The rule detects potential adversary activity involving the execution of suspicious or unauthorized files, which may indicate initial compromise or lateral movement. SOC teams should proactively hunt for this behavior in Azure Sentinel to identify and mitigate early-stage threats before they escalate.
YARA Rule
rule _370c433dd61ec21d2677cfe02ef93a5f32a2b50d_5bf48d77bade79f2421ae3d258fe8262c043fb8f_08bdf374b28b234e824797145206f4df79eac6ea_1 {
meta:
description = "Auto-generated rule - from files 370c433dd61ec21d2677cfe02ef93a5f32a2b50d.codex, 5bf48d77bade79f2421ae3d258fe8262c043fb8f.codex, 08bdf374b28b234e824797145206f4df79eac6ea.codex"
author = "YarGen Rule Generator"
reference = "not set"
date = "2016-07-21"
super_rule = 1
hash1 = "29b4498ac81d654b52cd0a32bdf29ed955f046ef9db1e0eba7da47ab2f950a3e"
hash2 = "84ab50a9e325f64a54d84fb6798d8e74f46c21fd8b935d6c47a44bb140effad9"
hash3 = "3f326fb6a79842c657efa09b71ce5e46dc110dd324bfabfcd32730d86de0bcf5"
strings:
$s1 = ":$:+:2:9:@:G:N:U:\\:s:" fullword ascii
$s2 = "6%6+606<6H6M6\\6b6g6v6}6" fullword ascii
$s3 = "8\"8,818;8@8J8O8Y8^8h8m8w8" fullword ascii
$s4 = "6 6'6.656<6C6J6Q6X6_6f6m6t6" fullword ascii
$s5 = "4\"4)40474>4E4L4S4Z4a4h4" fullword ascii
$s6 = "9\"9+91969?9E9J9S9\\9a9j9p9u9~9" fullword ascii
$s7 = "9\"9'91999C9H9R9W9a9f9p9u9" fullword ascii
$s8 = "4\"4(4-4<4B4G4S4_4d4s4y4~4" fullword ascii
$s9 = "6\"6'6,6=6B6G6X6]6b6o6{6" fullword ascii
$s10 = "?\"?/?4?B?G?L?Y?^?k?p?}?" fullword ascii
$s11 = "3)31383>3C3L3R3W3c3i3n3w3}3" fullword ascii
$s12 = ";&;+;5;:;D;I;S;X;b;j;t;y;" fullword ascii
$s13 = "='=,=6=>=H=M=W=\\=a=m=r=w=" fullword ascii
$s14 = ":!:*:/:9:>:H:P:Z:_:i:n:x:}:" fullword ascii
$s15 = "3$3.383B3L3S3Z3a3h3o3v3}3" fullword ascii
$s16 = "<$<.<3<=<B<L<Q<^<c<m<r<|<" fullword ascii
$s17 = "31383?3F3M3T3[3b3i3p3w3~3" fullword ascii
$s18 = "?*?1?8???F?M?T?[?b?i?p?w?" fullword ascii
$s19 = "9!9(9/969=9D9K9R9Y9`9g9n9x9" fullword ascii
$s20 = ":$:*:/:8:>:C:L:U:Z:c:i:n:w:|:" fullword ascii
$op0 = { fc014300c78424f0 } /* Opcode */
$op1 = { a1d860440068d0cd430053ff90200300 } /* Opcode */
$op2 = { c7819c0300000ca64000c78124030000 } /* Opcode */
$op3 = { 59395df8759d8d45fc505353538d45a8 } /* Opcode */
$op4 = { 663bd875438bc62b450c8945fceb038b } /* Opcode */
$op5 = { 895de4895de8ff901404000085c07d07 } /* Opcode */
$op6 = { c82a4400c78424c8 } /* Opcode */
$op7 = { 6c514300c7842498 } /* Opcode */
$op8 = { d8014300c78424e0 } /* Opcode */
$op9 = { 84a44200c78424e4 } /* Opcode */
$op10 = { 59598b460485c0741250ff74240ca1d8 } /* Opcode */
$op11 = { 33db83c4203bfb0f84a0 } /* Opcode */
$op12 = { 83c4188945fc837dfc000f848f } /* Opcode */
$op13 = { 74294400c784249c } /* Opcode */
$op14 = { 04024300c78424f4 } /* Opcode */
$op15 = { 50974300c78424d0 } /* Opcode */
$op16 = { 68feff0000ff7508ff90040200008945 } /* Opcode */
$op17 = { 59ff75eca1d8604400680cb1430056ff } /* Opcode */
$op18 = { 59385d0c0f844e010000535357575756 } /* Opcode */
$op19 = { ecdd4200c78424d4 } /* Opcode */
$op20 = { a1d86044008d5f106894c6430053ff90 } /* Opcode */
$op21 = { bf300e440057894df0ff904002000059 } /* Opcode */
$op22 = { 24244400c78424ac } /* Opcode */
$op23 = { ff90a80300003d220000c00f8586 } /* Opcode */
$op24 = { a1d860440057ff7508ff909001000033 } /* Opcode */
$op25 = { 598d45b450a1d8604400ff90e0030000 } /* Opcode */
$op26 = { a1d86044005653ff742424ff90d40300 } /* Opcode */
$op27 = { 0cdd4200c7842498 } /* Opcode */
$op28 = { 8975ec8975f0ff90a8030000f7d81bc0 } /* Opcode */
$op29 = { 88114300c78424c4 } /* Opcode */
$op30 = { 18244400c78424a4 } /* Opcode */
$op31 = { 3cdd4200c78424a0 } /* Opcode */
$op32 = { 83c40c894590ff75a4ff75ac8b4590ff } /* Opcode */
$op33 = { a1d86044006a0068f0c84300ff7508ff } /* Opcode */
$op34 = { 6c124300c78424000100007c124300c7 } /* Opcode */
$op35 = { 3935046144000f85c6 } /* Opcode */
$op36 = { 59a1d8604400566a00ff75f0ff90d403 } /* Opcode */
$op37 = { 542b4400c78424dc } /* Opcode */
$op38 = { a0294400c78424a4 } /* Opcode */
$op39 = { 83c4188945fc837dfc000f8404010000 } /* Opcode */
$op40 = { 8d45e050ff75f4a1d8604400ff90d8 } /* Opcode */
$op41 = { 598d44000250ff751433db43536a008d } /* Opcode */
$op42 = { 58dd4200c78424a8 } /* Opcode */
$op43 = { 53ff76088bf8a1d8604400ff90dc } /* Opcode */
$op44 = { 53ff76088bf8a1d8604400ff90dc } /* Opcode */
$op45 = { 53ff76088bf8a1d8604400ff90dc } /* Opcode */
$op46 = { 54114300c78424b4 } /* Opcode */
$op47 = { 83c420803de2604400007430ff74241c } /* Opcode */
$op48 = { ff7604a1d8604400ff75fc5368b04444 } /* Opcode */
$op49 = { 59a1d8604400566a0053ff90d4030000 } /* Opcode */
$op50 = { 3d230000c0740b3d050000800f85c7 } /* Opcode */
$op51 = { a1d86044008b80d402000083c40c3bc3 } /* Opcode */
$op52 = { 83c40c5f5e5b8be55dc3558bec83ec28 } /* Opcode */
$op53 = { 68fc404300ff75b8a1d8604400ff9020 } /* Opcode */
$op54 = { 8d4744688c4a430050a1d8604400ff90 } /* Opcode */
$op55 = { 50a1d86044005668604d43005653ff90 } /* Opcode */
$op56 = { 5932c0eb628a451057ff750c88068d46 } /* Opcode */
$op57 = { 44e84200c78424d8 } /* Opcode */
$op58 = { 50e74200c78424a8 } /* Opcode */
$op59 = { e0244400c78424ec } /* Opcode */
$op60 = { a1d860440068a0c6430053ff90200300 } /* Opcode */
$op61 = { e0524300c78424d8 } /* Opcode */
$op62 = { 895e10895e14ff901404000085c0742a } /* Opcode */
$op63 = { 83c40c68fc6943008d45c050a1d86044 } /* Opcode */
$op64 = { 83c40c5e5f5bc9c3558bec8b4d088a01 } /* Opcode */
$op65 = { 54a34200c7842494 } /* Opcode */
$op66 = { 8b7c2410a1d860440083c744c70424c8 } /* Opcode */
$op67 = { 595f5e5bc9c3558bec83ec0ca1d86044 } /* Opcode */
$op68 = { e0114300c78424dc } /* Opcode */
$op69 = { 595984c00f85e80b0000a1d860440056 } /* Opcode */
$op70 = { 9c964300c78424a4 } /* Opcode */
$op71 = { c4004300c78424a0 } /* Opcode */
$op72 = { 4003c050ff742414a1d8604400ff9004 } /* Opcode */
$op73 = { 02724100c78110040000fd234100c781 } /* Opcode */
$op74 = { 83c40c8b45fc8b4df489086881 } /* Opcode */
$op75 = { 598d45f450a1d8604400ff90b8030000 } /* Opcode */
$op76 = { 1a9f4100c781fc03000021224100c781 } /* Opcode */
$op77 = { 83c410eb0233c05b5f5e5dc3558bec83 } /* Opcode */
$op78 = { f0e74200c78424cc } /* Opcode */
$op79 = { 6a085933c0897dcc8d7dd0f3ab8d45f4 } /* Opcode */
$op80 = { 83c4208d44241850a1d8604400ff90b8 } /* Opcode */
$op81 = { 598d44000250536a01568d45ec50ff75 } /* Opcode */
$op82 = { 598d44000250536a01568d45ec50ff75 } /* Opcode */
$op83 = { 83c42ca1d860440057689ca9430068c0 } /* Opcode */
$op84 = { 595f5ec9c3a1d86044006a00ff74240c } /* Opcode */
$op85 = { 59a1d860440056ff90dc020000a1d860 } /* Opcode */
$op86 = { 942b4400c78424e4 } /* Opcode */
$op87 = { ff37a1d8604400ff9098 } /* Opcode */
$op88 = { ff37a1d8604400ff9098 } /* Opcode */
$op89 = { 34124300c78424f4 } /* Opcode */
$op90 = { bca44200c78424f8 } /* Opcode */
$op91 = { a1d860440057ff9098 } /* Opcode */
$op92 = { 85c075078b45cc488945ccff75bcff75 } /* Opcode */
$op93 = { a1d860440068e0cd430053ff90200300 } /* Opcode */
$op94 = { 70e84200c78424e4 } /* Opcode */
$op95 = { 60964300c7842490 } /* Opcode */
$op96 = { d8234400c7842488 } /* Opcode */
$op97 = { 83c40c6844424300ff7588a1d8604400 } /* Opcode */
$op98 = { 83c40c8d45dc50568d45fc50a1d86044 } /* Opcode */
$op99 = { 8d45dc5068000108008d45fc50a1d860 } /* Opcode */
$op100 = { 83c4148945f4ff75f0ff7508a1d86044 } /* Opcode */
$op101 = { 30514300c7842490 } /* Opcode */
$op102 = { ff75fca1d860440056ff90e4030000ff } /* Opcode */
$op103 = { 895c245c895c2460ff90a803000085c0 } /* Opcode */
$op104 = { 1c254400c784240001000028254400c7 } /* Opcode */
$op105 = { 59a1d8604400566a0057ff90d4030000 } /* Opcode */
$op106 = { 7b4300c78424a8060000107b4300c784 } /* Opcode */
$op107 = { 8b4dfc8b0481050410000050a1d86044 } /* Opcode */
$op108 = { 81f9d03f00000f8e96 } /* Opcode */
$op109 = { a1d8604400680446440057ff50405959 } /* Opcode */
$op110 = { e934feffff558bec83ec746a1d8d458c } /* Opcode */
$op111 = { 88974300c78424e4 } /* Opcode */
$op112 = { 102a4400c78424b0 } /* Opcode */
$op113 = { 10514300c7842488 } /* Opcode */
$op114 = { 83c40c5f5e5b8be55dc3558bec83ec14 } /* Opcode */
$op115 = { b4dd4200c78424c4 } /* Opcode */
$op116 = { 20974300c78424c4 } /* Opcode */
$op117 = { 8b50245685d20f8ee2 } /* Opcode */
$op118 = { 8ca44200c78424e8 } /* Opcode */
$op119 = { e0284400c7842488 } /* Opcode */
$op120 = { f61c4000c7412cbb584100c781100300 } /* Opcode */
$op121 = { 08114300c78424a0 } /* Opcode */
$op122 = { 83c40c5b5f5ec9c3558bec83ec348365 } /* Opcode */
$op123 = { fca24200c7842484 } /* Opcode */
$op124 = { 4c534300c78424e4 } /* Opcode */
$op125 = { c605c160440001892dcc6044008925c8 } /* Opcode */
$op126 = { c605c160440001892dcc6044008925c8 } /* Opcode */
$op127 = { a0244400c78424d8 } /* Opcode */
$op128 = { e95ffeffffa1d860440053576864a042 } /* Opcode */
$op129 = { 4ca54000c741143c574100c7819c0200 } /* Opcode */
$op130 = { 814300c78424780800000c814300c784 } /* Opcode */
$op131 = { c0964300c78424ac } /* Opcode */
$op132 = { 44244400c78424b8 } /* Opcode */
$op133 = { ff742410a1d860440053ff9090010000 } /* Opcode */
$op134 = { ff742410a1d860440053ff9090010000 } /* Opcode */
$op135 = { 44114300c78424b0 } /* Opcode */
$op136 = { f0234400c7842490 } /* Opcode */
$op137 = { 18114300c78424a4 } /* Opcode */
$op138 = { 744300c78424c004000014744300c784 } /* Opcode */
$op139 = { 83c4188945fc837dfc00752a6880 } /* Opcode */
$op140 = { ccdd4200c78424cc } /* Opcode */
$op141 = { 595b5f5ec9c3558bec535633f633db33 } /* Opcode */
$op142 = { b0de4200c78424fc } /* Opcode */
$op143 = { fc114300c78424e4 } /* Opcode */
$op144 = { fc104300c784249c } /* Opcode */
$op145 = { 8c744000c74108501e4100c781e0 } /* Opcode */
$op146 = { a1d8604400895dfcff50108945f8a1d8 } /* Opcode */
$op147 = { 2c534300c78424e0 } /* Opcode */
$op148 = { 88524300c78424cc } /* Opcode */
$op149 = { b0284400c7842484 } /* Opcode */
$op150 = { 83c41089450885c0751b3945fc0f845d } /* Opcode */
$op151 = { f4524300c78424dc } /* Opcode */
$op152 = { 50de4200c78424ec } /* Opcode */
$op153 = { 094300c784247002000014094300c784 } /* Opcode */
$op154 = { 8b4e2485c90f84e6 } /* Opcode */
$op155 = { 14254400c78424fc } /* Opcode */
$op156 = { d8104300c7842490 } /* Opcode */
$op157 = { 895c2464895c2468ff90a803000085c0 } /* Opcode */
$op158 = { 895c2464895c2468ff90a803000085c0 } /* Opcode */
$op159 = { 0f825affffff5f5e8be55dc3568b7424 } /* Opcode */
$op160 = { 104000c7819c010000a1a04100c78124 } /* Opcode */
$op161 = { 6c244400c78424c8 } /* Opcode */
$op162 = { 542a4400c78424bc } /* Opcode */
$op163 = { 83c414e965020000f645144175158b45 } /* Opcode */
$op164 = { 3d220000c0740732c0e9c8 } /* Opcode */
$op165 = { b4514300c78424a4 } /* Opcode */
$op166 = { b0964300c78424a8 } /* Opcode */
$op167 = { a1d86044005653ff742420ff90d40300 } /* Opcode */
$op168 = { 593974241c742cff742418a1d8604400 } /* Opcode */
$op169 = { 83c41884c00f849f020000ff75100fb7 } /* Opcode */
$op170 = { 8b4f3a8945f88d440104b96462000066 } /* Opcode */
$op171 = { 6e4300c7842428030000086e4300c784 } /* Opcode */
$op172 = { 894da4ff90380100008d45dc8945bc8d } /* Opcode */
$op173 = { a1d860440068c0304300ff7508ff9044 } /* Opcode */
$op174 = { c8974300c7842400010000d8974300c7 } /* Opcode */
$op175 = { a54200c784240801000010a54200c784 } /* Opcode */
$op176 = { 59ff742420a1d86044005653ff906402 } /* Opcode */
$op177 = { 9ce84200c78424f0 } /* Opcode */
$op178 = { 13a24000898180010000c74150645a40 } /* Opcode */
$op179 = { a1d860440053ff7508ff900402000068 } /* Opcode */
$op180 = { 96144100c781b401000026b14000c781 } /* Opcode */
$op181 = { ff7604a1d8604400ff75fc5368d04444 } /* Opcode */
$op182 = { 83c40cff75bcff75bc0fb705e8604400 } /* Opcode */
$op183 = { ff75f8a1d8604400ff7508ff90900100 } /* Opcode */
$op184 = { 8b463aff750c03c78b40100504100000 } /* Opcode */
$op185 = { 8b413c3bc30f84e0 } /* Opcode */
$op186 = { 6810414300ff75b8a1d8604400ff9020 } /* Opcode */
$op187 = { c0974300c78424fc } /* Opcode */
$op188 = { 6a418d45d05f8945f8c745f020 } /* Opcode */
$op189 = { 80751583780800740fa1d86044005756 } /* Opcode */
$op190 = { 80974300c78424e0 } /* Opcode */
$op191 = { 984300c78424100100000c984300c784 } /* Opcode */
$op192 = { 184300c784247c0200000c184300c784 } /* Opcode */
$op193 = { 6898404300ff75b8a1d8604400ff9020 } /* Opcode */
$op194 = { 03c02b45c8590345f883e0fe83f80c75 } /* Opcode */
$op195 = { 8bd8595985db0f848d } /* Opcode */
$op196 = { 83c42085ff750583c8ffeb258b463a8d } /* Opcode */
$op197 = { c8534300c78424f4 } /* Opcode */
$op198 = { a1d8604400687822440056ff90f0 } /* Opcode */
$op199 = { 83c4145e32c05bc9c3558bec83ec24a1 } /* Opcode */
$op200 = { 83c40ceb65e82ac200003d0d0000c0e9 } /* Opcode */
$op201 = { 68682c430050a1d860440057ff902c03 } /* Opcode */
$op202 = { 04e74200c7842494 } /* Opcode */
$op203 = { 83c430ff45f847ff4df00f855affffff } /* Opcode */
$op204 = { a1d860440068eccd430053ff90200300 } /* Opcode */
$op205 = { 8364241800c70500a04200222700008b } /* Opcode */
$op206 = { 8ca34200c78424a0 } /* Opcode */
$op207 = { 685c2b430050a1d860440053ff902c03 } /* Opcode */
$op208 = { 8bf08d45f850a1d8604400ff90b80300 } /* Opcode */
$op209 = { a1d8604400684846440057ff50405959 } /* Opcode */
$op210 = { 598d44245050a1d8604400ff90e00300 } /* Opcode */
$op211 = { ff75148b45fc83c00450ff750ca1d860 } /* Opcode */
$op212 = { 8975b88975bcff90a803000085c00f85 } /* Opcode */
$op213 = { a1d8604400ff742434681069430056ff } /* Opcode */
$op214 = { 83c4148945f8ff75ecff7508a1d86044 } /* Opcode */
$op215 = { 0c254400c78424f8 } /* Opcode */
$op216 = { 80de4200c78424f4 } /* Opcode */
$op217 = { a1d8604400536800080000ff7508ff90 } /* Opcode */
$op218 = { 895de0895de4ff901404000089450c3d } /* Opcode */
$op219 = { 8b4f3a8b55f88365fc008945f40500f0 } /* Opcode */
$op220 = { 154300c78424b401000010154300c784 } /* Opcode */
$op221 = { 1b4400c7842498020000181b4400c784 } /* Opcode */
$op222 = { 83c41084c00f85030c0000a1d8604400 } /* Opcode */
$op223 = { 83c0083bc30f84ab } /* Opcode */
$op224 = { 342c4400c7842400010000442c4400c7 } /* Opcode */
$op225 = { 83c4188d45f050a1d8604400ff90f8 } /* Opcode */
$op226 = { ff4424148d474450a1d8604400ff9008 } /* Opcode */
$op227 = { a1d860440068b42e43005653ff903002 } /* Opcode */
$op228 = { 9c524300c78424d0 } /* Opcode */
$op229 = { b8a0604400bf34a042002bc78945e40f } /* Opcode */
$op230 = { 5c014300c78424bc } /* Opcode */
$op231 = { 83c41485c0740cc7461002 } /* Opcode */
$op232 = { 837d0c007505e990 } /* Opcode */
$op233 = { 14e74200c7842498 } /* Opcode */
$op234 = { f11c4100c7812c020000b31f4100c781 } /* Opcode */
$op235 = { a1d860440056ff750cff9098 } /* Opcode */
$op236 = { 83c40cff75fcff7508a1d8604400ff90 } /* Opcode */
$op237 = { 83c40cff75fcff7508a1d8604400ff90 } /* Opcode */
$op238 = { 83c40cff75fcff7508a1d8604400ff90 } /* Opcode */
$op239 = { 0c294400c784248c } /* Opcode */
$op240 = { 40974300c78424cc } /* Opcode */
$op241 = { 6e1a4100c78164010000cbc74000c781 } /* Opcode */
$op242 = { d82a4400c78424cc } /* Opcode */
$op243 = { 64244400c78424c4 } /* Opcode */
$op244 = { 83c4188945fc837dfc00746c8b45fc81 } /* Opcode */
$op245 = { 8975d8894ddc8975e48975e8ff901404 } /* Opcode */
$op246 = { 03c02b45cc590345f883e0fe83f80874 } /* Opcode */
$op247 = { ec2b4400c78424f4 } /* Opcode */
$op248 = { 50a1d8604400ff90a402000083c418a1 } /* Opcode */
$op249 = { 6f4300c78424640300000c6f4300c784 } /* Opcode */
$op250 = { 8b750c8b50048b4f3a83c40c8945d089 } /* Opcode */
$op251 = { 7ca44200c78424e0 } /* Opcode */
$op252 = { 8b45fc0fb7400483f8250f85d9 } /* Opcode */
$op253 = { 7ce74200c78424b0 } /* Opcode */
$op254 = { 8975e88975ecff90800300005f8b45fc } /* Opcode */
$op255 = { 8945f08d45d050a1d8604400ff90b803 } /* Opcode */
$op256 = { e4234400c784248c } /* Opcode */
$op257 = { 5c124300c78424fc } /* Opcode */
$op258 = { ff7604a1d8604400ff75fc53688c4444 } /* Opcode */
$op259 = { cce84200c78424fc } /* Opcode */
$op260 = { 83c40c8d5c4302a1d860440057ff9098 } /* Opcode */
$op261 = { f4a34200c78424b4 } /* Opcode */
$op262 = { 83c4148945fcff75f8ff7508a1d86044 } /* Opcode */
$op263 = { 83c4188364240c00c7442438a8124400 } /* Opcode */
$op264 = { 1641008b151c9042008991180400008b } /* Opcode */
$op265 = { bc2b4400c78424e8 } /* Opcode */
$op266 = { ec104300c7842498 } /* Opcode */
$op267 = { 5768304c440068584c440056ff5024a1 } /* Opcode */
$op268 = { 68e8414300ff75b8a1d8604400ff9020 } /* Opcode */
$op269 = { cca44200c78424fc } /* Opcode */
$op270 = { 50244400c78424bc } /* Opcode */
$op271 = { 8f4300c78424780c0000108f4300c784 } /* Opcode */
$op272 = { 5903c0508d8500feffff5068c0694300 } /* Opcode */
$op273 = { 0faf459c8d7008a1d860440056ff750c } /* Opcode */
$op274 = { ec534300c7842400010000fc534300c7 } /* Opcode */
$op275 = { 56ff75088ad8a1d8604400ff90900100 } /* Opcode */
$op276 = { 663bd8740a46460fb7066685c075d333 } /* Opcode */
$op277 = { 83c4145f5e5b8be55dc3cccccccccccc } /* Opcode */
$op278 = { a1d8604400682c46440057ff50405959 } /* Opcode */
$op279 = { c8014300c78424dc } /* Opcode */
$op280 = { a82a4400c78424c4 } /* Opcode */
$op281 = { a1d86044006814ce430053ff90200300 } /* Opcode */
$op282 = { 402a4400c78424b8 } /* Opcode */
$op283 = { 98e74200c78424b4 } /* Opcode */
$op284 = { 395814eb34a1d860440057ff75f456ff } /* Opcode */
$op285 = { 6c114300c78424bc } /* Opcode */
$op286 = { 57ff751056ff90b8 } /* Opcode */
$op287 = { 684c454300ff7588a1d8604400ff9020 } /* Opcode */
$op288 = { 8b4dfc8d044150ff7514b8001000002b } /* Opcode */
$op289 = { ec244400c78424f0 } /* Opcode */
$op290 = { 60524300c78424c0 } /* Opcode */
$op291 = { a1d860440068002a430057ff90c40300 } /* Opcode */
$op292 = { 48964300c784248c } /* Opcode */
$op293 = { 33f6803dc360440000751aa1d8604400 } /* Opcode */
$op294 = { 54e84200c78424dc } /* Opcode */
$op295 = { a1d860440056536a0468f8904200ff90 } /* Opcode */
$op296 = { 558bec83e4f881ec8c } /* Opcode */
$op297 = { 8b45f483c00450ff7508a1d8604400ff } /* Opcode */
$op298 = { 64de4200c78424f0 } /* Opcode */
$op299 = { c78120040000ba4241008b15b8904200 } /* Opcode */
$op300 = { 8b46048b0dcc6044008988b4 } /* Opcode */
$op301 = { 6860f24300ff75fcff91500300008b0d } /* Opcode */
$op302 = { 894300c78424b40a00000c894300c784 } /* Opcode */
$op303 = { 684c444300ff7588a1d8604400ff9020 } /* Opcode */
$op304 = { a1d86044005653ff742418ff90d40300 } /* Opcode */
$op305 = { 895dd4897ddc895de0895de4ff901404 } /* Opcode */
$op306 = { 1c244400c78424a8 } /* Opcode */
$op307 = { 6864444300ff7588a1d8604400ff9020 } /* Opcode */
$op308 = { 24014300c78424b4 } /* Opcode */
$op309 = { a1d860440068accd4300ff75f8ff9020 } /* Opcode */
$op310 = { 48004300c7842484 } /* Opcode */
$op311 = { c0dd4200c78424c8 } /* Opcode */
$op312 = { 83c41c803de260440000742cff750ca1 } /* Opcode */
$op313 = { 8b45f88038030f858d } /* Opcode */
$op314 = { 0c124300c78424e8 } /* Opcode */
$op315 = { 18024300c78424f8 } /* Opcode */
$op316 = { 59b001c9c38b4c24048b513a33c033c9 } /* Opcode */
$op317 = { 78974300c78424dc } /* Opcode */
$op318 = { 8c014300c78424cc } /* Opcode */
$op319 = { 5959837df400750cc605c160440000e9 } /* Opcode */
$op320 = { 508d44245450a1d8604400c744245818 } /* Opcode */
$op321 = { 084300c784243002000010084300c784 } /* Opcode */
$op322 = { b4114300c78424d0 } /* Opcode */
$op323 = { 70964300c7842494 } /* Opcode */
$op324 = { d0964300c78424b0 } /* Opcode */
$op325 = { 28124300c78424f0 } /* Opcode */
$op326 = { 895c2464895c2468ff90140400003d22 } /* Opcode */
$op327 = { 5933c03bfb0f94c05f5e5bc9c3cccccc } /* Opcode */
$op328 = { c9c3558bec83ec3c6a0f8d45c450ff75 } /* Opcode */
$op329 = { 5c294400c7842498 } /* Opcode */
$op330 = { ff75106a00ff750ca1d8604400ff90b8 } /* Opcode */
$op331 = { ff75106a00ff750ca1d8604400ff90b8 } /* Opcode */
$op332 = { 59b0015f5e5bc9c3558bec8b450c85c0 } /* Opcode */
$op333 = { 20e74200c784249c } /* Opcode */
$op334 = { 8975dc8975e08975f4ff90800300008b } /* Opcode */
$op335 = { e4dc4200c784248c } /* Opcode */
$op336 = { a1d860440056ff90fc020000a1d86044 } /* Opcode */
$op337 = { a1d860440068f045440057ff50405959 } /* Opcode */
$op338 = { 595f5ec9c3558bec83ec70535733db33 } /* Opcode */
$op339 = { 204400c78424cc03000018204400c784 } /* Opcode */
$op340 = { 895dcc894dd0895dd8895ddcff901404 } /* Opcode */
$op341 = { 8d7c47028d4702593b450c729f43438b } /* Opcode */
$op342 = { 8a45ff595bc9c3cc558bec83e4f881ec } /* Opcode */
$op343 = { 8b46048b0dc86044008988c4 } /* Opcode */
$op344 = { 598d45ec50a1d8604400ff90f8 } /* Opcode */
$op345 = { 854300c784249809000014854300c784 } /* Opcode */
$op346 = { 8b463a0345fc50a1d8604400ff907802 } /* Opcode */
$op347 = { 8d44242450ff74241ca1d8604400ff90 } /* Opcode */
$op348 = { 30244400c78424b0 } /* Opcode */
$op349 = { 70004300c7842490 } /* Opcode */
$op350 = { 08244400c784249c } /* Opcode */
$op351 = { 1c124300c78424ec } /* Opcode */
$op352 = { 8b45fc8338040f8ee9 } /* Opcode */
$op353 = { f02a4400c78424d0 } /* Opcode */
$op354 = { b0974300c78424f8 } /* Opcode */
$op355 = { 9cdd4200c78424bc } /* Opcode */
$op356 = { a0974300c78424f0 } /* Opcode */
$op357 = { 598d45f4505656568d45cc50683f000f } /* Opcode */
$op358 = { d8dd4200c78424d0 } /* Opcode */
$op359 = { 59ff75f88b7d08a1d860440057ff9090 } /* Opcode */
$op360 = { a1d86044006880fd420057ff90f0 } /* Opcode */
$op361 = { 83c440ff75eca1d8604400576840b043 } /* Opcode */
$op362 = { cc234400c7842484 } /* Opcode */
$op363 = { 595056ff17a1d860440083c40c684853 } /* Opcode */
$op364 = { 83c40c8b45f85e5f5bc9c38b54240456 } /* Opcode */
$op365 = { 3cde4200c78424e8 } /* Opcode */
$op366 = { 60a44200c78424d8 } /* Opcode */
$op367 = { 668b4d0a663bc874c7464666833e000f } /* Opcode */
$op368 = { 5959837dfc0074206880 } /* Opcode */
$op369 = { 668bd80fb70750a1d8604400ff90e8 } /* Opcode */
$op370 = { 668bd80fb70750a1d8604400ff90e8 } /* Opcode */
$op371 = { fcb04000c78100010000a6c84000c781 } /* Opcode */
$op372 = { 44e74200c78424a4 } /* Opcode */
$op373 = { 83c428ff742418a1d86044005653ff90 } /* Opcode */
$op374 = { f8294400c78424ac } /* Opcode */
$op375 = { 78114300c78424c0 } /* Opcode */
$op376 = { 59ff75f8a1d8604400ff7508ff909001 } /* Opcode */
$op377 = { 59ff75f8a1d8604400ff7508ff909001 } /* Opcode */
$op378 = { 59ff442410837c2410040f825affffff } /* Opcode */
$op379 = { 8d45ec50ff75fca1d8604400ff9090 } /* Opcode */
$op380 = { ff45f88d474450a1d8604400ff900804 } /* Opcode */
$op381 = { ff45f88d474450a1d8604400ff900804 } /* Opcode */
$op382 = { 44a44200c78424d0 } /* Opcode */
$op383 = { a1d8604400538b5d08565768feff0000 } /* Opcode */
$op384 = { 08014300c78424ac } /* Opcode */
$op385 = { 8d47fc50a1d860440053ff504c83c424 } /* Opcode */
$op386 = { bce74200c78424c0 } /* Opcode */
$op387 = { 83c410eb098d430881ce } /* Opcode */
$op388 = { ff74241ca1d8604400ff7508ff909001 } /* Opcode */
$op389 = { 8975d88975e48975e8ff901404000053 } /* Opcode */
$op390 = { 8945088b45c083c41085c0740d8b4f3a } /* Opcode */
$op391 = { c4de4200c7842400010000e0de4200c7 } /* Opcode */
$op392 = { 83c41885f6750732c05f5e5bc9c38d46 } /* Opcode */
$op393 = { 44294400c7842494 } /* Opcode */
$op394 = { b0a44200c78424f4 } /* Opcode */
$op395 = { ff90380100008d44242c894424588d84 } /* Opcode */
$op396 = { ac004300c784249c } /* Opcode */
$op397 = { ff7604a1d8604400ff75fc53689c4444 } /* Opcode */
$op398 = { b0104300c7842488 } /* Opcode */
$op399 = { d8594000c78148030000fd2b4100c781 } /* Opcode */
$op400 = { dca44200c7842400010000eca44200c7 } /* Opcode */
$op401 = { 74a44200c78424dc } /* Opcode */
$op402 = { ff901404000085c0a1d86044007412ff } /* Opcode */
$op403 = { 21ab4000c74134e3384100c7417c832b } /* Opcode */
$op404 = { 895c2440895c2444ff90240400005959 } /* Opcode */
$op405 = { a0a44200c78424f0 } /* Opcode */
$op406 = { 80964300c784249c } /* Opcode */
$op407 = { 10244400c78424a0 } /* Opcode */
$op408 = { 72b3ff75f8a1d8604400ff7508ff9090 } /* Opcode */
$op409 = { ace84200c78424f4 } /* Opcode */
$op410 = { 578b7d088d45fe508b450cff34b0a1d8 } /* Opcode */
$op411 = { 764300c784244805000010764300c784 } /* Opcode */
$op412 = { 8975e48975e8ff90140400003d220000 } /* Opcode */
$op413 = { 817c2410102700000f8fd8 } /* Opcode */
$op414 = { 804300c784242008000008804300c784 } /* Opcode */
$op415 = { 6884444300ff7588a1d8604400ff9020 } /* Opcode */
$op416 = { a8dd4200c78424c0 } /* Opcode */
$op417 = { 78964300c7842498 } /* Opcode */
$op418 = { 598d44000250566a026a008d45f050ff } /* Opcode */
$op419 = { 83c40c834b0c048b075e5b5fc9c3558b } /* Opcode */
$op420 = { 174400c784249801000014174400c784 } /* Opcode */
$op421 = { e8004300c78424a4 } /* Opcode */
$op422 = { d4114300c78424d8 } /* Opcode */
$op423 = { 56ff75148bf8a1d8604400ff90900100 } /* Opcode */
$op424 = { e0514300c78424ac } /* Opcode */
$op425 = { 08a44200c78424b8 } /* Opcode */
$op426 = { 5959c605c1604400005fc9c3837c2408 } /* Opcode */
$op427 = { 80104300c7842484 } /* Opcode */
$op428 = { 8bf803ff8d471450ff7514a1d8604400 } /* Opcode */
$op429 = { e9adfeffffa1d860440053576850a042 } /* Opcode */
$op430 = { 83c4148bc65ec3558bec83ec7033c056 } /* Opcode */
$op431 = { a1d8604400ff0500a04200536a0356ff } /* Opcode */
$op432 = { 897dc4897dc8ff905001000085c00f85 } /* Opcode */
$op433 = { 5733ff397d7c0f84ea010000a1d86044 } /* Opcode */
$op434 = { 94244400c78424d4 } /* Opcode */
$op435 = { 3d230000c0740b3d050000800f85df } /* Opcode */
$op436 = { 68e4404300ff75b8a1d8604400ff9020 } /* Opcode */
$op437 = { a1d8604400681846440057ff50405959 } /* Opcode */
$op438 = { 5150a1d8604400ff9004020000595981 } /* Opcode */
$op439 = { 598ac3ebaab301ebe8568b7424088b46 } /* Opcode */
$op440 = { 6868454300ff7588a1d8604400ff9020 } /* Opcode */
$op441 = { a1949042008981b0030000a170904200 } /* Opcode */
$op442 = { a8974300c78424f4 } /* Opcode */
$op443 = { 595056ff1783c40ca1d860440056ff90 } /* Opcode */
$op444 = { 8d44240c50a1d8604400ff90f8 } /* Opcode */
$op445 = { 8d44240c50a1d8604400ff90f8 } /* Opcode */
$op446 = { 33db3bc30f84f30100008b40103bc30f } /* Opcode */
$op447 = { 568d441b0250ff7514a1d8604400ff90 } /* Opcode */
$op448 = { 98974300c78424ec } /* Opcode */
$op449 = { 83c430833d0461440005751ba1d86044 } /* Opcode */
$op450 = { 204300c78424d804000010204300c784 } /* Opcode */
$op451 = { 8b48103bcb0f84eb } /* Opcode */
$op452 = { 934300c78424840d000004934300c784 } /* Opcode */
$op453 = { 593bf37415e943ffffff8d450c50a1d8 } /* Opcode */
$op454 = { 24514300c784248c } /* Opcode */
$op455 = { 1c2c4400c78424fc } /* Opcode */
$op456 = { 83c41885c0740cc7461001 } /* Opcode */
$op457 = { 598bc65f5ec9c3558bec51a1d8604400 } /* Opcode */
$op458 = { 83c40c6a0a83c71057568d45ec50ff75 } /* Opcode */
$op459 = { ff4424108d474450a1d8604400ff9008 } /* Opcode */
$op460 = { 8b45fc8b008d44000250ff7508a1d860 } /* Opcode */
$op461 = { 6a01ff75acff75f46a00ff750ca1d860 } /* Opcode */
$op462 = { 8974247489742478ff901404000085c0 } /* Opcode */
$op463 = { 8974247489742478ff901404000085c0 } /* Opcode */
$op464 = { e4964300c78424b8 } /* Opcode */
$op465 = { 8bd883c41885db0f840c010000a1d860 } /* Opcode */
$op466 = { 3b0508614400751b8b4604ff80b8 } /* Opcode */
$op467 = { 194300c78424c40200000c194300c784 } /* Opcode */
$op468 = { d0514300c78424a8 } /* Opcode */
$op469 = { 48514300c7842494 } /* Opcode */
$op470 = { c8114300c78424d4 } /* Opcode */
$op471 = { ff75f4a1d860440068c843440056ff75 } /* Opcode */
$op472 = { f4514300c78424b0 } /* Opcode */
$op473 = { 50a1d860440051ff9004020000836508 } /* Opcode */
$op474 = { 164400c784244c0100000c164400c784 } /* Opcode */
$op475 = { 83c4188d44242050a1d8604400ff90b8 } /* Opcode */
$op476 = { 54a44200c78424d4 } /* Opcode */
$op477 = { a4e74200c78424b8 } /* Opcode */
$op478 = { a1d860440068e829430057ff90c40300 } /* Opcode */
$op479 = { a1d8604400682012440056ff90f0 } /* Opcode */
$op480 = { a1d860440068202a430057ff90c40300 } /* Opcode */
$op481 = { 6c534300c78424e8 } /* Opcode */
$op482 = { 59a1d860440053ff7508ff9090010000 } /* Opcode */
$op483 = { 59ff442414817c2414af0100000f8276 } /* Opcode */
$op484 = { 2c974300c78424c8 } /* Opcode */
$op485 = { c7430c20020000895df0ff90c0030000 } /* Opcode */
$op486 = { a138904200898160020000a1c0904200 } /* Opcode */
$op487 = { 593bfe7415a1d860440053ff7508ff90 } /* Opcode */
$op488 = { 83c40c5f8ac35ee9e7feffff558bec53 } /* Opcode */
$op489 = { d0dc4200c7842484 } /* Opcode */
$op490 = { ff90a8030000f7d81bc0f7d02345fc5f } /* Opcode */
$op491 = { 80004300c7842494 } /* Opcode */
$op492 = { 5150a1d8604400ff9004020000836508 } /* Opcode */
$op493 = { 5933c03bfe5f5e0f94c05bc9c3558bec } /* Opcode */
$op494 = { 3935046144000f859b } /* Opcode */
$op495 = { 83c40c32c0ebdb837c240400750333c0 } /* Opcode */
$op496 = { 68802c4300ff75f057ff902c03000083 } /* Opcode */
$op497 = { 8b4f08988d048504 } /* Opcode */
$op498 = { 98a44200c78424ec } /* Opcode */
$op499 = { ac244400c78424dc } /* Opcode */
$op500 = { 30e74200c78424a0 } /* Opcode */
$op501 = { 895db0895db4ff9014040000bf340000 } /* Opcode */
$op502 = { 5933c0395d0c5f5e0f94c05bc9c3558b } /* Opcode */
$op503 = { 5933c0395d0c5f5e0f94c05bc9c3558b } /* Opcode */
$op504 = { 83c40c5656566a016a0753568d45f450 } /* Opcode */
$op505 = { 83c40c5656566a016a0753568d45f450 } /* Opcode */
$op506 = { 84294400c78424a0 } /* Opcode */
$op507 = { a1d8604400566800100000ff7508ff90 } /* Opcode */
$op508 = { 874300c78424280a00000c874300c784 } /* Opcode */
$op509 = { 59a1d860440056ff903c020000a1d860 } /* Opcode */
$op510 = { 33c0668944242c8d7c242eab66ab6840 } /* Opcode */
$op511 = { 702b4400c78424e0 } /* Opcode */
$op512 = { 598ac3ebaab301ebe8558bec83ec4456 } /* Opcode */
$op513 = { e0104300c7842494 } /* Opcode */
$op514 = { 83c40c5f5e5bc9c3cccc558bec83ec20 } /* Opcode */
$op515 = { 83c41cebc333c08b4c24043b88089242 } /* Opcode */
$op516 = { ff0500a04200381dea604400740da1d8 } /* Opcode */
$op517 = { 64004300c784248c } /* Opcode */
$op518 = { 60114300c78424b8 } /* Opcode */
$op519 = { 895ddc895de0ff901404000085c00f85 } /* Opcode */
$op520 = { 895ddc895de0ff901404000085c00f85 } /* Opcode */
$op521 = { b8244400c78424e0 } /* Opcode */
$op522 = { 895c2464895c2468ff901404000085c0 } /* Opcode */
$op523 = { ff742414a1d8604400ff742414ff9000 } /* Opcode */
$op524 = { c4104300c784248c } /* Opcode */
$op525 = { 5f85c0740633c033d2c9c38b45e88b55 } /* Opcode */
$op526 = { 90974300c78424e8 } /* Opcode */
$op527 = { 4c274100c781a403000087094100c781 } /* Opcode */
$op528 = { 88e84200c78424ec } /* Opcode */
$op529 = { 5983f8027669a1d86044005368feff00 } /* Opcode */
$op530 = { 83c41889458c837d8c000f8407040000 } /* Opcode */
$op531 = { a1d86044008d5e0c6828c6430053ff90 } /* Opcode */
$op532 = { ff7508a1d8604400ff7308ff90ac0300 } /* Opcode */
$op533 = { 66837938020f86d5 } /* Opcode */
$op534 = { 94dd4200c78424b8 } /* Opcode */
$op535 = { 83c414c60437008bc75f5ec3568b7424 } /* Opcode */
$op536 = { 83c40c3bfb0f94c05e5f5bc9c3558bec } /* Opcode */
$op537 = { a1d86044005657beff7f000056ff7508 } /* Opcode */
$op538 = { a1d86044005657beff7f000056ff7508 } /* Opcode */
$op539 = { 68a4454300ff7588a1d8604400ff9020 } /* Opcode */
$op540 = { 0f8260ffffffa1d86044006820214400 } /* Opcode */
$op541 = { 8b45fc8d048603433a50a1d8604400ff } /* Opcode */
$op542 = { 84244400c78424d0 } /* Opcode */
$op543 = { f0114300c78424e0 } /* Opcode */
$op544 = { 0c974300c78424c0 } /* Opcode */
$op545 = { 282a4400c78424b4 } /* Opcode */
$op546 = { 83c8ffe95c010000836508008d450850 } /* Opcode */
$op547 = { 7c524300c78424c8 } /* Opcode */
$op548 = { 34524300c78424bc } /* Opcode */
$op549 = { d8e64200c784248c } /* Opcode */
$op550 = { 98114300c78424c8 } /* Opcode */
$op551 = { 68b8404300ff75b8a1d8604400ff9020 } /* Opcode */
$op552 = { 7ce84200c78424e8 } /* Opcode */
$op553 = { 8b0dd8604400536689450aff91e8 } /* Opcode */
$op554 = { 598d44000250ff75108d45f46a026a00 } /* Opcode */
$op555 = { 598d44000250ff75108d45f46a026a00 } /* Opcode */
$op556 = { 20de4200c78424e0 } /* Opcode */
$op557 = { 59803de2604400007443a1d860440057 } /* Opcode */
$op558 = { 8b45088b50183bca0f82270100008b40 } /* Opcode */
$op559 = { 83c41ca1d860440053ff7508ff909001 } /* Opcode */
$op560 = { 1c014300c78424b0 } /* Opcode */
$op561 = { e986feffffa1d86044005357685ca042 } /* Opcode */
$op562 = { d4534300c78424f8 } /* Opcode */
$op563 = { 0ca34200c7842488 } /* Opcode */
$op564 = { 8b7d0ceb2550a1d8604400ff90e8 } /* Opcode */
$op565 = { 8b5dfc3bde75053975f4747b33c03bde } /* Opcode */
$op566 = { 598d4400028945f4ff7508a1d8604400 } /* Opcode */
$op567 = { 8b48048945f8b80010000083c40c3945 } /* Opcode */
$op568 = { ff750c50a1d8604400ff90c403000059 } /* Opcode */
$op569 = { 817c2414102700000f8fcc } /* Opcode */
$op570 = { ff75e8a1d8604400ff75ecff7508ff50 } /* Opcode */
$op571 = { a1a890420089818c020000a1dc904200 } /* Opcode */
$op572 = { 24a34200c784248c } /* Opcode */
$op573 = { 28524300c78424b8 } /* Opcode */
$op574 = { 84514300c784249c } /* Opcode */
$op575 = { a1d860440033db536838234400685823 } /* Opcode */
$op576 = { 34114300c78424ac } /* Opcode */
$op577 = { f0dc4200c7842490 } /* Opcode */
$op578 = { 6888454300ff7588a1d8604400ff9020 } /* Opcode */
$op579 = { 8b44242483c00450ff7508e830bfffff } /* Opcode */
$op580 = { 83c41803c050ff75ec8b45e853ff1050 } /* Opcode */
$op581 = { ff90480200005f85c0740432c0c9c38b } /* Opcode */
$op582 = { ff90a00300008bf08d45fc50a1d86044 } /* Opcode */
$op583 = { 59a1d86044006a0468dcb3430068e8b3 } /* Opcode */
$op584 = { 5c974300c78424d4 } /* Opcode */
$op585 = { 70014300c78424c0 } /* Opcode */
$op586 = { 6a228d45ec50ff757ca1d8604400c745 } /* Opcode */
$op587 = { 8b55fc8b4f3a0500f0ffff83c410ff45 } /* Opcode */
$op588 = { d8294400c78424a8 } /* Opcode */
$op589 = { c7812801000020ca4000c78118030000 } /* Opcode */
$op590 = { 83c40c8d45dc5068000104008d45fc50 } /* Opcode */
$op591 = { e4e74200c78424c8 } /* Opcode */
$op592 = { 895de0895de4ff90140400008bf881ff } /* Opcode */
$op593 = { 595985c075e38b45e08946288b4608ff } /* Opcode */
$op594 = { a1d860440083c448ff7604ff75fc5368 } /* Opcode */
$op595 = { dc964300c78424b4 } /* Opcode */
$op596 = { 6848f24300ff75fcff91500300008b0d } /* Opcode */
$op597 = { 515350a1d860440057ff90700100008b } /* Opcode */
$op598 = { b8e84200c78424f8 } /* Opcode */
$op599 = { 14a44200c78424bc } /* Opcode */
$op600 = { 689c444300ff7588a1d8604400ff9020 } /* Opcode */
$op601 = { 7e4300c7842484070000087e4300c784 } /* Opcode */
$op602 = { 3c964300c7842488 } /* Opcode */
$op603 = { 94de4200c78424f8 } /* Opcode */
$op604 = { 50a1d86044005356ff900c040000ff75 } /* Opcode */
$op605 = { 3e834100c781400100006a664100c781 } /* Opcode */
$op606 = { 60e84200c78424e0 } /* Opcode */
$op607 = { 79fe4000a104904200898100030000c7 } /* Opcode */
$op608 = { 7ca34200c784249c } /* Opcode */
$op609 = { ff90140400003d220000c075408d4424 } /* Opcode */
$op610 = { 68974300c78424d8 } /* Opcode */
$op611 = { 58244400c78424c0 } /* Opcode */
$op612 = { 83c410a1d86044005756ff74241cff90 } /* Opcode */
$op613 = { 83c428ff74240ca1d86044005653ff90 } /* Opcode */
$op614 = { a1d860440068c821440056ff90f0 } /* Opcode */
$op615 = { 8975e48975e88975fcff901404000085 } /* Opcode */
$op616 = { 68ac414300ff75b8a1d8604400ff9020 } /* Opcode */
$op617 = { 50a1d8604400ff900403000084c0a1d8 } /* Opcode */
$op618 = { ff902404000059598d45e050a1d86044 } /* Opcode */
$op619 = { 8975ec8975f0ff90a80300005f5e85c0 } /* Opcode */
$op620 = { 8975ec8975f0ff90a80300005f5e85c0 } /* Opcode */
$op621 = { 83c41485c0740cc7461003 } /* Opcode */
$op622 = { 85c0740583c8ffeb088b45e889461433 } /* Opcode */
$op623 = { 50dd4200c78424a4 } /* Opcode */
$op624 = { 895dbc895dfcff90800300003bc30f84 } /* Opcode */
$op625 = { c4524300c78424d4 } /* Opcode */
$op626 = { f8504300c7842484 } /* Opcode */
$op627 = { c0e64200c7842484 } /* Opcode */
$op628 = { a4014300c78424d4 } /* Opcode */
$op629 = { b4e74200c78424bc } /* Opcode */
$op630 = { a1d860440057ff7508ff90900100008b } /* Opcode */
$op631 = { 33ff83c4103bc7743b8b5b3a8b4d0c03 } /* Opcode */
$op632 = { a19c904200c781000200008d9d4100c7 } /* Opcode */
$op633 = { 68a84000c7812c0400008a5b4100c781 } /* Opcode */
$op634 = { 6a06bf10f3430057894df0ff90400200 } /* Opcode */
$op635 = { fc244400c78424f4 } /* Opcode */
$op636 = { 5959837df8007505e982 } /* Opcode */
$op637 = { 082b4400c78424d4 } /* Opcode */
$op638 = { 33c03bfb590f94c05f5e5bc9c3558bec } /* Opcode */
$op639 = { a8a34200c78424a4 } /* Opcode */
$op640 = { 08de4200c78424dc } /* Opcode */
$op641 = { 28dd4200c784249c } /* Opcode */
$op642 = { d4244400c78424e8 } /* Opcode */
$op643 = { 5933ffeb1fff75100fb7450c50a1d860 } /* Opcode */
$op644 = { a1d860440057ff7508ff909001000083 } /* Opcode */
$op645 = { a1d860440057ff7508ff909001000083 } /* Opcode */
$op646 = { e4a34200c78424b0 } /* Opcode */
$op647 = { ff7518ff75145753ff90b0 } /* Opcode */
$op648 = { 1ca44200c78424c0 } /* Opcode */
$op649 = { 8d8500feffff689869430068ff } /* Opcode */
$op650 = { a3594000c7814404000014864100c781 } /* Opcode */
$op651 = { 598b0685c0740e50ff7608e8b7ffffff } /* Opcode */
$op652 = { a1d860440056ff9068010000a1d86044 } /* Opcode */
$op653 = { 897424688974246cff905001000085c0 } /* Opcode */
$op654 = { f8014300c78424ec } /* Opcode */
$op655 = { 83c40ceb2aff7308508d471450a1d860 } /* Opcode */
$op656 = { 83c41084db7510a1d8604400682cfe42 } /* Opcode */
$op657 = { 8b450cff742414668378023f50a1d860 } /* Opcode */
$op658 = { 24e84200c78424d4 } /* Opcode */
$op659 = { 595f5e8ac35bc9c3558bec83ec1ca1d8 } /* Opcode */
$op660 = { e0014300c78424e4 } /* Opcode */
$op661 = { 83c40c5e5b5fc9c3558bec5151a1d860 } /* Opcode */
$op662 = { fc004300c78424a8 } /* Opcode */
$op663 = { eb16ff71080fbfca83c04c5150a1d860 } /* Opcode */
$op664 = { 88964300c78424a0 } /* Opcode */
$op665 = { cce64200c7842488 } /* Opcode */
$op666 = { 83c40c5f33c05e5dc38b4c24040fbe41 } /* Opcode */
$op667 = { b8014300c78424d8 } /* Opcode */
$op668 = { 6868f24300ff75fcff91500300008b0d } /* Opcode */
$op669 = { 8b433a8b4dfc8d048803c650a1d86044 } /* Opcode */
$op670 = { ea4200c784243c01000010ea4200c784 } /* Opcode */
$op671 = { 83c42085ff750433c0eb4b8b763a8d44 } /* Opcode */
$op672 = { 24a44200c78424c4 } /* Opcode */
$op673 = { 83c40cff7588ff7508a1d8604400ff90 } /* Opcode */
$op674 = { 7c2a4400c78424c0 } /* Opcode */
$op675 = { 8b4300c78424540b00000c8b4300c784 } /* Opcode */
$op676 = { 50a1d860440057681cb14300682cb143 } /* Opcode */
$op677 = { f8234400c7842494 } /* Opcode */
$op678 = { 808d45f850a1d86044006a00ff902001 } /* Opcode */
$op679 = { 8b463a03c350a1d8604400ff90780200 } /* Opcode */
$op680 = { ff7608a1d8604400ff901c0100008bd8 } /* Opcode */
$op681 = { ff45fc817dfc102700000f8ffb } /* Opcode */
$op682 = { 740ac7050461440006 } /* Opcode */
$op683 = { 7a4300c784245c0600001c7a4300c784 } /* Opcode */
$op684 = { 94004300c7842498 } /* Opcode */
$op685 = { 9c4300c784243c0200000c9c4300c784 } /* Opcode */
$op686 = { a1d86044006a006828c84300ff7508ff } /* Opcode */
$op687 = { 70524300c78424c4 } /* Opcode */
$op688 = { d6e94000c781b801000076d14000c781 } /* Opcode */
$op689 = { 598d440002506844c743006a016a008d } /* Opcode */
$op690 = { 598d440002508b442434576840474400 } /* Opcode */
$op691 = { a1d860440057ff7508ff9090010000ff } /* Opcode */
$op692 = { 88dd4200c78424b4 } /* Opcode */
$op693 = { 50a1d86044005668005043005653ff90 } /* Opcode */
$op694 = { 98534300c78424ec } /* Opcode */
$op695 = { 8b44240c83c04468dc68430050a1d860 } /* Opcode */
$op696 = { 5068000010808d44245050a1d8604400 } /* Opcode */
$op697 = { 98014300c78424d0 } /* Opcode */
$op698 = { 3c014300c78424b8 } /* Opcode */
$op699 = { 9c514300c78424a0 } /* Opcode */
$op700 = { 59ff75e8ff7508a1d8604400ff909001 } /* Opcode */
$op701 = { e9aafeffffa1d86044006a006affff50 } /* Opcode */
$op702 = { ff742414a1d8604400ff7508ff903404 } /* Opcode */
$op703 = { bbd03f00003bf36a010f8e9f } /* Opcode */
$op704 = { 2cde4200c78424e4 } /* Opcode */
$op705 = { 28114300c78424a8 } /* Opcode */
$op706 = { 38a34200c7842490 } /* Opcode */
$op707 = { 38a44200c78424cc } /* Opcode */
$op708 = { 682c43440050a1d860440053ff902c03 } /* Opcode */
$op709 = { f8dc4200c7842494 } /* Opcode */
$op710 = { ff0500a04200a2c3604400a1d8604400 } /* Opcode */
$op711 = { 68b0444300ff7588a1d8604400ff9020 } /* Opcode */
$op712 = { 50ff750ca1d860440057ff9094 } /* Opcode */
$op713 = { 242b4400c78424d8 } /* Opcode */
$op714 = { 833dfc60440000750ac705fc6044006c } /* Opcode */
$op715 = { 68a34200c7842498 } /* Opcode */
$op716 = { cce74200c78424c4 } /* Opcode */
$op717 = { 83c41485c00f8440feffffc7461004 } /* Opcode */
$op718 = { 83c40c8d34463b5d1474024646433b5d } /* Opcode */
$op719 = { e0a34200c78424ac } /* Opcode */
$op720 = { 8b75108b363bf30f8d92 } /* Opcode */
$op721 = { e8014300c78424e8 } /* Opcode */
$op722 = { 38024300c78424fc } /* Opcode */
$op723 = { 0c524300c78424b4 } /* Opcode */
$op724 = { 60e74200c78424ac } /* Opcode */
$op725 = { d8dc4200c7842488 } /* Opcode */
$op726 = { 3c244400c78424b4 } /* Opcode */
$op727 = { 6a2f8d45b850ff757ca1d8604400c745 } /* Opcode */
$op728 = { 6683780a3a0f85b6 } /* Opcode */
$op729 = { b0534300c78424f0 } /* Opcode */
$op730 = { 68c8414300ff75b8a1d8604400ff9020 } /* Opcode */
$op731 = { 44124300c78424f8 } /* Opcode */
$op732 = { 78244400c78424cc } /* Opcode */
$op733 = { 8d8500feffff686c69430068ff } /* Opcode */
$op734 = { 7c014300c78424c4 } /* Opcode */
$op735 = { a1d86044005653ff909001000083c41c } /* Opcode */
$op736 = { 65fb4000c7811402000051624100c781 } /* Opcode */
$op737 = { ff751050ff7508a1d8604400ff902c03 } /* Opcode */
$op738 = { ff75f88d431050ff7508a1d8604400ff } /* Opcode */
$op739 = { 8b55148b1285d20f8c1f0100000fbf70 } /* Opcode */
$op740 = { 58024300c78424000100007c024300c7 } /* Opcode */
$op741 = { 84014300c78424c8 } /* Opcode */
$op742 = { 83c40c433b5d148d7446027cd233c066 } /* Opcode */
$op743 = { 50a1d8604400ff90a402000083c41ceb } /* Opcode */
$op744 = { 70dd4200c78424ac } /* Opcode */
$op745 = { 7cdd4200c78424b0 } /* Opcode */
$op746 = { ff742444894424588b44242c83c04450 } /* Opcode */
$op747 = { 50a1d86044005768e4a743006814a943 } /* Opcode */
$op748 = { cc2b4400c78424ec } /* Opcode */
$op749 = { a4114300c78424cc } /* Opcode */
$op750 = { 68f05a44008945f0578d45f050a1d860 } /* Opcode */
$op751 = { 1f4400c7842490030000101f4400c784 } /* Opcode */
$op752 = { 38294400c7842490 } /* Opcode */
$op753 = { dc2b4400c78424f0 } /* Opcode */
$op754 = { 9a4300c78424a8010000089a4300c784 } /* Opcode */
$op755 = { 8b44242083c00450ff7508a1d8604400 } /* Opcode */
$op756 = { 595f5ec9c3558bec83ec2c6a0b8d45d4 } /* Opcode */
$op757 = { 598d44000250536a016a008d45ec50ff } /* Opcode */
$op758 = { e4e84200c7842400010000fce84200c7 } /* Opcode */
$op759 = { 8b75108b363bf20f8dd5 } /* Opcode */
$op760 = { 8a44242783c4145f5e5b8be55dc3558b } /* Opcode */
$op761 = { 8a44242783c4145f5e5b8be55dc3558b } /* Opcode */
$op762 = { 08e84200c78424d0 } /* Opcode */
$op763 = { 54004300c7842488 } /* Opcode */
$op764 = { 8b45f40145f02945ec83c40cff45fc8b } /* Opcode */
$op765 = { ece64200c7842490 } /* Opcode */
$op766 = { 59a1d86044005653ff75f8ff90d40300 } /* Opcode */
$op767 = { 59a1d8604400536808b3430056c745c8 } /* Opcode */
$op768 = { 30a44200c78424c8 } /* Opcode */
$op769 = { c4244400c78424e4 } /* Opcode */
$op770 = { ff45fc817dfce80300000f8fac } /* Opcode */
$op771 = { c4a34200c78424a8 } /* Opcode */
$op772 = { e56d4100c781880200004e9e4100c781 } /* Opcode */
$op773 = { 30964300c7842484 } /* Opcode */
$op774 = { 0f8252ffffffa1d860440053ff7508ff } /* Opcode */
condition:
( uint16(0) == 0x5a4d and filesize < 900KB and ( 5 of ($s*) )and 1 of ($op*) ) or ( all of them )
}This YARA rule can be deployed in the following contexts:
This rule contains 795 string patterns in its detection logic.
Scenario: A system administrator is using PowerShell to automate the deployment of a new application.
Filter/Exclusion: Exclude events where the process name is powershell.exe and the command line includes -File with a path to a known admin script or deployment tool (e.g., Deploy-App.ps1).
Scenario: A scheduled job runs Ansible to update configuration files on multiple servers.
Filter/Exclusion: Exclude events where the process name is ansible and the command line includes --become and a known playbook file (e.g., update_config.yml).
Scenario: A developer uses Git to push code changes to a remote repository.
Filter/Exclusion: Exclude events where the process name is git and the command line includes push with a known repository URL (e.g., [email protected]:company/repo.git).
Scenario: A backup tool like Veeam performs a scheduled backup of virtual machines.
Filter/Exclusion: Exclude events where the process name is veeam and the command line includes backup or backupjob with a known backup job name (e.g., DailyVMBackup).
Scenario: A system update is applied using WSUS (Windows Server Update Services).
Filter/Exclusion: Exclude events where the process name is wusa.exe and the command line includes --quiet or --norestart with a known update package (e.g., KB1234567.msu).