000005E49000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452881848.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462131672.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453765033.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463174279.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456450599.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461729042.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456150858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470694507.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453992276.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479480704.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482653953.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463713394.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458277455.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469400002.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458762474.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454224724.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468569231.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472240252.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487616192.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456340949.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467479639.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459634702.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459386417.00000000037D3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457695266.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458526394.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457288339.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463241340.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461466122.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460720131.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472222993.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471498708.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492504654.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456183103.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474367333.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464078238.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465573846.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457325715.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458727342.00000000037CE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472150191.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459053061.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460762953.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459075635.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465361197.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459007999.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473603381.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468310327.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458291644.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456115809.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452621648.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452638824.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452597267.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467458390.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464234945.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457347121.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460033768.00000000037C9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453881580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464160930.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458796852.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458611315.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461973180.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456321578.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459297034.00000000037BE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458354568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452895169.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453788789.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468411877.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469948198.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484653444.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475844497.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461753640.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467883847.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459697609.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460161780.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457559306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475719230.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459578253.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452806427.00000000037B7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458811178.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463660039.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460362009.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453689380.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468362798.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476642889.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463137212.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460260764.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458225078.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472467964.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463673901.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458119405.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486444561.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465382984.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517033183.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461338085.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490151238.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463644684.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465641003.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477379199.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461529807.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456532192.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463156501.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456389310.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478315777.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478979265.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467854718.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461800019.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456071803.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469183098.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464202193.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457464772.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458185611.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468374780.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463047506.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468427298.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454209766.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464220778.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464140712.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464300233.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464465973.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452784846.00000000037C1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456512237.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454109857.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474545758.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469208670.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458636179.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492158978.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452840429.0000000005DF5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473919060.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475770030.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459447578.0000000005E43000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460120579.0000000005E48000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472127553.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473167040.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470173071.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469882044.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477744907.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467809463.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465614084.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481255581.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458333672.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:43:06 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp	Binary or memory string: [1:43:20 PM]<<Program Managerm
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: :43:55 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: nager>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<Program Manager>> [1:42:33 PM]<<
Source: 21.exe	Binary or memory string: > [1:42:35 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.458185611.00000000037BF000.00000004.00000001.sdmp	Binary or memory string: [1:43:19 PM]<<Program ManagerK
Source: 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp	Binary or memory string: [1:43:22 PM]<<Program Manager>>]
Source: 21.exe, 00000007.00000003.456115809.00000000037B5000.00000004.00000001.sdmp	Binary or memory string: [1:43:18 PM]<<Program Manager
Source: 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479480704.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458277455.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459634702.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424831327.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456183103.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452638824.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453881580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460161780.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457559306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460362009.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476243465.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468362798.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476642889.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461529807.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478315777.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457464772.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454209766.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464140712.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464300233.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454109857.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475770030.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472127553.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477744907.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: 1:43:43 PM]<<Program Manager>> [1:43:43 PM]<<Program Manager>> [1:43:43 PM]<<Program Manager>> [1:43:43 PM]<<Program Mana
Source: 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp	Binary or memory string: [1:43:33 PM]<<Program Manager5
Source: 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp	Binary or memory string: [1:43:22 PM]<<Program Manager>><Progri
Source: 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577761403.00000000037B4000.00000004.00000001.sdmp	Binary or memory string: 1:42:33 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466559024.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472455766.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472989361.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460088658.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464415246.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463343927.0000000005E4D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472048739.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457401335.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458841769.0000000005E49000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478695418.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478298809.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472018149.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479961257.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484578600.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463174279.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479778193.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461729042.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456150858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470694507.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479480704.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463469017.000000000376C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458277455.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477613994.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458762474.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476581949.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456340949.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475086635.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459634702.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459386417.00000000037D3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469849454.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457288339.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463241340.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461466122.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460720131.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472222993.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456183103.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464078238.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457325715.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458727342.00000000037CE000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460762953.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459075635.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470649697.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468310327.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456115809.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467444335.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467458390.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464234945.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457347121.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460033768.00000000037C9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458611315.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458428261.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461973180.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459297034.00000000037BE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476946731.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473841413.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468411877.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475844497.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475368247.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468555223.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460161780.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457559306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473894462.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475719230.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475589827.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459578253.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471226062.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469072850.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458811178.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463660039.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460362009.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469134928.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468362798.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476642889.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463137212.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460260764.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458225078.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517161604.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458119405.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465382984.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461338085.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467840996.00000000037EE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461529807.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456532192.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456389310.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478315777.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473514761.0000000005E53000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461800019.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456071803.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469183098.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464202193.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457464772.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458185611.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463047506.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464140712.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464300233.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458882013.000000000376E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458636179.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473919060.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475770030.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459447578.0000000005E43000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460120579.0000000005E48000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472127553.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469882044.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477744907.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467809463.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465614084.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458333672.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:43:18 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: [1:43:15 PM]<<Program Manager>> [1:43:15 PM]<<Program Manager>> [1:43:15 PM]<<Program Manager>> [1:43:15 PM]<<Program Man
Source: 21.exe, 00000007.00000002.574850451.0000000000CD0000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp	Binary or memory string: 1:43:57 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: M]<<Program Manager>> [1:43:37 PM
Source: 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp	Binary or memory string: 1:43:50 PM]<<Program Manager>>
Source: 21.exe	Binary or memory string: anager>> [1:42:34 PM]<<Program Manager>> [1:42:34 PM]
Source: 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp	Binary or memory string: [1:43:22 PM]<<Program Manager>>I
Source: 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578334695.0000000005E39000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577814550.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp	Binary or memory string: [1:43:33 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.465067820.0000000005E3C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480630138.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475603320.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469795567.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475423310.0000000005E14000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477246263.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477944360.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493296356.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477039437.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425095311.0000000003745000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483313290.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481585869.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480587466.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494236992.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483011357.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485429241.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493049837.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492004081.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460088658.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464415246.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492890306.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472048739.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475402200.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492854162.0000000005E51000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457401335.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476730509.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458841769.0000000005E49000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452881848.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480965500.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478086592.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462131672.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465314133.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453765033.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480108207.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470889901.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463174279.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482967897.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488290452.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456450599.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476038809.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461729042.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483242003.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490783196.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481037581.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460639320.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456150858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470694507.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453992276.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475573003.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480164250.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484025949.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473083101.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483546291.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484163211.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468456098.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479480704.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481082005.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482653953.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463713394.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482841023.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458277455.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466644222.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469400002.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458762474.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454224724.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470583213.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468569231.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472240252.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471179667.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487616192.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481542462.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464109508.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483341585.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456340949.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461379998.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482533905.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483810493.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467479639.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459634702.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465135848.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473865733.0000000005E46000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482015318.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459386417.00000000037D3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482992492.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475748053.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457695266.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458526394.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478390333.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457288339.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424831327.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463241340.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461466122.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460720131.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482406064.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478203772.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475192040.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471096150.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472222993.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471498708.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489442981.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483846830.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492504654.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489244573.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469151233.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456183103.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493033474.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469226568.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478654116.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486851410.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474367333.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478762994.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473976499.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491860263.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483883840.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463367041.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476543623.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468283553.00000000037E0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490045386.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464078238.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465573846.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490476488.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457325715.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492639233.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478933876.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458727342.00000000037CE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472150191.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459053061.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483392460.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460762953.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459075635.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465361197.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487955840.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459007999.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473603381.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487387849.00000000037E2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486931901.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468310327.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477656645.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474839786.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424654455.000000000379F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458291644.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469744497.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481116539.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456115809.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481895328.00000000037E7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477087524.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468237771.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462847548.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484415266.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466395496.00000000037BA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452621648.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474136527.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484444282.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452638824.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452597267.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485888488.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486399488.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474987306.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467458390.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464234945.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457347121.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484619687.00000000037D7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487036762.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479627755.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460033768.00000000037C9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482432100.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453881580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464160930.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458796852.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458611315.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485514223.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476976742.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481937891.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467368366.00000000037CF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466294834.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487483709.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461973180.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456321578.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459297034.00000000037BE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458354568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494434145.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463630427.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464051202.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477161922.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472926209.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492581973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488727685.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.491980280.0000000005E5D000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470783264.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452895169.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490201968.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453788789.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492988308.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490716248.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483916958.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468411877.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469948198.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482930535.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484653444.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482868451.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474475177.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475844497.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478910520.00000000037D1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492820827.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485180446.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466847936.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467568010.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461753640.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467883847.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469041154.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459697609.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494266803.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482575973.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.425043849.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489764701.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479694023.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477215503.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481434462.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463109412.00000000037DE000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460161780.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481869105.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489296373.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457559306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484511040.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481008866.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492130444.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470237179.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474318192.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475719230.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473799793.00000000037E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477690031.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459578253.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452806427.00000000037B7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489367174.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458811178.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477548819.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463660039.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469344753.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475127767.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460362009.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488229679.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492024671.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481915367.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473129615.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453689380.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481706551.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494136702.00000000037E3000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485349489.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486135843.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468362798.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476642889.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463137212.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476128836.0000000003797000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492434244.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474885966.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470436937.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478866924.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458511607.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489579858.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482896302.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460260764.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458225078.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481490290.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472467964.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463673901.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480779798.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489162405.0000000005E52000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459737272.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458119405.00000000037D4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486256152.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492839187.0000000005E45000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424773837.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478462798.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486715919.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486444561.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490628454.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478822304.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492618516.0000000005E4C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489741056.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465382984.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461338085.0000000005E3F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490151238.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463644684.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465641003.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482106045.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477379199.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461529807.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456532192.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.493529133.0000000005E5E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483459420.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492089585.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485052277.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463156501.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475873353.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456389310.00000000037CB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458993728.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469253306.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478315777.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478979265.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485292178.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467854718.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484682006.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479926686.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461800019.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577286761.00000000036F0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456071803.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469183098.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464202193.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482562080.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467739663.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457464772.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458185611.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484381818.0000000005E56000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478255024.00000000037DB000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468374780.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463047506.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468427298.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454209766.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485093439.00000000037DC000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477917255.0000000005E4F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481610852.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467761718.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494526547.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490499952.00000000037D0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490569985.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480009724.0000000005E3E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464220778.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479157518.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487423316.0000000005E4B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464140712.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488161053.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475327401.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474862896.00000000037BF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.488032988.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476596222.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464300233.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483050231.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483995966.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487135191.00000000037DD000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464989053.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484091775.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459859816.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473419823.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474440671.00000000037C6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464465973.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480132851.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452784846.00000000037C1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456512237.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479350059.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474035934.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487363777.00000000037D6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.494182194.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454109857.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470009472.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474545758.00000000037A4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469208670.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.462241549.0000000003744000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469086942.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480184560.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458636179.00000000037B5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480528060.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472298355.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492158978.00000000037A6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492401222.0000000005E63000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464399503.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.485994276.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452840429.0000000005DF5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487849579.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473919060.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.424714972.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486042022.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475770030.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478719417.0000000005E44000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480697865.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459447578.0000000005E43000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487543898.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473186146.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481101820.00000000037E8000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492070703.00000000037C4000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456299536.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492479738.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473008842.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486624891.00000000037CA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460120579.0000000005E48000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489922856.00000000037C5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482372291.0000000005E5C000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472127553.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481054942.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473167040.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.489526580.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.480231332.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471854736.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470173071.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469882044.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479311500.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.487574259.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477744907.0000000005DF1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467809463.00000000037AA000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478032860.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492517583.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473231964.000000000376A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465614084.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481255581.0000000005DF7000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486351982.0000000005E3A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467503049.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458333672.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.483277905.0000000005E50000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479233963.00000000037D5000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472427176.0000000005E4A000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479425074.0000000005E4A000.00000004.00000001.sdmp	Binary or memory string: [1:42:56 PM]<<Program Manager>>
Source: 21.exe, 00000007.00000003.487765159.00000000037C5000.00000004.00000001.sdmp	Binary or memory string: [1:43:33 PM]<<Program Manager!
Source: 21.exe	Binary or memory string: 43:36 PM]<<Program Manager>> [1:43:37 PM]

Source: C:\Users\user\AppData\Local\Temp\21.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\21.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\21.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\21.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\BJZFPPWAPT.xlsx VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\21.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\BJZFPPWAPT.xlsx VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\21.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\DUUDTUBZFW.pdf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\21.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\DUUDTUBZFW.pdf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\21.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\EEGWXUHVUG.docx VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\21.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\EEGWXUHVUG.docx VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\21.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\EFOYFBOLXA.docx VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\21.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\EFOYFBOLXA.docx VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\21.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\EFOYFBOLXA.pdf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\21.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\EFOYFBOLXA.pdf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\21.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\NVWZAPQSQL.xlsx VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\21.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\NVWZAPQSQL.xlsx VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\21.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\GX1E0XX84V.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\21.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\GX1E0XX84V.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\21.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\GX1E0XX84V.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\21.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\GX1E0XX84V.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\21.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\GX1E0XX84V.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\21.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\GX1E0XX84V.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\21.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\GX1E0XX84V.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\21.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\GX1E0XX84V.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\21.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\GX1E0XX84V.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\4.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\4.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\5.exe

Code function: 8_2_0040208D cpuid

Source: C:\Users\user\AppData\Local\Temp\5.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Source: C:\Users\user\AppData\Local\Temp\5.exe

Code function: 8_2_00401B74 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

Source: C:\Users\user\AppData\Local\Temp\21.exe

Code function: 3_2_0040594D GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,

Source: C:\Users\user\AppData\Roaming\Windows Update.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Roaming\Windows Update.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information:

Yara detected MailPassView

Show sources

Source: Yara match	File source: 14.0.Windows Update.exe.4affa72.34.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.2586c92.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.vbc.exe.400000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.14801458.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4970000.15.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a10000.53.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.14807860.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.2530e2d.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147b1458.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.391b065.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14681458.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.48d7e0d.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4979c0d.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.415058.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.252f428.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4aa0000.16.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.492dc72.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.36f9660.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.489ac92.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.48c0000.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.1.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4844e2d.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4aa8208.17.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.48d6408.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.41.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.vbc.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.147f0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3913258.28.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.20.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.3643258.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.415058.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.14801458.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.vbc.exe.400000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41b460.39.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.41b460.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa0000.33.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14681458.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.41ce65.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.489ac92.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.415058.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.400000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4a10000.15.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4a10000.15.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa9c0d.36.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.15.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.vbc.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a10000.30.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.49cfa72.18.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.vbc.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa0000.55.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.17.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.41ce65.15.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.3649660.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.4950000.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41ce65.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.492dc72.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.415058.15.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.1.Windows Update.exe.415058.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a6dc72.32.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2586c92.45.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4a17e0d.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147b1458.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.415058.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147b7860.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.415058.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4a6dc72.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.415058.16.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.vbc.exe.400000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41ce65.42.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.41b460.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3919660.27.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3919660.50.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.391b065.49.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.2586c92.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.36fb065.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.36f3258.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3913258.48.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41ce65.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa8208.35.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa9c0d.58.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.48c7e0d.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.415058.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.4959c0d.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2586c92.21.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147a0000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a16408.52.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.3919660.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.48c0000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.4958208.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41b460.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4affa72.56.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.415058.15.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.3913258.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.147f0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.41ce65.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa8208.57.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a10000.30.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.41b460.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2530e2d.22.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.1.Windows Update.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4affa72.34.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4a6dc72.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.41b460.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a6dc72.54.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14670000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.49afa72.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a6dc72.54.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.391b065.26.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.415058.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.252f428.23.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4affa72.19.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a6dc72.32.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4affa72.56.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.41ce65.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.1.Windows Update.exe.41b460.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.400000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41b460.19.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14687860.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.40.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.48c6408.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.491dc72.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3913258.48.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14670000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41ce65.18.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14689265.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.415058.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.48d0000.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.49cfa72.18.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.41b460.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41b460.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.49afa72.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.20.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4aa9c0d.18.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.17.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.40.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.41b460.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.41ce65.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.vbc.exe.400000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.415058.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2586c92.21.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4843428.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4a16408.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a17e0d.29.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.415058.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.41ce65.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.15.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4978208.17.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.491dc72.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.vbc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.3913258.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a17e0d.51.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.36f3258.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.364b065.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.1.Windows Update.exe.415058.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.14809265.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.3643258.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3913258.28.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.252f428.44.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.41ce65.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2586c92.45.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.41.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147a0000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4affa72.19.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.415058.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a10000.53.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a16408.31.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2530e2d.43.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147b9265.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.41b460.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.48d0000.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001F.00000000.487258333.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000001.540146334.0000000000414000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.424853508.0000000002529000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000000.458447354.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.410455143.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.496758993.00000000147E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.487065045.00000000036F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.544269268.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.471556569.0000000004AA2000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.443459685.0000000004A10000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.418568724.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000001.387071526.0000000000414000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.406966405.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.386135625.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.487659906.0000000004952000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.508401661.00000000037D1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.392123032.0000000014670000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.431782544.0000000004A10000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000000.532110592.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.432437087.0000000004AA2000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.436977479.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.484362226.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.438307207.0000000002529000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000000.453421134.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.487409416.00000000048C0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.442768485.0000000003911000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.466960238.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.469849010.0000000003911000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.462830437.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.407738754.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.466203321.0000000002529000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.507953184.00000000023ED000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.327594112.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000000.537967511.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.508737592.0000000004962000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.470986632.0000000004A10000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.508598472.00000000048D0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.421424723.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000000.483650913.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.430233792.0000000003911000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.365052759.00000000048D0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.384722180.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.443660001.0000000004AA2000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.503503362.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.365200823.0000000004972000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 5.exe PID: 6508, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 5.exe PID: 5396, type: MEMORYSTR

Yara detected HawkEye Keylogger

Show sources

Source: Yara match	File source: 14.0.Windows Update.exe.4affa72.34.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.2586c92.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.14801458.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4970000.15.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a10000.53.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.14807860.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.2530e2d.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147b1458.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.391b065.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14681458.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.48d7e0d.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4979c0d.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.415058.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.252f428.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4aa0000.16.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.492dc72.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.36f9660.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.48c0000.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.1.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4844e2d.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4aa8208.17.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.48d6408.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.41.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.147f0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3913258.28.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.20.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.3643258.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.415058.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.14801458.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41b460.39.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.41b460.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa0000.33.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14681458.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.41ce65.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.489ac92.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.415058.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.400000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4a10000.15.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4a10000.15.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa9c0d.36.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.15.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a10000.30.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa0000.55.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.17.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.41ce65.15.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.3649660.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.4950000.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2939110.46.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41ce65.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.415058.15.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.1.Windows Update.exe.415058.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2586c92.45.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4a17e0d.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147b1458.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.415058.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147b7860.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.415058.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4a6dc72.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.415058.16.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41ce65.42.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.41b460.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3919660.27.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3919660.50.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.391b065.49.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.36fb065.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.36f3258.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3913258.48.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41ce65.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa8208.35.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa9c0d.58.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.48c7e0d.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.415058.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.4959c0d.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147a0000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a16408.52.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.3919660.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.48c0000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.4958208.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41b460.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.415058.15.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.3913258.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.147f0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.41ce65.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa8208.57.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a10000.30.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.41b460.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2530e2d.22.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.1.Windows Update.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.41b460.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14670000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a6dc72.54.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.391b065.26.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.415058.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.252f428.23.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4affa72.19.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a6dc72.32.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4affa72.56.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.41ce65.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.1.Windows Update.exe.41b460.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.400000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41b460.19.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14687860.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.40.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.48c6408.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.491dc72.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3913258.48.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14670000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41ce65.18.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14689265.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.415058.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.48d0000.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.49cfa72.18.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.41b460.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41b460.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.49afa72.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.20.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4aa9c0d.18.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.17.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.40.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.41b460.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.41ce65.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.415058.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2586c92.21.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4843428.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4a16408.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a17e0d.29.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.415058.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.41ce65.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.15.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4978208.17.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.3913258.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a17e0d.51.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.36f3258.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.364b065.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.1.Windows Update.exe.415058.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.14809265.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.3643258.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3913258.28.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.252f428.44.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.41ce65.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.41.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147a0000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.415058.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a10000.53.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a16408.31.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2530e2d.43.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147b9265.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.41b460.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.48d0000.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2939110.25.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.2939110.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001F.00000000.487258333.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000001.540146334.0000000000414000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.424853508.0000000002529000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000000.458447354.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.496758993.00000000147E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.487065045.00000000036F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.544269268.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.471556569.0000000004AA2000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.443459685.0000000004A10000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000001.387071526.0000000000414000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.386135625.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.487659906.0000000004952000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.508401661.00000000037D1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.392123032.0000000014670000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.431782544.0000000004A10000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000000.532110592.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.432437087.0000000004AA2000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.436977479.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.484362226.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.438307207.0000000002529000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000000.453421134.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.487409416.00000000048C0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.438464449.0000000002911000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.442768485.0000000003911000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.466960238.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.469849010.0000000003911000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.462830437.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.466203321.0000000002529000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.507953184.00000000023ED000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.327594112.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000000.537967511.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.508737592.0000000004962000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.470986632.0000000004A10000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.508598472.00000000048D0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.421424723.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000000.483650913.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.430233792.0000000003911000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.467195725.0000000002911000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.365052759.00000000048D0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.384722180.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.443660001.0000000004AA2000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.503503362.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.365200823.0000000004972000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.425599016.0000000002911000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 5.exe PID: 6508, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 5.exe PID: 5396, type: MEMORYSTR

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 9.2.4.exe.47e0000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.4.exe.47e0000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.4.exe.4830000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.400000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.4.exe.7349b8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.1.4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.415058.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.415058.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.4.exe.415058.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.400000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.400000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.4.exe.147b1458.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.4.exe.415058.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.4.exe.147a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.4.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.4.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.1.4.exe.415058.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.1.4.exe.415058.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.4.exe.37e3258.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.4.exe.37e3258.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.4.exe.147b1458.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.415058.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.415058.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.400000.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.4.exe.147a0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.4.exe.7349b8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000000.335717991.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.343005223.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000000.337735216.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.571455796.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.574924730.00000000006F8000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.581900586.0000000004832000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.580839788.00000000037E1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000001.339826554.0000000000414000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.581801823.00000000047E0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.576398424.00000000027E1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.576881645.00000000028B4000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 4.exe PID: 5616, type: MEMORYSTR

Yara detected Generic Dropper

Show sources

Source: Yara match

File source: Process Memory Space: 21.exe PID: 6992, type: MEMORYSTR

Yara detected SpyEx stealer

Show sources

Source: Yara match	File source: 7.0.21.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.21.exe.400000.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.21.exe.147a0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.1.21.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.21.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.21.exe.400000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.21.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.21.exe.400000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.21.exe.400000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.21.exe.400000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.1.21.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.21.exe.147a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.21.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.21.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.21.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000000.314241953.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.327402234.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.318809130.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.571046734.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000001.323376377.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.317173820.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.321988059.0000000000400000.00000040.00000001.sdmp, type: MEMORY

Tries to steal Mail credentials (via file / registry access)

Show sources

Source: C:\Users\user\AppData\Local\Temp\4.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Users\user\AppData\Local\Temp\4.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Users\user\AppData\Local\Temp\4.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail

Found many strings related to Crypto-Wallets (likely being stolen)

Show sources

Source: 21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp	String found in binary or memory: ^C:\Users\user\AppData\Roaming\Electrum\walletsrd1
Source: 21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\.
Source: 21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystoreew Jer~Y
Source: 21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\.
Source: 21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystoreew Jer~Y
Source: 21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\.
Source: 21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystoreew Jer~Y

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\21.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Tries to steal Crypto Currency Wallets

Show sources

Source: C:\Users\user\AppData\Local\Temp\21.exe

File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\

Tries to harvest and steal ftp login credentials

Show sources

Source: C:\Users\user\AppData\Local\Temp\4.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
Source: C:\Users\user\AppData\Local\Temp\4.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Yara detected WebBrowserPassView password recovery tool

Show sources

Source: Yara match	File source: 4.2.5.exe.14801458.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4970000.15.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a17e0d.29.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a10000.53.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.14807860.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.2530e2d.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147b1458.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.391b065.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14681458.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.41ce65.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.41ce65.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4aa9c0d.18.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.48d7e0d.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4979c0d.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.41ce65.16.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.415058.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.252f428.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4aa0000.16.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.41ce65.15.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.36f9660.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.48c0000.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.1.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4844e2d.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4aa8208.17.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.48d6408.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.41.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.147f0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3913258.28.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.20.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41ce65.18.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41ce65.16.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147b9265.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.3643258.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.415058.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.14801458.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2530e2d.22.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41b460.39.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.48c7e0d.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.41b460.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa0000.33.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.0.vbc.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14681458.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.41ce65.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.415058.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa9c0d.36.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.400000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4a10000.15.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4a10000.15.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa9c0d.36.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.0.vbc.exe.400000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.15.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a10000.30.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa0000.55.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.0.vbc.exe.400000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.17.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.41ce65.15.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.3649660.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.4950000.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41ce65.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.14809265.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.415058.15.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4844e2d.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.1.Windows Update.exe.415058.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4a17e0d.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.391b065.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147b1458.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.415058.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147b7860.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.415058.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2530e2d.43.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa9c0d.58.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4a17e0d.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.415058.16.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41ce65.42.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.41b460.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3919660.27.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3919660.50.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.391b065.49.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.36fb065.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.36f3258.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3913258.48.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41ce65.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa8208.35.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa9c0d.58.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.2530e2d.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.48c7e0d.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.415058.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.4959c0d.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41ce65.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147a0000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a16408.52.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.1.Windows Update.exe.41ce65.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.3919660.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.48c0000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.4958208.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41b460.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.415058.15.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.3913258.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.147f0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.41ce65.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa8208.57.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a10000.30.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.41b460.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2530e2d.22.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.0.vbc.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.1.Windows Update.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.0.vbc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.41b460.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14670000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.391b065.26.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.415058.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.41ce65.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.252f428.23.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.41ce65.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.0.vbc.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.41ce65.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.1.Windows Update.exe.41b460.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.400000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41b460.19.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14687860.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.40.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.48c6408.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3913258.48.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14670000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41ce65.18.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14689265.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.415058.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.48d0000.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.41b460.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a17e0d.51.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41b460.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.41ce65.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.20.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4aa9c0d.18.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.17.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.40.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.41b460.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14689265.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.41ce65.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.415058.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4843428.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4a16408.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a17e0d.29.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.415058.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.41ce65.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.391b065.26.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.15.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4978208.17.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.36fb065.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.3913258.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.0.vbc.exe.400000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4979c0d.16.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a17e0d.51.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.36f3258.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.364b065.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.1.Windows Update.exe.415058.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41ce65.42.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.14809265.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.3643258.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3913258.28.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.252f428.44.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.41ce65.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.41.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147a0000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.415058.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.364b065.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.391b065.49.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.0.vbc.exe.400000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a10000.53.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.48d7e0d.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a16408.31.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.4959c0d.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2530e2d.43.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147b9265.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.41b460.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.48d0000.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001F.00000000.487258333.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000001.540146334.0000000000414000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.435531825.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.424853508.0000000002529000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000000.416858714.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000000.458447354.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.496758993.00000000147E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.487065045.00000000036F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.544269268.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.471556569.0000000004AA2000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.443459685.0000000004A10000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000001.387071526.0000000000414000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.386135625.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.487659906.0000000004952000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.508401661.00000000037D1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.392123032.0000000014670000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.431782544.0000000004A10000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000000.413302341.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000000.532110592.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.432437087.0000000004AA2000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.436977479.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.484362226.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.438307207.0000000002529000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000000.413912145.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000000.453421134.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.487409416.00000000048C0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.442768485.0000000003911000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.466960238.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.469849010.0000000003911000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.462830437.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.466203321.0000000002529000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.507953184.00000000023ED000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.327594112.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000000.537967511.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.508737592.0000000004962000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.470986632.0000000004A10000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.508598472.00000000048D0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.421424723.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000000.483650913.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.430233792.0000000003911000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.365052759.00000000048D0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.384722180.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.443660001.0000000004AA2000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.503503362.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.365200823.0000000004972000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 5.exe PID: 6508, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 5.exe PID: 5396, type: MEMORYSTR

Tries to steal Instant Messenger accounts or passwords

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Dynamic Salt

Source: Yara match	File source: 00000009.00000002.576398424.00000000027E1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 21.exe PID: 5340, type: MEMORYSTR

Remote Access Functionality:

Yara detected HawkEye Keylogger

Show sources

Source: Yara match	File source: 14.0.Windows Update.exe.4affa72.34.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.2586c92.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.14801458.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4970000.15.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a10000.53.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.14807860.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.2530e2d.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147b1458.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.391b065.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14681458.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.48d7e0d.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4979c0d.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.415058.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.252f428.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4aa0000.16.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.492dc72.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.36f9660.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.48c0000.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.1.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4844e2d.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4aa8208.17.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.48d6408.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.41.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.147f0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3913258.28.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.20.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.3643258.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.415058.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.14801458.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41b460.39.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.41b460.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa0000.33.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14681458.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.41ce65.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.489ac92.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.415058.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.400000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4a10000.15.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4a10000.15.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa9c0d.36.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.15.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a10000.30.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa0000.55.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.17.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.41ce65.15.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.3649660.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.4950000.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2939110.46.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41ce65.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.415058.15.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.1.Windows Update.exe.415058.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2586c92.45.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4a17e0d.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147b1458.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.415058.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147b7860.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.415058.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4a6dc72.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.415058.16.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41ce65.42.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.41b460.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3919660.27.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3919660.50.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.391b065.49.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.36fb065.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.36f3258.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3913258.48.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41ce65.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa8208.35.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa9c0d.58.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.48c7e0d.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.415058.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.4959c0d.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147a0000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a16408.52.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.3919660.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.48c0000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.4958208.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41b460.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.415058.15.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.3913258.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.147f0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.41ce65.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4aa8208.57.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a10000.30.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.41b460.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2530e2d.22.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.1.Windows Update.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.41b460.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14670000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a6dc72.54.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.391b065.26.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.415058.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.252f428.23.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4affa72.19.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a6dc72.32.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4affa72.56.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.41ce65.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.1.Windows Update.exe.41b460.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.400000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41b460.19.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14687860.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.40.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.48c6408.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.491dc72.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3913258.48.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14670000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41ce65.18.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Windows Update.exe.14689265.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.415058.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.48d0000.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.49cfa72.18.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.41b460.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.41b460.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.49afa72.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.20.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4aa9c0d.18.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.17.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.40.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.41b460.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.41ce65.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.415058.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2586c92.21.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4843428.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.4a16408.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a17e0d.29.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.415058.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.41ce65.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.415058.15.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.4978208.17.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.3913258.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.5.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a17e0d.51.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.36f3258.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.364b065.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.1.Windows Update.exe.415058.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.5.exe.14809265.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.3643258.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.3913258.28.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.252f428.44.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.WindowsUpdate.exe.41ce65.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.400000.41.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147a0000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.415058.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a10000.53.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.4a16408.31.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2530e2d.43.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.400000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.WindowsUpdate.exe.147b9265.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.WindowsUpdate.exe.41b460.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.5.exe.48d0000.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Windows Update.exe.2939110.25.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.Windows Update.exe.2939110.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001F.00000000.487258333.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000001.540146334.0000000000414000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.424853508.0000000002529000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000000.458447354.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.496758993.00000000147E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.487065045.00000000036F1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.544269268.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.471556569.0000000004AA2000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.443459685.0000000004A10000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000001.387071526.0000000000414000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.386135625.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.487659906.0000000004952000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.508401661.00000000037D1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.392123032.0000000014670000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.431782544.0000000004A10000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000000.532110592.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.432437087.0000000004AA2000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.436977479.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.484362226.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.438307207.0000000002529000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000000.453421134.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.487409416.00000000048C0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.438464449.0000000002911000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.442768485.0000000003911000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.466960238.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.469849010.0000000003911000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.462830437.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.466203321.0000000002529000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.507953184.00000000023ED000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.327594112.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000000.537967511.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.508737592.0000000004962000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.470986632.0000000004A10000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.508598472.00000000048D0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.421424723.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000000.483650913.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.430233792.0000000003911000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.467195725.0000000002911000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.365052759.00000000048D0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.384722180.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.443660001.0000000004AA2000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.503503362.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.365200823.0000000004972000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.425599016.0000000002911000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 5.exe PID: 6508, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 5.exe PID: 5396, type: MEMORYSTR

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 9.2.4.exe.47e0000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.4.exe.47e0000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.4.exe.4830000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.400000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.4.exe.7349b8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.1.4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.415058.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.415058.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.4.exe.415058.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.400000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.400000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.4.exe.147b1458.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.4.exe.415058.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.4.exe.147a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.4.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.4.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.1.4.exe.415058.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.1.4.exe.415058.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.4.exe.37e3258.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.4.exe.37e3258.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.4.exe.147b1458.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.415058.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.415058.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.400000.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.4.exe.147a0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.4.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.4.exe.7349b8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000000.335717991.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.343005223.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000000.337735216.0000000000414000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.571455796.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.574924730.00000000006F8000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.581900586.0000000004832000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.580839788.00000000037E1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000001.339826554.0000000000414000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.581801823.00000000047E0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.576398424.00000000027E1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.576881645.00000000028B4000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 4.exe PID: 5616, type: MEMORYSTR

Yara detected SpyEx stealer

Show sources

Source: Yara match	File source: 7.0.21.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.21.exe.400000.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.21.exe.147a0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.1.21.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.21.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.21.exe.400000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.21.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.21.exe.400000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.21.exe.400000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.21.exe.400000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.1.21.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.21.exe.147a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.21.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.21.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.21.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000000.314241953.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.327402234.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.318809130.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.571046734.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000001.323376377.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.317173820.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.321988059.0000000000400000.00000040.00000001.sdmp, type: MEMORY

Detected HawkEye Rat

Show sources

Source: 5.exe, 00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp	String found in binary or memory: \pidloc.txt!HawkEyeKeylogger
Source: 5.exe, 00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp	String found in binary or memory: Installed Firewall: MHawkEye_Keylogger_Execution_Confirmed_.txtUHawkEye Keylogger \| Execution Confirmed \|
Source: 5.exe, 00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp	String found in binary or memory: ==============================================EHawkEye_Keylogger_Stealer_Records_MHawkEye Keylogger \| Stealer Records \|
Source: 5.exe, 00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp	String found in binary or memory: .jpegCHawkEye_Keylogger_Keylog_Records_
Source: 5.exe	String found in binary or memory: HawkEyeKeylogger
Source: 5.exe	String found in binary or memory: HawkEye_Keylogger_Execution_Confirmed_
Source: 5.exe	String found in binary or memory: HawkEye_Keylogger_Stealer_Records_
Source: 5.exe	String found in binary or memory: HawkEye_Keylogger_Keylog_Records_
Source: 5.exe, 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp	String found in binary or memory: \pidloc.txt!HawkEyeKeylogger
Source: 5.exe, 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp	String found in binary or memory: Installed Firewall: MHawkEye_Keylogger_Execution_Confirmed_.txtUHawkEye Keylogger \| Execution Confirmed \|
Source: 5.exe, 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp	String found in binary or memory: ==============================================EHawkEye_Keylogger_Stealer_Records_MHawkEye Keylogger \| Stealer Records \|
Source: 5.exe, 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp	String found in binary or memory: .jpegCHawkEye_Keylogger_Keylog_Records_
Source: 5.exe, 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp	String found in binary or memory: \pidloc.txt!HawkEyeKeylogger
Source: 5.exe, 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp	String found in binary or memory: Installed Firewall: MHawkEye_Keylogger_Execution_Confirmed_.txtUHawkEye Keylogger \| Execution Confirmed \|
Source: 5.exe, 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp	String found in binary or memory: ==============================================EHawkEye_Keylogger_Stealer_Records_MHawkEye Keylogger \| Stealer Records \|
Source: 5.exe, 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp	String found in binary or memory: .jpegCHawkEye_Keylogger_Keylog_Records_
Source: 5.exe, 00000008.00000002.364686973.00000000026B2000.00000004.00000001.sdmp	String found in binary or memory: HawkEyeKeylogger
Source: 5.exe, 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp	String found in binary or memory: \pidloc.txt!HawkEyeKeylogger
Source: 5.exe, 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp	String found in binary or memory: Installed Firewall: MHawkEye_Keylogger_Execution_Confirmed_.txtUHawkEye Keylogger \| Execution Confirmed \|
Source: 5.exe, 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp	String found in binary or memory: ==============================================EHawkEye_Keylogger_Stealer_Records_MHawkEye Keylogger \| Stealer Records \|
Source: 5.exe, 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp	String found in binary or memory: .jpegCHawkEye_Keylogger_Keylog_Records_
Source: 5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp	String found in binary or memory: \pidloc.txt!HawkEyeKeylogger
Source: 5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp	String found in binary or memory: Installed Firewall: MHawkEye_Keylogger_Execution_Confirmed_.txtUHawkEye Keylogger \| Execution Confirmed \|
Source: 5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp	String found in binary or memory: ==============================================EHawkEye_Keylogger_Stealer_Records_MHawkEye Keylogger \| Stealer Records \|
Source: 5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp	String found in binary or memory: .jpegCHawkEye_Keylogger_Keylog_Records_

Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_2_04AB0F6E bind,
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_2_04AB0B5E listen,
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_2_04AB0B20 CreateMutexW,listen,
Source: C:\Users\user\AppData\Local\Temp\5.exe	Code function: 8_2_04AB0F3B bind,

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Replication Through Removable Media1	Windows Management Instrumentation331	Registry Run Keys / Startup Folder11	Process Injection412	Disable or Modify Tools111	OS Credential Dumping2	System Time Discovery1	Replication Through Removable Media1	Archive Collected Data11	Exfiltration Over Other Network Medium	Ingress Tool Transfer3	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	System Shutdown/Reboot1
Default Accounts	Native API21	Boot or Logon Initialization Scripts	Registry Run Keys / Startup Folder11	Deobfuscate/Decode Files or Information11	Input Capture211	Peripheral Device Discovery1	Remote Desktop Protocol	Data from Local System4	Exfiltration Over Bluetooth	Encrypted Channel1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Shared Modules1	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information31	Credentials in Registry1	File and Directory Discovery3	SMB/Windows Admin Shares	Email Collection1	Automated Exfiltration	Non-Standard Port1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Software Packing21	Credentials In Files1	System Information Discovery139	Distributed Component Object Model	Input Capture211	Scheduled Transfer	Remote Access Software1	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Masquerading1	LSA Secrets	Security Software Discovery181	SSH	Clipboard Data1	Data Transfer Size Limits	Non-Application Layer Protocol3	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Virtualization/Sandbox Evasion171	Cached Domain Credentials	Process Discovery3	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Application Layer Protocol13	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Process Injection412	DCSync	Virtualization/Sandbox Evasion171	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Hidden Files and Directories1	Proc Filesystem	Application Window Discovery1	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Masquerading	/etc/passwd and /etc/shadow	Remote System Discovery1	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Invalid Code Signature	Network Sniffing	System Network Configuration Discovery1	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
cMXrP6YXvo.exe	70%	Virustotal		Browse
cMXrP6YXvo.exe	76%	ReversingLabs	Win32.Dropper.FrauDrop
cMXrP6YXvo.exe	100%	Avira	TR/Dropper.Gen
cMXrP6YXvo.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Link
C:\Users\user\AppData\Roaming\Windows Update.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\WindowsUpdate.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\5.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\4.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\SQLite3_StdCall.dll	0%	Metadefender	Browse
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\SQLite3_StdCall.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\sqlite3.dll	0%	Metadefender	Browse
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\sqlite3.dll	0%	ReversingLabs

Unpacked PE Files

Source	Detection	Scanner	Label	Download
9.2.4.exe.4830000.5.unpack	100%	Avira	TR/Spy.Gen8	Download File
14.0.Windows Update.exe.415058.10.unpack	100%	Avira	TR/Inject.vcoldi	Download File
18.0.vbc.exe.400000.3.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
9.1.4.exe.400000.0.unpack	100%	Avira	TR/Spy.Gen8	Download File
22.2.WindowsUpdate.exe.147b1458.3.unpack	100%	Avira	TR/Inject.vcoldi	Download File
24.0.WindowsUpdate.exe.400000.6.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
24.0.WindowsUpdate.exe.400000.6.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
13.2.Windows Update.exe.14681458.2.unpack	100%	Avira	TR/Inject.vcoldi	Download File
24.2.WindowsUpdate.exe.400000.1.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
24.2.WindowsUpdate.exe.400000.1.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
8.2.5.exe.4970000.15.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
8.2.5.exe.4970000.15.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
7.0.21.exe.400000.5.unpack	100%	Avira	TR/Dropper.Gen	Download File
14.0.Windows Update.exe.4a10000.53.unpack	100%	Avira	TR/Inject.vcoldi	Download File
1.2.cMXrP6YXvo.exe.400000.0.unpack	100%	Avira	TR/Dropper.Gen	Download File
14.2.Windows Update.exe.4aa0000.16.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
14.2.Windows Update.exe.4aa0000.16.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
8.0.5.exe.415058.12.unpack	100%	Avira	TR/Inject.vcoldi	Download File
14.0.Windows Update.exe.3913258.28.unpack	100%	Avira	TR/Inject.vcoldi	Download File
8.0.5.exe.400000.13.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
8.0.5.exe.400000.13.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
4.2.5.exe.14801458.1.unpack	100%	Avira	TR/Inject.vcoldi	Download File
14.0.Windows Update.exe.400000.13.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
14.0.Windows Update.exe.400000.13.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
14.0.Windows Update.exe.4aa0000.33.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
14.0.Windows Update.exe.4aa0000.33.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
8.0.5.exe.400000.7.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
8.0.5.exe.400000.7.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
8.0.5.exe.400000.6.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
8.0.5.exe.400000.6.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
14.0.Windows Update.exe.400000.4.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
14.0.Windows Update.exe.400000.4.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
24.0.WindowsUpdate.exe.400000.4.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
24.0.WindowsUpdate.exe.400000.4.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
18.0.vbc.exe.400000.2.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
8.2.5.exe.3643258.7.unpack	100%	Avira	TR/Inject.vcoldi	Download File
9.0.4.exe.400000.9.unpack	100%	Avira	TR/Spy.Gen8	Download File
9.0.4.exe.400000.7.unpack	100%	Avira	TR/Spy.Gen8	Download File
19.0.vbc.exe.400000.2.unpack	100%	Avira	HEUR/AGEN.1125438	Download File
14.2.Windows Update.exe.4a10000.15.unpack	100%	Avira	TR/Inject.vcoldi	Download File
9.0.4.exe.400000.5.unpack	100%	Avira	TR/Spy.Gen8	Download File
8.2.5.exe.415058.3.unpack	100%	Avira	TR/Inject.vcoldi	Download File
14.2.Windows Update.exe.400000.3.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
14.2.Windows Update.exe.400000.3.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
14.0.Windows Update.exe.400000.5.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
14.0.Windows Update.exe.400000.5.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
14.0.Windows Update.exe.415058.15.unpack	100%	Avira	TR/Inject.vcoldi	Download File
14.0.Windows Update.exe.4a10000.30.unpack	100%	Avira	TR/Inject.vcoldi	Download File
18.0.vbc.exe.400000.1.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
18.0.vbc.exe.400000.4.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
7.1.21.exe.400000.0.unpack	100%	Avira	TR/Dropper.Gen	Download File
7.2.21.exe.400000.0.unpack	100%	Avira	TR/Dropper.Gen	Download File
14.0.Windows Update.exe.4aa0000.55.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
14.0.Windows Update.exe.4aa0000.55.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
9.0.4.exe.400000.8.unpack	100%	Avira	TR/Spy.Gen8	Download File
8.0.5.exe.400000.5.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
8.0.5.exe.400000.5.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
24.2.WindowsUpdate.exe.4950000.11.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
24.2.WindowsUpdate.exe.4950000.11.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
7.0.21.exe.400000.6.unpack	100%	Avira	TR/Dropper.Gen	Download File
24.0.WindowsUpdate.exe.415058.15.unpack	100%	Avira	TR/Inject.vcoldi	Download File
9.0.4.exe.400000.4.unpack	100%	Avira	TR/Spy.Gen8	Download File
24.0.WindowsUpdate.exe.400000.7.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
24.0.WindowsUpdate.exe.400000.7.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
8.0.5.exe.415058.16.unpack	100%	Avira	TR/Inject.vcoldi	Download File
24.0.WindowsUpdate.exe.400000.5.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
24.0.WindowsUpdate.exe.400000.5.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
1.0.cMXrP6YXvo.exe.400000.0.unpack	100%	Avira	TR/Dropper.Gen	Download File
8.2.5.exe.400000.0.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
8.2.5.exe.400000.0.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
1.0.cMXrP6YXvo.exe.4031bf.3.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
7.0.21.exe.400000.7.unpack	100%	Avira	TR/Dropper.Gen	Download File
8.0.5.exe.400000.8.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
8.0.5.exe.400000.8.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
24.2.WindowsUpdate.exe.48c0000.10.unpack	100%	Avira	TR/Inject.vcoldi	Download File
1.0.cMXrP6YXvo.exe.4df189.1.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
9.2.4.exe.400000.1.unpack	100%	Avira	TR/Spy.Gen8	Download File
4.2.5.exe.147f0000.2.unpack	100%	Avira	TR/Inject.vcoldi	Download File
14.2.Windows Update.exe.3913258.11.unpack	100%	Avira	TR/Inject.vcoldi	Download File
14.1.Windows Update.exe.400000.0.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
14.1.Windows Update.exe.400000.0.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
1.2.cMXrP6YXvo.exe.5af305.2.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
19.0.vbc.exe.400000.1.unpack	100%	Avira	HEUR/AGEN.1125438	Download File
14.0.Windows Update.exe.400000.6.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
14.0.Windows Update.exe.400000.6.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
19.0.vbc.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1125438	Download File
13.2.Windows Update.exe.14670000.4.unpack	100%	Avira	TR/Inject.vcoldi	Download File
9.0.4.exe.400000.6.unpack	100%	Avira	TR/Spy.Gen8	Download File
24.2.WindowsUpdate.exe.415058.0.unpack	100%	Avira	TR/Inject.vcoldi	Download File
19.0.vbc.exe.400000.4.unpack	100%	Avira	HEUR/AGEN.1125438	Download File
8.0.5.exe.400000.9.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
8.0.5.exe.400000.9.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
3.2.21.exe.147a0000.1.unpack	100%	Avira	TR/Dropper.Gen	Download File
14.0.Windows Update.exe.3913258.48.unpack	100%	Avira	TR/Inject.vcoldi	Download File
19.2.vbc.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1125438	Download File
14.0.Windows Update.exe.400000.8.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
14.0.Windows Update.exe.400000.8.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
8.2.5.exe.48d0000.14.unpack	100%	Avira	TR/Inject.vcoldi	Download File
1.2.cMXrP6YXvo.exe.4df189.3.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
14.0.Windows Update.exe.400000.20.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://www.fontbureau.comalsa	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cnq~	0%	Avira URL Cloud	safe
http://www.sandoll.co.kr2	0%	Avira URL Cloud	safe
http://www.carterandcone.comen	0%	URL Reputation	safe
http://www.sandoll.co.kr.kra-e	0%	Avira URL Cloud	safe
http://www.fontbureau.comessed	0%	URL Reputation	safe
http://www.sandoll.co.kra-e	0%	Avira URL Cloud	safe
http://www.carterandcone.comypo	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/4	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.founder.com.cn/cn/l	0%	Avira URL Cloud	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.urwpp.dewa	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.carterandcone.como.	0%	URL Reputation	safe
http://www.goodfont.co.krc	0%	Avira URL Cloud	safe
http://www.sandoll.co.krC	0%	Avira URL Cloud	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip	0%	URL Reputation	safe
http://www.fontbureau.com=	0%	Avira URL Cloud	safe
http://www.fontbureau.comalsd	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#	0%	URL Reputation	safe
http://www.fontbureau.commta	0%	Avira URL Cloud	safe
http://www.galapagosdesign.com/	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/X	0%	URL Reputation	safe
http://www.carterandcone.comd	0%	URL Reputation	safe
http://crt.sectig	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cnda	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/J	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/D	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/=	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.founder.com.cn/cns-c	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn.	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/s	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/n	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/h	0%	URL Reputation	safe
http://www.fontbureau.commv=	0%	Avira URL Cloud	safe
http://www.agfamonotype.$	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.carterandcone.com	0%	URL Reputation	safe
http://www.fontbureau.comrsiva=	0%	Avira URL Cloud	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
http://www.fontbureau.comcom	0%	URL Reputation	safe
http://www.fontbureau.comoD	0%	Avira URL Cloud	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.urwpp.de	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.fontbureau.comR.TTF	0%	URL Reputation	safe
http://www.fontbureau.comnc./	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cnd	0%	URL Reputation	safe
https://sectigo.com/CPS0	0%	URL Reputation	safe
http://www.agfamonotype.	0%	URL Reputation	safe
http://www.founder.com.cn/cna-du	0%	Avira URL Cloud	safe
http://www.fontbureau.comdx	0%	Avira URL Cloud	safe
http://www.sandoll.co.kr/deB	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/jp/	0%	URL Reputation	safe
http://www.fontbureau.coma	0%	URL Reputation	safe
http://www.fontbureau.comicTF4	0%	Avira URL Cloud	safe
http://www.fontbureau.comd	0%	URL Reputation	safe
http://www.founder.cV	0%	Avira URL Cloud	safe
http://www.fontbureau.com_	0%	Avira URL Cloud	safe
http://www.urwpp.derT	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
whatismyipaddress.com	104.16.155.36	true	false	high
smtp.privateemail.com	66.29.159.53	true	false	high
90.168.9.0.in-addr.arpa	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://whatismyipaddress.com/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.fontbureau.comalsa	5.exe, 00000008.00000003.348544043.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347738285.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348598817.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347854982.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347607584.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348362782.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348053411.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348299396.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348686650.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347989826.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347247847.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348154088.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348642392.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348404895.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347693346.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348469434.0000000004F0A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.founder.com.cn/cnq~	5.exe, 00000008.00000003.337601254.0000000004F0E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/chrome_newtab	21.exe, 00000007.00000003.459845289.000000000378F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517350970.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp	false		high
https://duckduckgo.com/ac/?q=	21.exe, 00000007.00000003.459845289.000000000378F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517350970.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp	false		high
http://www.sandoll.co.kr2	5.exe, 00000008.00000003.337117183.0000000004F0E000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.337032459.0000000004F0E000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.337366137.0000000004F0E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.comen	5.exe, 00000008.00000003.339293514.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.338914041.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.339815007.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.338819126.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.339615074.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.339218568.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.339505702.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.339695527.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.339455319.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.338707494.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.339071790.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.339378426.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.339648265.0000000004F08000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.sandoll.co.kr.kra-e	5.exe, 00000008.00000003.337117183.0000000004F0E000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.337366137.0000000004F0E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers	5.exe, 00000008.00000003.347247847.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348154088.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345319861.0000000004F0A000.00000004.00000001.sdmp	false		high
http://www.fontbureau.comessed	5.exe, 00000008.00000003.346872026.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346061659.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345561865.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345408880.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345680999.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346360527.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346825939.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346245492.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345803853.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346680418.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345949585.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345319861.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346294561.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346944660.0000000004F0A000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.sandoll.co.kra-e	5.exe, 00000008.00000003.337032459.0000000004F0E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.comypo	5.exe, 00000008.00000003.338683089.0000000004F08000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.sajatypeworks.com	5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/cThe	5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designersers	5.exe, 00000008.00000003.345561865.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345408880.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345680999.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345803853.0000000004F0A000.00000004.00000001.sdmp	false		high
http://www.jiyu-kobo.co.jp/4	5.exe, 00000008.00000003.341645055.0000000004F07000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343674226.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343428209.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343898467.0000000004F09000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342115645.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343581561.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343479049.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343799934.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342861819.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.341453448.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343825621.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343859197.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343714140.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343260242.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343144637.0000000004F05000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://whatismyipaddress.com/-	5.exe, 00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, 5.exe, 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, 5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp	false		high
http://www.fontbureau.com/	5.exe, 00000008.00000003.346061659.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345561865.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345408880.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345680999.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346360527.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345271566.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346245492.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345803853.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346680418.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345949585.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345319861.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346294561.0000000004F0A000.00000004.00000001.sdmp	false		high
http://www.galapagosdesign.com/DPlease	5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/l	5.exe, 00000008.00000003.338084100.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.337965552.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.337889725.0000000004F05000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.urwpp.deDPlease	5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.nirsoft.net/	5.exe, 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp	false		high
http://www.urwpp.dewa	5.exe, 00000008.00000003.344728916.0000000004F0A000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-jones.html0~	5.exe, 00000008.00000003.346061659.0000000004F0A000.00000004.00000001.sdmp	false		high
http://www.carterandcone.como.	5.exe, 00000008.00000003.338635640.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.338601713.0000000004F08000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.goodfont.co.krc	5.exe, 00000008.00000003.337117183.0000000004F0E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.sandoll.co.krC	5.exe, 00000008.00000003.337366137.0000000004F0E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip	4.exe, 00000006.00000002.343005223.00000000147A0000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com=	5.exe, 00000008.00000003.348544043.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348598817.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348362782.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348053411.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348299396.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348686650.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347989826.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348154088.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348642392.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348404895.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348469434.0000000004F0A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.fontbureau.comalsd	5.exe, 00000008.00000003.348544043.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347738285.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348598817.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347854982.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347607584.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348362782.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348053411.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348299396.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348686650.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348729854.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347989826.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348154088.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348642392.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348404895.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347693346.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348469434.0000000004F0A000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#	21.exe, 00000007.00000003.465183864.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481181521.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476165816.0000000003781000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473210755.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484751942.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475734184.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477331838.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474689214.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467825795.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458866774.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456592011.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470107293.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472240252.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486965824.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456371204.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467479639.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469378697.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479715862.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492655598.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577730314.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471498708.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452908679.00000000037A0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474367333.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475976439.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465361197.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490315222.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467239100.00000000037A1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482951727.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458796852.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459906643.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478058785.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456321578.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458354568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465970568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517074877.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463456854.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475383582.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469948198.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481954789.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461753640.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475171425.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460936632.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463156501.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468427298.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464220778.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469208670.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473167040.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.commta	5.exe, 00000008.00000003.356163763.0000000004F0A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/	5.exe, 00000008.00000003.349536320.0000000004F0A000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/X	5.exe, 00000008.00000003.341645055.0000000004F07000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343674226.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343428209.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343955635.0000000004F09000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343898467.0000000004F09000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342115645.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343984425.0000000004F09000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343581561.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343479049.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343799934.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342861819.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.341453448.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343825621.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343859197.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343714140.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343260242.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343144637.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.344119874.0000000004F09000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343930105.0000000004F09000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.344031880.0000000004F09000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.344057373.0000000004F09000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.comd	5.exe, 00000008.00000003.338635640.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.338683089.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.338707494.0000000004F08000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://crt.sectig	21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.founder.com.cn/cnda	5.exe, 00000008.00000003.337601254.0000000004F0E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/J	5.exe, 00000008.00000003.341645055.0000000004F07000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343428209.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342115645.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343581561.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343479049.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342861819.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.341453448.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343260242.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343144637.0000000004F05000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	21.exe, 00000007.00000003.459845289.000000000378F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517350970.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp	false		high
http://nsis.sf.net/NSIS_ErrorError	cMXrP6YXvo.exe, 00000001.00000000.297927134.0000000000403000.00000002.00020000.sdmp, cMXrP6YXvo.exe, 00000001.00000003.301080272.0000000003CC0000.00000004.00000001.sdmp, 21.exe, 00000003.00000000.301002034.0000000000409000.00000008.00020000.sdmp, 21.exe, 00000003.00000002.323706680.0000000000409000.00000004.00020000.sdmp, 5.exe, 00000004.00000002.330524243.0000000000409000.00000004.00020000.sdmp, 5.exe, 00000004.00000000.302589612.0000000000409000.00000008.00020000.sdmp, 4.exe, 00000006.00000000.304418151.0000000000409000.00000008.00020000.sdmp, 4.exe, 00000006.00000002.340255321.0000000000409000.00000004.00020000.sdmp, 21.exe, 00000007.00000000.306122135.0000000000409000.00000008.00020000.sdmp, 5.exe, 00000008.00000000.308290177.0000000000409000.00000008.00020000.sdmp, WindowsUpdate.exe, 00000016.00000000.417659218.0000000000409000.00000008.00020000.sdmp	false		high
http://www.jiyu-kobo.co.jp/D	5.exe, 00000008.00000003.343428209.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343581561.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343479049.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343260242.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343144637.0000000004F05000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/=	5.exe, 00000008.00000003.341645055.0000000004F07000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343674226.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343428209.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342115645.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343581561.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343479049.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343799934.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342861819.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.341453448.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343714140.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343260242.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343144637.0000000004F05000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.coml	5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cns-c	5.exe, 00000008.00000003.337601254.0000000004F0E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.founder.com.cn/cn.	5.exe, 00000008.00000003.338084100.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.337965552.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.337889725.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.337791585.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.337762200.0000000004F05000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/x	5.exe, 00000008.00000003.341645055.0000000004F07000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343428209.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342115645.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.341079722.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342861819.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.341237688.0000000004F0C000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.341453448.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343260242.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343144637.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.341144953.0000000004F0C000.00000004.00000001.sdmp	false		unknown
http://www.fontbureau.com/designers/frere-jones.html	5.exe, 00000008.00000003.346061659.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346360527.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346245492.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346680418.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346294561.0000000004F0A000.00000004.00000001.sdmp	false		high
http://nsis.sf.net/NSIS_Error	4.exe, 4.exe, 00000006.00000000.304418151.0000000000409000.00000008.00020000.sdmp, 4.exe, 00000006.00000002.340255321.0000000000409000.00000004.00020000.sdmp, 21.exe, 00000007.00000000.306122135.0000000000409000.00000008.00020000.sdmp, 5.exe, 00000008.00000000.308290177.0000000000409000.00000008.00020000.sdmp, WindowsUpdate.exe, 00000016.00000000.417659218.0000000000409000.00000008.00020000.sdmp	false		high
http://www.jiyu-kobo.co.jp/s	5.exe, 00000008.00000003.343428209.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342115645.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343581561.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343479049.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342861819.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343260242.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343144637.0000000004F05000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/n	5.exe, 00000008.00000003.341645055.0000000004F07000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343674226.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343428209.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342115645.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343581561.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343479049.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343799934.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342861819.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.341453448.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343714140.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343260242.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343144637.0000000004F05000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://www.google.com/accounts/servicelogin	5.exe	false		high
http://www.jiyu-kobo.co.jp/h	5.exe, 00000008.00000003.341645055.0000000004F07000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343674226.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343428209.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342115645.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.340956885.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343581561.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343479049.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343799934.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.341079722.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.342861819.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.341237688.0000000004F0C000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.341453448.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343714140.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343260242.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343144637.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.341144953.0000000004F0C000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.commv=	5.exe, 00000008.00000003.345561865.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345408880.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345680999.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345803853.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345949585.0000000004F0A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.agfamonotype.$	5.exe, 00000008.00000003.354846997.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.355084277.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.354601373.0000000004F0A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.fontbureau.com/designersG	5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	false		high
http://www.fontbureau.com/designersM	5.exe, 00000008.00000003.345271566.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345319861.0000000004F0A000.00000004.00000001.sdmp	false		high
http://www.fontbureau.com/designers/?	5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	false		high
http://www.founder.com.cn/cn/bThe	5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://ocsp.sectigo.com0	21.exe, 00000007.00000003.465183864.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481181521.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476165816.0000000003781000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473210755.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484751942.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475734184.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477331838.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474689214.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467825795.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458866774.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456592011.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470107293.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472240252.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486965824.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456371204.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467479639.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469378697.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479715862.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492655598.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577730314.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471498708.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452908679.00000000037A0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474367333.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475976439.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465361197.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490315222.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467239100.00000000037A1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482951727.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458796852.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459906643.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478058785.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456321578.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458354568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465970568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517074877.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463456854.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475383582.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469948198.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481954789.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461753640.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475171425.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460936632.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463156501.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468427298.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464220778.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469208670.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473167040.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers?	5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	false		high
http://www.tiro.com	5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.340132947.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.340472423.0000000004F0C000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.340518312.0000000004F0D000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.340549191.0000000004F0D000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.340274317.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.340339139.0000000004F08000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.goodfont.co.kr	5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.337117183.0000000004F0E000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.com	5.exe, 00000008.00000003.338635640.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.338819126.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.338683089.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.338707494.0000000004F08000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comrsiva=	5.exe, 00000008.00000003.356474993.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356719307.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356807096.0000000004F09000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.365838402.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356163763.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356945399.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356603331.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356875013.0000000004EF9000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.fontbureau.com/designersS	5.exe, 00000008.00000003.356163763.0000000004F0A000.00000004.00000001.sdmp	false		high
http://www.fontbureau.com/designersR	5.exe, 00000008.00000003.345319861.0000000004F0A000.00000004.00000001.sdmp	false		high
http://www.typography.netD	5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	5.exe, 00000008.00000003.350644260.0000000004F23000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.350729844.0000000004F23000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.349624835.0000000004F23000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.350409395.0000000004F23000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.349890917.0000000004F23000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.349556455.0000000004F23000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.349935819.0000000004F23000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.349495477.0000000004F23000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.350587994.0000000004F23000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.350491314.0000000004F23000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.350214738.0000000004F23000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.350049320.0000000004F23000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://fontfabrik.com	5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designersl	5.exe, 00000008.00000003.345002625.0000000004F0A000.00000004.00000001.sdmp	false		high
http://www.fontbureau.comcom	5.exe, 00000008.00000003.348544043.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348598817.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347854982.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348362782.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348053411.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348299396.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348686650.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347989826.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348154088.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348642392.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348404895.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348469434.0000000004F0A000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comoD	5.exe, 00000008.00000003.346872026.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346061659.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345561865.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345408880.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345680999.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346360527.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346825939.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346245492.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345803853.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346680418.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345949585.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346294561.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346944660.0000000004F0A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designersy	5.exe, 00000008.00000003.345408880.0000000004F0A000.00000004.00000001.sdmp	false		high
https://login.yahoo.com/config/login	5.exe	false		high
http://www.fonts.com	5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	false		high
http://www.sandoll.co.kr	5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.337117183.0000000004F0E000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.337032459.0000000004F0E000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.de	5.exe, 00000008.00000003.344728916.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348299396.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.344785037.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.344874671.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.344830622.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348154088.0000000004F0A000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.sakkal.com	5.exe, 00000008.00000003.343674226.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343799934.0000000004F08000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.343714140.0000000004F08000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comR.TTF	5.exe, 00000008.00000003.346872026.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346061659.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346360527.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346825939.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346245492.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346680418.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346294561.0000000004F0A000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comnc./	5.exe, 00000008.00000003.344937966.0000000004F0A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.founder.com.cn/cnd	5.exe, 00000008.00000003.337495860.0000000004F05000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0	5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	false		high
http://www.fontbureau.com	5.exe, 00000008.00000003.356474993.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347738285.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356719307.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347607584.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356807096.0000000004F09000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347081881.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.365838402.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.344937966.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347013225.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356163763.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347247847.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356945399.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356603331.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347693346.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345002625.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356875013.0000000004EF9000.00000004.00000001.sdmp	false		high
https://sectigo.com/CPS0	21.exe, 00000007.00000003.465183864.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481181521.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.476165816.0000000003781000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472076294.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473210755.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.484751942.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465517343.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.578243538.0000000005DF6000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475734184.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.477331838.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464274382.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474689214.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467825795.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467518675.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458866774.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467179867.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456592011.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470107293.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.472240252.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.486965824.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468325809.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456371204.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467479639.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460217893.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469378697.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.479715862.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.492655598.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577730314.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.471498708.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452908679.00000000037A0000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.474367333.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475976439.000000000377E000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452733433.0000000003793000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.454055693.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465361197.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457518571.000000000379B000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.490315222.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.467239100.00000000037A1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.482951727.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458796852.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459906643.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.478058785.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.456321578.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.466761444.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458354568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.465970568.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517074877.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.375667947.00000000006E1000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463456854.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473953534.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475383582.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469948198.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452758045.00000000037A9000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.481954789.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461753640.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463203130.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.461832323.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.475171425.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460936632.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.453801479.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.458242539.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.463156501.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.452825615.00000000037AF000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.459617107.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.468427298.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.457427162.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.464220778.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.469208670.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.470719825.00000000037B2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.473167040.00000000037A2000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.460302284.00000000037B2000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.agfamonotype.	5.exe, 00000008.00000003.354846997.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.354601373.0000000004F0A000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	21.exe, 00000007.00000003.459845289.000000000378F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517350970.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp	false		high
http://www.founder.com.cn/cna-du	5.exe, 00000008.00000003.337601254.0000000004F0E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comdx	5.exe, 00000008.00000003.348544043.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347738285.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348598817.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347854982.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347607584.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348362782.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348053411.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348299396.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347989826.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348154088.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348404895.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347693346.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348469434.0000000004F0A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.sandoll.co.kr/deB	5.exe, 00000008.00000003.337117183.0000000004F0E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	21.exe, 00000007.00000003.459845289.000000000378F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517350970.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp	false		high
http://www.jiyu-kobo.co.jp/jp/	5.exe, 00000008.00000003.343144637.0000000004F05000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.coma	5.exe, 00000008.00000003.356474993.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356719307.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356807096.0000000004F09000.00000004.00000001.sdmp, 5.exe, 00000008.00000002.365838402.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356163763.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356945399.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356603331.0000000004F05000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.356875013.0000000004EF9000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comicTF4	5.exe, 00000008.00000003.348544043.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348598817.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348362782.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348053411.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348299396.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348686650.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347989826.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348154088.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348642392.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348404895.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348469434.0000000004F0A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comd	5.exe, 00000008.00000003.346872026.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346061659.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347738285.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347854982.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347607584.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346360527.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346825939.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347247847.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346245492.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347693346.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346680418.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346294561.0000000004F0A000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.founder.cV	5.exe, 00000008.00000003.337717106.0000000004F0E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com_	5.exe, 00000008.00000003.346872026.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346061659.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348544043.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345561865.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347738285.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345167367.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348598817.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347854982.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345408880.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347607584.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345680999.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348362782.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348053411.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347081881.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348299396.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346360527.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347013225.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346825939.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347989826.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345271566.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347247847.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348154088.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348404895.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346245492.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.347693346.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345803853.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346680418.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345002625.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348469434.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345949585.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345319861.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346294561.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.346944660.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.345220726.0000000004F0A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.urwpp.derT	5.exe, 00000008.00000003.348362782.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348299396.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348154088.0000000004F0A000.00000004.00000001.sdmp, 5.exe, 00000008.00000003.348404895.0000000004F0A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	21.exe, 00000007.00000003.459845289.000000000378F000.00000004.00000001.sdmp, 21.exe, 00000007.00000003.517350970.000000000378A000.00000004.00000001.sdmp, 21.exe, 00000007.00000002.577688629.000000000378A000.00000004.00000001.sdmp	false		high
http://www.fontbureau.com/designers/cabarga.htmlN	5.exe, 00000008.00000002.366009425.0000000006222000.00000004.00000001.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.16.155.36	whatismyipaddress.com	United States		13335	CLOUDFLARENETUS	false
66.29.159.53	smtp.privateemail.com	United States		19538	ADVANTAGECOMUS	false

Private

IP
192.168.2.1
127.0.0.1

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	535503
Start date:	07.12.2021
Start time:	13:41:04
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 15m 51s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	cMXrP6YXvo.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	41
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.rans.phis.troj.spyw.evad.winEXE@34/46@20/4
EGA Information:	Failed
HDC Information:	Successful, ratio: 56.8% (good quality ratio 48.9%) Quality average: 68.7% Quality standard deviation: 36%
HCA Information:	Successful, ratio: 70% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WerFault.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 23.211.6.115, 20.189.173.22, 20.42.73.29, 20.42.65.92 Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, onedsblobprdeus17.eastus.cloudapp.azure.com, login.live.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com Not all processes where analyzed, report is missing behavior information Report creation exceeded maximum time and may have missing behavior and disassembly information. Report creation exceeded maximum time and may have missing disassembly code information. Report size exceeded maximum capacity and may have missing behavior information. Report size exceeded maximum capacity and may have missing network information. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtEnumerateKey calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
13:42:17	API Interceptor	548x Sleep call for process: 21.exe modified
13:42:31	API Interceptor	474x Sleep call for process: 4.exe modified
13:42:43	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run itswell C:\Users\user\AppData\Roaming\itswell\itswell.exe
13:42:50	API Interceptor	11x Sleep call for process: Windows Update.exe modified
13:42:52	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Windows Update C:\Users\user\AppData\Roaming\WindowsUpdate.exe
13:42:57	API Interceptor	1x Sleep call for process: dw20.exe modified
13:43:00	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run itswell C:\Users\user\AppData\Roaming\itswell\itswell.exe
13:43:09	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Windows Update C:\Users\user\AppData\Roaming\WindowsUpdate.exe
13:43:20	API Interceptor	1x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_windows update.e_edbd6e1e925f10aab1172265a9dde5d263e57cc8_00000000_1ab9b6bf\Report.wer Download File
Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
File Type:	Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.238084811761232
Encrypted:	false
SSDEEP:	192:kpaJNLVhjGBr9B5wNg5wF1szvnuk1SKyaOeewD/u7s0S274It:NJNvjTUv1I8D/u7s0X4It
MD5:	71E430CF56DE39E9DBD35AF175800704
SHA1:	653EDAB6686335280B7E20B163D0CA348B6403D0
SHA-256:	AF698B284B7533A653C5D0C3049A56B4D1C43E1BCA9F07C026E7A4D365FB3B23
SHA-512:	29DB1F4A19F7CB1841627EA24E8B124A613723A813F5C6167A00B137CAF12A42159F8CF8C0BC7320C4625413AFC36D2CBA4C72D1E7CD3040B2AE38F353E3294E
Malicious:	false
Reputation:	unknown
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.2.8.3.3.8.6.9.7.2.0.4.2.8.1.5.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.8.3.3.8.6.9.7.5.3.3.9.7.2.5.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.2.9.9.e.1.e.b.-.4.7.1.a.-.4.3.0.3.-.9.7.9.4.-.8.9.c.7.3.9.8.e.9.2.3.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.f.8.-.0.0.0.1.-.0.0.1.c.-.4.0.1.b.-.8.d.5.a.b.3.e.b.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.e.1.f.4.7.9.8.5.d.3.d.4.4.a.1.6.f.b.7.6.b.2.7.3.a.7.6.a.9.7.f.d.0.0.0.0.f.f.f.f.!.0.0.0.0.f.6.8.f.7.d.c.c.8.f.f.c.d.d.3.f.9.3.3.3.3.e.7.1.1.7.7.9.e.8.d.0.2.d.b.2.d.f.a.e.!.W.i.n.d.o.w.s. .U.p.d.a.t.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.1././.1.2././.0.6.:.0.1.:.0.0.:.4.5.!.0.!.W.i.n.d.o.w.s. .U.p.d.a.t.e...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....T.a.r.g.e.t.A.s.I.d.=.4.1.8.....I.s.F.a.t.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA23D.tmp.WERInternalMetadata.xml Download File
Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	5676
Entropy (8bit):	3.7273690635335557
Encrypted:	false
SSDEEP:	96:RtIU6o7r3GLt3ivv6oquYZ7oSfPJgWBCaM1Kwl1f9442m:Rrl7r3GLNivv6iYZ7oSdCp19l1fGfm
MD5:	C529BCC4432279F514A8DBCEA2119B4C
SHA1:	D83AB7CF259E5FA168C3E8AFC23FE942AAA709F3
SHA-256:	983507DB5C7689A837F9313AA63FFD92A2B6E7B8BCDC6DD9CEA3500F44B4E7EA
SHA-512:	308A6446A91A7EC7841162B9B0D01FAB8EEE8137EB84356B8DDB65D11BA35752BFB15E266B4634F9DA6C65ABEFD14322275BE653E50C01F26987E6A60A117555
Malicious:	false
Reputation:	unknown
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.1.6.0.<./.P.i.d.>.......

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA3D5.tmp.xml Download File
Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4640
Entropy (8bit):	4.452849132608593
Encrypted:	false
SSDEEP:	48:cvIwSD8zsYIJgtWI9U6WSC8BuY8fm8M4JFKbnWtFY+q8vonWGyKwkd:uITf9L7SNuJFKRK2yKwkd
MD5:	94105AD9695C7B6E238CB6D10B5A3698
SHA1:	03CFE5DD885E8D438FE0A5008E1273F6B3FD5FD9
SHA-256:	76806801EF0AC20F1B0BBBD42A086482309BBDA09A1ECF5BD11959902251BC5A
SHA-512:	33838F8333FA662CC900B07174013A92C7BDACF92E0FF39A2E76392F27EC61B4529B94D4FB650B7A896E0370D3B6690A061FDE2D95B0C74A86F3FEE4DA3EB206
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1287773" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\5.exe.log Download File
Process:	C:\Users\user\AppData\Local\Temp\5.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	916
Entropy (8bit):	5.282390836641403
Encrypted:	false
SSDEEP:	24:MLF20NaL3z2p29hJ5g522rW2xAi3AP26K95rKoO2+g2+:MwLLD2Y9h3go2rxxAcAO6ox+g2+
MD5:	5AD8E7ABEADADAC4CE06FF693476581A
SHA1:	81E42A97BBE3D7DE8B1E8B54C2B03C48594D761E
SHA-256:	BAA1A28262BA27D51C3A1FA7FB0811AD1128297ABB2EDCCC785DC52667D2A6FD
SHA-512:	7793E78E84AD36CE65B5B1C015364E340FB9110FAF199BC0234108CE9BCB1AEDACBD25C6A012AC99740E08BEA5E5C373A88E553E47016304D8AE6AEEAB58EBFF
Malicious:	true
Reputation:	unknown
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\35774dc3cd31b4550ab06c3354cf4ba5\System.Runtime.Remoting.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\de460308a9099237864d2ec2328fc958\System.Configuration.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\527c933194f3a99a816d83c619a3e1d3\System.Xml.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\WindowsUpdate.exe.log Download File
Process:	C:\Users\user\AppData\Roaming\WindowsUpdate.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	24:MLF20NaL3z2p29hJ5g522rW2xAi3AP26K95rKoO2+g2+:MwLLD2Y9h3go2rxxAcAO6ox+g2+
MD5:	5AD8E7ABEADADAC4CE06FF693476581A
SHA1:	81E42A97BBE3D7DE8B1E8B54C2B03C48594D761E
SHA-256:	BAA1A28262BA27D51C3A1FA7FB0811AD1128297ABB2EDCCC785DC52667D2A6FD
SHA-512:	7793E78E84AD36CE65B5B1C015364E340FB9110FAF199BC0234108CE9BCB1AEDACBD25C6A012AC99740E08BEA5E5C373A88E553E47016304D8AE6AEEAB58EBFF
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\35774dc3cd31b4550ab06c3354cf4ba5\System.Runtime.Remoting.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\de460308a9099237864d2ec2328fc958\System.Configuration.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\527c933194f3a99a816d83c619a3e1d3\System.Xml.ni.dll",0..

C:\Users\user\AppData\Local\Temp\21.exe Download File
Process:	C:\Users\user\Desktop\cMXrP6YXvo.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	900994
Entropy (8bit):	7.560706052049211
Encrypted:	false
SSDEEP:	12288:cDpCT3m/baIGgI+ZdBE07uAAL3UfN5qsP6dudK5Yk7Er2nNuviB4CFG:E4H2xZdW0CAU3CNr3dKGr2ozCFG
MD5:	6C9447A6F1B04C75D95594338AE61E06
SHA1:	F2EBF6D355F30512AB1E92CAB9525A94F99BFEC5
SHA-256:	810781308E53BE9C2ACA613FB67EF7E577896DE69A2C2DEFF387A0763EAA2AE6
SHA-512:	ABD10D8DBB5097C5C09B8C498AEDE589A6B0EE20EAB03C615F84ADFDA61E87D63FACBA9CB53E117AE1E84B73DD4DE9A49236EDC5B17330FC73779A4124033616
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uJ...$...$...$./.{...$...%.:.$.".y...$..7....$.f."...$.Rich..$.................PE..L......H.................\...........0.......p....@.......................... ...............................................t.......p..H............................................................................p...............................text...h[.......\.................. ..`.rdata.......p.......`..............@..@.data...X\...........t..............@....ndata...................................rsrc...H....p.......x..............@..@........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\4.exe Download File
Process:	C:\Users\user\Desktop\cMXrP6YXvo.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	586861
Entropy (8bit):	7.360391735779929
Encrypted:	false
SSDEEP:	12288:Khzfld/fqWhWxlXWx/0tTJwbxlKzMbDtz6yrkvtVm:SPXqWtGtTOl0zM/6vtVm
MD5:	78EDE0254C66FA9E667E4CEB88754E1C
SHA1:	385599DCC3260AC9BB782DA9AB0C69A7BB541645
SHA-256:	A542D2953BB5F7516342E100BB01447371CDF7BAF2FD300D61B52D4D2E323DC1
SHA-512:	39B30A1AEA89DB0E30A208157B4E606463CAEC72E66D231EDBEC22044E8C66E09674C66D36E2AF363352735D0387C050BC73AEBA47D254ACFE0AB2D9C7965203
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uJ...$...$...$./.{...$...%.:.$.".y...$..7....$.f."...$.Rich..$.................PE..L......H.................\...........0.......p....@..........................................................................t.......p...[...........................................................................p...............................text...h[.......\.................. ..`.rdata.......p.......`..............@..@.data...X\...........t..............@....ndata...................................rsrc....[...p...\...x..............@..@........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\5.exe Download File
Process:	C:\Users\user\Desktop\cMXrP6YXvo.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	852277
Entropy (8bit):	7.535786145318411
Encrypted:	false
SSDEEP:	12288:WOe0qo8EWUK1CLF54EMctn6zleqHXFD/ABuqYrNav+qSz4SglH2zbr:WpZwW9cxjn6z917Nq+BVcSg12r
MD5:	3F332B62EEE0970F3189C689D5BD042A
SHA1:	F68F7DCC8FFCDD3F93333E711779E8D02DB2DFAE
SHA-256:	7C7983ADA08828EA0C0ED5B17B05F8DAD5BF6FA44E1A4692C37F18C340E14219
SHA-512:	2399BF335B60B87D1126B7CD663DFD937BE0DA7FEF815225D53940E5D01CF4B02969DC33D75E7B1F5F63B3233ED1EA179CC517C1C4639802293E4EA8CF25D5EF
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uJ...$...$...$./.{...$...%.:.$.".y...$..7....$.f."...$.Rich..$.................PE..L......H.................\...........0.......p....@..........................@...............................................t.......p...............................................................................p...............................text...h[.......\.................. ..`.rdata.......p.......`..............@..@.data...X\...........t..............@....ndata...................................rsrc........p.......x..............@..@........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\84a79tbwxmvn7adt Download File
Process:	C:\Users\user\AppData\Local\Temp\5.exe
File Type:	data
Category:	dropped
Size (bytes):	604159
Entropy (8bit):	7.96721366302899
Encrypted:	false
SSDEEP:	12288:uL2jvzmCP0rI7B+0G36tX8j6FTkYcwpWFt7tVYkfv:uCjrml0hGqtXiuT5WX7zYk3
MD5:	71353B7F9141FA3C5760ACE513F8C385
SHA1:	A6DD26880269F3FAEADA77C5F74ADE2433AF78C3
SHA-256:	FC517290096122DB50FF785F3E3FCE641EF2164EA93351A8655A43732344BF7C
SHA-512:	CDD0A4C4278D24019837811E429312D572BEC638812B5C35EA52CAFB443719974E7C614216A499D1008F843F021E06F1F3B6AD6E66082E616EC14D876C8108C0
Malicious:	false
Reputation:	unknown
Preview:	*...,.).F.C..L.q.='.Z[=.f.w4;..H..8V...s.......Ly./J...0(....0Q.jK.x.,.....J.........J6............Z..v%.bSZCc....?G......:..R.2q..z=.9...N\k....9...}C.....`}...Z.y..d...:Z..s....x.m..^/.-M...F..y...a.xj.].m...l.)U...u....){.#.h!...g..T.a.@Fn.e,.)..C;....k..Z[=cf.w.;..G8V&..s,........./J...!(.d."0R..P..D.Ft.).".S.v)WG...,p:yt...I..7tx./~....{.4....G..........e..iH.0.<L-.%...I.(N}.wD;QQ.x8.j$..(fKw.D...T.#.}V...dm..RF.G..)./#...lS..\|..5...#........H...Xjs......._....g..T.a.....$,.)...C04L.d.='.\[=cf.w4;..H..8...I....7....../J#..(.d..0RF.P.bD.t.)."...d.....Myt.v..zI....8./A..S..{.n.m.8..)....@...e.i...0\|.;-..>."z{(N}.wk;Q......j$...Kw..DL&\T/..}V...dm..RF.G...../#...lS..\| .5...#......m.Ho..Xjs......._....g..T.a.@Fn.e,.).F.C0zL.d.='.Z[=cf.w4;..H..8V...s.......Ly./J...0(.d..0RF.P.bD.t.).".S.v.WG...,:Myt.....I..7t8./A..S..{.n.m...G..........e..i...0\|<L-..>."z{(N}.wD;QQ.x8.j$..(fKw.DL..T/#.}V...dm..RF.G..)./#...lS..\| .5...#......m.Ho..X

C:\Users\user\AppData\Local\Temp\SysInfo.txt Download File
Process:	C:\Users\user\AppData\Local\Temp\5.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	48
Entropy (8bit):	4.387380345401073
Encrypted:	false
SSDEEP:	3:oNWXp5cViEaKC59KuCa:oNWXp+NaZ5v
MD5:	95FC50C7E40BB0D5EBD49FCBEE4E890D
SHA1:	E5086A9390CC8D6F512A206AB1AC4309A4CC4326
SHA-256:	DC88107DF527833D0D8B7AC45D31AF0E5343AE36AB9725016B046CDD77E46EC7
SHA-512:	4AC9E01163C00CC874BDBE1E4B5BF2463F8B53B9102705C774C790D8DFD8AEAD662DEDA812CF457022820FFD8174A1CD0275601C4BC6E4CCDB7E5A80CD52F799
Malicious:	false
Reputation:	unknown
Preview:	C:\Users\user\AppData\Roaming\WindowsUpdate.exe

C:\Users\user\AppData\Local\Temp\XKa04880 Download File
Process:	C:\Users\user\AppData\Local\Temp\21.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	4591
Entropy (8bit):	7.794336272839096
Encrypted:	false
SSDEEP:	48:9m2Vy1YuP9iiVuMixITWbT6HRWZ7cE9bQkuES3GuIeKa4V0hL5rN5fa4V0hL5rNw:d4hMhMiSybyRWXXuZgl2rbl2ruYXw7
MD5:	849C0F0C25C0194CEAB6A58C6211FF64
SHA1:	02A2F865F34FBE736F605A0696998D01C517F797
SHA-256:	F05B1978234ABECA87FB3E50E8E82B7500847236E6C1ABCC6BEF059C02EB47A1
SHA-512:	FB7EBA85F650DDB4388A8D98E8304FFE6907A791A6D2CB6963E99C82EAC34E690C2D26919D8D6188DB47E9CCBD1E04C5002170D9DED335E7DFBF47A1667D3A82
Malicious:	false
Reputation:	unknown
Preview:	PK........{97S...s............Files/BJZFPPWAPT.xlsx..I.@!.D......8..t....#.@.P.....~].....A786.g.....cf..K.^..0.].p....H..[..Tb..v........4C..?Nw....r.P....Z=...A8).....FF.vc.4....>Z.4.......D".?#l...R).+f.]K.=.4.].^E5W....[........c.W.^}s..hn.3..O.jHj..R....\|.......QAk.!.........F.....;.5.zi....<....'..O....9..Un.:.x>..6..n...Ch...c.IuT..F..#.8.r3..T-g&.S.\...Q.u!..A..g.......(...."..0}Y..`..V...mu...3w...(.ob...........x....@.f... ....0...l.'.....M.H..\|i.9j.&Tq...s..f.}.{I.o.%...GE....G.M"..NxV..S..j....,.`.1].h7..:....X...L[.>k...s.../....E...<t}..3.y4.n..R.G.v.J+....N3...._.K.w{.x.._}.lc...JT{...W`...W[).L/.....a.&U....ggNgA.w.V......(..?PK........{97St..O............Files/DUUDTUBZFW.pdf..G.e!...-.E....M.._H.7E....1.s.2.".^..9k........q.'X...T.F....{Ck......lRMlj.j..>. :..2..".5=..E..`.{a...m..X.zLw....6z5.].a.....xcg.nR......:.y...b..........v].9.....7.D..9.......W}......S.n..W..&..*t.R.n.]....`.PV.K..i2.\|.}]\e...........

C:\Users\user\AppData\Local\Temp\bhvF9AC.tmp Download File
Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0x03e14b46, page size 32768, DirtyShutdown, Windows version 10.0
Category:	dropped
Size (bytes):	26738688
Entropy (8bit):	1.036776001810439
Encrypted:	false
SSDEEP:	24576:71GA2TacxucRfDw/bD0Xko5QqbMgSFDb7uBi:4RfDNy
MD5:	7C28E5D6F9BCB55F14F18A45CDAC3E3C
SHA1:	3F545A869267943EB5C2F09A092A2B86654C4F75
SHA-256:	E782CEFE553C498A49729104529D0B134DB4B5FD46435D082C5465A43D8009A2
SHA-512:	6B5B2D2CF5D29E91F7472600EC382DEE972D20DAEFBF1B730725A1350E1CD563533EB6A3211F21F9B30BD06448BBA32E827E4E51646FB3FBC2EC7775938A42D3
Malicious:	false
Reputation:	unknown
Preview:	..KF... .......F1.......te3....wg.......................o.....6....y..2)...y..h.q.........................6..43....wI.............................................................................................Z............B.................................................................................................................. .......2)...yA......................................................................................................................................................................................................................................R.>....y.w.................j.B....y..........................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\c1cbn8ydb22 Download File
Process:	C:\Users\user\AppData\Local\Temp\21.exe
File Type:	data
Category:	dropped
Size (bytes):	679935
Entropy (8bit):	7.985731057036001
Encrypted:	false
SSDEEP:	12288:DYUImlFPDAriO+Za0AnZ7sLbGZ9ARLEUfi5qPP6QudMoYjlEr2na:Dh/Fcr3T0uKKDAdECimwdMwr2a
MD5:	5022658720DC7BBAF4A2A177292C1AED
SHA1:	722AAF02F5198029E2A91A93BD204F62E71BD77C
SHA-256:	F62E47CBD04EF2E3488B98BD3C473218D97D2D2B46B6B49C874AAE439961BD5A
SHA-512:	72289FDB58AD4EDE39CB3620FFE2E929FD9FC76F17FF46491425BE73E255FD5244CEBD27B579963A8703C7DD2AC9D3A4D63EC6F98F87E83FE0F4F5DBDBED3708
Malicious:	false
Reputation:	unknown
Preview:	0jb.}...q....8.......,L.,M.^.)....?'@l..Y.J6.A..F......W.XX.f[.wV;..J!Q.eet......-.1..l(.mm...~.eJ.K.b&R..../\.x..G..6.....0L../.S$1....1...@....}.P.C?...:.,......R...I..d.BLqg.&..J!...Zt\|........1.]8.w..,.......x..D.A..Q..h..,.%.t.\|.2.."y..B.C...q..`..8.......,.e.M.\|.F;..B?'@l.Y.6.A..F......W.X.I.q.!X4.7.`.!...p}..F..u9.d..m9..>.?...$........E...!.....G..6.....}...uo.o............~..R.Yi..._..n,..1..8...I..d.BLqg.&X.31...Z\.g.vg\.P..@]..w..,..z.W.x.CA..V.....h.Y,.%.8.\|d...bP..B.C..........SQ^w...,..M.. .).{..v.@l..Y.J6.A..F.....%O.W.X.I.q.!X4.....Z.@.....].u9.d..m9..>.?...$........E...!.....G..6.....}...uo.o............X~..R.Yi...LS.n,..1..8...I..d.BLqg.&..J!...Z ...v.\.P.Q@]8.w..,..z.W.x.CAD.>r.Q..h>.,.%.t.\|9..."...B.C.........8.......,.,M.^.)....?'@l..Y.J6.A..F...*...W.X.I.q.!X4`9r`.!...}'...].u9.d..m9..>.?...$........E...!.....G..6.....}...uo.o............X~..R.Yi...LS.n,..1..8...I..d.BLqg.&..J!...Z ...v.\.P.Q@]8.w..,..z.W.x.CAD

C:\Users\user\AppData\Local\Temp\holderwb.txt Download File
Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
File Type:	Little-endian UTF-16 Unicode text, with no line terminators
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:Qn:Qn
MD5:	F3B25701FE362EC84616A93A45CE9998
SHA1:	D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
SHA-256:	B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
SHA-512:	98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
Malicious:	false
Reputation:	unknown
Preview:	..

C:\Users\user\AppData\Local\Temp\nsbCF78.tmp\rgsbzeog.dll Download File
Process:	C:\Users\user\AppData\Roaming\WindowsUpdate.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	6.52147420132688
Encrypted:	false
SSDEEP:	3072:MO9DZ1DVIbQwhPUfwNRcqz3+dpHquOt/l:MaN1JyQoPMa3+FSl
MD5:	C16079C8EB03B8859CDFFD31F4137C80
SHA1:	4F76339C9DE64C0D0943C06AD7FC4D499FB2ACBB
SHA-256:	0C9930C5091E500AB5EDF26F6D3BA85BAB02C65DBDE677068B0943308F29FEAB
SHA-512:	6B4864972150C271D45A58DD5F7CBCD2EADB691A62D65957A5B76DE1EAE7D00D7D996CBCD6EB45F20F6CFFA42AA68190DCA52E2D5A4324B8D9BA90E24BEE6404
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%]..v]..v]..vP.(v}..vP..vR..vP.)v3..vI..wD..v]..v,..v...w\..v...w\..v..6v\..v...w\..vRich]..v........PE..L....`.a...........!......................................................................@.................................d....................................... ...............................@...@............................................text............................... ..`.rdata..Jf.......h..................@..@.data....p... ...T..................@....rsrc................V..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nscFA17.tmp\kqkz.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\4.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	160256
Entropy (8bit):	6.538000111857781
Encrypted:	false
SSDEEP:	3072:6kXjhUexwgZf4JkvBr+t/kBsNrjuO4/l:6WlUMvZfskp9k+Ll
MD5:	E490C0FA5D75CB0A0A4A9B14A3BB56F7
SHA1:	292116CCA1504B66133959782B4E0CE3F999D42A
SHA-256:	F1ADD8B1979665AC28925D672396BEB2F797AF923BE5F2BF1EC4ED25A7AF5131
SHA-512:	A515B6E0011A52CAF4C0466127A9716D90EC4B3525F2A4186A12D66AF656AB966B190AC13A9715DA96033EA575366D865DAD08B0FE9920C19D33AEC479BB9622
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x&..H...H...H..K....H..K....H..K....H..rI...H...I...H..lL...H..lH...H..l....H..lJ...H.Rich..H.................PE..L...q`.a...........!......................................................................@.........................................................................@...............................`...@............................................text............................... ..`.rdata...f.......h..................@..@.data....q... ...V..................@....rsrc................X..............@..@.reloc...............Z..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsdC84E.tmp\rgsbzeog.dll Download File
Process:	C:\Users\user\AppData\Roaming\Windows Update.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	6.52147420132688
Encrypted:	false
SSDEEP:	3072:MO9DZ1DVIbQwhPUfwNRcqz3+dpHquOt/l:MaN1JyQoPMa3+FSl
MD5:	C16079C8EB03B8859CDFFD31F4137C80
SHA1:	4F76339C9DE64C0D0943C06AD7FC4D499FB2ACBB
SHA-256:	0C9930C5091E500AB5EDF26F6D3BA85BAB02C65DBDE677068B0943308F29FEAB
SHA-512:	6B4864972150C271D45A58DD5F7CBCD2EADB691A62D65957A5B76DE1EAE7D00D7D996CBCD6EB45F20F6CFFA42AA68190DCA52E2D5A4324B8D9BA90E24BEE6404
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%]..v]..v]..vP.(v}..vP..vR..vP.)v3..vI..wD..v]..v,..v...w\..v...w\..v..6v\..v...w\..vRich]..v........PE..L....`.a...........!......................................................................@.................................d....................................... ...............................@...@............................................text............................... ..`.rdata..Jf.......h..................@..@.data....p... ...T..................@....rsrc................V..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsoF0FF.tmp\orwglwkinzb.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\21.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	6.517636244325897
Encrypted:	false
SSDEEP:	1536:7hzc53Ocai7Llp7SW5LuHa6cRbTLGhwTVPXu9pFI5QnJqz5y8E/Ztkh0W0wsWjce:7hQ0cj66JRihwTlV2IHE/V9rqs9uOP
MD5:	5E22EEE55114158A4923FE7F8BC9F053
SHA1:	AB3E35814486EC8AC7CB41DDADC219EC696C2707
SHA-256:	2495D9B36FCD65282D7752BDFF2FD286A27D1F70965F9DF45DB0D818E03CDD02
SHA-512:	557B8E36F6482F6A4903B8282A556D5D579A653E0CB94643019997A645ABED1EA39AA09E7DC70EC535F2A2CB0DE14193AF378F6792BF690B862F1E1F6C01DB6B
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t&..H...H...H..G....H..G....H..G....H..~I...H...I...H..`L...H..`H...H..`....H..`J...H.Rich..H.........................PE..L....b.a...........!......................................................................@.........................................................................@...............................`...@............................................text............................... ..`.rdata...f.......h..................@..@.data....o... ...T..................@....rsrc................V..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsqF40D.tmp\rgsbzeog.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\5.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	6.52147420132688
Encrypted:	false
SSDEEP:	3072:MO9DZ1DVIbQwhPUfwNRcqz3+dpHquOt/l:MaN1JyQoPMa3+FSl
MD5:	C16079C8EB03B8859CDFFD31F4137C80
SHA1:	4F76339C9DE64C0D0943C06AD7FC4D499FB2ACBB
SHA-256:	0C9930C5091E500AB5EDF26F6D3BA85BAB02C65DBDE677068B0943308F29FEAB
SHA-512:	6B4864972150C271D45A58DD5F7CBCD2EADB691A62D65957A5B76DE1EAE7D00D7D996CBCD6EB45F20F6CFFA42AA68190DCA52E2D5A4324B8D9BA90E24BEE6404
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%]..v]..v]..vP.(v}..vP..vR..vP.)v3..vI..wD..v]..v,..v...w\..v...w\..v..6v\..v...w\..vRich]..v........PE..L....`.a...........!......................................................................@.................................d....................................... ...............................@...@............................................text............................... ..`.rdata..Jf.......h..................@..@.data....p... ...T..................@....rsrc................V..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpG355.tmp (copy) Download File
Process:	C:\Users\user\AppData\Local\Temp\4.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	586861
Entropy (8bit):	7.360391735779929
Encrypted:	false
SSDEEP:	12288:Khzfld/fqWhWxlXWx/0tTJwbxlKzMbDtz6yrkvtVm:SPXqWtGtTOl0zM/6vtVm
MD5:	78EDE0254C66FA9E667E4CEB88754E1C
SHA1:	385599DCC3260AC9BB782DA9AB0C69A7BB541645
SHA-256:	A542D2953BB5F7516342E100BB01447371CDF7BAF2FD300D61B52D4D2E323DC1
SHA-512:	39B30A1AEA89DB0E30A208157B4E606463CAEC72E66D231EDBEC22044E8C66E09674C66D36E2AF363352735D0387C050BC73AEBA47D254ACFE0AB2D9C7965203
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uJ...$...$...$./.{...$...%.:.$.".y...$..7....$.f."...$.Rich..$.................PE..L......H.................\...........0.......p....@..........................................................................t.......p...[...........................................................................p...............................text...h[.......\.................. ..`.rdata.......p.......`..............@..@.data...X\...........t..............@....ndata...................................rsrc....[...p...\...x..............@..@........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\wfkc2ng2j1zi47wu Download File
Process:	C:\Users\user\AppData\Local\Temp\4.exe
File Type:	data
Category:	dropped
Size (bytes):	292351
Entropy (8bit):	7.962109927544079
Encrypted:	false
SSDEEP:	6144:sqgPWQ5LygxHB7pCGfvgAxjCaJ3bOB7ue86z3hTL:sqgR5LyyhNfoAAm3CBSe8wL
MD5:	C74CA0B179975FE89176F547FB451295
SHA1:	58AB2433A0D92963878565A1E618A6743F168B1D
SHA-256:	34B93EA5F2702E8115430860C6363F8FBD96D9DB9C408FDE8A3E9CC60BCC63FE
SHA-512:	AC19409FEEA8AA831516E767403A64ACDC0CB339A178EE97CF1027E3DED15D5B9E639D310204E5FEF67E40B15101C5E39E89CC5EE90D8392F84F59E87F229E35
Malicious:	false
Reputation:	unknown
Preview:	.t.{.+X.>.r.Qo....l@gx.....]Q..'....Ia.3.V[...T..x..q9......K...T.$.).[...P......_.qa..N..f....Q......h.........C..e.7K#..n6...8.+.t..B)...d.m.M....e ..\|.<^%.&....^..v.....1BF.{T..2.%..1.....j_.x.w./i.L&O.........6....g........P... .cn\...s.r...}..{t+X..Gr.....c.x.gx.....]3.:4E....a.3q][...Tw.x...9.....G...A...;.......(.........6g.s...=..z.=....."I%..........n....4...fm/..&.c.....^....N.{K.i.\.[t.v%.g. #....8L..9.......J.G.BJ2....T..#.e..]uH..}PJ.wJ....?...B....\|.PV.G1^..s.r.......X+X.l.r.....yl@gj.....]Q..'...%Ia.s~...a.T..x..-9.....G....v........[..(..=.;f...6a6........=.."..."I......1a.\|_d...e..C4....Y/..l.C...._X.ed...N..K.#.Px&c.v%.o` #r#...wL2........J.G.BJ.....T..#.e...7HF.}PJ.wJ.......'NB....\|.PV.G1^..s.r...}..{t+X.V.r.....l@gx.....]Q..'....Ia.3.V[...T..x..q9.....G....v........[..(....I....6g&...L=..z.=......"I......a.....n6...4...fm/..l.C.c.._X.ed...N.{K.i.\.[t.v%.g. #......L2.9.......J.G.BJ2....T..#.e...7HF.}PJ.wJ.......'NB.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\CookiesChrome.txt Download File
Process:	C:\Users\user\AppData\Local\Temp\21.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	672
Entropy (8bit):	5.018543897461722
Encrypted:	false
SSDEEP:	12:VCM+42di2eQeaHRmpQsZrdLW8YxG4mWmXtv/OaA2miQOQQCwi5Cs2dop:gMephxyVZUZx71Kt3Oa33HQ4xqp
MD5:	F00C054F65763B51876436B0BB9026B2
SHA1:	A3F02F37CCAABAA1346E1421DA1B2C262FBB28F5
SHA-256:	06240FCB4C024BAC0BFCF0D6E828B6ABC1CD0C5BFC02A818F2A673612F66D9F9
SHA-512:	C01B8677FF218292A5A5E47A377614722824FC6874154A432FF19434369E8CE5A4ECBF47DA524F91540CFD48903BE7D1438AE6BE6622B1B0B3B8FC02AF4768E3
Malicious:	false
Reputation:	unknown
Preview:	[{.. "Host raw": "https://.google.com",.. "Name raw": "NID",.. "Path raw": "/",.. "Content raw": "7631303F6D5C3F3F163F3F3F3F4C196F3F3F74205B3F7D293F31033F0E503F573F313F5C3370183F1E153F23301C6A3F763D3F5E3F581067381B3F3F3F5112453F5F3F3F3F043F71156570243F3F24043F3F3F1632723F",.. "Expires": "12:00:00 AM",.. "Expires raw": "13261762877462365",.. "Send for": "Any type of connection",.. "Send for raw": "false",.. "HTTP only raw": "false",.. "SameSite raw": "no_restriction",.. "This domain only": "Valid for subdomains",.. "This domain only raw": "false",.. "Store raw": "firefox-default",.. "First Party Domain": ""..},..{....}]....

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files.zip Download File
Process:	C:\Users\user\AppData\Local\Temp\21.exe
File Type:	Zip archive data (empty)
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.4575187496394222
Encrypted:	false
SSDEEP:	3:pjt/lC:NtU
MD5:	98A833E15D18697E8E56CDAFB0642647
SHA1:	E5F94D969899646A3D4635F28A7CD9DD69705887
SHA-256:	FF006C86B5EC033FE3CAFD759BF75BE00E50C375C75157E99C0C5D39C96A2A6C
SHA-512:	C6F9A09D9707B770DBC10D47C4D9B949F4EBF5F030B5EF8C511B635C32D418AD25D72EEE5D7ED02A96AEB8BF2C85491CA1AA0E4336D242793C886ED1BCDD910B
Malicious:	false
Reputation:	unknown
Preview:	PK......................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files.zip~RF33e6bf3.TMP (copy) Download File
Process:	C:\Users\user\AppData\Local\Temp\21.exe
File Type:	Zip archive data (empty)
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.4575187496394222
Encrypted:	false
SSDEEP:	3:pjt/lC:NtU
MD5:	98A833E15D18697E8E56CDAFB0642647
SHA1:	E5F94D969899646A3D4635F28A7CD9DD69705887
SHA-256:	FF006C86B5EC033FE3CAFD759BF75BE00E50C375C75157E99C0C5D39C96A2A6C
SHA-512:	C6F9A09D9707B770DBC10D47C4D9B949F4EBF5F030B5EF8C511B635C32D418AD25D72EEE5D7ED02A96AEB8BF2C85491CA1AA0E4336D242793C886ED1BCDD910B
Malicious:	false
Reputation:	unknown
Preview:	PK......................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\BJZFPPWAPT.xlsx Download File
Process:	C:\Users\user\AppData\Local\Temp\21.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.704346314649071
Encrypted:	false
SSDEEP:	24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
MD5:	8B66CD8FCBCEB253D75DB5CDE6291FA2
SHA1:	6CE0386190B9753849299B268AA7B8D15F9F72E2
SHA-256:	51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
SHA-512:	7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
Malicious:	false
Reputation:	unknown
Preview:	BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\DUUDTUBZFW.pdf Download File
Process:	C:\Users\user\AppData\Local\Temp\21.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701195573484743
Encrypted:	false
SSDEEP:	24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
MD5:	2530C45A92F347020337052A8A7D7B00
SHA1:	7EB2D17587824A2ED8BA10D7C7B05E2180120498
SHA-256:	8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
SHA-512:	78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
Malicious:	false
Reputation:	unknown
Preview:	DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\EEGWXUHVUG.docx Download File
Process:	C:\Users\user\AppData\Local\Temp\21.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.690299109915258
Encrypted:	false
SSDEEP:	24:0C2jKPS/GeHBPaNDdBKW/PXAx+sTTqBVw8tk7LI/csnfv:UWKPaNjKW/PwxfTixkY/cSfv
MD5:	F0D9DE697149ECBC1D88C7EA4841E5BD
SHA1:	06A2A47C12B3554397AA0C8F483411CAB366947D
SHA-256:	5BE0708B77E41FC490ECEC9CDFF20C9479FC857E47CC276D6F68C0895EA68FB2
SHA-512:	E9953E00241C3FB48E267F1A49E2C53FEE4240415C7A48FAD089742C6C4AA1C5A9CCFEE616FC91EB29C1C8252A3095163A515ABA96A1F0B41A8B129929696917
Malicious:	false
Reputation:	unknown
Preview:	EEGWXUHVUGUAGDCAESAKQJADEXSKGQOTKSMYVIQMWCXKMREFNGUJHWRPPFJWEQHLMDSTAHLHBQSXLRGVYEPBLZILRXLTPZSELULGEDFWQHJHNIHNCTGEIAAPQHNOFANJGPRIYVQSOFCGDPFBTNYILXIPYTWVOYXFUCEEQWZRPXFERZCPKKZAHOYWHFAYDMSXERUPTEZISMPADRFDIWGTWAXETEOPJYWDNGCDFFZUXZZSPZVIILCQXOFDOGUOSZYPXXVLSNAWWPHQGNSYQXOUOGPFDMDNPFUONUSGUOUKYHHGHFFZYEDSZVDRUEJKGSHEMJARIAEZZDBZJFCMNUJIHQFHGDONGFEZRYCZYIAOXAXGWENMTPOKNMZPJSZVCDZRZPFIIYHXITKZBLAJXANTSBCWIGABZKBTKDJRSTSKYORPMNGHCZWCLOVFPZBMYKBYDRXMFUQJDNWZFCVEOXPGJMBQZRUEOTLHEFHKDZLVFBXLUSXRAXKVLWGOWARAQZHIMTYBWKPLWNJFMLQVXGRMIGEIPZEIFBYZRYNEEZHFMFOGMBEWLJPBXWVYHVEUKSKVKINVMDJKCSAOUXTMIHLOJXLTEKLKJDYABXRPKNGFOXISIFXHABTYQIPUCFNIJWNCTAFGYEIBCCNXPZQAGPHNNRICKSKCXWERLWTFSJWUSCBTVWSYUVWXJQHMSZYHAHYELYFPIBFZETDRPQBQHKMCXRRCAEYFIERXQZVCDZZBPQJJDQUDHKPMDBXPEBPFURYAPUWVWVJRWXHFXQGMVUGOILYXGFSMEFMKLBFACOSIKHHXRBRGYVIVAOTFNIIOQUZTHBZGOGPVUVYSYNHRKOADWYTLCNTHHCZYXXGFCXMFHZBZBCCMTYSROXNAHKABYAXPWRNKHCJYLAMQAUZBVJWHFXISFSKFXGFPDIOTITGPUETUYHRIXQOTIGEVDQWEBJVPDIUZVQFUBWREJIPSNXDGEKXKULZFHZQHQXPMBIYA

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\EFOYFBOLXA.docx Download File
Process:	C:\Users\user\AppData\Local\Temp\21.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696178193607948
Encrypted:	false
SSDEEP:	24:/X8jyAbnZdGxzRopIIg0xlAqLR61W80Ic9ALjzEk1CceqZQ:gyYnjGxdKL8NlMAzEk0EK
MD5:	960ECA5919CC00E1B4542A6E039F413E
SHA1:	2079091F1BDF5B543413D549EF9C47C5269659BA
SHA-256:	A103755C416B99D910D0F9B374453FADF614C0C87307A63DB0591D47EBBD14F4
SHA-512:	57D6AD727BEB9ADB7DED05BC0FCE84B43570492DA4E7A0CCAB42FFF2D4EEF6410AEDC446F2D2F07D9CE524C4640B0FB6E13DCD819051E7B233B35F8672A5ADB7
Malicious:	false
Reputation:	unknown
Preview:	EFOYFBOLXACUDYURQVAYVJXHJUGEEDPZADUOAPPOQQWQWQUHVVNJESQUUMLWZGSPUVGMFUNVUAJZVMUXELMWQMQASSSGGGJJGKEXZJITZCZHBFNFKPSAPJIYNYUGZHKNTNXKHXTBXQPWUVNOKJUTUOXNNMDSUPTQRWVDMMOHKVXWMJEBHSPNNEQFXTJSRJUQDTTDGEDEKBKLUEAXKKKWXKHTVKNTWBHTZOKZNDMJXKTTGHRNAWWIBUILXUMWZIMCXVXLGVWBIWAGGRITYGTHZCIUGGSPBVQPVSAMZBKHRKSRUKMYEZBGFASYOHNDHDAZICVMOQUNZQXFSSSWJJUJLOPCNSUDNPJGXSQCNLKWNAYAVAFMTSLCNOUBHQKHOIALXKEFDFFQBAGKRNRBIWVREZJOOFMLXAZTWLEAOZRHRBFSBONLILGVTOFKSPDKLHKEYWTXRPOWVHUMWWBBJNKSDDHCZCEZBDSJNMTTRGVZQVZUMECWAMCSNGCNYLUINFNXYCBEUKXUHVXAVTHIPURBBNFYVJTFMOLRZVAXLTLVSXETAIDBKHKCPFZAFQDPCXVFIVQQGEEICSHLCAYFSNSDHOELLSCZOGAAUENDMPCOCUFYZDMLPBNKDUGRDZRARSOMIJFRZRZUIHDMSAFFCNVKSOSQISTWGPAEHFMPZCCZNXMQBAWCBEUPECUJREOJQIHRSWCZZFJMFLJKICDWHXVLIXNXPRQGJYJUOGNEDHQPGFRLOHFADQRBTSXNGFAZNOZBJCPSPRRNIVIHFGIRZACAKFSLJETQMVKRUZJTTQSUXQEUOQNSNEMJADFUZUYAEXCLKPKWEYZNEOFNRPIUJKDSUTOXHDBKNTEVKKRRKWGOAZKYTICBSAEESHOCGXXGAWBZZLXBQCOVSSJALBIGTSKJTMZXGQLEURKHCIHHNDAYOKUXKAVYIWQFZVMPKEXXMPJUYHRWAIPFWTLCJRNQCRDENEBUALFGVEULSBFIKWOO

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\EFOYFBOLXA.pdf Download File
Process:	C:\Users\user\AppData\Local\Temp\21.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696178193607948
Encrypted:	false
SSDEEP:	24:/X8jyAbnZdGxzRopIIg0xlAqLR61W80Ic9ALjzEk1CceqZQ:gyYnjGxdKL8NlMAzEk0EK
MD5:	960ECA5919CC00E1B4542A6E039F413E
SHA1:	2079091F1BDF5B543413D549EF9C47C5269659BA
SHA-256:	A103755C416B99D910D0F9B374453FADF614C0C87307A63DB0591D47EBBD14F4
SHA-512:	57D6AD727BEB9ADB7DED05BC0FCE84B43570492DA4E7A0CCAB42FFF2D4EEF6410AEDC446F2D2F07D9CE524C4640B0FB6E13DCD819051E7B233B35F8672A5ADB7
Malicious:	false
Reputation:	unknown
Preview:	EFOYFBOLXACUDYURQVAYVJXHJUGEEDPZADUOAPPOQQWQWQUHVVNJESQUUMLWZGSPUVGMFUNVUAJZVMUXELMWQMQASSSGGGJJGKEXZJITZCZHBFNFKPSAPJIYNYUGZHKNTNXKHXTBXQPWUVNOKJUTUOXNNMDSUPTQRWVDMMOHKVXWMJEBHSPNNEQFXTJSRJUQDTTDGEDEKBKLUEAXKKKWXKHTVKNTWBHTZOKZNDMJXKTTGHRNAWWIBUILXUMWZIMCXVXLGVWBIWAGGRITYGTHZCIUGGSPBVQPVSAMZBKHRKSRUKMYEZBGFASYOHNDHDAZICVMOQUNZQXFSSSWJJUJLOPCNSUDNPJGXSQCNLKWNAYAVAFMTSLCNOUBHQKHOIALXKEFDFFQBAGKRNRBIWVREZJOOFMLXAZTWLEAOZRHRBFSBONLILGVTOFKSPDKLHKEYWTXRPOWVHUMWWBBJNKSDDHCZCEZBDSJNMTTRGVZQVZUMECWAMCSNGCNYLUINFNXYCBEUKXUHVXAVTHIPURBBNFYVJTFMOLRZVAXLTLVSXETAIDBKHKCPFZAFQDPCXVFIVQQGEEICSHLCAYFSNSDHOELLSCZOGAAUENDMPCOCUFYZDMLPBNKDUGRDZRARSOMIJFRZRZUIHDMSAFFCNVKSOSQISTWGPAEHFMPZCCZNXMQBAWCBEUPECUJREOJQIHRSWCZZFJMFLJKICDWHXVLIXNXPRQGJYJUOGNEDHQPGFRLOHFADQRBTSXNGFAZNOZBJCPSPRRNIVIHFGIRZACAKFSLJETQMVKRUZJTTQSUXQEUOQNSNEMJADFUZUYAEXCLKPKWEYZNEOFNRPIUJKDSUTOXHDBKNTEVKKRRKWGOAZKYTICBSAEESHOCGXXGAWBZZLXBQCOVSSJALBIGTSKJTMZXGQLEURKHCIHHNDAYOKUXKAVYIWQFZVMPKEXXMPJUYHRWAIPFWTLCJRNQCRDENEBUALFGVEULSBFIKWOO

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\NVWZAPQSQL.xlsx Download File
Process:	C:\Users\user\AppData\Local\Temp\21.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.6998645060098685
Encrypted:	false
SSDEEP:	24:FzrJLVfPTlXwAGfwXz0vRDC0aYECjYTixDXXwDyDFdJCSuHFF03T:FRLVHTlXwAGEoVCRYF0EDXgDVFHUj
MD5:	1676F91570425F6566A5746BC8E8427E
SHA1:	0F922133E2BEF0B48C623BEFA0C77361F6FA3900
SHA-256:	534233540B43C2A72D09DBF93858ECD7B5F48376B69182EDBCA9983409F21C87
SHA-512:	07D3CA8902964865FE9909054CF90DA1852678FBE58B1C0A8C2DBA2359A16DCBD43F23142D957DB9C1A8C2A1811EF4FEA74B0016A6F469538366B4FF01C8A146
Malicious:	false
Reputation:	unknown
Preview:	NVWZAPQSQLDLCZFLTMOWSKLFWOMMGYWWTZSPFFTDRHOTSSRKDGSJCIGMJJNKHMSAEMKBPGYCFVANNLUHHUMQOHINWJABNFIWWWZXJLCANQSKWMIWKPMVTCWFUMQBAGWZRWHRCMJDSNPGGGNECNQGPIZXLBIMLXMHDDXDKVYPEKRCNITDGJJNAEAATOVDDPBUDYWRPDYWARJTFXBUUZABBVURIWKONIVMPCYVUBTOTCIJJVRWYUNYHAFJZUMVTOIXZGAVVNSRENTVPHFLSLFWBLPFQDMQCJIHRXSQOTPSPDZKXCRBHZXDQIECBJTNIRGCACNADPHRWIVAWGPANEMHGPPPARWYWAOAHPWQLEGOBGVNWVBIFLAEOZYELRFOEZQCQIXCQBUKZGPOQFLHFLCFTYWBDGCWMDWICTICWVZEAQNJOOVCGQZYTBBXQPEYFQMSMETMKKZMRGXXLCDXDEEEJKZAUNEWZONYMVVIZOWQRUQYNOEFMWEVWXFAZRHGHUXGAYODAXDNQONZPVBKRYIOLZJIYSHJSCEPYVMYISKJIWPKVGUQBNLZCUFGXBFZDDRGUMCLJGJPDAZKZLRMDSBFEJQYNNKTHBMJMUHVUOIVZRULJFFYIUMOHUGCJUYZGXKXNIWZUKRIYDZATEOXGMHUPOOBIHEEVPKQEZDDWJHKEKLNTMWMDCFDOYCCDOERYFZNFUDEHYXIBQAVVOHQNIEWZODOFZDFJSWYCJMWWOIZSCZSZBGOIFHRDBXHKMCCLSYNVVXYLWKXEKVHIZEBIBHWMXDXEGZDYWRROMYHTDQVCLXOGVHWHFNIDZOXWTTPAMAKJIYLNQIEDSCCTSBLPHTTGLCIYXXWIBXAGYBACOKOTPPBKACWQBYRTKFMCSSRYQNESLPTLSLCWCSLHOGHNCGUFWMYXDBUFSOKFIDUIBHTQJFIQTVZZVIZEWTBSHJWKQXGUWLFKNDUSKPDSMJNJJNEEOWEHOKTNZWRDNOXWJEK

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\GX1E0XX84V.zip Download File
Process:	C:\Users\user\AppData\Local\Temp\21.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	335116
Entropy (8bit):	7.99865634158973
Encrypted:	true
SSDEEP:	6144:lF/AL7I6x342wEvy2G+HX6I96ebo91jyxYcGW0d4eNfHHLsdXsb2py1vSLa3ob:lFI1BqIETjyxr+PHqHpWvCFb
MD5:	9DEE51A7DF7E726BA206C00F23D66971
SHA1:	5B03D00901AFC9B0576694D7F6EB87AEC9C3559B
SHA-256:	1D4BA7BF1A88C1CBAF7341778FD54FA552E0E3004338F985E386F868659CF5A2
SHA-512:	9FB8116D5815BAE45DAF5955E85FC3AC45B5C13043E2C93D301A0EDD988451E816A3508C5F21365EF4B6E9B2835ECDDF83B6A73D95A6501EAC9EECA0468C1F7C
Malicious:	false
Reputation:	unknown
Preview:	PK........fd.@.k.W....{%......sqlite3.dll..}\|T.8..3s.L..3.....5j...2$.....q..h\|....@..Lz....jk.V{...[...$.L.TC.B...S8.....4.[k.3.I.......y>.-.}...z.k...l3g.8N...................k$.-.o7......G...U.......A.SO...?.R.\|&e...g....pA..~..3w....j.....h....y.k...9....1.7..f.r\f....R.d.....m.ba..o..?.o.....<....R.r..ga?)q...h.7#...rU...o..8.u....=...bwJ.H..~_..!.k....;.~Bz..#9}......\z....?.-...w.w..\|n..O.Y..7p.lq..s....^..#.+n..^..]........\rV.....Ww.g.#.fs....s\'...._...#...[..s?z.......~...u.tc.q-.2.....u....M.i....{x>[.]....y8.u....N.{.,...?..m.{x...a...8h........~.>..K........C....,p...8.......\|.>/.S...:xr<N.E.....w7..X.....\|........G.^.t.....jQU.4.. @H...uc...N..j.Y.Z..S._.2.c0.+...B.?.Xe.}y...P..P.4*[h......4...Z.T.LOU....).....p.be%.C....P.z;..\Z.....V.....c3...;.@..T........<..c+..T.. ..j.f.)......\8..S.{.~.I/.6.....F..8g]..b....j,.2V...^..R..@N..._....[.....<t...U5KN..-Ej..."...Xl$.`.....Z :..a.P.....u....[:.^-..v...m2

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\KeyDataKICvvZkM.txt Download File
Process:	C:\Users\user\AppData\Local\Temp\21.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4810
Entropy (8bit):	4.370768647543859
Encrypted:	false
SSDEEP:	24:tkeeeeeeeeeeeeee6eeeeeeeeePCeeeeeeeeeeeeeedrrrrrrrrr7rBu:veeeeeeeeeQrrrrrrrrr7rBu
MD5:	CA1A817935DDCE8F4A2EDAB805F3F85B
SHA1:	6912406101C491A1E171121039D14B9FE47A83F1
SHA-256:	2BFACAE0F3858258B849EDB12D7C7778D0770B92BA003D299095C95E0A153842
SHA-512:	0D5DFFC0DF309DDD207EEB4BF876CF9BAB43D9F5C82E8AB8F5F4B6CBB26466F7298D4F6588FB789EE1FEB39B69FED23FC3F5C6248D659EACF5ED251B5665F603
Malicious:	false
Reputation:	unknown
Preview:	..[1:42:32 PM]<<Program Manager>>....[1:42:32 PM]<<Program Manager>>....[1:42:33 PM]<<Program Manager>>....[1:42:33 PM]<<Program Manager>>....[1:42:33 PM]<<Program Manager>>....[1:42:33 PM]<<Program Manager>>....[1:42:33 PM]<<Program Manager>>....[1:42:33 PM]<<Program Manager>>....[1:42:33 PM]<<Program Manager>>....[1:42:33 PM]<<Program Manager>>....[1:42:33 PM]<<Program Manager>>....[1:42:33 PM]<<Program Manager>>....[1:42:33 PM]<<Program Manager>>....[1:42:33 PM]<<Program Manager>>....[1:42:33 PM]<<Program Manager>>....[1:42:33 PM]<<Program Manager>>....[1:42:33 PM]<<Program Manager>>....[1:42:34 PM]<<Program Manager>>....[1:42:34 PM]<<Program Manager>>....[1:42:34 PM]<<Program Manager>>....[1:42:34 PM]<<Program Manager>>....[1:42:34 PM]<<Program Manager>>....[1:42:34 PM]<<Program Manager>>....[1:42:34 PM]<<Program Manager>>....[1:42:34 PM]<<Program Manager>>....[1:42:34 PM]<<Program Manager>>....[1:42:34 PM]<<Program Manager>>....[1:42:34 PM]<<Program Manager>>....[1:42:34 PM]<<Prog

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\KeyDataNFxGcyEe.txt Download File
Process:	C:\Users\user\AppData\Local\Temp\21.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	5637
Entropy (8bit):	4.389759941402933
Encrypted:	false
SSDEEP:	24:tZnnnnnnnnnnnnnns666666666666666EGGGGGGGGGGGGGGGAZZZZZZZZZZZZZd:Xnnnnnnnnnnnnnn2GGGGGGGGGGGGGGG+
MD5:	BD70E3D531458E9E30D1764514550896
SHA1:	FA99ABB537DE9CF23F19CF74F22082D6A172C00C
SHA-256:	6A6048402CAE762FC28A2D8FA4380F418207521BE38E567CDE7AECF35B9F9678
SHA-512:	EE91592BA094800FFD8066C1B321011E3B525ED484E857100F5DC9535AAE7934E7EF8DBF08A977825348FD22C77CEC7A5644BBFB21DF120C84100297B1672FC9
Malicious:	false
Reputation:	unknown
Preview:	..[1:43:54 PM]<<Program Manager>>....[1:43:54 PM]<<Program Manager>>....[1:43:54 PM]<<Program Manager>>....[1:43:54 PM]<<Program Manager>>....[1:43:54 PM]<<Program Manager>>....[1:43:54 PM]<<Program Manager>>....[1:43:54 PM]<<Program Manager>>....[1:43:54 PM]<<Program Manager>>....[1:43:54 PM]<<Program Manager>>....[1:43:54 PM]<<Program Manager>>....[1:43:54 PM]<<Program Manager>>....[1:43:55 PM]<<Program Manager>>....[1:43:55 PM]<<Program Manager>>....[1:43:55 PM]<<Program Manager>>....[1:43:55 PM]<<Program Manager>>....[1:43:55 PM]<<Program Manager>>....[1:43:55 PM]<<Program Manager>>....[1:43:55 PM]<<Program Manager>>....[1:43:55 PM]<<Program Manager>>....[1:43:55 PM]<<Program Manager>>....[1:43:55 PM]<<Program Manager>>....[1:43:55 PM]<<Program Manager>>....[1:43:55 PM]<<Program Manager>>....[1:43:55 PM]<<Program Manager>>....[1:43:56 PM]<<Program Manager>>....[1:43:56 PM]<<Program Manager>>....[1:43:56 PM]<<Program Manager>>....[1:43:56 PM]<<Program Manager>>....[1:43:56 PM]<<Prog

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\KeyDatagvFSTaHB.txt Download File
Process:	C:\Users\user\AppData\Local\Temp\21.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	5987
Entropy (8bit):	4.359737147715327
Encrypted:	false
SSDEEP:	96:o7777777777777777fffffffffffffffc:o7777777777777774
MD5:	4DC483DB6737E802039206F71CC016B5
SHA1:	A46013C60D0DF6EC195D4572807D1D8A65428D41
SHA-256:	B839D729DF73D90C1D8AC5FD2FC5EF7AE824408D2EC6A6B49AD75CADE1B94B74
SHA-512:	3F4569B04BED786805A5FDC3DC68F8AA307EB596457DF664FEB780C6CF5521264FE0D98F727ECEB2317EA84E7E74AA43D80C89DE6EE4E263378FD618FEBDAD53
Malicious:	false
Reputation:	unknown
Preview:	..[1:43:36 PM]<<Program Manager>>....[1:43:36 PM]<<Program Manager>>....[1:43:36 PM]<<Program Manager>>....[1:43:37 PM]<<Program Manager>>....[1:43:37 PM]<<Program Manager>>....[1:43:37 PM]<<Program Manager>>....[1:43:37 PM]<<Program Manager>>....[1:43:37 PM]<<Program Manager>>....[1:43:37 PM]<<Program Manager>>....[1:43:37 PM]<<Program Manager>>....[1:43:37 PM]<<Program Manager>>....[1:43:37 PM]<<Program Manager>>....[1:43:37 PM]<<Program Manager>>....[1:43:37 PM]<<Program Manager>>....[1:43:37 PM]<<Program Manager>>....[1:43:37 PM]<<Program Manager>>....[1:43:37 PM]<<Program Manager>>....[1:43:37 PM]<<Program Manager>>....[1:43:37 PM]<<Program Manager>>....[1:43:38 PM]<<Program Manager>>....[1:43:38 PM]<<Program Manager>>....[1:43:38 PM]<<Program Manager>>....[1:43:38 PM]<<Program Manager>>....[1:43:38 PM]<<Program Manager>>....[1:43:38 PM]<<Program Manager>>....[1:43:38 PM]<<Program Manager>>....[1:43:38 PM]<<Program Manager>>....[1:43:38 PM]<<Program Manager>>....[1:43:38 PM]<<Prog

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\LoginData Download File
Process:	C:\Users\user\AppData\Local\Temp\21.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\SQLite3_StdCall.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\21.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	60416
Entropy (8bit):	6.476799607351969
Encrypted:	false
SSDEEP:	768:iwxijL3LxouSmW7Z534ZO1z0/AgqWgjKDv01FoMRxrU:iwxiFNWdVOv/BijKavRK
MD5:	D77B227A28A78627C2323CAC75948390
SHA1:	E228C3951F2A9FD0FEBFE07390633AB4F35727F4
SHA-256:	527EC201DCD7695BD9830EB82AB35A3986121DE9EA156193834AED9D79223B82
SHA-512:	5627FBC8BBB98F644E21F101A68F0E0B07B87C264D00EA227286BED8AB6DD4EBF5114F03B632604F775FF93666A409A1A179A81EBFC9246956BA8150FF5B0587
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B-.J#C.J#C.J#C.C[.Q#C.C[.Y#C.C[...#C.m.8.H#C.Q..I#C.J#B.0#C.C[.I#C.C[.K#C.C[.K#C.RichJ#C.................PE..L...!<.N...........!.........J............................................... ..............................................,...<......................................................................@............................................text...\|........................... ..`.rdata...).......*..................@..@.data...8...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\ScreenshotmUMPZLtM.BMP Download File
Process:	C:\Users\user\AppData\Local\Temp\21.exe
File Type:	PC bitmap, Windows 3.x format, 1280 x 1024 x 24
Category:	dropped
Size (bytes):	3932214
Entropy (8bit):	6.4104198947219695
Encrypted:	false
SSDEEP:	24576:dKjpeq/x3bpEqEpGThqqaHME4I6qqaVyx2zn4I5pcu9FE4FhqweKITXDh8BZFXAx:ye0Z/ptNWrfoJVxT
MD5:	EB9EC2D1B42AB6E0E7DB40C81B1FBE14
SHA1:	595F2CF1C37F41D33A168B0152E263D8D011F8B1
SHA-256:	F8B0CCA1D2268DF9A8CDC404C8FCABA13635D1B83E946A97A511D5B44F453792
SHA-512:	9DFA9CABA44E4393A0C6EAC026720CB63D6A131383065B8B182E1B14B0BE4E508D56F190E84F5E8DEFBE0FABEECF7371C05AF6955700D7B3789040C527702D52
Malicious:	false
Reputation:	unknown
Preview:	BM6.<.....6...(.....................<...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\ScreenshotryUghrFh.BMP Download File
Process:	C:\Users\user\AppData\Local\Temp\21.exe
File Type:	PC bitmap, Windows 3.x format, 1280 x 1024 x 24
Category:	dropped
Size (bytes):	3932214
Entropy (8bit):	6.510029579903656
Encrypted:	false
SSDEEP:	24576:d7jpeq/x3bpEqEpGMthqqaHME4I6qqaVyx2zn4I5pcu9FE4FhqweKITXDh8BZFXR:+e0Z/ptzI4QD51G2
MD5:	F0324A37FA0AE8E9438FAECDF8BF8A79
SHA1:	01FC48C8E6A48797EB34633CE8B5C526A393FD84
SHA-256:	E02C108F8BBB01D1ADEDE90180CF7F37CC3BB7F1F16A22FFDECC354C495C3529
SHA-512:	8521AE3676E716D41DAAE8D5A381856772130F9F01F7782F76482302EE792CF200F512ED6325F5FEC291A42947B35A42CB3740D667E1A84327ABFBCC90178EF8
Malicious:	false
Reputation:	unknown
Preview:	BM6.<.....6...(.....................<...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\WebData Download File
Process:	C:\Users\user\AppData\Local\Temp\21.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\cookies Download File
Process:	C:\Users\user\AppData\Local\Temp\21.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6970840431455908
Encrypted:	false
SSDEEP:	24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBocLgAZOZD/0:T5LLOpEO5J/Kn7U1uBo8NOZ0
MD5:	00681D89EDDB6AD25E6F4BD2E66C61C6
SHA1:	14B2FBFB460816155190377BBC66AB5D2A15F7AB
SHA-256:	8BF06FD5FAE8199D261EB879E771146AE49600DBDED7FDC4EAC83A8C6A7A5D85
SHA-512:	159A9DE664091A3986042B2BE594E989FD514163094AC606DC3A6A7661A66A78C0D365B8CA2C94B8BC86D552E59D50407B4680EDADB894320125F0E9F48872D3
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\sqlite3.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\21.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	599419
Entropy (8bit):	6.490720742062744
Encrypted:	false
SSDEEP:	12288:OQwLOkFyRUXeqQg1vTuOv43WZfyy9IQoqyRHPvKftzTFJKs/:OetRUXeE1buOv4GZaQI9RHiJKs/
MD5:	5405413FFF79B8D9C747AA900F60F082
SHA1:	71CAF8907DDD9A3A25D71356BD2CE09BD293BD78
SHA-256:	3E5A28FFDE07AC661C26B6CCF94E64C1C90B1F25B3B24C90605AA922B87642EB
SHA-512:	2F09A30FC4DA5166BD665210FEFA1D44CE344F0EC6A37F127D677AEB3CA4FC0D09B7C9C1540F57DA1E3449B7F588A1C61115395E965FA153D4BAA5033266ED66
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....O...........!.....8...<......X........P.....`.................................[........ ...................... .......@..8............................p...$...........................`.......................A..l............................text....6.......8..................`.0`.data...<....P.......>..............@.0..rdata.......`.......N..............@.@@.bss..................................@..edata....... ......................@.0@.idata..8....@......................@.0..CRT.........P......................@.0..tls.... ....`......................@.0..reloc...$...p...&..................@.0B/4......`............B..............@.@B/19..................D..............@..B/35.....M............H..............@..B/51......C.......D...P..............@..B/63.......... ......................@..B/77..........0......................@..B/89..........@..........

C:\Users\user\AppData\Roaming\Windows Update.exe Download File
Process:	C:\Users\user\AppData\Local\Temp\5.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	852277
Entropy (8bit):	7.535786145318411
Encrypted:	false
SSDEEP:	12288:WOe0qo8EWUK1CLF54EMctn6zleqHXFD/ABuqYrNav+qSz4SglH2zbr:WpZwW9cxjn6z917Nq+BVcSg12r
MD5:	3F332B62EEE0970F3189C689D5BD042A
SHA1:	F68F7DCC8FFCDD3F93333E711779E8D02DB2DFAE
SHA-256:	7C7983ADA08828EA0C0ED5B17B05F8DAD5BF6FA44E1A4692C37F18C340E14219
SHA-512:	2399BF335B60B87D1126B7CD663DFD937BE0DA7FEF815225D53940E5D01CF4B02969DC33D75E7B1F5F63B3233ED1EA179CC517C1C4639802293E4EA8CF25D5EF
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uJ...$...$...$./.{...$...%.:.$.".y...$..7....$.f."...$.Rich..$.................PE..L......H.................\...........0.......p....@..........................@...............................................t.......p...............................................................................p...............................text...h[.......\.................. ..`.rdata.......p.......`..............@..@.data...X\...........t..............@....ndata...................................rsrc........p.......x..............@..@........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\WindowsUpdate.exe Download File
Process:	C:\Users\user\AppData\Roaming\Windows Update.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	852277
Entropy (8bit):	7.535786145318411
Encrypted:	false
SSDEEP:	12288:WOe0qo8EWUK1CLF54EMctn6zleqHXFD/ABuqYrNav+qSz4SglH2zbr:WpZwW9cxjn6z917Nq+BVcSg12r
MD5:	3F332B62EEE0970F3189C689D5BD042A
SHA1:	F68F7DCC8FFCDD3F93333E711779E8D02DB2DFAE
SHA-256:	7C7983ADA08828EA0C0ED5B17B05F8DAD5BF6FA44E1A4692C37F18C340E14219
SHA-512:	2399BF335B60B87D1126B7CD663DFD937BE0DA7FEF815225D53940E5D01CF4B02969DC33D75E7B1F5F63B3233ED1EA179CC517C1C4639802293E4EA8CF25D5EF
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uJ...$...$...$./.{...$...%.:.$.".y...$..7....$.f."...$.Rich..$.................PE..L......H.................\...........0.......p....@..........................@...............................................t.......p...............................................................................p...............................text...h[.......\.................. ..`.rdata.......p.......`..............@..@.data...X\...........t..............@....ndata...................................rsrc........p.......x..............@..@........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\pid.txt Download File
Process:	C:\Users\user\AppData\Roaming\Windows Update.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	4
Entropy (8bit):	2.0
Encrypted:	false
SSDEEP:	3:Yn:Y
MD5:	1216A1BCA4361C39D1D77965C5D95EE3
SHA1:	D00584874546599A89371ACC75373A23BB6B4EEA
SHA-256:	CDCAF888B551E74FE7C4C6909B2216058D03A773F60AA31C5632EEBA2DCE71C2
SHA-512:	8C19FC291FAD0B1733B0AFE7ABD1E9490F36A58F593BCCA3D7C85A554009D84AAD605E9BED6972404E1C1184E72338A83743D2673C1289C024562D7D24CCC787
Malicious:	false
Reputation:	unknown
Preview:	4960

C:\Users\user\AppData\Roaming\pidloc.txt Download File
Process:	C:\Users\user\AppData\Roaming\Windows Update.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	49
Entropy (8bit):	4.441568140944513
Encrypted:	false
SSDEEP:	3:oNWXp5cViEaKC59KYr4a:oNWXp+NaZ534a
MD5:	6078085422A31D60FCEB24D4FA24B6E8
SHA1:	0CD056478F3D877B3D44C7B439485B1ACFD78F5A
SHA-256:	9113E6728CEB1F460E3CEAB19852A31602CD77A92E7B861802FE339FD5CFD837
SHA-512:	22CE5D96BB25519CB14F27BDB44D7FAEDC6D5C8B8F81A1F972EA638BF9731D8793C98359D7C9476D50AF46346E0964E82F5B0B2F8B1B6763B078D2B045FB2EA1
Malicious:	false
Reputation:	unknown
Preview:	C:\Users\user\AppData\Roaming\Windows Update.exe

C:\Windows\appcompat\Programs\Amcache.hve Download File
Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1572864
Entropy (8bit):	4.276017264540774
Encrypted:	false
SSDEEP:	12288:WRZpecG6Lj/4pJCnHnucMeCRlq5goVhAKQTFByyUubNBQgKbIVg8R:oZpecG6Lj/4pJCYd
MD5:	482BBEAE9F6217EE05920257171E169E
SHA1:	A279B72087FDC34ABA476831A51551C931DBEB33
SHA-256:	72F0619052F5ED3A75DD6DE6D506F9EFA060632EF840AC6755F160E6D446069E
SHA-512:	7AC76E26D21910B0D068864BBA7B1ABBE94BC138930F3257B7A991ACBE17B939E2380944ECE2AB2EA8D8EA6A1EABAFD4D60B00AC6F39BA619C06345C3E809FFA
Malicious:	false
Reputation:	unknown
Preview:	regf[...[...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm...b................................................................................................................................................................................................................................................................................................................................................A.?........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\appcompat\Programs\Amcache.hve.LOG1 Download File
Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	3.3289717315779517
Encrypted:	false
SSDEEP:	384:pd8C5Rftx19PJ4XmsFFntsZd1DoXznwnIMBzrk4sZd1DoXznwnIMB:v88Rftx19J4XjFFtwuznVMBHXwuznVMB
MD5:	91AE694F7876974963D5D92A1C7D6A5C
SHA1:	B13B19E6B9C37B495DE5CDD0AA3FC1C4EFBD46FF
SHA-256:	D6367F32F0EEFF8D7F142F4A70F8BFF981ECC36EED59AE2D1A107D9BED816DFA
SHA-512:	0A7074DD8348D972DF1F792AA4CFE4C8C1B47CB0F1FB2DF490B2CA1F6D91D3099942C1E65EAE2DD81BD05E978B83D3D6E49DE93283AD21700B3CF725F47F52D0
Malicious:	false
Reputation:	unknown
Preview:	regfZ...Z...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm...b................................................................................................................................................................................................................................................................................................................................................G.?HvLE.>......Z...............s.Hz`..[.k0..........0..............hbin................p.\..,..........nk,.!..b.................................... ...........................&...{ad79c032-a2ea-f756-e377-72fb9332c3ae}......nk .!..b........ ........................... .......Z.......................Root........lf......Root....nk .!..b.....................}.............. ...............*...............DeviceCensus.......................vk..................WritePermissionsCheck.......p...

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.506766900421548
TrID:	Win32 Executable (generic) a (10002005/4) 91.47% NSIS - Nullsoft Scriptable Install System (846627/2) 7.74% Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.75% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02%
File name:	cMXrP6YXvo.exe
File size:	2351104
MD5:	32eb10c12a29b38f13730cd1f5dcad4d
SHA1:	4d0eb488a01fed1720483dfa270423bea593ca14
SHA256:	06550442678fb92b0273b83f349d47d3654fb72a7d98398ce3b63e3635b8e8f1
SHA512:	1e95f1a74b7f2dcde31b661aad078373dd757b689ee02e35e36090777a1b92cf7564271fc577df529c6e7c77b3d294cce0fd913243a7df6dc6acc2f58c2fb6c5
SSDEEP:	49152:AW3dW0e3O2oWFaLcZig+bnDPXqWtex9vtVl:AW3dWJloWFaLcZig+j2WcxLVl
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............i...i...i...d...i.Rich..i.................PE..L...>..V......................#.....L........ ....@........................

File Icon


Icon Hash:	20047c7c70f0e004

Static PE Info

General
Entrypoint:	0x40104c
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:	0x5699883E [Sat Jan 16 00:01:02 2016 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	be63889866f6bba2109402ee273e5652

Entrypoint Preview

Instruction
push 004010ECh
call 00007F5890A55013h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
dec eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ebx+051780CBh], ch

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1e94	0x28	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x3000	0x23bf84	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x220	0x20
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x20	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xf24	0x1000	False	0.426025390625	data	4.3741272274	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x2000	0x32c	0x0	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x3000	0x23bf84	0x23c000	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
CUSTOM	0x31a8	0x23b5fa	data
RT_ICON	0x23e7a4	0x130	data
RT_ICON	0x23e8d4	0x2e8	data
RT_ICON	0x23ebbc	0x128	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x23ece4	0x30	data
RT_VERSION	0x23ed14	0x270	data	English	United States

Imports

DLL	Import
MSVBVM60.DLL	DllFunctionCall, __vbaExceptHandler, ProcCallEngine

Version Infos

Description	Data
Translation	0x0409 0x04b0
InternalName	ViottoBinder_Stub
FileVersion	1.01.0001
CompanyName	BreakingSecurity.net
ProductName	ViottoBinder_Stub
ProductVersion	1.01.0001
OriginalFilename	ViottoBinder_Stub.exe

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 7, 2021 13:42:33.854114056 CET	49750	465	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:34.012614965 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:34.013402939 CET	49750	465	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:34.059323072 CET	49750	465	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:34.576917887 CET	49750	465	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:34.735173941 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:34.736692905 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:34.736721039 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:34.736736059 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:34.736756086 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:34.736769915 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:34.736835003 CET	49750	465	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:34.776527882 CET	49750	465	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:34.934900045 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:34.935710907 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:34.937895060 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:34.937999010 CET	49750	465	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:34.984594107 CET	49750	465	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:35.142899036 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:35.143908978 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:35.145133972 CET	49750	465	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:35.303564072 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:35.304939032 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:35.305380106 CET	49750	465	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:35.465214968 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:35.466581106 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:35.467044115 CET	49750	465	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:35.625920057 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:35.629040003 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:35.630192041 CET	49750	465	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:35.788360119 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:35.791121960 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:35.792972088 CET	49750	465	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:35.951214075 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:35.977652073 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:35.978270054 CET	49750	465	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:36.136820078 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:36.137904882 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:36.138741970 CET	49750	465	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:36.297162056 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:36.297199965 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:36.297246933 CET	49750	465	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:36.297275066 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:36.456090927 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:36.463911057 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:36.469192028 CET	49750	465	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:36.469384909 CET	49750	465	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:36.627701044 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:36.627713919 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:36.628475904 CET	465	49750	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:36.628561020 CET	49750	465	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:50.849700928 CET	49752	80	192.168.2.3	104.16.155.36
Dec 7, 2021 13:42:50.867692947 CET	80	49752	104.16.155.36	192.168.2.3
Dec 7, 2021 13:42:50.867813110 CET	49752	80	192.168.2.3	104.16.155.36
Dec 7, 2021 13:42:50.868566036 CET	49752	80	192.168.2.3	104.16.155.36
Dec 7, 2021 13:42:50.888175964 CET	80	49752	104.16.155.36	192.168.2.3
Dec 7, 2021 13:42:50.907494068 CET	80	49752	104.16.155.36	192.168.2.3
Dec 7, 2021 13:42:51.093939066 CET	49752	80	192.168.2.3	104.16.155.36
Dec 7, 2021 13:42:54.226187944 CET	49755	587	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:54.391896963 CET	587	49755	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:54.392352104 CET	49755	587	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:54.559690952 CET	587	49755	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:54.560043097 CET	49755	587	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:54.611129999 CET	49755	587	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:54.725296021 CET	587	49755	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:54.725553036 CET	587	49755	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:54.725653887 CET	49755	587	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:54.776283979 CET	587	49755	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:54.776484966 CET	49755	587	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:54.776755095 CET	587	49755	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:54.776809931 CET	49755	587	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:56.557347059 CET	49757	587	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:56.716593981 CET	587	49757	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:56.716769934 CET	49757	587	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:56.876991987 CET	587	49757	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:56.877230883 CET	49757	587	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:57.035640955 CET	587	49757	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:57.035696983 CET	587	49757	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:57.036050081 CET	49757	587	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:57.194020033 CET	587	49757	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:57.293847084 CET	49757	587	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:57.569855928 CET	49757	587	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:57.577467918 CET	49757	587	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:57.730643988 CET	587	49757	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:57.731064081 CET	587	49757	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:57.731089115 CET	587	49757	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:57.731105089 CET	587	49757	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:57.731126070 CET	587	49757	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:57.731147051 CET	587	49757	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:57.731177092 CET	49757	587	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:57.731235981 CET	49757	587	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:57.731385946 CET	49757	587	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:57.736732960 CET	587	49757	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:57.736761093 CET	587	49757	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:57.736890078 CET	49757	587	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:57.736917019 CET	49757	587	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:58.076787949 CET	49760	465	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:58.235663891 CET	465	49760	66.29.159.53	192.168.2.3
Dec 7, 2021 13:42:58.235820055 CET	49760	465	192.168.2.3	66.29.159.53
Dec 7, 2021 13:42:58.238358021 CET	49760	465	192.168.2.3	66.29.159.53

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Dec 7, 2021 13:42:33.824320078 CET	192.168.2.3	8.8.8.8	0x5617	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Dec 7, 2021 13:42:50.327301025 CET	192.168.2.3	8.8.8.8	0xa2b4	Standard query (0)	90.168.9.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Dec 7, 2021 13:42:50.779428959 CET	192.168.2.3	8.8.8.8	0x8aae	Standard query (0)	whatismyipaddress.com	A (IP address)	IN (0x0001)
Dec 7, 2021 13:42:54.171457052 CET	192.168.2.3	8.8.8.8	0x4a94	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Dec 7, 2021 13:42:56.535659075 CET	192.168.2.3	8.8.8.8	0x7897	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Dec 7, 2021 13:43:01.344078064 CET	192.168.2.3	8.8.8.8	0x6f75	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Dec 7, 2021 13:43:04.522891998 CET	192.168.2.3	8.8.8.8	0x9661	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Dec 7, 2021 13:43:08.527960062 CET	192.168.2.3	8.8.8.8	0x4570	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Dec 7, 2021 13:43:12.773863077 CET	192.168.2.3	8.8.8.8	0x3d0a	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Dec 7, 2021 13:43:17.267755032 CET	192.168.2.3	8.8.8.8	0x46fb	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Dec 7, 2021 13:43:21.399179935 CET	192.168.2.3	8.8.8.8	0xee08	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Dec 7, 2021 13:43:25.788458109 CET	192.168.2.3	8.8.8.8	0x345	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Dec 7, 2021 13:43:30.284418106 CET	192.168.2.3	8.8.8.8	0x6abb	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Dec 7, 2021 13:43:34.743613958 CET	192.168.2.3	8.8.8.8	0xb5a6	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Dec 7, 2021 13:43:39.624806881 CET	192.168.2.3	8.8.8.8	0x341a	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Dec 7, 2021 13:43:44.601583958 CET	192.168.2.3	8.8.8.8	0x773c	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Dec 7, 2021 13:43:49.634634972 CET	192.168.2.3	8.8.8.8	0xe2f9	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Dec 7, 2021 13:44:03.611251116 CET	192.168.2.3	8.8.8.8	0x8517	Standard query (0)	90.168.9.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Dec 7, 2021 13:44:04.158416986 CET	192.168.2.3	8.8.8.8	0x86a5	Standard query (0)	whatismyipaddress.com	A (IP address)	IN (0x0001)
Dec 7, 2021 13:44:10.680402040 CET	192.168.2.3	8.8.8.8	0x19fa	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Dec 7, 2021 13:42:33.846718073 CET	8.8.8.8	192.168.2.3	0x5617	No error (0)	smtp.privateemail.com		66.29.159.53	A (IP address)	IN (0x0001)
Dec 7, 2021 13:42:50.346893072 CET	8.8.8.8	192.168.2.3	0xa2b4	Name error (3)	90.168.9.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Dec 7, 2021 13:42:50.802946091 CET	8.8.8.8	192.168.2.3	0x8aae	No error (0)	whatismyipaddress.com		104.16.155.36	A (IP address)	IN (0x0001)
Dec 7, 2021 13:42:50.802946091 CET	8.8.8.8	192.168.2.3	0x8aae	No error (0)	whatismyipaddress.com		104.16.154.36	A (IP address)	IN (0x0001)
Dec 7, 2021 13:42:54.191349030 CET	8.8.8.8	192.168.2.3	0x4a94	No error (0)	smtp.privateemail.com		66.29.159.53	A (IP address)	IN (0x0001)
Dec 7, 2021 13:42:56.555654049 CET	8.8.8.8	192.168.2.3	0x7897	No error (0)	smtp.privateemail.com		66.29.159.53	A (IP address)	IN (0x0001)
Dec 7, 2021 13:43:01.363641024 CET	8.8.8.8	192.168.2.3	0x6f75	No error (0)	smtp.privateemail.com		66.29.159.53	A (IP address)	IN (0x0001)
Dec 7, 2021 13:43:04.542495012 CET	8.8.8.8	192.168.2.3	0x9661	No error (0)	smtp.privateemail.com		66.29.159.53	A (IP address)	IN (0x0001)
Dec 7, 2021 13:43:08.550009966 CET	8.8.8.8	192.168.2.3	0x4570	No error (0)	smtp.privateemail.com		66.29.159.53	A (IP address)	IN (0x0001)
Dec 7, 2021 13:43:12.793625116 CET	8.8.8.8	192.168.2.3	0x3d0a	No error (0)	smtp.privateemail.com		66.29.159.53	A (IP address)	IN (0x0001)
Dec 7, 2021 13:43:17.374634027 CET	8.8.8.8	192.168.2.3	0x46fb	No error (0)	smtp.privateemail.com		66.29.159.53	A (IP address)	IN (0x0001)
Dec 7, 2021 13:43:21.420793056 CET	8.8.8.8	192.168.2.3	0xee08	No error (0)	smtp.privateemail.com		66.29.159.53	A (IP address)	IN (0x0001)
Dec 7, 2021 13:43:25.806375980 CET	8.8.8.8	192.168.2.3	0x345	No error (0)	smtp.privateemail.com		66.29.159.53	A (IP address)	IN (0x0001)
Dec 7, 2021 13:43:30.304223061 CET	8.8.8.8	192.168.2.3	0x6abb	No error (0)	smtp.privateemail.com		66.29.159.53	A (IP address)	IN (0x0001)
Dec 7, 2021 13:43:34.763258934 CET	8.8.8.8	192.168.2.3	0xb5a6	No error (0)	smtp.privateemail.com		66.29.159.53	A (IP address)	IN (0x0001)
Dec 7, 2021 13:43:39.642374039 CET	8.8.8.8	192.168.2.3	0x341a	No error (0)	smtp.privateemail.com		66.29.159.53	A (IP address)	IN (0x0001)
Dec 7, 2021 13:43:44.621115923 CET	8.8.8.8	192.168.2.3	0x773c	No error (0)	smtp.privateemail.com		66.29.159.53	A (IP address)	IN (0x0001)
Dec 7, 2021 13:43:49.654172897 CET	8.8.8.8	192.168.2.3	0xe2f9	No error (0)	smtp.privateemail.com		66.29.159.53	A (IP address)	IN (0x0001)
Dec 7, 2021 13:44:03.637263060 CET	8.8.8.8	192.168.2.3	0x8517	Name error (3)	90.168.9.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Dec 7, 2021 13:44:04.178267956 CET	8.8.8.8	192.168.2.3	0x86a5	No error (0)	whatismyipaddress.com		104.16.155.36	A (IP address)	IN (0x0001)
Dec 7, 2021 13:44:04.178267956 CET	8.8.8.8	192.168.2.3	0x86a5	No error (0)	whatismyipaddress.com		104.16.154.36	A (IP address)	IN (0x0001)
Dec 7, 2021 13:44:10.700407982 CET	8.8.8.8	192.168.2.3	0x19fa	No error (0)	smtp.privateemail.com		66.29.159.53	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

whatismyipaddress.com

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: cMXrP6YXvo.exe PID: 4616 Parent PID: 2368

General

Start time:	13:42:04
Start date:	07/12/2021
Path:	C:\Users\user\Desktop\cMXrP6YXvo.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\cMXrP6YXvo.exe"
Imagebase:	0x400000
File size:	2351104 bytes
MD5 hash:	32EB10C12A29B38F13730CD1F5DCAD4D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Reputation:	low

Analysis Process: 21.exe PID: 6992 Parent PID: 4616

General

Start time:	13:42:06
Start date:	07/12/2021
Path:	C:\Users\user\AppData\Local\Temp\21.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\21.exe" 0
Imagebase:	0x400000
File size:	900994 bytes
MD5 hash:	6C9447A6F1B04C75D95594338AE61E06
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SpyEx_1, Description: Yara detected SpyEx stealer, Source: 00000003.00000002.327402234.00000000147A0000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Analysis Process: 5.exe PID: 6508 Parent PID: 4616

General

Start time:	13:42:06
Start date:	07/12/2021
Path:	C:\Users\user\AppData\Local\Temp\5.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\5.exe" 0
Imagebase:	0x400000
File size:	852277 bytes
MD5 hash:	3F332B62EEE0970F3189C689D5BD042A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp, Author: Arnim Rupp Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000004.00000002.335287372.00000000147F0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Reputation:	low

Analysis Process: 4.exe PID: 5616 Parent PID: 4616

General

Start time:	13:42:07
Start date:	07/12/2021
Path:	C:\Users\user\AppData\Local\Temp\4.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\4.exe" 0
Imagebase:	0x400000
File size:	586861 bytes
MD5 hash:	78EDE0254C66FA9E667E4CEB88754E1C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.343005223.00000000147A0000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000006.00000002.343005223.00000000147A0000.00000004.00000001.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Reputation:	low

Analysis Process: 21.exe PID: 5340 Parent PID: 6992

General

Start time:	13:42:08
Start date:	07/12/2021
Path:	C:\Users\user\AppData\Local\Temp\21.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\21.exe" 0
Imagebase:	0x400000
File size:	900994 bytes
MD5 hash:	6C9447A6F1B04C75D95594338AE61E06
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Yara matches:	Rule: JoeSecurity_SpyEx_1, Description: Yara detected SpyEx stealer, Source: 00000007.00000000.314241953.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_SpyEx_1, Description: Yara detected SpyEx stealer, Source: 00000007.00000000.318809130.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_SpyEx_1, Description: Yara detected SpyEx stealer, Source: 00000007.00000002.571046734.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_SpyEx_1, Description: Yara detected SpyEx stealer, Source: 00000007.00000001.323376377.0000000000400000.00000040.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_SpyEx_1, Description: Yara detected SpyEx stealer, Source: 00000007.00000000.317173820.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_SpyEx_1, Description: Yara detected SpyEx stealer, Source: 00000007.00000000.321988059.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	low

Analysis Process: 5.exe PID: 5396 Parent PID: 6508

General

Start time:	13:42:09
Start date:	07/12/2021
Path:	C:\Users\user\AppData\Local\Temp\5.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\5.exe" 0
Imagebase:	0x400000
File size:	852277 bytes
MD5 hash:	3F332B62EEE0970F3189C689D5BD042A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, Author: Arnim Rupp Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000008.00000002.363805707.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000008.00000002.364719747.0000000003641000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000008.00000002.364947165.000000000483D000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000008.00000000.323320842.0000000000414000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000008.00000000.327594112.0000000000414000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000008.00000000.327594112.0000000000414000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000008.00000000.327594112.0000000000414000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000008.00000000.327594112.0000000000414000.00000040.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000008.00000000.327594112.0000000000414000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000008.00000002.365052759.00000000048D0000.00000004.00020000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 00000008.00000002.365052759.00000000048D0000.00000004.00020000.sdmp, Author: Arnim Rupp Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000008.00000002.365052759.00000000048D0000.00000004.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000008.00000002.365052759.00000000048D0000.00000004.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000008.00000002.365052759.00000000048D0000.00000004.00020000.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000008.00000002.365052759.00000000048D0000.00000004.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000008.00000002.365200823.0000000004972000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000008.00000002.365200823.0000000004972000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000008.00000002.365200823.0000000004972000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000008.00000002.365200823.0000000004972000.00000040.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000008.00000002.365200823.0000000004972000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low

Analysis Process: 4.exe PID: 5312 Parent PID: 5616

General

Start time:	13:42:10
Start date:	07/12/2021
Path:	C:\Users\user\AppData\Local\Temp\4.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\4.exe" 0
Imagebase:	0x400000
File size:	586861 bytes
MD5 hash:	78EDE0254C66FA9E667E4CEB88754E1C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000000.335717991.0000000000414000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000009.00000000.335717991.0000000000414000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000000.337735216.0000000000414000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000009.00000000.337735216.0000000000414000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.576398424.00000000027E1000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.576398424.00000000027E1000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.571455796.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000009.00000002.571455796.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.574924730.00000000006F8000.00000004.00000020.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000009.00000002.574924730.00000000006F8000.00000004.00000020.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.581900586.0000000004832000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000009.00000002.581900586.0000000004832000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.580839788.00000000037E1000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000009.00000002.580839788.00000000037E1000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000001.339826554.0000000000414000.00000040.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000009.00000001.339826554.0000000000414000.00000040.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.581801823.00000000047E0000.00000004.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000009.00000002.581801823.00000000047E0000.00000004.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.576881645.00000000028B4000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Analysis Process: Windows Update.exe PID: 5368 Parent PID: 5396

General

Start time:	13:42:34
Start date:	07/12/2021
Path:	C:\Users\user\AppData\Roaming\Windows Update.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\Windows Update.exe"
Imagebase:	0x400000
File size:	852277 bytes
MD5 hash:	3F332B62EEE0970F3189C689D5BD042A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000000D.00000002.392123032.0000000014670000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 0000000D.00000002.392123032.0000000014670000.00000004.00000001.sdmp, Author: Arnim Rupp Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000D.00000002.392123032.0000000014670000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000D.00000002.392123032.0000000014670000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000D.00000002.392123032.0000000014670000.00000004.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000000D.00000002.392123032.0000000014670000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Reputation:	low

Analysis Process: Windows Update.exe PID: 7160 Parent PID: 5368

General

Start time:	13:42:38
Start date:	07/12/2021
Path:	C:\Users\user\AppData\Roaming\Windows Update.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\Windows Update.exe"
Imagebase:	0x400000
File size:	852277 bytes
MD5 hash:	3F332B62EEE0970F3189C689D5BD042A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000000E.00000000.424853508.0000000002529000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000E.00000000.424853508.0000000002529000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000000.424853508.0000000002529000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000E.00000000.424853508.0000000002529000.00000004.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000000E.00000000.424853508.0000000002529000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 0000000E.00000000.446748931.0000000007700000.00000004.00020000.sdmp, Author: Arnim Rupp Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 0000000E.00000002.474741013.00000000076B0000.00000004.00020000.sdmp, Author: Arnim Rupp Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 0000000E.00000000.435620946.0000000007700000.00000004.00020000.sdmp, Author: Arnim Rupp Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000000E.00000002.471556569.0000000004AA2000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000E.00000002.471556569.0000000004AA2000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000002.471556569.0000000004AA2000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000E.00000002.471556569.0000000004AA2000.00000040.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000000E.00000002.471556569.0000000004AA2000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000000E.00000000.443459685.0000000004A10000.00000004.00020000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 0000000E.00000000.443459685.0000000004A10000.00000004.00020000.sdmp, Author: Arnim Rupp Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000E.00000000.443459685.0000000004A10000.00000004.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000000.443459685.0000000004A10000.00000004.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000E.00000000.443459685.0000000004A10000.00000004.00020000.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000000E.00000000.443459685.0000000004A10000.00000004.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000000E.00000001.387071526.0000000000414000.00000040.00020000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000E.00000001.387071526.0000000000414000.00000040.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000001.387071526.0000000000414000.00000040.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000E.00000001.387071526.0000000000414000.00000040.00020000.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000000E.00000001.387071526.0000000000414000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 0000000E.00000000.435586498.00000000076B0000.00000004.00020000.sdmp, Author: Arnim Rupp Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000000E.00000000.386135625.0000000000414000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000E.00000000.386135625.0000000000414000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000000.386135625.0000000000414000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000E.00000000.386135625.0000000000414000.00000040.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000000E.00000000.386135625.0000000000414000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000000E.00000000.431782544.0000000004A10000.00000004.00020000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 0000000E.00000000.431782544.0000000004A10000.00000004.00020000.sdmp, Author: Arnim Rupp Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000E.00000000.431782544.0000000004A10000.00000004.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000000.431782544.0000000004A10000.00000004.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000E.00000000.431782544.0000000004A10000.00000004.00020000.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000000E.00000000.431782544.0000000004A10000.00000004.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000000E.00000000.432437087.0000000004AA2000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000E.00000000.432437087.0000000004AA2000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000000.432437087.0000000004AA2000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000E.00000000.432437087.0000000004AA2000.00000040.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000000E.00000000.432437087.0000000004AA2000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000000E.00000000.436977479.0000000000400000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 0000000E.00000000.436977479.0000000000400000.00000040.00000001.sdmp, Author: Arnim Rupp Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000E.00000000.436977479.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000000.436977479.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000E.00000000.436977479.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000000E.00000000.436977479.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000000E.00000000.438307207.0000000002529000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000E.00000000.438307207.0000000002529000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000000.438307207.0000000002529000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000E.00000000.438307207.0000000002529000.00000004.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000000E.00000000.438307207.0000000002529000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000000E.00000000.438464449.0000000002911000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000000.438464449.0000000002911000.00000004.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000000E.00000000.438464449.0000000002911000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000000E.00000000.442768485.0000000003911000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000E.00000000.442768485.0000000003911000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000000.442768485.0000000003911000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000E.00000000.442768485.0000000003911000.00000004.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000000E.00000000.442768485.0000000003911000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000000E.00000002.469849010.0000000003911000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000E.00000002.469849010.0000000003911000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000002.469849010.0000000003911000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000E.00000002.469849010.0000000003911000.00000004.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000000E.00000002.469849010.0000000003911000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 0000000E.00000002.474766156.0000000007700000.00000004.00020000.sdmp, Author: Arnim Rupp Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000000E.00000002.462830437.0000000000400000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 0000000E.00000002.462830437.0000000000400000.00000040.00000001.sdmp, Author: Arnim Rupp Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000E.00000002.462830437.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000002.462830437.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000E.00000002.462830437.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000000E.00000002.462830437.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000000E.00000002.466203321.0000000002529000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000E.00000002.466203321.0000000002529000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000002.466203321.0000000002529000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000E.00000002.466203321.0000000002529000.00000004.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000000E.00000002.466203321.0000000002529000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 0000000E.00000000.446725234.00000000076B0000.00000004.00020000.sdmp, Author: Arnim Rupp Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000000E.00000002.470986632.0000000004A10000.00000004.00020000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 0000000E.00000002.470986632.0000000004A10000.00000004.00020000.sdmp, Author: Arnim Rupp Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000E.00000002.470986632.0000000004A10000.00000004.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000002.470986632.0000000004A10000.00000004.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000E.00000002.470986632.0000000004A10000.00000004.00020000.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000000E.00000002.470986632.0000000004A10000.00000004.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000000E.00000000.421424723.0000000000400000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 0000000E.00000000.421424723.0000000000400000.00000040.00000001.sdmp, Author: Arnim Rupp Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000E.00000000.421424723.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000000.421424723.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000E.00000000.421424723.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000000E.00000000.421424723.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000000E.00000000.430233792.0000000003911000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000E.00000000.430233792.0000000003911000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000000.430233792.0000000003911000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000E.00000000.430233792.0000000003911000.00000004.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000000E.00000000.430233792.0000000003911000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000000E.00000002.467195725.0000000002911000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000002.467195725.0000000002911000.00000004.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000000E.00000002.467195725.0000000002911000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000000E.00000000.384722180.0000000000414000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000E.00000000.384722180.0000000000414000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000000.384722180.0000000000414000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000E.00000000.384722180.0000000000414000.00000040.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000000E.00000000.384722180.0000000000414000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000000E.00000000.443660001.0000000004AA2000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000E.00000000.443660001.0000000004AA2000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000000.443660001.0000000004AA2000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000E.00000000.443660001.0000000004AA2000.00000040.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000000E.00000000.443660001.0000000004AA2000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000000E.00000000.425599016.0000000002911000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000000.425599016.0000000002911000.00000004.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000000E.00000000.425599016.0000000002911000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low

Analysis Process: dw20.exe PID: 6892 Parent PID: 7160

General

Start time:	13:42:51
Start date:	07/12/2021
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
Wow64 process (32bit):	true
Commandline:	dw20.exe -x -s 2108
Imagebase:	0x10000000
File size:	33936 bytes
MD5 hash:	8D10DA8A3E11747E51F23C882C22BBC3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: vbc.exe PID: 4544 Parent PID: 7160

General

Start time:	13:42:54
Start date:	07/12/2021
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\user\AppData\Local\Temp\holdermail.txt"
Imagebase:	0x7ff6225d0000
File size:	1171592 bytes
MD5 hash:	C63ED21D5706A527419C9FBD730FFB2E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000012.00000000.410455143.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000012.00000002.418568724.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000012.00000000.406966405.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000012.00000000.407738754.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	high

Analysis Process: vbc.exe PID: 7112 Parent PID: 7160

General

Start time:	13:42:54
Start date:	07/12/2021
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\user\AppData\Local\Temp\holderwb.txt"
Imagebase:	0x400000
File size:	1171592 bytes
MD5 hash:	C63ED21D5706A527419C9FBD730FFB2E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000013.00000002.435531825.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000013.00000000.416858714.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000013.00000000.413302341.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000013.00000000.413912145.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	high

Analysis Process: WindowsUpdate.exe PID: 3568 Parent PID: 3352

General

Start time:	13:43:00
Start date:	07/12/2021
Path:	C:\Users\user\AppData\Roaming\WindowsUpdate.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\WindowsUpdate.exe"
Imagebase:	0x400000
File size:	852277 bytes
MD5 hash:	3F332B62EEE0970F3189C689D5BD042A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000016.00000002.466960238.00000000147A0000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 00000016.00000002.466960238.00000000147A0000.00000004.00000001.sdmp, Author: Arnim Rupp Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000016.00000002.466960238.00000000147A0000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000016.00000002.466960238.00000000147A0000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000016.00000002.466960238.00000000147A0000.00000004.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000016.00000002.466960238.00000000147A0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Reputation:	low

Analysis Process: WindowsUpdate.exe PID: 7012 Parent PID: 3568

General

Start time:	13:43:05
Start date:	07/12/2021
Path:	C:\Users\user\AppData\Roaming\WindowsUpdate.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\WindowsUpdate.exe"
Imagebase:	0x400000
File size:	852277 bytes
MD5 hash:	3F332B62EEE0970F3189C689D5BD042A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000018.00000000.458447354.0000000000414000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000018.00000000.458447354.0000000000414000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000018.00000000.458447354.0000000000414000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000018.00000000.458447354.0000000000414000.00000040.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000018.00000000.458447354.0000000000414000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000018.00000002.487065045.00000000036F1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000018.00000002.487065045.00000000036F1000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000018.00000002.487065045.00000000036F1000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000018.00000002.487065045.00000000036F1000.00000004.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000018.00000002.487065045.00000000036F1000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000018.00000002.487659906.0000000004952000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000018.00000002.487659906.0000000004952000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000018.00000002.487659906.0000000004952000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000018.00000002.487659906.0000000004952000.00000040.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000018.00000002.487659906.0000000004952000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000018.00000002.484362226.0000000000400000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 00000018.00000002.484362226.0000000000400000.00000040.00000001.sdmp, Author: Arnim Rupp Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000018.00000002.484362226.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000018.00000002.484362226.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000018.00000002.484362226.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000018.00000002.484362226.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000018.00000000.453421134.0000000000414000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000018.00000000.453421134.0000000000414000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000018.00000000.453421134.0000000000414000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000018.00000000.453421134.0000000000414000.00000040.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000018.00000000.453421134.0000000000414000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000018.00000002.487409416.00000000048C0000.00000004.00020000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 00000018.00000002.487409416.00000000048C0000.00000004.00020000.sdmp, Author: Arnim Rupp Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000018.00000002.487409416.00000000048C0000.00000004.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000018.00000002.487409416.00000000048C0000.00000004.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000018.00000002.487409416.00000000048C0000.00000004.00020000.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000018.00000002.487409416.00000000048C0000.00000004.00020000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low

Disassembly

Code Analysis

Reset < >

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Data loss prevention, File monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse shared modules to execute malicious payloads. The Windows module loader can be instructed to load DLLs from arbitrary local paths and arbitrary Universal Naming Convention (UNC) network paths. This functionality resides in NTDLL.dll and is part of the Windows Native API which is called from functions like `CreateProcess` , `LoadLibrary` , etc. of the Win32 API.
Tactics:	Execution
Data Sources:	API monitoring, DLL monitoring, File monitoring, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials. These can be files created by users to store their own credentials, shared credential stores for a group of individuals, configuration files containing passwords for a system or service, or source code/binary files containing embedded passwords.
Tactics:	Credential Access
Data Sources:	File monitoring, Process command-line parameters
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system. Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report cMXrP6YXvo.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

Jbx Signature Overview

AV Detection:

Compliance:

Spreading:

Software Vulnerabilities:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	API monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre