FULL_OPTION.exe?ex=670cd9df&is=670b885f&hm=f96f5f9cd851186ea91a8a05f51a220521262d9876beec33e33c76c4a2ca748b&

First submission 2024-10-13 17:35:02

File details

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Mime type:	application/x-dosexec
File size:	3871.5 KB (3964416 bytes)
Compile time:	2024-07-26 11:31:28
MD5:	1dcdd77ba8afe481b4af754876f70ee8
SHA1:	322ac691dc8b990ccb94f66f43a1b98f4d1eb299
SHA256:	e5f2c31e3b741665821670118a78692cd1f44a349ad20007c0628fa3fb307734
Import Hash :	78bbdb4b113bfc6f56d7405a719a03a2
Sections 6	.text .rdata .data .pdata .rsrc .reloc
Directories 5	import resource debug tls relocation

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	50/77 VT report date: 2024-10-13 12:53:35
Malware Type 2	trojan pua
Threat Type 3	lazy cryptinject gamehack

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXps://cdn.discordapp.com/attachments/1293129724532625421/1293131838625288265/FULL_OPTION.exe?ex=670cd9df&is=670b885f&hm=f96f5f9cd851186ea91a8a05f51a220521262d9876beec33e33c76c4a2ca748b&	cdn.discordapp.com	2024-10-13 17:35:02

PE Sections 2 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x149850	1350144	8522a777364a6d379186b7d8a16cbf7f3279f2da	957f9c5b4ec6251ec87113460d07d590
.rdata	0x14b000	0x55552	349696	82706f0fd427061aa1224bfc7c5393159473acf4	fde6abcd456578e4a81a7ce85ef957a8
.data	0x1a1000	0x215ff0	2173952	b9b7113b1af245839802ab8c61223beb8ffb89e6	14ad1dbc36423f44c2cc2ae01c1646f8
.pdata	0x3b7000	0xd9b0	55808	99613427dedfabf6dbbc856e7b2ee4a036e32b6f	feebe98776a84f9c7bcce201f17c0daa
.rsrc	0x3c5000	0x688c	27136	74fa3d81e91c06b3030edd941d721dbebf7fd1c4	07ed8ab80be8bafcc49ab95d53e4cc4a
.reloc	0x3cc000	0x1838	6656	843287ec769d8d07d13a9b7092e6c7b23ced5b11	345b5cad57438f2c3d3bc94dc430de2e

PE Resources 3

Name	Language	Sublanguage	Offset	Size	Data
RT_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x3c50e8	26119	PE Resource: RT_ICON - Data PNG IHDR\rforNTweIDATx]xWP(b'www\CZB?0;;M}}!]92g$;WqKXb%@, Xb K,%XK,b9\|ed{"plY2=K&M\|I+?Msd'M%B,aa&ief:r8>MgcG;h4ix7njVFeK`@y X<K(F%A={FnN[hY4h@?j/[=x3Qm!^Xu+Zd1]z/W?M?~O>1gz/_t]s8J.Q&B2T _ G;eJP~TvMZT y.%h/wN-Pn?gW2M?=K[{?~Lg 63G;vSFTV-K.4h 8q"-< nJ0@;zp>8~CASZ5`\|& ZN8NwnKkCp.]HGM<}A@ P!a_6%Iy99s&5nK)RXbQ"X]xLH(j(Q"!,YZlI;wm?0y7vUZ Ok<J ?l(>}bsw^\|IAAb2-B)ON2G2Qzf)Fjft]YfQj(Qk!Y=2eD+V>}wqW:yL MjS }it=i y!x5kiErJ~uV:.y#>.N<?H\|/SZ _~q'~u_xlbllvbw>]t\|;[1b3SM(^#6e2.QPdq/:^09sPvJKS ?Ph(zq$IPjt)z aM\|un#D{?'N#x A`y#R$,)YZWG,/\z,~kK!\XnQ+)KeKG+M'S>{^#<<O?DYd%JPnh=\!Q_O<N8K#;2e UT'OkiG?A1t:V,3]SZ1WzN!8`;6KW(5;{+0\|$/_N[SvgrT>\|HS'OR ZGImMeFi>taqbr0xDPB wxoF:u'Oyx-'OU>$8j:':<0^\|(@obJA'Gf6U%$ro\|g3FtwtF/E RR;sEN@"2a8fE 4qe`CD >ep` #)RIc{_B:bPa/q%QNAepN Y &8<X"l\|0NN<^-3gNS 8A+22I)9/_>SovKSlJ2%l~fL'I\6.>NhG/L^dchDqwi-}5W^Q`` /Fb ) NlI$ ]`38lv#6rIP^kKBDzxWg5W6YR:a6GIi",Xt$@ChTiP_Vq97pA8-,z6.$"AFqdr"FSiL+FST&Mh2i?O.5 0)m[J=[h;wnZ5z1w6)@)nS] 4LF$Q RSee'?k\|pleqL=:Mj! IVzEO#m"GsM[N^,729E>Ih{E\|~Tre]W_#&twpxFoH#<I2;@3tlDI q7%FfTCZt!F53\|c;^ M,Ck%@S1GCZj;~ 5+z'/8r3l`w >bHy;gSRdPYfmrLAu2U+Y&-ov <Bo?ta:oj<^ Fpd&l{+y3h\l G[t%(gN. x@r\Mx5V 98o0.?kGia,Y2}w:Xb``3@b K& ? =h7BLG(-\=~<N`P2KK^-ZJ6'7N}\?z\d KS8~c5</p:WRml#e -'?TlnE1A4G.X1}qWh!IF! xCStEE_H9=J+"@Xb^@5Ka=!<ESp H!Czx\~q{hr0n8n>u$5W7MB1\~gnYhin>6w #aT&4l `w.:97!<t7nLp X,{Ax) :"pv4a<7g_U$ hsA#)&@%$a90jU&M!=i6h/'}b!Osf4V2W:x@rS{ %/HAGe(L{l a <wd/Acbe'G5\|T0P)0`MTMU()\~Bq @@$[h!l"EMh?RQzQ1buW%j+Fo;1<9[hQOS'0?RZ; BY.]b9}#'$#o^V6oOF+T4d!,71%GszvJU'?fc$6^A"AdehC#J;wXBPZ<D#X4lRJ)I@YZXXm[(5Zj}(>\ o'{.FEq#_P}3O,WU 9Ce-qcpJyWB)w]2?~"-C(Bz+]2/_ \|b#Pf i1e]=tKmIQ9q/G!&Rs>?;G2z')@itsgYv>,@O+ Irc;;_lD<)(Q=\|P`72)O;7^byAH}UR<%_tIcT}-jFu~<59ck:W I?QbI@d eSjG{/_b7c^]M7XrOMFp_M#00ef_,O4 A zT/ ;]&P/sQY?r" =S_~H{v%w"KcRQM](Q\] EY{ws'p<[0/M4nkc9\|bse=Yw2p@Gv h&O;S$SR\<p=(Z=,TA'b98:=y.Q :j\!X )8d@qwBX\m/O)F4y(w<-J(1 _dq:~5j(77C<ci,)&h\|`@{W;YH:F{'V>\|lbo$)##.D I(f9\\|\|\|/_D/ -7W/_J\k-B_@TjQ;d?/;;];w(Y]_~k]tf:+cBzDp@U@qn]Jv;E%Q?=&E^m&bp6cM8QM0>\|b@C4)TP<q\p!p u2Y:Tm,A)qyB2n"8_j6lX^%N=_drHtRf0@Y;c&u\tGt=hB],pW\W._f \|wU"8o&=zDe 6; XzzkMx`h8x`3RGP?H(%VpBjZeK9wJ+/ 3]:uh\w[%h)k0X.dV=- '<}^pK.m5]seR`D,Cx=T r?Pf7vU Q 9jBK,W'ewYt{w+iFSIu ?@IG54#I_(o3mG\5aZ&\|/^n;O$r?;z]ta=u {\z5}63}5aG2P-Rc@,,AA$G)RCQ]9\|hU<hFe9=>byBW^OWaP[&~={FW@(A 9z'[;<T4 6i"^C<S&o[nf?rY@u>m( `@@G`8D}]p=}S3gN8ysr]Yz#rG5{qGp8!CW;#g0QH>=wPYx1WH2dpj)~byR8z~)?o\|``0W}ap`D1SY]uD6'~#-HA<`0!# &Oh#[;p-E ];j!+\xtezO)#g1c z%uli^@s\|s8=~X)ijPmAZ,Yj"e/0T{P~rP<~z=AL$vl9r$'9lvjs Dp (O6VjVHreJV.LV'?B[Ig AM'_/^g5kd"%C:#I@oSB/%Yog,HX 'c9[KW\QN\|k'Om5@>}8LOV ?Vc\|)#0a<G@:$,@ K!3xN}{s :$VAD/%jxh}lorHA_j95U9 :F ]"EReh,`(7A=#qGVlINd2PC7qE$<zi,>bIoPug8}2QTB]s^:Lp'dLV7 O? pl_D!4`1$]~% *ZQ\|lU[ Bj(s^~E pOF'3'H@2k,Q~foDpa,(Z0o!7CRBd0o$IN1a76T6oK;<0I/v[phxPuq?o;RY &L5a V\yF-y{wen"_.+ h8$`<KRre?c4KN,j/]oIW];a+qVX$\|m @$,N7n+kG' 29"V0Tk$@7nBr'%P _^:q:hCuX&OB0jd'VYn.K oa&zOP Yn\|flt\\|!o@K)ZzVk ;=!2eDurmtD;.,T5BNlhi36e2E1,FU9=ez AKz Ub 5w Tp`65iOH(-X&\].~^$b<,p(`+z 'Ww@-_11 HYN%J&x(]IFa27{Yf!k^<H>@b_zs ego^f.@BZ8\|csH1G#96;7\G\|P `pU+G$1?-zUJ(O U'F-{y1tt-H\|\#uK.NB(((V\.-=5wyjW5IiZz:H]e#lwz`aMcqjk`]vN2Du]Bp}e^F, @\;o!]x$,)i=zK&&h:';:5ugwo)Z1zOzx]=zP0~\r&mmz?5k NU%wD^I4ZU{[>@1MRaOv(V]8^\|I 0LrJi<3gNSK<KiB'N&%sgRPVRY<y6+M41Kj !PFT`3c_mw6Spkq53;ePO+-Z3jx;@@[4ic1R0MX7DrrI2)bpH&F`N&kuh9C NnXD?'e7W^vc$B&ON:eP~j+U(]NsCjRvo@ !E Pwu!1^vM lt?>^;FMjT xZC+}{!.]o6'PB ewu (:X[/l \f(~8NaB^8O QB$"$4+`hryro9Cki7n#G puG6\|-j]l^Q2e~OS4$xx4%bH- +=,?\|uWG.J1qD] iyb{76Dk#;[hdy5LmYfp5 s1acil)j08 \3w\6~bsfYd.9}h]P~A ]r\5_H@r\i`c#9p:Y nI ^\Z3m19Ix-A.\|sU1]q) +J@@(\0qc[n4f4s\|\|\|LnLA\wXE$ p9z%BQMu([(c_,? [O\|:ob@.Y2jZND!- }kn( B y:\|ieatir!>u J[J`Z /@NKnh0B[\|ILZOa'vZ:oIY0$)KI~.6@2jBh=2T~y(@0ai7oW$8~<xz[3~[]H5OdRx'%yxM n\.N4+MJeV _^yfC T 9)h!yyr&@$Iih_"?o.#- =k&G'N&sG3pugzf gI"&n;s ,-?Nb5?ewoaV/$c -:'[ltMrr{ pC,CKx=8D~GRPP%K(oMUU1Sn5suoW-]b^{qm-HFfek{Me>H^4=^O+x^@e\( 2OKkWS a V-lN[RSKL/Dwm{5@z?<$?^kS{HB, _j,@ $D2dnW\/]fMd,hzqy5@vQh=C9CZW6wPC3`)-U}y4c^RLOkyj[p~g{R,B]=.g<mKC~[-?:4M~Nf&5nU DE> 7op 5inA'rr6z9DhXrKz3Z7\|hRZ/[XAwM[I'cF@# L_+04[L]&Sew8aCG Y^.;)@ rdL=nN FFw_tT[]\ !<E\|?MjAmihcN3@iiT(~D#qbAZ2`1nW!~?(d Pvh~z/^lcV@g<9A $aMF?~)0H6R@~z\Cp?j9-=b~_U~C:BXo/{kZnH0^6\|>]znLS~7U6IZyNP$H,PQBfE`+W=-um;sx$d4jHsQIewMXT)sN=<'U, z4V9!2:,Z'Khxs M{^CyAVPuW^["W"TeaO ( q!=t `>~<S;%:+\|KsREir=YW+Y{C{fM5gBprdNO-t:E[Mq1<C-Nm\,mOitT<n=95VC6+!`o>EGw0 eGF90h\l[oTLU`4Cx3n%!C_ :7#B.mFx')1qE`6k.N=<[7rrd`8O%]jJ?dm2 R\|p^^Kf^uF@BHERtmVti ^=cZ3O.mepujUsy(fjtIE? %VZEQF\r',~]:vlAw6oXG:KMK3 cy$zHt:]<n''9-ii.5~e4prpl?zd`Mn2T$oN)1x.>;H rgqp\x(9#QFx$6z9t^,+kF=j N{?v093Y#X;b}\|@e(_a3q<IXi)tfcX9$om.Z/'[& X51Fl _q>];#w%UtbB\|&^k=4BGwHyM,rzOQYiiC[7`h$fdL>>9,F^b)R7o-PeM^rqz "ZpSvqzrr8}V>&xV(k4 +f &(Y /m;Qzs+[tvb8@+daeczm]&yucp&$e]G9L9r(th%sy1%Tvbyh10ecjOOz2&'MH$ 8%3xct-`3s6yrb+9A{{x!'`MWUkH"!<T[\\@]:u\U[$MpCpN.&%}E"#vh>nhxD \k B,G6^"iRN rn2{9^m#69s7m;tu`Vl\8#.\|=t35yV ?nWV\14O usw?"$dS~pt7#17O 7)M` NXeN'U(~oPN1( Rx<~zzm:%7lkp(HaLL8 Eh)'Ci&N:fn]7C[l6Y k.ZGV61pAwI2zpixW~Q0$K.`u"36f"f?s+V4r y]H0XZMW#ztA7 !'u1 Yz%+cnn?Z1` npw,BeW9))optq8j%yRC9 ]Bog7@2o4W(-$6{9z\ $+>%[#cxvaJf5Oc X- ^5VHW\1K<tDm$C 5s]l'$tOx.zQ &zx fKp$\7}4@E?T3{~}R:30Q@20 %C@ Hqz T59]pmbAxKB;(mVNa[/9)q]w&Jb4[6\APG{h6_J40d:`P>B8f@$94`m~rTp2C0Ot@4qBK+h$>txLZ][66-y'`E hKbAp/{DI(ep%+oh#H2 ;&rK7i^xP}h{kp7=yJn\|$~;#C6kh?%5'ZcH?;~j+Szq^A"~VjiL:oeM6C ,h}sZ/IbrSZY0 e\|BG@`N:7AORn !x5p[fR@?G\~!(]&/A_rO&L03;cXokH27IX& 2F17Z[Q\nP\|T3bT[`:svCon+I^?G\X@.^8={L`(%NGliU1D,nCiCz+(M1g0{ irZ#dmd8H1nI9@$@ !=O<D4 =w)l2?N3!)NzN9j&-&M>x-3#@ufs&LV{TwL2} A`xVf#n9/}8gKtLB7hs @\|zW)^E,@[ X6YX`YeJB:Oww\~%AG <Y~o$?<eD64Yz5-RQVF,X`" Os:@[- 7 u~u40 )A&8!y.[y4GU<@x,M'(89RGg~Z9avzvF?Zc vN?v jx=5!h$ ]Xn'`37X3~ Hz(4MLf&o_Ta=(Z0=1W p)`jBOv`n$<t~1~Pg]ic u`,m6<kbyqi+\>}jbJndA6kIXJM.d{<wJ-~5: \K,1IB6Ph,nV~shC!hNS#h P^@=0Ik<@w)crkRM!1f PyUM5?7SSJ=NMUoosF6d7<ESY@VV yfPf!bta/lIgQUW^e[ Re8KRr}~'O$IB@k+=\0& jJ N`R5a.cBup:C3Lb6<~~lY3sw?op_:s?^[cmCN"sz>lw3V7W9._oZ?cm7yh4/OO-TkZQoMU! f~Ujjl~,<F cuNy\|~e@2^}I9K4\|`-g[;wnS:%zcF5`S-s.>/eoaL>8&D+hlhlN,-y25b6BCRR 2bt(cYg'^ zNjU(e'ialR_qN7{wiO\oOF= A&yXsr8eK <ON7L=&,HSe!vCFyp:?[`ky%J`+_`>.;pAxh+:CE6f/\9C@^=u5ZI-`<["^ 0k zsP?sA~rkNr(xp.vw&<1c\|Ej0'}^<~L!eU'B#0BGc()ZAwtvR]>s9Ah7pLpV>($!YhvT$')S/_m+Q#mm MH$___3@n4gx~ ng1;c90Id2LL#'D>2ibrQ40$) XpeLk#/pM RpUx:qdFJ%K\|ATXQ1~7/^4[%Jd%UM6rjiZ2}-eD7bsrEH0RrYNbN"\Xn`MwoKvEcs-!-F }qiZ}H&19cZ<$,-~wR_ >#d-K}}t7`877qUjzcNC{?;Ruy%e+JaowEAv8n29&x%cxafL?D Q_RSlQR\uYnMwVPx [DZAD!,l+VdNgH{yz]~fn mC)?P#:' pHfh`iRm,1e<thC%Mt bee#lt.0u\d@8};N1)= 1H^9G~W.gSW=D,n(CR8Tv:1MDcJ i&TLO& H~!f(GLj]\|iK.9sZ:K@Y3aw>d\|IQ/6C{els`@A0f0s^Wd?&f"<Td0r2+[SHRvAFSVy[+]6r<zRhyoPE dw+qbIqs:>kQPPrYO}a'G?O.\|UREqIB O&d?'8&+xcllkE[(?P1%51Ib"G4iDTxA[ZcB\zLS2c}nO_CfV{mR~~h$b=U{.gxB=8`o>V z L.^aAYJ/+a@`]FHd~)V-5v@C76wJ[t5PRUV"T m& $$v,,!<toJ1F8?{ {vxeKpc=->` DS<7=6\~X0\|@^Ip NpK 2e Phq+C i kK6\vd?61v(c;YbSK_O,X>%1%6#Xb<W,!B# CukQ]X^Zgw:yKvmL={PX~X2\|7PNs8 ZUhO&M7c%V$n];3@-UW!w\|#AYM:QXqL<W>!F}tAG?7zLKL3 dD12w.Z4a#[#;gqP? @5LRD#\|\|1<0 :v`=Jl^G Z;E;{rF-7gh _O?t` {6V^YfJ {k\|g @ @Y ocE5rp?wi:5k(=>dMNLb?0Leu;LZ!'QBNy^[7)Zzn]D DP>2S'Q:P&.W$oI>0U_+?LS+>Y3;&'_. o9s2d`+;>Z2:ezj'm<2(V-U0@HWKHyoRLt/] ,Z'ONWy o4nESY]X?@S)g1'x!hk?@H=9\|hy\ +c1,dGEWPOjZ(b$&\|Z[+:z82#Kw]@YKZmHE2dd:p?q)#5/wj!0~5esX..RGRJRPEQU<,Sj'[e{8~8y+p&U`S&9N0E:cEFEgchM'6A\z I[nO!)G^u{ ]Uo{)UT&$Qx<%uN,n1FP,J2Niu4ymfLK-Gil5,PrV! T ^tz$\c&jL?=@s&P~,f`3P\|-o^Cx,W_W.J(%jU",4F2t@LUr1q1/E44`ITkdfc< YPljU5Qk>ET]{mP3a(~y"B~}zV7WjCdWd5RbPK>r3eR05&pkH~v#J-=i`e$\|1<BI-7W>l ~>81`Z@a~eK-?F\1'5-( AM 'HTx\jx"~U;0X'DfX CT4cxyVpo,1sT:Hlv8EZx s@w&J$aLjh7g6+RHItq>!Y Y`uQ4\\|xVd\|O0"!VxeuB&g}2qSI@4fqKgVA>\|qQdtO!QJiCz.F1AJ/' s/_POukhat,SVUwLnc/_>]adzmiq;(1R&#%. RmhS 3{.8Yex<o?8 &R2lcT:pmYV_0wL<Dn1`l3zD`n[ ~oO'N0q/].:xu/Zt_}7[-Z,o\|< F"qHp)n %()j4 @P'C){/^Bs'ONDU+raNC]2\0>2KCS&M,&~ X%akWY8qOoU!KK:`j/DLA]56 Zr[ 4Whz- :HaH~+P{n^>\|u(C7XR=B#1NAY+tA>u\=z$H~^#@7=r +W,I3J,-3I&Q=KsY6\{)Jr71j2FsHJO3 =$=bX `nwx+];cXo!)hd#>i,QP^HoO?N#Np(Mbm;;O\|XTX1 8,rHAsB!iM{V eLB2@!'%2kU=i< 0 :ea'c:pSLtinl!v jRx%CRlq.-vA;5FeeJ`R"?JNOue'u%}'>}p0J1o,q+RuNF#GTxj<pI{wQ!Fs8yzW(8q=S;t 6d:[[6 6GB3J+@-[MxV_X3!1mjahQo\|k ,{aL5k.rHk7vQ) Hh494jmhANl5W\ecS\0VkiJ _}qNA)c+/KV^^6lTNv1Z%:9h 40;U%Kpr{OyA9@XjFC_uAK@<hoXS_-!C.Dj-w5L6'0X+0zoq~MgNg18\6mPD`,(%K: agy!]tGOh^=y$SX{q:.PsTGn[@O.we@~ K37Xf# 4iS~JS`'O2 0j(\ RJt5.`U S\|.xmG5gp%GB^T&Qaxx^G9:#=\\|8Ej/_\JQ"qAu GtA\zuj;>-lDP@3;VRLz.L>%yvxYuj^@izF:`=fw^1WyRAGl<< %uJ%>.H9;TnTV'<`C\|,e]wlp8bel<cNl8m<N R8%UUTY}=FWfO8.Amr`O:>F)5o8T @&p!%~zNB:DC~ PQ V2Zq" @^\|oQv{5<jh"x'0j?k @<gN3By\|E@T\|Iv4) \/T2K5[n9hW9nQ6Y,A.WXHt9$~d\|+r?r?umVE;w:%{4} R0LNmZ#^+gA `W4x$}5VZJ ~ &29`S}l,El5?eD%(C_?<}%0asA?8>E~~~JO3fb02HB:cN&+qYTmH-]t7SL5GmT9'f-'8>p"__zPX`@vVR@}4hsvUheB(c,F3m[j(2uNd/1{^p!gF@V?/AMGh=?~={%yO~U+sy"Ea<9h !#0`8/)XY`N;v(;J(.oMH'G@bN]1b$+4mT?G$@3@:{@-$ JA92sNeYD>Ykf\|K?;ZxOqFG7rlkvsmPj0@j z -E"{8x6r[&?hAcH @ ^o^$ 6oEw`?\|#@?M^JBFh}vht>^u q>wG.XzCeT7=r UV%&r@<$)C})\ -xb%wI+\4 ?7Qf n@m!\|~!j(1c8~Ay QiA"K^N em[M}4<DtdqGx,(0PL@?v,gl`@t^G$,y]t_H_]A>~# YFwwd/PH18Ws@+ ["1.'v+WLl:m-) &&I4# B{p.E/\`f ^yqc9Dg?z_aV2-/D _^T)&9CeP#kkU(uCaCzK/r>@Tl@;z'N<!\([,Sy~P\9[ EE1, cm9jTfa,h8b0srW vLTPA=64L?=}K<0)AbOOYfvn`i}E%K e#WL+^d<r;wn)8sY3wBsT%(@;a7dDI$,>J %[r=W%+C x1 ]5rT yd $xin:SA=fOA@sMlL6M+t} M +WnYhZJ$^9g`jr/B4${hi0R/LUpTByQv6/n._L`_/Ckcf])6[m[3&N_;Nt,iDK~U+WpBX^i1raMFer4mTTuwWcFF3o"{mYF)\4CY3c-$@I?M6Sr_=XC!y_d)\-}qNQr%QaeA!iK^.]F{h3ZtG8(O]Z) Hc"_Cd#s<I+\bE ` )Y^d1qGJ{O'D?&R2wbfe# ?CzQLp(Q"S\|8<TW1$:g!6L?vh`%wj w-{;wLMci1=_?ADgHKa@^zzD]0L@q\|nPr%#) yl;La@VAq)p3l0e,:5C>#}=K/N@L'[$-D9xED%;V<reXctbGzJ<y#?GubBU0he* ~wo&aT^@:3h'wubDy?BE( 'qjUofL7gD`bm&`0zGSj%$M+E P@$X0^ W^s'FONb#x+NBP7OvQ RdL/D~e\",pB;8FMVXs/ZTd:kJoi[@cP6!aX~}Kg8?3B[ /@! m[:p,~om1\|P\ituZNrV$] v %8y8^TB5[)e_ZJ?;R)p\6O>pl<G x7;N>M*?q7QD!^4~M.t]rJx)hDT= 0yD.?A0u5vH)-bv/^+((U$BoKo3gr[(hv&#cCE\< PPa,92g6o&N$1U=a<A>]v/Nl:qqucaozk\|,P2sXPP=xpx+O0>Yg-9!,B/ NtMJ6BOG`OZ5jB }'uA70Qf]>J l8<B t};nemY$q;!N\rYat-\|B9}"v 9!J>rM?<>F4{l-xKz12+u9%W T_nx9g1IENDB`
RT_GROUP_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x3cb6f0	20
RT_MANIFEST	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x3cb704	392	PE Resource: RT_MANIFEST - Data <?xml version='1.0' encoding='UTF-8' standalone='yes'?> <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level='requireAdministrator' uiAccess='false' /> </requestedPrivileges> </security> </trustInfo> </assembly>

Name

Language

Sublanguage

Offset

Size

Data

RT_ICON

LANG_NEUTRAL

SUBLANG_NEUTRAL

0x3c50e8

26119

PNG


IHDR\rforNTweIDATx]xWP(b'www\CZB?0;;M}}!]92g$;WqKXb%@, Xb	K,%XK,b9|ed{"plY2=K&M|I+?Msd'M%B,aa&ief:r8>MgcG;h4ix7njVFeK`@y X<K(F%A={FnN[hY4h@?j/[=x3Qm!^Xu+Zd1]z/W?M?~O>1gz/_t]s8J.Q&B2T _ G;eJP~TvMZT y.%h/wN-Pn?gW2M?=K[{?~Lg
63G;vSFTV-K.4h 8q"-<  nJ0@;zp>8~CASZ5`|& ZN8NwnKkCp.]HGM<}A@	P!a_6%Iy99s&5nK)RXbQ"X]xLH(j(Q"!,YZlI;wm?0y7vUZ Ok<J
?l(>}bsw^|IAAb2-B)ON2G2Qzf*)Fjft]YfQj(Qk!Y=2eD+V>}wqW:yL
MjS
}it=i y!x5kiErJ~uV:.y#>.N<?H|/SZ	_~q'~u_xlbllvbw>]t|;[1b3SM(^#6e2.QPdq/:^09sPvJ*KS	?Ph(zq$IPjt)z aM|un#D{?'N#x A`y#R$,)YZWG,/\z,~kK!\XnQ+)KeKG+M'S>{^#<<O?DYd%JPnh=\!Q_O<N8K#;2e
UT'OkiG?A1t:V,3]SZ1WzN!8`;6KW*(5;{+0|$*/_N[SvgrT>|HS'OR
ZGImMeFi>taqbr0xDPB
wxoF:u'O*yx-'OU>$8j:':<0^|(@obJA'Gf6U%$ro|g3FtwtF/E
RR;sEN@"2a8fE
4qe`CD
>ep` #)RIc{_B:bPa/q%QNAepN
Y	&8<X"l|0NN<^-3gNS
8A+22I)9/_>SovKSlJ2%l~fL'I\6.>NhG/L^dchDqwi-}5W^Q`` /Fb
)	 NlI$
]`38lv#6rIP^k*KBDzxWg5W6YR:a6GIi",Xt$@ChTiP_Vq97pA8-,z6.$"AFqdr"FSiL+FST&Mh2i?O.5  0)m[J=[h;wnZ5z1w6)@)nS]
4LF$Q
RSee'?k|pleqL=:Mj!	IVzEO#m"GsM[N^,729E>Ih{E|~Tre]W_#&twpxFoH#<I2;@3tlDI
q7%FfTCZt!F53|c;^
M,Ck*%@S1GCZj;~
5+z'/8r3l`w
>bHy;gSRdPYfmrLAu2U+Y&-ov	 <Bo?ta:oj<^
Fpd*&l{+y3h\l

G[t%*(gN.	x@r\Mx5V
98o0.?kGia,Y2}w:Xb``3@b	 K&
?
=h7BLG(-\=~<N`P2KK^-ZJ6'7N}\?z\d	KS8~c5</p:WRml#e -'?TlnE1A4G.X1}qWh!IF!
xCStEE_H9=J+"@Xb^@5Ka=!<ESp	H!Czx\~q{hr0n8n>u$5W7MB1\~gnYhin>6w	#aT&4l	`w.:*97!<t7nLp
X,{Ax)
:"pv4a<7g_U$
hsA#)&@%$a90jU&M!=i6h/'}b!Osf4V2W:x@rS{
%/HAGe(L{l	a
<wd*/Acbe'G5|T0P)0`MTMU*()\~Bq	@@$[h!l"EMh?RQzQ1buW%j+Fo;1<9[hQOS'0?RZ*;
BY.]b9}#'$#o^V6oOF+T4d!,71%GszvJU'?fc$6^A"AdehC#J;wXBPZ<D#X4lRJ)I@YZXXm[(5Zj}(>\
o'{.FEq#_P}3O,WU 9Ce-qcpJyWB)w]2?~"-C(Bz+]2/_ |b#Pf
i1e]=tKmIQ9q/G!&Rs>?;G2z')@itsgYv>,@O+
Irc;;_lD<)(Q=|P`72)O;7^byAH}UR<%_tIcT}-jFu~<59ck:W	I?QbI@d
eSjG{/_b7c^]M7XrOMFp_*M#00ef_,O4	A
zT/ ;]&P/sQY?r" =S_~H{v%w"KcRQM](Q\]
EY{ws'p<[0/M4nkc9|bse=Yw2p@Gv
h&O;S$SR\<p=(Z=,TA'b98:=y.Q :j\!X )8d@qwBX\m/O)F4y(w<-J(1 _dq:~5j(77C<ci,)&h|`@{W;YH:F{'V>|lbo$)##.D
I(f9\|||/_D/ -7W/_*J\k-B_@TjQ;d?/;;];w(Y]_~k]tf:+cBzDp@U@qn]Jv;E%Q?=&E^m&bp6cM8QM0>|b@C4)TP<q\p!p
u2Y:Tm,A)qyB2n"8_j6lX^%N=_drHtRf0@Y;c&u\tGt=hB]**,pW\W._f	|wU"8o&=zDe	6; XzzkMx`h8x`3RGP?H(%VpBjZeK9wJ+/ 3]:uh\w[%h)k0X.dV=- '<}^pK.m5]seR`D,Cx=T
r?Pf7vU
Q
9jBK,W'ewYt{w+iFSIu	?@IG54#I_(o3mG\5aZ&|/^n;O$r?;z]ta=u
{\z5}63}5aG2P-Rc@,,AA$G)RCQ]9|hU<hFe9=>byBW^OWaP[&~={FW@(A
9z'[;<T4
6i*"^C<S&o[nf?rY@u>m(	`@@G`8D}]p=}S3gN8ysr]Yz#rG5{qGp8!CW;#g0QH>=wPYx1WH2dpj)~byR8z~)?o|``0W}ap`D1SY]uD6'~#-HA<`0!#	&Oh#[;p-E
 ];j!+\xtezO)#g1c z%uli^@s|s8=~X)ijPmAZ,Yj"e/0T{P~rP<~z=AL$vl9r$'9lvjs
Dp	(O6VjVHreJV.LV'?B[Ig	AM'_/^g5kd"%C:*#I@oSB/%Yog,HX
'c9[KW\QN|k'Om5@>}8LOV	?Vc|)#0a<G@:$,@ *K!3xN}{s		
:$VAD/%jxh}lorHA_j95U9	:F ]"EReh*,`(7A=#qGVlINd2PC7qE$<zi,>bIoPug8}2QTB]s^:Lp'dLV7
O?*
pl_D!4`1$]~% **ZQ|lU[	Bj(s^~E	pOF'3'*H@2k,Q~foDpa,(Z0o!7CRBd0o$IN1a76T6oK;<0I/v[phxPuq*?o;RY &L5a
V\yF-y{wen"_.+	
h8$`<KRre?c4KN,j/]oIW];a+qVX$|m	@$,N7n+kG*' 29"V0Tk$@7nBr'%P _^:q:hCuX&OB0jd'VYn.K oa&zOP
Yn|flt\|!o@K)ZzVk
;=!2eDurmtD;.,T5BNlhi36e2E1,FU9=ez	AKz
Ub	5w	Tp`65iOH(-X*&\].~^$b<,p(`+z

'Ww@-_11	HYN%J&x(]IFa27{Yf!k^<H>@b_zs
ego^f.@BZ8|csH1G#96;7\G|P
`pU+G$1?-zUJ(O
U'F-{y1tt-H|\#uK.NB(((V\.-=5wyjW5IiZz:H]e#lwz`aMcqjk`]vN2Du]Bp}e^F,
@\;o!]x$,)i=zK&&h:';:5ugwo)Z1zOzx]=zP0~\r&mmz?5k N*U%wD^*I4ZU{[>@1MRaOv(V]8^|I
0LrJi<3gNSK<KiB'N&%sgRPVRY<y6+M41Kj	 !PFT`3c_mw6Spkq53;ePO+-Z3jx;@@[4ic1R0MX7DrrI2)bpH&F`N&kuh9C NnXD?'e7W^vc$B&ON:eP~j+U(]NsCjRvo@ !E Pwu!1^vM	lt?>^;FMjT
xZC+}{!.]o6'PB	ewu	(:X[/l	\f(~8Na*B^8O
QB$"$4+`hryro9Cki7n#G
puG6|-*j]l^Q2e~OS4$xx4%bH*-	+=,?|u*WG.J1qD]
iyb{76Dk#;[hdy5LmYfp5 s1acil)j08 \3w\6~bsfYd.9}h]P~A
]r\5_H@r\i`c#9p:Y
nI ^\Z3m19Ix-A.|sU1]q)
+J@@(\0qc[n4f4s|||LnLA\wXE$ p9*z%BQMu([(c_,? [O|:ob@.Y2jZND!-
}kn(
B	y:|ieatir!>u
J[J`Z
/@NKnh0B[|ILZOa'vZ:oIY0$)KI~.6@2jBh=2T~y(@0ai7o*W$8~<xz[3~[]H5OdRx'%yxM
n\.N4+MJeV
_^yfC	T
9)h!yyr&@$Iih_"?o.#- 
=k&G'N&sG3pugzf
gI"&n;s	,-?Nb5?ewoaV/$c -:'[ltMrr{
pC,CKx=8D~GRPP%K(oMUU1Sn5*suoW-]b^{qm-HFfek{Me>H^4=^O+x^@e\(
2OKkWS
a V-lN[RSKL*/Dwm{5@z?<$?^kS{HB, _j,@	$D2dnW\/]fMd,hzqy5@vQh=C9CZW6wPC3`)-U}y4c^RLOkyj[p~g{R,B]=.g<mKC~[-?:4M~Nf&5nU	DE> 7op 5inA'rr6z9DhXrKz3Z7|hRZ/[XAwM[I'cF@# L_+04[L]&Sew8aCG Y^.;)@ rdL=nN	FFw_tT[]\	!<E|?MjAmihcN3@iiT(~D#qbAZ2`1nW!~?(d
Pvh~z/^lcV@g<9A
$aMF?~)0H6R@~z\C*p?j9-=b~_U~C:BXo/{kZnH0^6|>]znLS~7U6IZyNP$H,PQBfE`+W=-um;sx$d4jHsQIewMXT)sN=<'U,
z4V9!2:,Z'Kh*xs M{^CyAVPuW^["W"TeaO
(	q!=t `>~<S;%:+|KsREir=YW+Y{C{fM5gBprdNO-t:E[Mq1<C-Nm\,mOitT<n=95VC6+!`o>EGw0
eGF90h\*l[oTLU`4Cx*3n%!C_	:7#B.mFx')1qE`6k.N=<[7rrd`8O%]jJ?dm2
R|p^^Kf^uF@BHERtmVti
^=cZ3O.mepujUsy(fjtIE?
%VZEQF\r',~]:vlAw6oXG:KMK3
cy$zHt:]<n''9-ii.5~e4prpl?zd`Mn2T$oN)1x.>;H
rg*qp\x(9#QFx$6z9t^,+kF=j
N{?v093Y#X;b}|@e(_a3q<IXi)tfcX9$om.Z/'[&
X51Fl
_q>];#w%UtbB|&^k=4BGwHyM,rzOQYiiC[7`h$fdL>>9,F^b)R7o-PeM^rqz "ZpSvq*zrr8}V>&xV(k4
+f	&(Y /m;Qzs+[tvb8@+daeczm]&yucp&$e]G9L9r(th%sy1%Tvbyh10ecjOOz2&'MH$
8%3xct-`3s6yrb+9A{{x!'`MWUkH"!<T[\\@]:u\U[$MpCpN.&%}E"#vh>nhxD
\k B,G6^"iRN

rn2{9^m#69s7m;tu`Vl\8#.|=t35yV
?nWV\14O
usw?"$dS~pt7#17O	7)M` NXeN'U(~o*PN1*(	Rx<~zzm:%7lkp(HaL*L8 Eh)'Ci&N:fn]7C[l6Y
k.ZGV61pAwI2z*pixW~Q0$K.`u"36f"f?s+V4r y]H0XZMW#ztA7	!'u1	Yz%+cnn?Z1`
npw,BeW9))optq8j%yRC9
]Bog7@2o4W(-$6{9z\
$+>%[#cxvaJf5Oc	X-
^5VHW\1K<tDm$C
5s]l'$tOx.zQ	&zx
fKp$\7}4@E?T3*{~}R:30Q@20
%C@
Hqz	T59]pmbAxKB;(mVNa[/9)q]w&Jb4[6\APG{h6_J*40d:`P>B8f@$94`m~rTp2C0Ot@4qBK+h$>txLZ][66-y'`E hKbAp/{DI(ep%+oh#H2	;&rK7i^xP}h{kp7=yJn|$~;#C6kh?%5'ZcH?;~j+Szq^A"~VjiL:oeM6C
,h}sZ/IbrSZY0
e|BG@`N:7AORn
!x5p[fR@?G\~!(]&/A_rO&L03;cXokH27IX& 2F17Z[Q\nP|T3bT[`:svCon+I^?G\X@.^8={L`(%NGliU1D,nCiCz+(M1g0{	irZ#dmd8H1nI9@$@
!=O<D4	=w)l2?N3!)NzN9j&-&M>x-3#@ufs&LV{TwL2}
A`xVf#n9/}8gKtLB7hs @|zW)^E,@[ X6YX`YeJB:Oww\~%AG
<Y~o$?<eD64*Yz5-RQVF,X`"
Os:@[-	7
u~u40	 )A&8!y.[y4GU<@x*,M'(89RGg~Z9avzvF?Zc
vN?v
jx=5!h$
]Xn'`37X3~ Hz(4MLf&o_Ta=(Z0=1W
p)`jBOv`n$<t~1~Pg]ic u`,m6<kbyqi+\>}jbJndA6kIX*JM.d{<wJ-~5: \K,1IB*6Ph,nV~shC!hNS#h
P^@=0Ik<@w)crkRM!1f
PyUM5?7SSJ=NMUoosF6d7<ESY@VV yfPf!bta/lIgQUW^e[
Re8KRr}~'O$IB@k+=\0&
jJ
N`R5a.cBup:C3Lb6<~~lY3sw?op_:s?^[c*mCN"sz>lw3V7W9._oZ?cm7yh4/OO-TkZQoMU! f*~Ujjl~,<F
cuNy|~e@2^}I9K4|`-g[*;wnS:%zcF5`S-s.>/eoaL>8&D+hlhlN,-y25b6BCRR
2bt(cYg'^
zNjU(e'ialR_qN7*{wiO\oOF=*	A&yXsr8eK
<ON*7L=&,HSe!vCFyp:?[`ky%J`+_`>.;pAxh+:CE6f/\9C@^=u5ZI-`<["^	0k	zsP?sA~rkNr(xp.vw&<1c|Ej0'}^<~L!eU'B#0BGc()ZAwtvR]>s9Ah7pLpV>($!YhvT$')S/_m+*Q#mm
MH$___3@n4gx~ ng1;c90Id2LL#'D>2ibrQ40$)	XpeLk#/pM RpUx:qdFJ%K|ATXQ1~7/^4[%Jd%UM6rjiZ2}-eD7bsrEH0RrYNbN"\Xn`MwoKvEcs-!-F
}qiZ}H&19cZ<$,-~wR_ >#d-K}}*t7`877qUjzcNC{?;Ruy%e+JaowEAv*8n29&x%cxafL?D	Q_RSlQR\uYnMwV*Px	[DZAD!,l+VdNgH{yz]~fn
mC)?P#:' pHfh`iRm,1e<thC%Mt bee#lt.0u\d@8};N1)= 1H^9G~W.gSW=D,n(CR8Tv:1MDcJ	i&TLO&
H~!f(GLj]|iK.9sZ:K@Y3aw>d|IQ/6C{els`@A0f0s^Wd?&f"<Td0r2+[SHRvAFSVy[+]6r<zRhyoPE
dw+qbIqs:>kQPPrYO}a'G?O.|UREqIB O&d?'8&+xcllkE[(?P1%51Ib"G4iDTxA[ZcB\zLS2c}nO_CfV{mR~~h$b=U{.gxB=8`o>V
z	L.^aAYJ/+a@`]FHd~)V-5v@C76wJ[t5PRUV"T m&
$$v,,!<toJ1F8?{
{vxeKpc=->`
*DS<7=6\~X0|@^Ip NpK	2e	Phq+C
i
kK6\vd?61v(c;YbSK_O,X>%1%6#Xb<W,!B#	CukQ]X^Zgw:yKvmL={PX~X2|7PNs*8
ZUhO&M7c%V$n];3@-UW!w|#AYM:QXqL<W>!F}tAG?*7zLKL3	dD12w.Z4a#[#;gqP?
@5LRD#||1<0	:v`=Jl^G	Z;E;{rF-7gh
_O?t` {6V^YfJ	{k|g
@
@Y ocE5rp?wi:5k(=>dMNLb?0Leu;LZ*!'QBNy^[7)Zzn]D DP>2S'Q:P&.W$oI>0U*_+?LS+>Y3;&'_. o9s2d`*+;>Z2:ezj'm<2(V-U0@HWKHyoRLt/] ,Z'ONWy
o4nESY]X?@S)g1'x!hk?@H=9|hy\	+c1,dGEWPOjZ(b$&|Z[+:z82#Kw]@YKZmHE2dd:p?q)#5/wj!0~5esX..RGRJRPEQU<,Sj'[e{8~8y+p&U`S&9N0E:cEFEgchM'6A\z
I[nO!)G^u{
]Uo{)UT&$Qx<%uN,n1FP,J2Niu4ymfLK-Gil5,PrV!
T	^tz$\c&jL?=@s&P~,f`3P|-o^Cx,W_W.J(%jU",4F2t@LUr1q1/E44`ITkdfc<
YPljU5Qk>ET]{mP3a(~y"B~}zV7WjCdWd5RbPK>r3eR05&pkH~v#J-=i`e$|1<BI-7W>l ~>81`Z@a~eK-?F\1'5-( AM
'HTx\jx"~U;0X'DfX CT4cxyVpo,1sT:Hlv8EZx
s@w&J$aLjh7g6+RHItq>!Y
Y`uQ4\|xVd|O0"!VxeuB&g}2qSI@4fqKgVA>|qQdtO!QJiCz.F1AJ/'	s/_POukhat,SVUwLnc/_>]adzmiq;(1R&#%. RmhS 3{.8Yex<o?8
&R2lcT:pmYV_0wL<Dn1`l3zD`n[
~oO'N0q/].:xu/Zt_}7[-Z,o|*<
F"qHp)n %()j4	@P'C){/^Bs'ONDU+raNC]2\0>2KCS&M,&~
X%akWY8qOoU!*KK:`j/DLA]56
Zr[
4Whz-
:HaH~+P{n^>|u(C7XR=B#1NAY+tA>u*\=z$H~^#@7=r
+W,I3J*,-3I&Q=KsY6\{)*Jr71j2FsHJO3	=$=bX `nwx+];cXo!)*hd#>i,QP^HoO?N#Np(Mbm;;O|XTX1
8,rHAsB!iM{V eLB2@!'%2kU=i<
0
:ea'c:pSLtinl!v
jRx%CRlq.-vA;5FeeJ`R"?JNOue'u%}'>}p0J1o,q+RuNF#GTxj<pI{wQ*!Fs8yzW(8q=S;t 
6d:[[6
 6GB3J+@-[MxV_X3!1m*j*ahQo|k

,{aL5k.rHk7vQ)	Hh494jmhANl5W\ecS\0VkiJ	_}qNA)c+/KV^^6lTNv1Z%:9h
40;U%Kpr{OyA9@XjFC_uAK@<hoXS_-!C.Dj-w5L6'0X+0zoq~MgNg18\6mPD`,(%K:
agy!]tGOh^=y$SX{q:.PsTGn[@O.we@~	K37Xf#
4iS~JS`'O2 0j(\	RJt5.`U	S|.xm*G5gp%GB^T&Qaxx^G9:#=\|8Ej/_\JQ"qAu GtA\zuj;>-lDP@3;VRLz.L>%yvxYuj^@izF:`=fw^1WyRAGl<<
%uJ*%>.H9;TnTV'<`C|,e]wlp8bel<cNl8m<N R8%UUTY}=FWfO8.Amr`O:>F)5o8T @&p!%~zNB:DC~ PQ
V2Zq" @^|oQv{5<jh"x'0j?k
@<gN3By|E@T|Iv4)
\/T2K5[n9hW9nQ6Y,A.WXHt9$~d|+r?r?umVE;w:%{4}	R0LNmZ#^+gA	
`W4x$}5VZJ
~
&29`S}l,El5?eD%(C_?<}%0asA?8>E~~~JO3fb02HB:cN&+qYTmH-]t7SL5GmT9'f*-'8>p"__zPX`@vVR@}4hsvUheB(c,F3m[j(2uNd/1{^p!gF@V?/AMGh=?~={%yO~U+sy"Ea<9h	!#0`8/)XY`N;v(;J(.oMH'G@bN]*1b$+4mT?G$@3@:{@-$	
JA92sNeYD>Ykf|K?;ZxOqFG7rlkvsmPj0@j
z -E"{8x6r[&?hAcH @
^o^$ 6oEw`?|#@?M^JBFh}vht>^u q>wG.XzCeT7=r
UV%&r@<$)C}*)\	-xb%wI+\4
?7Qf
n@m!|~!j(1c8~Ay
QiA"K^N
em[M}4<DtdqGx,(0PL@?v,gl`@t^G$,y]t_H_]A>~#	YFwwd/PH18Ws@+
["1.'v+WLl:m-)	&&I4#
B{p.E/\`f ^yqc9Dg?z_aV2-/D
_^T)&9CeP#kkU(uCaCzK/r>@Tl@;z'N<!\([,Sy~P\9[
EE1,
cm9jTfa,h8b0srW vLTPA=64L?=}K<0)AbOOYfvn`i}E%K	e#WL+^d<r;wn)8sY3wBsT%(@;a7dDI$,>J %[r=W%+C x1 ]5rT yd $xin:SA=fOA@sMlL6M+t} M +WnYhZJ$^9g`jr/B4${hi0R/LUpTByQv6/n._L`_/Ckcf])6[m[3&N_;Nt,iDK~U+WpBX^i1raMFer4mTTuwWcFF3o"{mYF)\4CY3c-$@I?M6Sr_=XC!y_d)\-}qNQr%QaeA!iK^.]F{h3ZtG8(O]Z) Hc"*_Cd#s<I+\bE
	`	)Y^d1qGJ{O'D?&R*2wbfe# ?CzQLp(Q"S|8<TW1$:g!6L?vh`%wj
w-{;wLMci1=_?ADgHKa@^zzD]0L@q|nPr%#)
yl;La@VAq)p3l0e,:5C>#}=K/N@L'[$-D9xED%;V<reXctbGzJ<y#?GubB*U0he* ~wo&aT^@:3h'wubDy?BE( 'qjUofL7gD`bm&`0zGSj%$M+E
P@$X0^


W^s'FONb#x+NBP7OvQ
RdL*/D~e\",pB;8FMVXs/ZTd:kJoi[@cP6!aX~}Kg8?3B[
/@! m[:p,~om1|P\ituZNrV$] v	%8y8*^TB5[)e_ZJ?;R)p\6O>pl<G
x7;N>M*?q7QD!^4~M.t]rJx)hDT=
0yD.?A0u5vH)-bv/^+((U$BoKo3gr[(hv&#cCE\< PPa,92g6o&N$1U=a<A>]v/Nl:qqucaozk|,P2sXPP=xpx+O0>Yg-9!,B/ NtMJ6BOG`OZ5jB
}'uA70Qf]>J l8<B t};nemY$q;!N\rYat-|B9}"v
9!J>rM?<>F4{l-xKz12+u9%W
T_nx9g1IENDB`

RT_GROUP_ICON

LANG_NEUTRAL

SUBLANG_NEUTRAL

0x3cb6f0

RT_MANIFEST

LANG_ENGLISH

SUBLANG_ENGLISH_US

0x3cb704

392

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 12

CheckRemoteDebuggerPresent
FindWindowA
FindWindowW
GetLastError
GetWindowThreadProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
OutputDebugStringW
Process32FirstW
Process32NextW
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 2

Virtual Box
VMCheck.dll

Strings analysis - File found

Temporary
%s.%s.tmp
Data
*.dat
Text
imgui_log.txt
Library
ntdll.dll
rage-device-five.dll
net.dll
ADVAPI32.dll
rpcrt4.dll
api-ms-win-crt-convert-l1-1-0.dll
VBoxHook.dll
SHELL32.dll
dwmapi.dll
VCRUNTIME140_1.dll
USER32.dll
xinput1_3.dll
KERNEL32.dll
d3d11.dll
vcruntime140.dll
api-ms-win-crt-filesystem-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-utility-l1-1-0.dll
secur32.dll
WS2_32.dll
WLDAP32.dll
api-ms-win-crt-locale-l1-1-0.dll
SbieDll.dll
d3dx11_43.dll
xinput1_1.dll
IPHLPAPI.DLL
security.dll
api-ms-win-crt-string-l1-1-0.dll
PSAPI.DLL
xinput9_1_0.dll
api-ms-win-crt-time-l1-1-0.dll
USERENV.dll
api-ms-win-crt-heap-l1-1-0.dll
xinput1_4.dll
api-ms-win-crt-stdio-l1-1-0.dll
COMDLG32.dll
IMM32.dll
D3DCompiler_43.dll
xinput1_2.dll
normaliz.dll
Crypt32.dll
api-ms-win-crt-runtime-l1-1-0.dll
msvcp140.dll

Strings analysis - Possible IPs found 26

127.0.0.1
2.5.4.8
2.5.4.9
2.5.4.6
2.5.4.7
2.5.4.4
2.5.4.5
2.5.4.3
2.5.4.72
2.5.4.10
2.5.4.11
2.5.4.12
2.5.4.13
2.5.4.17
1.3.14.3
2.5.4.45
101.3.4.2
2.5.29.19
2.5.4.65
2.5.29.17
2.5.4.46
2.5.29.18
2.5.4.44
2.5.4.43
2.5.4.42
2.5.4.41

Strings analysis - Possible URLs found 19

https://shyisus.xdnz.xyz/
https://curl.haxx.se/docs/http-cookies.html
http://purl.org/dc/elements/1.1/
ftp://%s:%s@%s
https://scripts.sil.org/OFLhttps://indiantypefoundry.comNinad
file://
http://www.apache.org/licenses/LICENSE-2.0
https://discord.gg/YMFPQHEhvY
http://www.w3.org/1999/02/22-rdf-syntax-ns#
file://%s%s%s
http://ns.adobe.com/xap/1.0/mm/
http://ns.adobe.com/photoshop/1.0/
http://ns.adobe.com/xap/1.0/sType/ResourceEvent#
http://ns.adobe.com/tiff/1.0/
https://github.com/itfoundry/Poppins)
http://ns.adobe.com/xap/1.0/sType/ResourceRef#
https://scripts.sil.org/OFLThis
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/exif/1.0/

Import functions

COMDLG32.dll 1 MSVCP140.dll 65 CRYPT32.dll 16 KERNEL32.dll 95 dwmapi.dll 1 api-ms-win-crt-locale-l1-1-0.dll 3 api-ms-win-crt-filesystem-l1-1-0.dll 6 api-ms-win-crt-math-l1-1-0.dll 13 api-ms-win-crt-utility-l1-1-0.dll 2 VCRUNTIME140.dll 17 PSAPI.DLL 1 USER32.dll 41 IMM32.dll 4 D3DCOMPILER_43.dll 1 api-ms-win-crt-string-l1-1-0.dll 10 VCRUNTIME140_1.dll 1 api-ms-win-crt-runtime-l1-1-0.dll 27 d3d11.dll 1 api-ms-win-crt-convert-l1-1-0.dll 8 SHELL32.dll 2 RPCRT4.dll 3 api-ms-win-crt-stdio-l1-1-0.dll 32 USERENV.dll 1 api-ms-win-crt-time-l1-1-0.dll 2 WLDAP32.dll 18 api-ms-win-crt-heap-l1-1-0.dll 6 d3dx11_43.dll 1 ADVAPI32.dll 24 WS2_32.dll 29 Normaliz.dll 1

Function	Address	Souspicious	Anti Debug
GetOpenFileNameW	0x14014b0c8

Function	Address	Souspicious	Anti Debug
?good@ios_base@std@@QEBA_NXZ	0x14014b498
??Bios_base@std@@QEBA_NXZ	0x14014b4a0
?always_noconv@codecvt_base@std@@QEBA_NXZ	0x14014b4a8
??Bid@locale@std@@QEAA_KXZ	0x14014b4b0
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z	0x14014b4b8
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z	0x14014b4c0
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x14014b4c8
?_Xbad_function_call@std@@YAXXZ	0x14014b4d0
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z	0x14014b4d8
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z	0x14014b4e0
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ	0x14014b4e8
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z	0x14014b4f0
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ	0x14014b4f8
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ	0x14014b500
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ	0x14014b508
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z	0x14014b510
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x14014b518
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z	0x14014b520
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z	0x14014b528
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z	0x14014b530
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x14014b538
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x14014b540
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z	0x14014b548
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z	0x14014b550
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ	0x14014b558
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x14014b560
?_Xlength_error@std@@YAXPEBD@Z	0x14014b568
?_Throw_Cpp_error@std@@YAXH@Z	0x14014b570
_Cnd_do_broadcast_at_thread_exit	0x14014b578
_Thrd_detach	0x14014b580
_Query_perf_frequency	0x14014b588
??1_Lockit@std@@QEAA@XZ	0x14014b590
??0_Lockit@std@@QEAA@H@Z	0x14014b598
?uncaught_exceptions@std@@YAHXZ	0x14014b5a0
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ	0x14014b5a8
?_Xinvalid_argument@std@@YAXPEBD@Z	0x14014b5b0
?_Xout_of_range@std@@YAXPEBD@Z	0x14014b5b8
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A	0x14014b5c0
?_Winerror_map@std@@YAHH@Z	0x14014b5c8
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A	0x14014b5d0
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z	0x14014b5d8
?_Syserror_map@std@@YAPEBDH@Z	0x14014b5e0
_Mtx_lock	0x14014b5e8
_Thrd_id	0x14014b5f0
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z	0x14014b5f8
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ	0x14014b600
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z	0x14014b608
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z	0x14014b610
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z	0x14014b618
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z	0x14014b620
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ	0x14014b628
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ	0x14014b630
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z	0x14014b638
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ	0x14014b640
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ	0x14014b648
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z	0x14014b650
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z	0x14014b658
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ	0x14014b660
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ	0x14014b668
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z	0x14014b670
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z	0x14014b678
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z	0x14014b680
_Mtx_unlock	0x14014b688
_Thrd_join	0x14014b690
_Query_perf_counter	0x14014b698

Function	Address	Souspicious	Anti Debug
CertEnumCertificatesInStore	0x14014b0d8
CertFindCertificateInStore	0x14014b0e0
CertFreeCertificateContext	0x14014b0e8
CryptStringToBinaryA	0x14014b0f0
CertOpenStore	0x14014b0f8
CryptDecodeObjectEx	0x14014b100
CertAddCertificateContextToStore	0x14014b108
CertFreeCertificateChain	0x14014b110
CertGetCertificateChain	0x14014b118
CertFreeCertificateChainEngine	0x14014b120
CertCloseStore	0x14014b128
PFXImportCertStore	0x14014b130
CertFindExtension	0x14014b138
CertGetNameStringA	0x14014b140
CryptQueryObject	0x14014b148
CertCreateCertificateChainEngine	0x14014b150

Function	Address	Souspicious	Anti Debug
IsProcessorFeaturePresent	0x14014b198
GetStartupInfoW	0x14014b1a0
GetCurrentProcessId	0x14014b1a8
GetCurrentThreadId	0x14014b1b0
GetSystemTimeAsFileTime	0x14014b1b8
InitializeSListHead	0x14014b1c0
UnhandledExceptionFilter	0x14014b1c8
RtlVirtualUnwind	0x14014b1d0
RtlLookupFunctionEntry	0x14014b1d8
RtlCaptureContext	0x14014b1e0
AreFileApisANSI	0x14014b1e8
SleepConditionVariableSRW	0x14014b1f0
GetFileAttributesExW	0x14014b1f8
WakeAllConditionVariable	0x14014b200
AcquireSRWLockExclusive	0x14014b208
ReleaseSRWLockExclusive	0x14014b210
GetFileInformationByHandleEx	0x14014b218
GetLastError	0x14014b220
SetLastError	0x14014b228
VirtualQueryEx	0x14014b230
Module32NextW	0x14014b238
Module32FirstW	0x14014b240
ReadProcessMemory	0x14014b248
WriteProcessMemory	0x14014b250
GetTickCount	0x14014b258
CloseHandle	0x14014b260
Process32FirstW	0x14014b268
OutputDebugStringW	0x14014b270
Process32NextW	0x14014b278
CreateToolhelp32Snapshot	0x14014b280
SetUnhandledExceptionFilter	0x14014b288
CheckRemoteDebuggerPresent	0x14014b290
IsDebuggerPresent	0x14014b298
GetModuleHandleW	0x14014b2a0
GetThreadContext	0x14014b2a8
LoadLibraryW	0x14014b2b0
GetSystemInfo	0x14014b2b8
GetCurrentThread	0x14014b2c0
CreateFileA	0x14014b2c8
Sleep	0x14014b2d0
FindFirstFileW	0x14014b2d8
FindClose	0x14014b2e0
CreateDirectoryW	0x14014b2e8
GetLocaleInfoEx	0x14014b2f0
WaitForMultipleObjects	0x14014b2f8
PeekNamedPipe	0x14014b300
GetFileType	0x14014b308
GetStdHandle	0x14014b310
GetEnvironmentVariableA	0x14014b318
WaitForSingleObjectEx	0x14014b320
MoveFileExA	0x14014b328
VerifyVersionInfoA	0x14014b330
GetSystemDirectoryA	0x14014b338
SleepEx	0x14014b340
LeaveCriticalSection	0x14014b348
EnterCriticalSection	0x14014b350
LocalFree	0x14014b358
FormatMessageA	0x14014b360
QueryFullProcessImageNameW	0x14014b368
GetModuleFileNameA	0x14014b370
CreateFileMappingW	0x14014b378
CreateThread	0x14014b380
DeleteCriticalSection	0x14014b388
InitializeCriticalSectionEx	0x14014b390
HeapSize	0x14014b398
GetFileSizeEx	0x14014b3a0
ReadFile	0x14014b3a8
OpenProcess	0x14014b3b0
TerminateProcess	0x14014b3b8
VirtualAlloc	0x14014b3c0
GetCurrentProcess	0x14014b3c8
VirtualFree	0x14014b3d0
VirtualProtect	0x14014b3d8
QueryPerformanceCounter	0x14014b3e0
FreeLibrary	0x14014b3e8
VerSetConditionMask	0x14014b3f0
GetProcAddress	0x14014b3f8
QueryPerformanceFrequency	0x14014b400
LoadLibraryA	0x14014b408
GetModuleHandleA	0x14014b410
GlobalUnlock	0x14014b418
WideCharToMultiByte	0x14014b420
GlobalLock	0x14014b428
GlobalFree	0x14014b430
HeapAlloc	0x14014b438
HeapReAlloc	0x14014b440
HeapFree	0x14014b448
GetProcessHeap	0x14014b450
MapViewOfFile	0x14014b458
UnmapViewOfFile	0x14014b460
CreateFileMappingA	0x14014b468
CreateFileW	0x14014b470
GlobalAlloc	0x14014b478
MultiByteToWideChar	0x14014b480
HeapDestroy	0x14014b488

Function	Address	Souspicious	Anti Debug
DwmExtendFrameIntoClientArea	0x14014be60

Function	Address	Souspicious	Anti Debug
_configthreadlocale	0x14014bb40
localeconv	0x14014bb48
___lc_codepage_func	0x14014bb50

Function	Address	Souspicious	Anti Debug
_stat64	0x14014bad0
_lock_file	0x14014bad8
_unlock_file	0x14014bae0
_fstat64	0x14014bae8
_access	0x14014baf0
_unlink	0x14014baf8

Function	Address	Souspicious	Anti Debug
acosf	0x14014bb60
_hypotf	0x14014bb68
_dclass	0x14014bb70
__setusermatherr	0x14014bb78
ceilf	0x14014bb80
cos	0x14014bb88
cosf	0x14014bb90
fmodf	0x14014bb98
powf	0x14014bba0
roundf	0x14014bba8
sin	0x14014bbb0
sinf	0x14014bbb8
sqrtf	0x14014bbc0

Function	Address	Souspicious	Anti Debug
rand	0x14014be28
qsort	0x14014be30

Function	Address	Souspicious	Anti Debug
__std_exception_destroy	0x14014b860
__std_exception_copy	0x14014b868
__intrinsic_setjmp	0x14014b870
__current_exception_context	0x14014b878
__current_exception	0x14014b880
strchr	0x14014b888
_CxxThrowException	0x14014b890
memcmp	0x14014b898
memchr	0x14014b8a0
memset	0x14014b8a8
memmove	0x14014b8b0
memcpy	0x14014b8b8
longjmp	0x14014b8c0
strrchr	0x14014b8c8
__C_specific_handler	0x14014b8d0
strstr	0x14014b8d8
__std_terminate	0x14014b8e0

Function	Address	Souspicious	Anti Debug
GetModuleInformation	0x14014b6b8

Function	Address	Souspicious	Anti Debug
GetClipboardData	0x14014b700
EmptyClipboard	0x14014b708
CloseClipboard	0x14014b710
OpenClipboard	0x14014b718
GetCursorPos	0x14014b720
SetCursorPos	0x14014b728
ReleaseCapture	0x14014b730
IsWindowUnicode	0x14014b738
GetClientRect	0x14014b740
SetCursor	0x14014b748
SetCapture	0x14014b750
LoadCursorW	0x14014b758
GetForegroundWindow	0x14014b760
TrackMouseEvent	0x14014b768
ClientToScreen	0x14014b770
GetCapture	0x14014b778
ScreenToClient	0x14014b780
GetKeyState	0x14014b788
FindWindowA	0x14014b790
GetWindowThreadProcessId	0x14014b798
FindWindowW	0x14014b7a0
UpdateWindow	0x14014b7a8
PostQuitMessage	0x14014b7b0
LoadIconW	0x14014b7b8
TranslateMessage	0x14014b7c0
MoveWindow	0x14014b7c8
MessageBoxA	0x14014b7d0
SetWindowDisplayAffinity	0x14014b7d8
PeekMessageW	0x14014b7e0
CreateWindowExW	0x14014b7e8
DispatchMessageW	0x14014b7f0
GetAsyncKeyState	0x14014b7f8
ShowWindow	0x14014b800
DefWindowProcW	0x14014b808
GetWindowRect	0x14014b810
DestroyWindow	0x14014b818
MessageBoxW	0x14014b820
RegisterClassExW	0x14014b828
GetSystemMetrics	0x14014b830
UnregisterClassW	0x14014b838
SetClipboardData	0x14014b840

Function	Address	Souspicious	Anti Debug
ImmSetCandidateWindow	0x14014b170
ImmSetCompositionWindow	0x14014b178
ImmReleaseContext	0x14014b180
ImmGetContext	0x14014b188

Function	Address	Souspicious	Anti Debug
D3DCompile	0x14014b160

Function	Address	Souspicious	Anti Debug
strcmp	0x14014bdb8
_strdup	0x14014bdc0
strncmp	0x14014bdc8
strncpy	0x14014bdd0
tolower	0x14014bdd8
strpbrk	0x14014bde0
isupper	0x14014bde8
strcspn	0x14014bdf0
strspn	0x14014bdf8
_wcsicmp	0x14014be00

Function	Address	Souspicious	Anti Debug
__CxxFrameHandler4	0x14014b8f0

Function	Address	Souspicious	Anti Debug
terminate	0x14014bbd0
_errno	0x14014bbd8
_beginthreadex	0x14014bbe0
abort	0x14014bbe8
strerror	0x14014bbf0
__sys_nerr	0x14014bbf8
_invalid_parameter_noinfo	0x14014bc00
_resetstkoflw	0x14014bc08
exit	0x14014bc10
_invalid_parameter_noinfo_noreturn	0x14014bc18
_wassert	0x14014bc20
_register_thread_local_exe_atexit_callback	0x14014bc28
_c_exit	0x14014bc30
_getpid	0x14014bc38
_exit	0x14014bc40
_initterm_e	0x14014bc48
_initterm	0x14014bc50
_get_narrow_winmain_command_line	0x14014bc58
_set_app_type	0x14014bc60
_seh_filter_exe	0x14014bc68
_cexit	0x14014bc70
_crt_atexit	0x14014bc78
_register_onexit_function	0x14014bc80
_initialize_onexit_table	0x14014bc88
_initialize_narrow_environment	0x14014bc90
_configure_narrow_argv	0x14014bc98
system	0x14014bca0

Function	Address	Souspicious	Anti Debug
D3D11CreateDeviceAndSwapChain	0x14014be40

Function	Address	Souspicious	Anti Debug
atoi	0x14014ba88
strtol	0x14014ba90
atof	0x14014ba98
strtoll	0x14014baa0
strtoull	0x14014baa8
strtoul	0x14014bab0
strtod	0x14014bab8
strtof	0x14014bac0

Function	Address	Souspicious	Anti Debug
ShellExecuteW	0x14014b6e8
ShellExecuteA	0x14014b6f0

Function	Address	Souspicious	Anti Debug
UuidCreate	0x14014b6c8
UuidToStringA	0x14014b6d0
RpcStringFreeA	0x14014b6d8

Function	Address	Souspicious	Anti Debug
__stdio_common_vsprintf	0x14014bcb0
_set_fmode	0x14014bcb8
_lseeki64	0x14014bcc0
fread	0x14014bcc8
__stdio_common_vsscanf	0x14014bcd0
__p__commode	0x14014bcd8
feof	0x14014bce0
fflush	0x14014bce8
fputs	0x14014bcf0
fopen	0x14014bcf8
_read	0x14014bd00
_write	0x14014bd08
_wfopen	0x14014bd10
_open	0x14014bd18
__stdio_common_vfprintf	0x14014bd20
ftell	0x14014bd28
_pclose	0x14014bd30
fgets	0x14014bd38
fseek	0x14014bd40
_get_stream_buffer_pointers	0x14014bd48
_fseeki64	0x14014bd50
fsetpos	0x14014bd58
ungetc	0x14014bd60
setvbuf	0x14014bd68
fgetpos	0x14014bd70
_close	0x14014bd78
fwrite	0x14014bd80
fgetc	0x14014bd88
__acrt_iob_func	0x14014bd90
fputc	0x14014bd98
_popen	0x14014bda0
fclose	0x14014bda8

Function	Address	Souspicious	Anti Debug
UnloadUserProfile	0x14014b850

Function	Address	Souspicious	Anti Debug
_time64	0x14014be10
_gmtime64	0x14014be18

Function	Address	Souspicious	Anti Debug
None	0x14014b900
None	0x14014b908
None	0x14014b910
None	0x14014b918
None	0x14014b920
None	0x14014b928
None	0x14014b930
None	0x14014b938
None	0x14014b940
None	0x14014b948
None	0x14014b950
None	0x14014b958
None	0x14014b960
None	0x14014b968
None	0x14014b970
None	0x14014b978
None	0x14014b980
None	0x14014b988

Function	Address	Souspicious	Anti Debug
calloc	0x14014bb08
_callnewh	0x14014bb10
malloc	0x14014bb18
free	0x14014bb20
realloc	0x14014bb28
_set_new_mode	0x14014bb30

Function	Address	Souspicious	Anti Debug
D3DX11CreateShaderResourceViewFromMemory	0x14014be50

Function	Address	Souspicious	Anti Debug
CryptGetHashParam	0x14014b000
AddAccessAllowedAce	0x14014b008
GetLengthSid	0x14014b010
GetTokenInformation	0x14014b018
InitializeAcl	0x14014b020
IsValidSid	0x14014b028
SetSecurityInfo	0x14014b030
CopySid	0x14014b038
ConvertSidToStringSidA	0x14014b040
CryptAcquireContextA	0x14014b048
CryptReleaseContext	0x14014b050
CryptGenRandom	0x14014b058
CryptCreateHash	0x14014b060
CryptHashData	0x14014b068
CryptDestroyHash	0x14014b070
CryptDestroyKey	0x14014b078
CryptImportKey	0x14014b080
CryptEncrypt	0x14014b088
RegOpenKeyExA	0x14014b090
RegQueryValueExA	0x14014b098
RegCloseKey	0x14014b0a0
RegDeleteValueA	0x14014b0a8
RegEnumValueA	0x14014b0b0
OpenProcessToken	0x14014b0b8

Function	Address	Souspicious	Anti Debug
accept	0x14014b998
closesocket	0x14014b9a0
recv	0x14014b9a8
send	0x14014b9b0
htonl	0x14014b9b8
listen	0x14014b9c0
ioctlsocket	0x14014b9c8
WSAStartup	0x14014b9d0
WSAGetLastError	0x14014b9d8
bind	0x14014b9e0
__WSAFDIsSet	0x14014b9e8
connect	0x14014b9f0
getpeername	0x14014b9f8
select	0x14014ba00
getsockname	0x14014ba08
getsockopt	0x14014ba10
getaddrinfo	0x14014ba18
htons	0x14014ba20
ntohs	0x14014ba28
setsockopt	0x14014ba30
socket	0x14014ba38
WSASetLastError	0x14014ba40
WSAIoctl	0x14014ba48
freeaddrinfo	0x14014ba50
ntohl	0x14014ba58
gethostname	0x14014ba60
sendto	0x14014ba68
recvfrom	0x14014ba70
WSACleanup	0x14014ba78

Function	Address	Souspicious	Anti Debug
IdnToAscii	0x14014b6a8